GDPR

Privacy Policy

  • Background
    Tarsier respect your privacy. This Privacy Policy (the “Privacy Policy”) describes how we obtain and process your personal data. The Privacy Policy also describes your rights in relation to us and how you can assert these rights.

    All our processing of your personal data is in accordance with our Privacy Policy and current data protection legislation, such as the General Data Protection Regulation (EU) 2016/679 (“GDPR”). We ask you to carefully read this Privacy Policy before you share any personal data with us.
  • Controller
    The company within our company group that you have a relation with or are otherwise in contact with is the controller for the processing of your personal data as described in this Privacy Policy. It is the controller´s obligation to make sure that all the processing is carried out in a safe manner and in accordance with applicable laws and regulations. The companies within our group are:
    • Tarsier Studios AB
      org nr 556700-9278 
    • Tarsier Studios Malmö AB
      org nr 556812-0173 
    • Tarsier Studios Productions AB
      org nr 556812-9802
    • Tarsier Studios Publishing AB
      org nr 559053-3260

We have appointed David Bjarke, Project Coordinator as responsible for our work with data protection.

If you have any questions concerning integrity or data protection, please feel free to contact us. The easiest way to do that is to send an e-mail to privacy@tarsier.se.

  • Who is this Privacy Policy for?
    This Privacy Policy addresses how we process personal data regarding:
    • our existing and potential customers, suppliers and business partners (“parties”) and its contact persons, representatives, consultants, employees and any other physical person connected to such party (“contact persons”),
    • job applicants,
    • consultants,
    • visitors to our website,
    • subscribers to our marketing information, and
    • others who interact with us in any way.
  • What personal data do we process?
    The categories of personal data that we may process about you may be:
    • Identity information, such as national identification number, date of birth, name, initials, signature, nationality, copy of passport or other identity document, etc.
    • Contact information, both personal and professional, postal address, phone number, mobile phone number, e-mail address, employer, job title, job role, workplace, etc.
    • Product and service information, such as game credits, product name, product description, details regarding ongoing and former services, details regarding sold or purchased products or services etc.
    • Billing information, such as billing address, reference person and other billing information, billing history, costs and cost specifications, account information and other payment information, payment history, payment reminders, etc.
    • Qualification and recruitment information, i.e. information about the applied appointment or appointment of interest, information in any personal letter, CV, resume and submitted credentials and other documents, information provided by references, test values, notes and summaries of interviews and other contacts during the recruitment process, summaries and analyses from any recruitment consultant or other service provider employed in connection with recruitment, certificate of service and testimonials, etc.
    • Unique user information, such as login ID, username, password, security question, etc.
    • Device and system information, such as IP address, language settings, browser type, browser settings, time zone, operating system, platform, screen resolution, response time, download error, your geographical location, etc.
    • Traffic and usage information, regarding our internal or external systems, such as which links you click and when, which functions you use and when, how you reached and left the service, session time, session ID, delivery notifications when we contact you, etc.

In addition, we may treat other categories of personal data that we collect or receive in connection with the performance of our services, depending on what the services, based on its nature, actualizes or provided by you or the party for which you are a contact person.

We will only process your national identification number if and to the extent that it is clearly motivated by the purpose of the treatment, the importance of a secure identification or other relevant reason.

We do not process sensitive personal data (i.e. special categories of personal data) about you, unless you choose to give us such information.

How do we collect personal data?
  • Information from you
    In general, we collect personal data directly or indirectly from you in a variety of ways, both online and offline, such as
    • when we are engaged or preparing, administering or performing our business, i.e. development and production of digital games, or other services
    • when we otherwise enter into, administer or perform agreements,
    • when you apply for a job or otherwise announce your interest in working with us,
    • when you log in to or use any of our other external systems,
    • when we meet at meetings, events, seminars, fairs, etc.,
    • when you sign up for our newsletter subscription service,
    • when you participate and sign up to participate in our events,
    • when you interact on our social medias or visit our website,
    • when you visit our facilities,
    • when you participate in our surveys,
    • when you contact us through our website, by e-mail, letter or phone or face-to-face, or
    • when you in any other way interact with us.

We will also, with your consent, use cookies and other tracking technology when you use our website (and intranet when applicable) in order to optimize your experience of these. Please see the paragraph describing cookies below.

