Published using Google Docs
241 C Privacy Policy 210309 .docx
Updated automatically every 5 minutes

Privacy Policy

This Privacy Policy contains information on how PLAYipp AB (reg. no.: 556712-3012) (“we”, “us”, “our”, “PLAYipp”) collects and processes personal data (“data”) and information about data subjects rights according to the General Data Protection Regulation (“GDPR”). The Privacy Policy covers all processing of personal data, in both structured and unstructured data.  PLAYipp AB is regarded as the Personal Data Controller for all processing of personal data that is made by us and/or on our behalf (in accordance with the principle of accountability).


GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

Unless otherwise stated, all references to "personal data", "processing", "data subject", "personal data breach", "sub-processor", "supervisory authority" shall have the same meaning in this Privacy Policy as stated in article 4 of the GDPR.

SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, or the Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries, set forth in the European Commission Decision of 5 February 2010.

Terms and expressions used in this Privacy Policy, but not defined in this Privacy Policy, shall be defined in accordance with PLAYipps Terms and Conditions.

How we collect data

We collect your personal data:
When we engage in a business relationship.
Through our website or app.
Through email correspondence.
When you provide us with data through meetings, social media or events.

What data we collect

We try to work primarily through the principle of data minimization regarding the storage of personal data, by only processing personal data that is necessary, adequate and relevant for each individual purpose (according to the principle of purpose limitation and data minimization).

Personal data we process:
Basic information such as 
your name, workplace and title.
Contact details such as 
address, email address and telephone number.
Information you provide in connection with meetings or events, such as requirements in respect of 
availability of premises or food and beverage preferences.
Information about 
how you use our website.
Technical data, which may include your URL, IP address, unique device ID, network and computer performance, browser type, language and identifying information, general geographical location and operating system.
Email correspondence.

Why we process your data

Personal Data Controllers may only collect personal data for specific, explicitly stated and legitimate purposes according to GDPR and the principle of purpose limitation. Each individual processing of personal data requires a so-called “legal basis” in order to be legal (according to the principle of lawfulness, fairness and transparency).

According to GDPR, personal data shall not be stored for longer than what is necessary to fulfill the purposes for which they were collected. If it is necessary for us to comply with applicable legislation, we may store personal data for a longer period for that purpose. Personal data that can no longer be stored will be erased (deleted) (according to the principle of storage limitation).

Please find below a chart describing the purpose, legal basis and storage period of the processing of your personal data.


Legal basis

Storage period

To market our products and services through, for example, newsletters, publications and events.

Legitimate interest
PLAYipp’s legitimate interest in marketing its products and services.

As long as we have a business relationship or until you opt out.

To manage our business relationship with you.

Performance of a contract

If there’s a contract between you and PLAYipp.

Legitimate interest

PLAYipp’s legitimate interest in maintaining and managing its business relationships.

As long as we have a business relationship with you or the company you represent.

To comply with legal obligations.

Comply with a legal obligation

For example, PLAYipp’s legal obligations due to applicable accounting and taxation legislation.

As long as prescribed by law.

For the establishment, exercise or defence of legal claims.

Legitimate interest

PLAYipp’s legitimate interest in establishing, exercising or defending any legal claims.

Information that is relevant for any legal claim is kept for as long as such claim can be made in accordance with applicable legislation.

In order to ensure the technical functioning of our website and applications; to provide support for our applications; and to analyse your use of the website and applications in order for us to develop and improve them.

Legitimate interest

PLAYipp’s legitimate interest in ensuring the technical functioning of the website and application.

PLAYipp’s legitimate interest in developing and improving the website and improving your experience of the website.

Your IP-address is stored when you sign into, and perform actions in PLAYipp Manager or Connect. This data is logged as long as we have a business relationship with the company you represent.

Session cookies are stored as long as the browser is open. Other cookies are stored for a maximum of 24 months.

Other technical data is logged as long as we have a business relationship with the company you represent.

Phone calls to the Processor’s support are recorded and can be used to get background information to help resolve or deal with a support request.

Performance of a contract

PLAYipp shall help to resolve or deal with a support request.

As long as we have a business relationship with the company you represent, and up to 180 days thereafter (backup storage)

When the User contacts the Processor, the User’s messages are saved in order to help the end user with a problem or provide information about the Processor’s services, whether immediately or at a later time.

Legitimate interest

PLAYipp’s legitimate interest in ensuring the technical functioning of the website and application.

