Updated: October 2022
This Privacy Notice describes how FirstBlock AB (“FirstBlock”, “we” or “us”) collects, uses and shares your personal data in connection with our products and services (together the "Services"), this website, our digital channels, when you communicate with us and when you participate in activities that we carry out.
The Privacy Notice also explains your rights in relation to your personal data in accordance with the General Data Protection Regulation (GDPR) and supplementary data protection regulations.
This Privacy Notice covers you who:
FirstBlock is the responsible (the controller) for the use of your personal data as described in this Privacy Notice.
The personal data that we collect about you is mainly collected directly from yourself when you provide your personal data to us, for example when you apply for a job, register on our website, participate in a survey or an event, or contact or otherwise communicates with us.
We also collect where necessary personal data from other sources:
The categories of personal data that we collect, and use, include:
We use your personal data for the following purposes outlined below. The purposes for which we in practice use your personal data may, however, vary, depending on your interactions with us.
For more information on which activities that we carry out, which categories of personal data that we use, the legal basis and for how long we store your personal data for the purposes outlined above, please see our detailed information on our use of personal data. You can also click on each purpose above, which will take you directly to the relevant section with this information.
We share your personal data with different recipients:
In addition, to the recipients outlined below, we share personal data with service providers that we have engaged and which needs access to your personal data to provide services to us. These service providers provide, for example, IT services and communication services (which enable us to send you messages and newsletters). The services providers which process personal data on our behalf and in accordance with our instructions.
We use service providers, which also may use sub-contractors, that are established in third countries outside the EU/EEA. To ensure an essentially equivalent level of protection for your personal data when transferred (or otherwise made available) to service providers in third countries outside of the EU/EEA which do not provide an adequate level of protection, we use the EU Commission's adopted standard contractual clauses for international transfers according to decision 2021/914 and implement – in light of the law and practices of the third country – necessary supplementary measures. Supplementary measures include technical, contractual and organisational measures that are necessary to bring the level of protection of the personal data transferred to an essentially equivalent level protection.
For more information on to which countries your personal data is transferred and the safeguards that we have taken to protect personal data, please contact us at by emailing contact@firstblock.cc.
You have certain rights in relation to your personal data. If you wish to exercise your rights, please contact us by e-mailing contact@firstblock.cc. We normally respond to your request within one month following the date we received your request. However, if your request is complicated or if you have submitted several requests, we may need additional time to handle your request. We will in such a case notify you and the reasons of the delay. If we cannot, wholly or in part, comply with your request we will notify you and the reasons for this.
When you submit a request to exercise your rights, we need to confirm your identity to ensure that you are not somebody else than who you claim to be. This to avoid that we for example disclose personal data to an unauthorised person or in error delete personal data. If we do not have sufficient information to confirm your identity, we can request that you provide supplementary information about yourself needed to confirm your identity. We only request such information that is reasonable and necessary to your identity. The time to respond to your requests starts when we have confirmed your identity.
Below we describe the rights that you have in relation to your personal data. For further information on your rights, please see the website of your supervisory authority. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (IMY).
You have the right to request confirmation from us as to whether we handle your personal data and in such a case receive a copy of your personal data together with additional information on our use of your personal data. Please note that the right to a copy of your personal data may not adversely affect the rights of others.
You have the right to request that we rectify or supplement your personal data if you consider that your personal data is incorrect, incomplete, or misleading.
For certain use of your personal data, we rely on your consent. For information on when we rely on your consent for the use of your personal data, please see the information on the purposes for which we collect, use and share your personal data. When we use your personal data based on your consent, you have the right to at any time withdraw your consent. When you have withdrawn your consent, we will not continue to use your personal data based on the consent previously provided.
You have in certain situations the right to request erasure of your personal data ("the right to be forgotten"). Accordingly, the right to erasure is subject to certain conditions. For example, the right to erasure applies if we keep your personal data but no longer the personal data for the purposes for which it was collected, if you withdraw your consent which we rely on for our use of your personal data, or if you object to our use of your personal data and we cannot show a compelling reason to further use your personal data notwithstanding your objection.
There are also several exemptions from the right to erasure, including if we are obligated under law to keep your personal data or if the personal data is needed to exercise, manage, and defend legal claims.
In certain situations, you have the right to object to our use of your personal data. Where we rely on our or another's legitimate interest for the use of your personal data, you have the right to object to the use for reasons which relates to your particular situation. You can see above in relation to each purpose for which we collect, use and share your personal data if we rely on a legitimate interest for the use of your personal data. If we cannot show a compelling reason to continue to use your personal data, we will stop using your personal data for the relevant purpose.
You always have an unconditional right to object to our use of your personal data for direct marketing purposes.
In certain situations, you have the right to request restriction of your personal data which means that you can, at least for a certain period, stop us from using your personal data. The right to request restriction of your personal data applies if you consider that the personal data about you is incorrect and during the period that we verify this, if the use of your personal data is unlawful and if you wish that we continue to store your personal data instead of deleting the personal data, and if we no longer need your personal data for the purposes for which we collected the personal data, but you need the personal data to manage, defend or exercise legal claims and rights.
