Integrity policy

We care about your personal privacy

Nimblr AB (referred to below as “Nimblr” or “we”) protects your personal privacy and, through this privacy policy, we would like to inform you about how we process your personal data. We process your personal data in accordance with applicable data protection legislation and regulations.

Who is responsible for your personal data?

Nimblr AB, corporate ID no. 559190-6903, with address at Norra Grängesbergsgatan 20, 214 50 Malmö, Sweden, and telephone number +46 40-545 008, is the personal data controller for processing your data in accordance with this policy.

What personal data does Nimblr process and for what purposes?

We process your personal data on the basis of a balancing of interests for the following purposes.

Contact person at a company
We process your name and contact details if you have been designated as a contact person or similar in connection with procurement/purchasing procedures, other agreement negotiations, invoicing or similar for the purpose of carrying out selections, signing agreements, administration of agreements and offering and marketing our services. The processing is necessary for the purposes of our legitimate interests in communicating with you as a contact person in order to maintain and fulfil our commitments in the business relationship.

Registered participant in a Security Awareness service
We process names, contact details and outcomes of the training programmes that the registered person participated in. The processing is necessary for the purposes of our legitimate interests in communicating with the participants in order to maintain and fulfil our commitments when providing the service.

Who can access your personal data?

As a starting point, your data is only processed by Nimblr AB. We also share some data with other operators who are our personal data processors such as suppliers that we engage for data storage or other data processing, payment services or distribution of goods. The data processor has no right of its own to use any personal data and Nimblr enters into a processor agreement with the supplier. We may also disclose your data to operators who are themselves personal data controllers for the processing of your data, e.g. public authorities. These operators are then themselves responsible for informing you about the processing of your personal data.

How do we protect your personal data?

We and, as appropriate, our partners have adopted a number of security measures to protect the personal data processed. We have intelligent intrusion protection to protect against external threats in order to protect against and prevent unauthorised access to our networks and systems. Physical access to data is protected through diversified shell protection where only authorised personnel have access to it and, if data is moved outside our data centre for backup, the information is encrypted. Our employees have strict instructions to process all information in accordance with applicable laws, rules and policies. Only those who need access to systems where the personal data is stored are given access and all data is protected by access rules. Analyses are carried out regularly, both internally and externally, to identify and remedy any vulnerabilities.

As a general rule, we and our partners only process your personal data within the EEA. In cases where the information is processed outside the EEA, this is only carried out in accordance with applicable data protection legislation.

How long do we save your personal data?

Depending on the purpose on which particular processing of your personal data is based, Nimblr saves your personal data for different lengths of time. We do not store your data for longer than we are entitled to store it in accordance with data protection legislation, other relevant legislation, rules and guidelines issued by different public authorities or recommendations issued by industry bodies. Your personal data may be stored for longer than is specified above if we are obliged to do so by law or in accordance with an ordinance or a decision by a public authority.

How can you have your say with regard to our processing of your personal data?

In accordance with applicable data protection legislation, you are entitled to access information on what personal data we process on you and to request correction of your personal data. You are also entitled to object to the processing of your personal data for direct marketing or profiling at any time.

Under certain conditions, you are also entitled to request the deletion or restriction of your personal data or object to our processing. You are also entitled, under certain conditions, to obtain the personal data that you supplied to us in a structured, generally-used and machine-readable format and to transfer it to another data controller (data portability). You are also entitled to file a complaint with the Swedish Data Protection Authority or another authorised supervisory authority that supervises companies’ processing of personal data.

Approved Sub-processors

Hetzner Online GmbH
Industriestr. 2591710
Gunzenhausen, Germany
Phone number: +49 (0)9831 505-0
Location for processing: Servers within EU/EEA
Performs measures hosting and storing.

Flowmailer
Van Nelleweg 1
3044 BC Rotterdam, the Netherlands
Phone number: +31 10-3074550
Location for processing: Servers within EU/EEA
Carrying out the dispatch of simulated attacks to the employees of the data controller.

Contact details

If you wish to exercise your rights, you can send a letter to Nimblr at the following address: “Nimblr AB, Norra Grängesbergsgatan 20, 214 50 Malmö, Sweden” or email Nimblr at info@nimblr.eu.

If you have any questions about our processing of personal data, you are also welcome to contact us by telephone on +46 40-545 008, stating that you wish to speak to our Data Protection Officer.