As long as we have a business relationship with the company you represent, and up to 180 days thereafter (backup storage)

Where personal data is stored

We strive to process all personal data that we handle within the EU/EEA (according to the principle of integrity and confidentiality). However, some of PLAYipp’s IT providers operate in the United States and/or the United Kingdom. When personal data is shared with these providers, PLAYipp has ensured that the level of protection is equivalent to that applicable in the EU/EEA. If we transfer your personal data outside the EU/EEA, such transfer will be subject to appropriate safeguards in accordance with applicable data protection legislation.

How we share your data

We do not sell your data to any third party for marketing purposes. However, as mentioned above, we may share personal data that we process with our subcontractors when they perform services on our behalf, for example when we engage subcontractors to maintain and support our IT systems, to help us fulfill our legal obligations under contracts, applicable legislation, legal obligations, to safeguard our legal interest, to improve our services/products, or to prevent and detect technical or security issues with our services and/or software. When personal data is shared with these subcontractors, they become our sub-processors.

With regards to EU Personal Data, PLAYipp and the sub-processor will comply with each of their respective obligations under the GDPR and any subordinate legislation and regulation implementing the GDPR and/or SCC which may apply (collectively, with Privacy Laws, the “Applicable Data Protection Legislation”). The sub-processors may only process the personal data in accordance with PLAYipps  instructions which are stated in a Data Processing Agreement and/or SCC entered into between PLAYipp and the sub-processors

The data subjects are entitled to request a complete overview and more detailed information on which subcontractors that are involved in the processing of the data subjects personal data in order to enable the delivery of our services and/or products.

We may also disclose or share your data with:
– Subsidiaries or other group companies.
– Auditors and other professional advisors.
– A third party involved in organizing an event, e.g. hotels, event organizer or speaker.
– A third party when it is necessary in order to provide services to you or comply with a legal obligation.
– Social media such as Instagram, Facebook, LinkedIn or Twitter when you contact us through such services. If you use these services, we refer to the respective service’s privacy policy for information on how they process personal data.

How we protect your data

We implement security measures to protect your information. All our services and Software use encryption to ensure security when data is sent over the Internet. Only employees who need information owned by the users in order to help the users, may access such information. The servers used to store personal data or other information owned by the user are kept in a secure environment.

We use a range of technical and organizational measures to protect your data from unauthorized access, use, loss, change or deletion in accordance with applicable data protection legislation (according to the principle of integrity and confidentiality). Such actions include, but are not limited to, physical controls, encryption, eligibility restrictions, policies, etc. All our internal registers and systems are password protected. There are also instructions for staff-members with access to our databases containing personal data, to protect the information. We also work according to the data protection principles (Article 5 GDPR) and ensure that all staff-members are aware of the principles.

Your rights

In accordance with applicable data protection legislation, you have a right to request access to, rectification or erasure of your personal data or restriction of the processing. You also have a right to object to processing as well as the right to data portability, and also the right to get information about any data breach and personal data incident concerning your data that is being processed by us. You have a right to lodge a complaint regarding our processing of your data with the Swedish Authority for Privacy Protection, Box 8114, SE-104 20 Stockholm, Sweden or your local national data protection authority, and the contact details for local national data protection authorities can be found at the European Commission’s web page.


Upon termination of PLAYipp Software or service, all account information and data will be made inaccessible to the User and PLAYipp staff as soon as possible. The virtual data and logs of activity in the User’s account are stored for a maximum of 180 days, provided that there is a legal ground to such storing, before being permanently deleted, unless there is a legal obligation to store the data for a longer period of time.

Changes to this privacy policy

This Privacy Policy is reviewed annually and updated as needed. The latest version of the policy is always publicly available through this website. Should you have any questions regarding PLAYipp’s processing of personal data, please do not hesitate to contact us at

PLAYipp reserves the right to make changes to this Privacy Policy from time to time. If substantial changes to the Privacy Policy are made, PLAYipp will inform you about such changes by email, provided that PLAYipp has your email address, or if possible, in some other manner.

Personal data breach and complaints

If a data subject has any complaints about our processing of personal data, the complaint can be made to PLAYipp through the following e-mail:,  or to the Swedish Authority for Privacy Protection, which is the supervisory authority.

A data breach or other incident which means that the control over processed personal data is lost, is regarded as a personal data incident according to GDPR. All personal data incidents will be documented internally and will also be reported to the Swedish Authority for Privacy Protection within 72 hours, when GDPR requires it.

How to contact us

Do not hesitate to contact us if you have any questions about this Privacy Policy or the processing of your data or if you would like to exercise any of your rights under applicable data protection legislation. You can contact us.

Updated as of October 7th, 2021.