  • Information from other sources
    We may also collect personal data from the following sources:
    • identity and contact information may be obtained from our employees and from persons connected to the party for which you are a contact person,
    • identity and contact information as well as qualification and recruitment information may be obtained from the consulting company where you are employed;
    • identity and contact information as well as qualification and recruitment information may be obtained from your references or from any recruitment consultant or other service provider employed in connection with recruitment; as well as
    • identity and contact information may be obtained from our group companies, when needed for external salary payments.
What do we do with your information?
  • The purposes of and legal basis for our processing of your personal data
    Below we have compiled our various purposes with our processing of your personal data, the categories of personal data pertaining to the respective process, the legal basis for the processing and how long we store your personal data:

 

Purpose

Personal data

Legal basis

Storage period

General processes

Interact with you or a party for which you are a contact person

E.g. to establish, administer, maintain and develop our relationship with you or a party for which you are a contact person, to contact you or a party for which you are a contact person, to answer questions or other correspondence from you or take actions in response to your correspondence.

Identity information

 

Contact information

 

Other categories of data submitted by you or a party for which you are a contact person

If we are in or about to enter into a contractual relationship with you:

Perform our contract with you or take steps at the request of you prior to entering into a contract

 

Otherwise:

Legitimate interest

If we are in a contractual relationship with you or the party for which you are a contact person:

During our contractual relationship with you or the party for which you are a contact person and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship or any applicable legislation.

 

Otherwise

Until we have performed necessary actions in response to your correspondence.

 

Thereafter your correspondence might be stored for additional time, depending on the content of the correspondence.

Manage our contractual relationship and perform our contract

E.g. to fulfil our obligations and exercise our rights arising from any contract with you or a party for which you are a contact person and to administrate our relationship to you or such party, such as identification, etc.

Identity information

 

Contact information

 

Product and service information

 

Billing information

 

Qualification and recruitment information

 

Other categories of personal data provided by you or the party for which you are a contact person or which we collect in connection with the performance of our contract

If we are in or about to enter into a contractual relationship with you:

Perform our contract with you or take steps at the request of you prior to entering into a contract

 

Otherwise:

Legitimate interest

During our contractual relationship with you or the party for which you are a contact person and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship or any applicable legislation.

 

Thereafter only necessary information is stored up to ten years, as long as we, you or the party for which you are a contact person or any third party can take legal action, deriving from our contractual relationship or any applicable legislation, with respect to the regulation concerning statute of limitation.

Accounting and bookkeeping

Identity information

 

Contact information

 

Billing information

Comply with legal obligations

Necessary data is stored for seven years to comply with statutory storage times for accounting.

Comply with any applicable legislation or other legal obligations

E.g. to comply with obligations arising from our business, collective agreements, applicable laws, case law, regulations, other regulations or similar, such as rules on money laundering and terrorist financing, accounting laws, tax legislation, etc.

Identity information

 

Contact information

 

Product and service information

 

Billing information

 

Qualification and recruitment information

 

Unique user information

 

System and device information

 

Traffic and usage information

Comply with legal obligations

During the time period stipulated in the relevant and applicable legislation or other legal obligation.

Manage mergers, restructurings and transfers

E.g. to facilitate negotiations on and execute a merger, a restructuring, a transfer of shares or a business transfer relating to any part of our business, incentive programs etc.

Identity information

 

Contact information

 

Product and service information

 

Billing information

Legitimate interest

During our contractual relationship with you or the party for which you are a contact person and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship or any applicable legislation.

 

Thereafter only necessary information is stored up to ten years, as long as we, you or the party for which you are a contact person or any third party can take legal action, deriving from our contractual relationship or any applicable legislation, with respect to the regulation concerning statute of limitation.

Business processes

Provide offers on our products or services

E.g. to create, estimate and provide offers on our business and services.

Identity information

 

Contact information

 

Product and service information

 

Billing information

 

Other categories of personal data provided by you or the party for which you are a contact person

If we are in or about to enter into a contractual relationship with you:

Perform our contract with you or take steps at the request of you prior to entering into a contract

 

Otherwise:

Legitimate interest

Until the offer is denied or, if it is accepted, during our contractual relationship with you or the party for which you are a contact person and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship or any applicable legislation.

 

Thereafter only necessary information is stored up to ten years, as long as we, you or the party for which you are a contact person or any third party can take legal action, deriving from our contractual relationship or any applicable legislation, with respect to the regulation concerning statute of limitation.