You also have the right to request restriction of your personal data if you have objected to our use of your personal data and during the period, we verify whether we have a compelling reason to continue to use your personal data.
If the use of your personal data has been restricted, we are normally only allowed to store your personal data and not use them for any other purpose than to manage, defend or exercise legal claims and rights. We can also use your personal data for other purposes if you have given your consent to such use.
The right to data portability means that you have a right to receive a copy of the personal data that you yourself has provided to us in a structured commonly used format. Moreover, where it is technically feasible, you also have the right to request that the copy of your personal data is transferred directly to an external recipient.
The right to data portability only applies, however, to personal data that we handle based on your consent (Article 6.1 (b) of the GDPR) or for the performance of an agreement with you (Article 6.1 (a) of the GDPR). We have above in relation to each purpose for which we collect, use and share your personal data outlined which legal bases we rely on for the use of your personal data.
You have the right to lodge a complaint with your supervisory authority. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (IMY).
We do not carry out any automated individual decision-making which have legal effects or similar significant effects on you.
We use cookies and other technologies on our websites. To read more about our use of cookies and similar technologies, please see our cookie policy.
We regularly update this Privacy Notice. Our use of personal data may change, for example we may collect personal data for new purposes, collect additional categories of personal data or share your personal data with other recipients than outlined in this Privacy Notice. If our use of personal data changes, we will update this Privacy Notice to reflect such changes. At the top of this page, you can see when this Privacy Notice was last updated. If we make material changes that are not only editorial to this Privacy Notice, we will notify you of any such changes and what they mean to you in advance.
If you have any questions in relation to our use of your personal data, please contact us by emailing contact@firstblock.cc.
FirstBlock AB
Reg. no.: 559399-0244
Address: Evenemangsgatan 14 169 79 Solna Stockholms län
E-mail: contact@firstblock.cc
Below we explain the purposes for which we use personal data, examples of activities carried out for each purpose, the categories of personal data used for each purpose, the legal basis for the use and for how long we store personal data.
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of analysing the use of the Services. This helps us better understand how the Services are used and how we can continue to develop and improve the Services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since the purpose is to develop and improve the Services to the benefit of all users. | |
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Performance of the agreement with you (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the usage of the Services. Legitimate interest (Article 6.1 (f) of the GDPR). To the extent you have access and authorised to use the Services, the use of your personal data is necessary to satisfy our legitimate interest of communicating about our Services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since you always can unsubscribe from our communications at any time. | |
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of responding to questions that you have and to provide customer service, for example providing customer support and managing any potential issues, errors and incidents that the customer may experience using our Services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you yourself has reached out to us. | |
Storage period: | ||
Personal data is stored for this purpose for a period of 18 months calculated from the date the support matter was closed or the last communication in the same matter. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing the business relationship with our partners and suppliers. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored for this purpose as long as there is an active relationship. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing orders for products and services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored for this purpose as long as it is necessary to manage the order or to respond to the specific request. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of communicating about us, our business and our services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you always can unsubscribe from our communications at any time. | |
Storage period: | ||
Personal data is stored for this purpose as long as there is an active relationship and for a period of twelve (12) months thereafter. If there is no relationship the personal data is stored for a period of three (3) months calculated from the date of the collection. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of providing offers and direct marketing. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you always can unsubscribe from our communications at any time. | |
Storage period: | ||
Personal data is stored for this purpose as long as there is an active relationship and for a period of twelve (12) months thereafter. If there is no relationship the personal data is stored for a period of three (3) months calculated from the date of the collection. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of communicating internally and externally in the course of the business. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, since the communication is essential in order for us to carry out our business. | |
Storage period: | ||
Personal data is stored for this purpose for a period of twelve (12) months calculated from the date of the last communication in the same conversation. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of providing our newsletter. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you have voluntarily signed up for our newsletter. | |
Storage period: | ||
Personal data is stored for this purpose until further notice or until you unsubscribe from the newsletter. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of carrying out surveys in order to better understand what you think about or business and services. This enables us to improve our business and services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you voluntarily participate in the survey. | |
Storage period: | ||
Personal data is stored for this purpose during the period the survey is carried out and for a period of three (3) months thereafter to compile the responses in a report. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of carrying out meetings, events and similar activities. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for or participates in the activity. | |
Storage period: | ||
Personal data is stored for this purpose during the period the meeting, webinar or activity is carried out. If the meeting is recorded to document the meeting, the recording is, as starting point, stored until further notice. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of following-up and analysing the business. This to better understand how our business performs. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored for this purpose for a period of 27 months calculated from the date of collection following which the personal data is anonymised or deleted for this purpose. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of developing and improving the business, our business methods and business strategies. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored for this purpose for a period of 27 months calculated from the date of collection following which the personal data is anonymised or deleted for this purpose. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose. Legitimate interest (Article 6.1 (f) of the GDPR). Where we do not use cookies (and similar technologies) for this purpose, we rely on our legitimate interest of analysing the use of our website and digital channels for the use of your personal data. This enables us to continuously improve our website and digital channels. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored during the period stated in our cookie policy. Where we do not use cookies (and similar technologies) for this purpose, personal data is stored for a period of three (3) months for this purpose following which the personal data is anonymised or deleted for this purpose. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of following-up on and evaluating activities carried out. This helps us understand how we can improve and plan future activities. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for or participates in the activity. | |
