Privacy Policy

1. Introduction
We value your personal privacy and strive to protect the personal data we process. In this policy, we explain what data we collect, how we use it, why we do so, and what rights you have as a data subject. You can always contact our Data Protection Officer (DPO) at fredrik.sellgren@collaborationart.com with questions regarding data and privacy protection.

Last Updated: September 25, 2025

2. Data Controller
Collaboration Art AB (organization number 559316-8981) is the data controller for the processing of personal data described in this policy, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). If you have questions or wish to exercise your rights, you can contact us:

Data Controller Contact Information
Company Name: Collaboration Art AB
Organization Number: 559316-8981
Postal Address: Svartmangatan 16, 111 29 Stockholm
Data Protection Officer: Per Fredrik Sellgren
Email: fredrik.sellgren@collaborationart.com
Phone: +46708636363

3. What Personal Data We Collect and How
Personal data refers to any information relating to you as a data subject that can directly or indirectly identify you, such as name and contact details. Processing refers to any operation performed on personal data, such as use, adaptation, collection, and organization of personal data.

3.1 Personal Data We Obtain from You
We may process personal data that you provide to us yourself. This may include personal data you directly provide to us in your communication with Collaboration Art AB or personal data generated as a direct result of your use of our website. Below you will find the categories of personal data we obtain directly from you on collaborationart.com.

CATEGORIES OF PERSONAL DATA

Identity Data: For example, unique online identifiers (such as an IP address or user ID).
Contact Information: For example, email address and phone number, if you choose to contact us directly.
Input Data: For example, data generated when you make selections on or otherwise use our website, including information on whether you have accepted our cookies.
Behavioral Data: For example, information about how you interact with our website, including how you reached our website.
Device Information and Network Identifiers: For example, information about your computer, phone, or other device, such as your IP address, user ID, time zone, language settings, or geographical information.

(For this website, we do not process personal identification numbers, BankID information, payment information, or data related to customer relationships.)

4. Purposes, Legal Basis, Rights, and Storage Period
Collaboration Art AB processes your personal data for the purposes stated below. The description indicates what personal data is processed, our legal basis, and how long the data is stored.

4.1 Provide you with access to our website and other services you request

Purpose: To display and provide you with access to our website, we process your personal data through so-called necessary cookies. This processing is a technical prerequisite for us to operate and provide you with access to our website, delivering a service you have explicitly requested.
Personal data we obtain from you: Input Data, Device Information and Network Identifiers
Legal Basis and Rights: When we process your personal data for this purpose, we base the processing on Article 6.1 (b) of the GDPR, which is that the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (i.e., enabling your use of our website). Since these cookies are essential for the basic functionality of the website, you do not have the option to decline them without impacting your ability to use the site.
Storage Period: We store your personal data for the retention period specified in our cookie list. These cookies are necessary for our website to function correctly and therefore cannot be turned off. Read more about our use of necessary cookies in our cookie policy.

4.2 Analyze how our website is used

Purpose: To understand how our users use our website and thereby improve these digital services in the long run, we process your personal data through so-called analytical cookies. By using analytical cookies, we can compile statistics on how our website is used, for example, by measuring visits and traffic sources. We also use your personal data to optimize our website through so-called A/B testing, which means you may randomly land on a test version of our website. Information about how you interact with such test versions is then used to develop our business and improve and streamline our digital services.
Personal data we obtain from you: Input Data, Behavioral Data, Device Information and Network Identifiers
Legal Basis and Rights: When we process your personal data for this purpose, we base the processing on Article 6.1 (a) of the GDPR, i.e., your consent which you give by accepting our analytical cookies in our cookie banner. If you have not accepted our analytical cookies, we will not process your personal data for this purpose.
Storage Period: We store your personal data for a maximum of thirty-six months from the date of receiving your consent. You can withdraw your consent at any time, whereupon we will cease our processing of your personal data and delete it without undue delay.