Manage and perform our business

E.g. administer, plan, organise, lead, perform and follow-up on our business, design, develop and customise our products and services, perform, make available and maintain products and services, process orders, time keeping, to fulfil our obligations and exercise our rights arising from any contract with you or a party for which you are a contact person, handling of customer issues, complaints, liability and warranty cases, etc.

Identity information

 

Contact information

 

Product and service information

 

Billing information

 

Other categories of personal data regarding our products, services or contract

 

Other categories of personal data provided by you or the party for which you are a contact person or which we collect in connection with the performance of our business

If we are in or about to enter into a contractual relationship with you:

Perform our contract with you or take steps at the request of you prior to entering into a contract

 

Otherwise:

Legitimate interest

During our contractual relationship with you or the party for which you are a contact person and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship or any applicable legislation.

 

Thereafter only necessary information is stored up to ten years, as long as we, you or the party for which you are a contact person or any third party or any third party can take legal action, deriving from our contractual relationship or any applicable legislation, with respect to the regulation concerning statute of limitation.

Manage, provide, protect and monitor our premises, systems and IT

E.g. to

  1. grant access to our premises,
  2. grant access to, manage and maintain our systems and IT,
  3. safeguard our premises, systems and IT, including investigating any infringements, attacks or similar,
  4. technically monitor and log the access to our premises,
  5. technically monitor and log the use of the systems and IT for functional, privacy and security reasons,
  6. technically monitor and log the use of the systems and IT in order to verify that our IT policy is followed,
  7. technically monitor and log the use of systems and IT for debugging, data analysis, testing, research and for statistical purposes,

 

“System” refers to our personnel, case, product, competence, attendance, IT, communications, security, entry and exit systems, office suite, document management and storage system and other systems we use internally and externally in our operations. IT refers to internet, email, intranet, telephony.

Identity and contact information

 

Unique user information

 

Device and system information

 

Traffic and usage information

Legitimate interest

If we are in a contractual relationship with you or the party for which you are a contact person:

During the period you visit our premises or use any of our systems or IT.

 

Necessary data is also stored during our contractual relationship with you or the party for which you are a contact person and

 

Thereafter, necessary data is stored as long as there are any outstanding rights or obligations deriving from our contractual relationship or any applicable legislation.

 

Otherwise

During the period you visit our premises or use any of our systems or IT.

 

Thereafter, necessary data is stored up to one year depending on the reason to and the scope of your visit or usage.

Invoicing and debt collection

Identity information

 

Contact information

 

Product and service information

 

Billing information

If we are in or about to enter into a contractual relationship with you:

Perform our contract with you or take steps at the request of you prior to entering into a contract

 

Otherwise:

Legitimate interest

During our contractual relationship and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship.

 

Thereafter only necessary information is stored up to ten years, as long as we, you or any third party can take legal action, deriving from our contractual relationship, with respect to the regulation concerning statute of limitation.

Improve our services and general business development

E.g. improving the quality of our current services and website, developing new services, features and new business opportunities, performing customer analyses, carrying out external surveys (for example polls about customer satisfaction), etc.

Identity information

 

Contact information

 

Product and service information

 

Unique user information

 

System and device information

 

Traffic and usage information

Legitimate interest

During our contractual relationship and thereafter for one year.

Marketing

Market and inform about our business

E.g. to invite you to our events, to communicate relevant news and information within our practise areas to you, to communicate relevant information about us and our products and services to you, to inform about and present products or service offers and promote new products or services that are closely related to the products or services already purchased or used.

Identity information

 

Contact information

If you are a private person

Consent

 

Otherwise

Legitimate interest

 

From time to time we may perform marketing measures where we will ask for your consent to our processing.

If the legal basis is legitimate interest

Until you announce that you no longer want to receive marketing information from us, e.g. by unsubscribing from our newsletter.

 

If the legal basis is your consent

For as long as we have your consent. We will refresh your consent as appropriate.

Our website

Provide and manage our website

E.g. to manage our website and your access to it, to optimize your experience of our website, to ensure that content is presented effectively to you and your device, including troubleshooting, data analysis, testing, research and for statistical purposes.

Contact information

 

Unique user information

 

System and device information

 

Traffic and usage information

Your consent

For as long as we have your consent. We will refresh your consent as appropriate.

 

Please see the section regarding cookies.

Job applicants

Manage the recruitment process

E.g. to (i) collect, administer and evaluate your application compared to our requested profile; (ii) assess and evaluate your eligibility for employment with us; (iii) verify your identity and verify the information you provided to us; (iv) communicate with you, etc.