Storage period: | ||
Personal data is stored for this purpose for a period of up to 13 months calculated from the date of the relevant activity. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
Relevant categories of personal data that are necessary to fulfil the specific legal obligation. | Fulfill legal obligation (Article 6.1 (c) of the GDPR). The use of your personal data is necessary to fulfil our legal obligations. | |
Storage period: | ||
Personal data is stored for such period that is necessary in order for us to fulfil the specific legal obligation. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
Only the categories of personal data needed for managing and defending a legal claim in the individual case. | Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing, defending and exercising legal claims and rights. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored for this purpose during the relevant relationship and for a period of ten (10) years thereafter. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
Relevant categories of personal data that are necessary to manage the re-organisation or restructuring of the business. | Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing re-organisations and restructuring of the business. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose if the buyer carries out the same or similar type of business or if the buyer is an affiliate. | |
Storage period: | ||
Personal data is stored for this purpose for the period that is necessary to manage the re-organisation or restructuring. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
Relevant categories of personal data that are necessary to respond to the legal request in the specific case, which normally includes identification information, contact information, profile information and communication. | Fulfill legal obligation (Article 6.1 (c) of the GDPR). To the extent we are legally obligated to respond to a legal request, the use of your personal data is necessary to fulfil our legal obligation. Legitimate interest (Article 6.1 f) of the GDPR). If there is no explicit legal obligation requiring that we respond to the legal request, but we consider that we and the public authority have a legitimate interest of that we respond to the legal request, we rely on this legitimate interest for the use of your personal data for this purpose, provided that we make the assessment that the legitimate interest in the specific case, considering the circumstances and context of the legal request, outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored for this purpose for the period that is necessary to respond to the specific legal request and for a period of ten (10) years thereafter to document the request and our response to the request. | ||
Examples of activities that we do for this purpose: | ||
| ||
Categories of personal data: | Legal basis: | |
| Legitimate interest (Article 6.1 f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of protecting and ensuring the safety of our employees and personnel. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | |
Storage period: | ||
Personal data is stored for this purpose for the period necessary to investigate the incident and take necessary measures as a result of the incident, including for example file a police report or report the incident to the public authority concerned. | ||
Below we explain for which purposes, which categories of personal data and on which legal bases we rely on to share your personal data with different recipients.
Purpose | Recipients | Categories of personal data | Legal basis |
Provide support and respond to questions regarding the Services |
|
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of responding to questions that you have and to provide customer service, for example providing customer support and managing any potential issues, errors and incidents that the customer may experience using our Services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you yourself has reached out to us. |
Manage the relationship with partners and suppliers |
|
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing the business relationship with our partners and suppliers. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. |
Manage orders of goods and services |
|
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing orders for products and services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. |
Communicate in the course of the business |
|
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of communicating about us, our business and our services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you always can unsubscribe from our communications at any time. |
Carry out meetings, events and other activities |
|
| Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of carrying out meetings, events and similar activities. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for or participates in the activity. |
Fulfill legal obligations |
| Relevant categories of personal data that are necessary to fulfil the specific legal obligation. | Fulfill legal obligation (Article 6.1 (c) of the GDPR). The use of your personal data is necessary to fulfil our legal obligations. |
Manage, defend and exercise legal claims and rights |
| Only the categories of personal data needed for managing and defending a legal claim in the individual case. | Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing, defending and exercising legal claims and rights. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. |
Manage re-organisations and restructuring of the business |
| Relevant categories of personal data that are necessary to manage the re-organisation or restructuring of the business. | Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing re-organisations and restructuring of the business. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose if the buyer carries out the same or similar type of business or if the buyer is an affiliate. |
Respond to legal requests |
| Relevant categories of personal data that are necessary to respond to the legal request in the specific case, which normally includes identification information, contact information, profile information and communication. | Fulfill legal obligation (Article 6.1 (c) of the GDPR). To the extent we are legally obligated to respond to a legal request, the use of your personal data is necessary to fulfil our legal obligation. Legitimate interest (Article 6.1 f) of the GDPR). If there is no explicit legal obligation requiring that we respond to the legal request, but we consider that we and the public authority have a legitimate interest of that we respond to the legal request, we rely on this legitimate interest for the use of your personal data for this purpose, provided that we make the assessment that the legitimate interest in the specific case, considering the circumstances and context of the legal request, outweighs your interest of not having your personal data processed for this purpose. |
Protect and ensure the safety of our employees and hired persons |
|
| Legitimate interest (Article 6.1 f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of protecting and ensuring the safety of our employees and personnel. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. |
()