4.3 Direct and personalized marketing communication to you

Purpose: Our communication largely takes place in digital format. To enable our digital communication to be personalized and relevant to you, we analyze and track your behavior on our website. This includes creating a profile about you to categorize you into a specific target group for personalized communication. We do this through so-called marketing and advertising cookies. These cookies can also be used by us for “retargeting,” which means that through this tracking technology, we can identify you on other websites and digital channels to display relevant communication from us, and to create custom audiences for advertising via third parties.
Personal data we obtain from you: Identity Data, Contact Information (if you choose to provide it directly to us), Input Data, Behavioral Data, Device Information and Network Identifiers
Legal Basis and Rights: When we process your personal data for this purpose, we base the processing on Article 6.1 (a) of the GDPR, i.e., your consent which you give by accepting our marketing and advertising cookies in our cookie banner. If you have not accepted our marketing and advertising cookies, we will not process your personal data for this purpose.
Storage Period: We store your personal data for a maximum of thirteen months from the date of receiving your consent.

4.4 Analyze the performance of our digital marketing communications

Purpose: To improve and optimize our digital marketing communications, we use tracking technologies to analyze how you interact with our communications, which involves the processing of your personal data.
Personal data we obtain from you: Behavioral Data, Device Information and Network Identifiers
Legal Basis and Rights: When we process your personal data for this purpose, we base the processing on Article 6.1 (a) of the GDPR, i.e., your consent which you give by accepting marketing and advertising cookies in our cookie banner.
Storage Period: We store your personal data for this purpose from the time you accept our marketing and advertising cookies until you withdraw the same, or for up to ninety days from the date we receive your personal data, whichever comes first.

5. Your Rights
As a data subject, you have several rights regarding your personal data under the GDPR. These rights are listed below. If you wish to exercise your rights, you can contact our Data Protection Officer (DPO) at fredrik.sellgren@collaborationart.com, or at the contact details provided in section 2 of this privacy policy.

Right to Information: You have the right to receive information about how Collaboration Art AB processes your personal data. Such information is provided through this privacy policy when your personal data is collected and is always available on www.collaborationart.com. You also have the right to receive specific information if a personal data breach occurs that affects your personal data and there is a risk of, for example, fraud or identity theft. We communicate such information directly to you via email.
Right to Access: You have the right to access a summary of your personal data that Collaboration Art AB processes (a register extract). However, under certain conditions, Collaboration Art AB may deny your request for access if, for example, you request access many times within a short period.
Right to Rectification: You have the right to have inaccurate personal data rectified or incomplete personal data completed. The right to rectification applies to both personal data collected from you or third parties and any profile Collaboration Art AB may have created through profiling. You can notify us via email at fredrik.sellgren@collaborationart.com if you wish for us to rectify or complete your personal data.
Right to Erasure: You have the right to request that your personal data be erased when it is no longer necessary for the purpose for which it was collected. You can notify us via email at fredrik.sellgren@collaborationart.com if you wish for us to erase your personal data. However, there are legal requirements that prevent us from erasing certain information, for example, accounting laws. In such cases, we ensure that such personal data is not processed beyond what is required for us to fulfill these obligations and limit access for Collaboration Art AB’s employees to such personal data.
You may also have the right to have certain personal data erased when you object to processing as per section 4.4 above, and Collaboration Art AB does not have an overriding legitimate ground for the processing.
Right to Restriction of Processing: In certain cases, you have the right to request that our processing of your personal data be restricted. If you believe that the personal data we process about you is inaccurate and you have requested rectification, you can request a restricted processing of your personal data. In such cases, restricted processing will occur during the time we work to verify whether the personal data is correct or not, if the processing is unlawful and you oppose the erasure of the personal data and instead request a restriction of their use, if we no longer need the personal data for the purposes of the processing but you need them to establish, exercise or defend legal claims.
If processing has been restricted according to any of the situations above, we may, in addition to storage itself, only process the data to establish, exercise or defend legal claims, to protect the rights of another natural or legal person, or if you have given your consent.
Right to Object to Certain Processing: You always have the right to object to direct marketing without a balancing of interests being performed.
Right to Data Portability: In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller, so-called data portability, provided that the transfer is technically feasible and can be done automatically. This applies to data that you have provided to us and that we actively process with your consent or based on a contract as the legal basis. You can notify us via email at fredrik.sellgren@collaborationart.com if you wish to receive a register extract of your personal data.
Right to Withdraw Your Consent: In cases where you have given your consent, you have the right to withdraw that consent at any time. You can withdraw your consent by sending us a message to fredrik.sellgren@collaborationart.com, or via the contact details provided in section 2 above. Upon withdrawal of consent, we will cease the relevant processing of your personal data and delete it without undue delay.
Right to Lodge a Complaint: If you believe that we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) via the contact details provided in section 10 below. Read more about how to submit a complaint on the IMY website www.imy.se.