Identity information

 

Contact information

 

Qualification and recruitment information

Take steps at the request of you prior to entering into a contract

During the recruitment process.

 

Thereafter only necessary information is stored up to ten years, as long as we, you or a third party, such as a union, can take legal action, deriving from the recruitment process, with respect to the regulation concerning statute of limitation.

 

Necessary data is also stored for seven years to comply with statutory storage times for accounting.

Check references and perform background checks and tests

E.g. to contact your submitted references and to confirm your submitted information, supplement the basis for our assessment and evaluate your suitability for employment with us, as well as carry out tests relevant to the requested employment.

Identity information

 

Contact information

 

Qualification and recruitment information

Legitimate interest

 

From time to time we may perform checks and tests as well as request credit information where we will ask for your consent to our processing

If the legal basis is legitimate interest

During the recruitment process.

 

Thereafter only necessary information is stored up to ten years, as long as we, you or a third party, such as a union, can take legal action, deriving from the recruitment process, with respect to the regulation concerning statute of limitation.

 

If the legal basis is your consent

During the recruitment process, as long as we have your consent.

Save for future recruitment

E.g. in order to contact you and offer employment with us if a need arises.

Identity information

 

Contact information

 

Qualification and recruitment information

Consent

Up to two years, as long as we have your consent.

  • If you choose not to provide certain personal information to us?You are not required to provide personal information to us except when provided by law. But please note, if you choose not to provide us with certain personal data or limit our right to process your personal data, that may result in that we cannot fulfil our obligations to you or to the party you represent and that you, or the party you represent, cannot assert your, or its, rights against us.

  • What are our legitimate interests?
    As you can see in the list above, we may process your personal information because it is necessary for the purposes of our legitimate interests. Our “legitimate interest” corresponds to the purpose for which we perform each processing based on our interest.

    When we process your personal information for our legitimate interests, we perform a balancing test where we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests, such as business, commercial and employer interests, do not automatically override your interests. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

    We do not consider that our processing disadvantages you in any way. We use your information only in ways you would understand and reasonably expect, and which have a minimal privacy impact, or where there is a compelling justification for the processing.

    If you would like more information from the legitimate interests assessments that we have carried out, please send an email to privacy@tarsier.se.

    You have a right to object to processing that is based on our legitimate interests. If you wish to do so, please send an e-mail to privacy@tarsier.se.

  • If you do not want to receive marketing information from us
    We may process your data to invite you to our events, to communicate relevant news and information within our practise areas to you, to communicate relevant information about us and our services etc. If you do not want to receive such communication, you are welcome to email us at privacy@tarsier.se.

  • How to revoke your consent
    Some of the processing described above is based on your consent. You have a right to revoke your consent to this processing of your personal data at any time. If you would like to make use of this right and revoke your consent, please contact us at privacy@tarsier.se. If you have signed up to our newsletter you may also revoke your consent by sending an e-mail to newsletter@tarsier.se (a link will be provided in the newsletter).

  • Automated decision-making
    We do not perform any processing that includes automated decision-making (including profiling).

  • Cookies
    We cookies and other digital tracking technologies when you use any of our sites in order to optimize your experience and to collect information about your movement on our sites. Please see the respective site for further information on current cookies.

  • Sharing or transferring your information
    We may disclose your personal information to chosen third parties in accordance with the provisions below. In the event of such sharing or transfer we will take every reasonable legal-, technical- and organizational action in order to make sure that your personal data is handled in a safe manner and that the level of security is adequate. Any third party that process your information on our behalf are bound by processor contracts which includes a provision that such third party shall follow our instructions, take the measures that we find necessary, observe confidentiality and respect this Privacy Policy.

Internal
We may disclose your personal information to any of our employees or board of directors insofar as reasonably necessary for the purposes set out in this policy.

Our group of companies
We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.

Advisers, suppliers, subcontractors, consultants and other business partners
We may disclose your personal information to any of our insurers, professional advisers, customers, suppliers, subcontractors or business partners insofar as reasonably necessary for the purposes set out in this policy. Hence, we might share your personal data when a third party provide us with services such as providing, hosting and maintaining IT systems, payroll administration, accounting, product testing, employment application administration, technical support, marketing, etc. on our behalf.

Other
We may disclose your personal information:

  • when it is specifically agreed with you or the party for which you are a contact person;
  • to the extent that we are required to do so by law or a court order;
  • in connection with any ongoing or prospective legal proceedings
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

Transfers and mergers
If we buy or sell a business or assets, we may provide a potential seller or buyer of such business or assets with your personal data. If we, or a substantial part of our assets, are acquired by a third party, your personal data may be disclosed to such acquirer.

  • How do we protect your information?
    You should always feel secure when you provide us with your personal data. Therefore, we have taken the suitable legal, technical and organisational precautions to prevent unauthorized access, use, change and deletion of your personal information. We have adopted an IT policy which applies to all our employees that set up the provisions for how we use our information systems. All our processing of your personal data is in accordance with current applicable data protection legislation.
  • Where are we processing your information?
    It is our objective to process all your personal data within the EU/EEA. In some situations, however, your personal data may be transferred to and processed by a supplier, a subcontractor or another business partner with registered office in a country outside the EU/EEA.

    All such sharing and processing of information will be in accordance with current applicable data protection legislation and we will take all reasonable legal, technical and organisational actions to make sure that your personal data will be processed securely and with an adequate level of protection comparable with, and at the same level as, the protection that is provided within the EU/ EEA.

    If we would like to perform such transfer to a third country, we will provide you with all necessary information regarding the transfer, including details of the relevant safeguards, in advance. If you have any questions regarding a transfer, please contact us through the contact details provided in our policy.

    We use Google and Amazon Web Services as some of our IT services providers. They may act as sole data controllers or process personal data on behalf of us as a data processors. Both Google and Amazon Web Services maintain servers around the world and your information may be processed on servers located outside of the EU/EEA. According to our data processing agreements with Google and Amazon Web Services they undertake to comply with the legal frameworks relating to the transfer of data. More information on how Google and Amazon Web Services processes your personal information can be found in their respective privacy policies.

Your rights
  • Right of access and right to information
    You have the right to obtain a confirmation from us as to whether or not personal data concerning you are being processed by us, and, where that is the case, you have the right to access that personal data.

    We will provide a copy of your personal data undergoing processing. For any further copies requested, we may charge a reasonable fee based on administrative costs. If you make the request by electronic means, and unless otherwise requested by you, the information will be provided in a commonly used electronic form.

  • Right to rectification
    You have the right to obtain from us, the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you also have the right to have incomplete personal data completed.
  • Right to erasure (”right to be forgotten”)
    You have the right to have your personal data erased by us and we have the obligation to erase your personal data in some situations, for example:
    • if the personal data is no longer necessary in relation to the purposes for which they were collected,
    • if the processing is based on your consent and you withdraw that consent,
    • if the processing is based on our legitimate interests and you object to the processing and there are no overriding legitimate grounds for the processing,
    • if the personal data have been unlawfully processed, or
    • if the personal data must be erased for compliance with a legal obligation, etc.

There might be reasons as to why we cannot immediately erase all your personal data. Our continuous processing of your personal data might for example be necessary for us to fulfil a legal obligation that requires processing of your personal data, for example bookkeeping and tax legislation, or to establish, exercise or defend a legal claim. In that case we will block the information that could not be immediately erased from use for any other purposes than the ones that hindered the information from being erased immediately.

  • Right to restriction of processing 
    You have the right, under certain conditions; to obtain from us restriction of processing of your personal data. Restriction of processing means that your stored personal data will be marked with the aim of limiting their processing in the future to certain given purposes. The right to restriction applies for example when you have contested the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data, and when you have objected to our processing based on our legitimate interests, pending the verification whether our legitimate grounds override yours.
  • Right to data portability
    You have the right, under certain conditions, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.

    When exercising your right to data portability you have the right to have your personal data transmitted directly from us to another controller, where technically feasible.

  • Right to object
    You have the right to object, on grounds relating to your particular situation, at any time to certain processing of your personal data.  The right to object applies e.g. when we process your personal data on the basis of our legitimate interests.

    Where personal data are processed for direct marketing purposes, you have the right to object at any time to our processing of your personal data for such marketing.

  • Right to object to automated individual decision-making (including profiling)
    You have the right, with certain exemptions, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to lodge a complaint
    If you consider that our processing of your personal data infringes the GDPR you have the right to lodge a complaint with the Datainspektionen, which is the supervisory authority in Sweden.
  • Exercise your rights
    If you wish to exercise any of your rights, you can easily do that by contacting us through email at privacy@tarsier.se. In order to protect your integrity and your personal data we might require that you identify yourself when you require our assistance.

___________________

 

Our Privacy Policy was updated 2019-01-29

Twitter