6. Who Do We Share Personal Data With?

6.1 Suppliers and Sub-processors
Suppliers and sub-processors are companies that provide Collaboration Art AB with the services and functionalities required for us to operate and develop our website. Examples of suppliers and sub-processors include companies that provide Collaboration Art AB with IT services and manage necessary operation, technical support, and maintenance of our IT solutions, and analytics and marketing services. It may also occur that Collaboration Art AB transfers your personal data if authorities and courts request it in accordance with law or official decision, in which case the transfer is based on our legal obligation. In such cases, however, some of these suppliers and/or sub-processors process your personal data for their own purposes and are thus separate data controllers for that part of the personal data processing. To read more about how these companies process your personal data, we refer you to their privacy policies.

Collaboration Art AB needs access to services and functionalities from other companies that we cannot offer ourselves. We may therefore share your personal data with suppliers or sub-processors to access these services and functionalities in the performance of our commitments or for the other purposes set out in this privacy policy. We ensure that any sharing is necessary for the purposes described in this privacy policy and is carried out under an appropriate legal basis. We enter into data processing agreements with all suppliers who process personal data on our behalf, in accordance with applicable data protection regulations.

6.2 Transfer of Your Personal Data within the EU/EEA
Collaboration Art AB does not sell information about you to third parties. However, in operating our business, it is necessary for us to share your personal data with certain third parties for purposes including providing you with our services. We then take all necessary technical, legal, and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection. The following categories of third parties may receive and process your personal data: IT operations providers, and analytics and marketing providers.

6.3 Transfer of Your Personal Data Outside the EU/EEA
In some cases, we may share your personal data with actors in a country outside the EU/EEA, a so-called third country. In a third country, the GDPR does not apply, which may entail an increased risk from a privacy perspective regarding, among other things, the possibility for authorities in a third country to access your personal data and your possibilities to exercise control over the personal data. To protect your personal data and to maintain an adequate level of protection for your personal data, the transfer is based either on a decision from the EU Commission on an adequate level of protection or through appropriate safeguards such as binding corporate rules approved by the competent supervisory authority, or the EU Commission’s standard contractual clauses combined with organizational and technical safeguards.

We always intend to carry out a risk assessment before a transfer to a third country occurs, and take both technical and organizational safeguards to ensure an appropriate level of protection. We always strive to transfer as little personal data as possible to countries outside the EU/EEA, and if possible, in anonymized form.

7. How Do We Protect Your Personal Data?
We use appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. Only authorized personnel and processors with a documented need have access to the data. By combining organizational security measures such as access restrictions and procedures for personal data breaches with technical security measures such as firewalls and encryption, we have created a robust security solution regarding the protection of your personal data. Collaboration Art AB is committed to continuously developing our information security to protect your personal data.

For more information about the security measures we take and what these mean for you and your personal data, please send an email to fredrik.sellgren@collaborationart.com.

8. Cookies and Tracking Technology
We use cookies and similar technologies to enhance your experience on our website and to analyze traffic. You can read more about what cookies we use, how long they are stored, and how you can manage your settings in our cookie policy.

9. Changes to This Privacy Policy
We continuously improve and develop our website, and the content of this privacy policy may change over time. We encourage you to read this privacy policy every time you use our website. If significant changes have been made, we may notify you by email or otherwise.

10. Contact and Complaints
Collaboration Art AB constantly strives to ensure that we comply with data protection legislation. If you have questions about the processing of your personal data or if you wish to exercise your rights under section 5 above, you are welcome to contact our Data Protection Officer (DPO) Per Fredrik Sellgren at fredrik.sellgren@collaborationart.com.

If you are not satisfied with our handling of your case, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
Email: imy@imy.se
Website: www.imy.se
Postal Address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm