GDPR

Our adoption of GDPR

Our processing of your personal data

We value our business relations and think that it is important to communicate with you in a time efficient and swift way. Our standards regarding quality and ethics are strict and we take care not to use the personal data that we collect in a way that might offend you or that exceeds the restrictions of the law. Therefore, we are hopeful that you too agree there are good reasons for us to collect and save your personal data so that we can retain our business relations. The collection, storage and use of your personal data is called processing of personal data and may, according to the new General Data Protection Regulation in force from 25 May 2018, only be conducted on the basis of certain specific legal grounds.

The data that we save about you is used to identify you, contact you, and to fulfill any rights and obligations that we might have towards you or your company in an agreement. This data may also be used to evaluate, develop and improve our services, products and IT-systems for our practices in general. We may send you information about our business, such as press releases and information about events or conferences that we arrange or partake in and contact you regarding our business relation or an agreement between us.

If you are not comfortable with us processing your personal data, there is more information about what rights you have and how you may exercise them under the headline “What rights do you have in regards to your personal data” below.

We process the following personal data

 We save your name, address, telephone number and email-address as well as your title or your function at work. If you are a service provider providing services to us under an agreement we may also save information that relates to the engagement, such as your CV We may also add information about you that we find in public registers or social media
 If we have arranged an event, a conference or other social arrangement we may save photos or films from the occasion, where you might be included, and use this for documentation or for marketing of future events
 If you are a representative of an investor, or a potential investor, in one of our investment funds, we will - due to regulatory requirements regarding measures against money laundering and financing of terrorism - also collect and process data to understand whether you are 1) a beneficial owner of a company we are doing business with, 2) a politically exposed person that might be subject to bribery or corruption, 3) a person / entity that has been sanctioned by the EU in the EU’s sanction lists

Our processing and purposes

 Contact persons for engagements, agreements or reporting; Our processing of your personal data may be related to you being named as the contact person representing your employer in a business relation with us on basis of an agreement, an assignment or to receive reports. In such a case we will use your name, telephone number, address and / or email-address to take contact with you and your company in order to fulfill our legal obligations or business interests. In these cases, we will assume that your employer has informed you or has obtained the necessary consent from you to use your personal data in this way
 Notice of interest; If you have shown an interest in our business or our investments and made contact with us personally, via our Infranode websites, or through a mediator, we may save your personal data to be able to get back to you if an opportunity would arise that we believe you would be interested in. If you have shown an interest in participating at an event or a conference or other arrangement that we arrange or partake in, we might save your personal data to be able to invite you to a future event that we think might be of interest to you
 Forms; When you contact us via our Infranode websites we will save your contact details to be able to answer your questions or provide requested information
 Electronic processing and data protection; We may use personal data to improve our services, protect or enhance our IT-security and to investigate or prevent trespassing or data breaches (e.g. by using cookies or IP-addresses: please see information about cookies)
 Investigations, complaints, breaches, crimes or litigation; It might happen that personal data about you have to be processed in order ascertain or exercise responsibilities, to investigate possible breaches of contracts or crimes, or to defend our legal rights

How and when may Infranode share information about you to others?

Infranode may share your personal data with our branch office in Norway and our sister companies Areim AB (Real estate fund manager in Sweden) and Areim Advisory (property adviser in Sweden), to ensure a swift and relevant communication about our businesses to you. In general, we do not share your personal data with parties outside the European Union but try to keep the processing of personal data within the EU / EES area.

This is how we share information
 Personal data processed within the IT-systems that we use to provide our services may be shared with IT-service providers outside EU / EES. Such may be deemed necessary in ensuring a qualitative and reliable service provision through secure techniques to you. In such a case, we will ensure in agreements that the provider uses adequate security measures to protect your personal data
 If you are a member of the board or senior manager in one of our investments your personal data will be shared with our accounting firm, with the payment service provider, with the property manager, and as necessary any maintenance providers. In the event of litigation, legal processes or other circumstance that might require outside advice, the personal data may also be shared with a legal firm, an authority or other relevant party
 Infranode does not sell personal data or other information about our relations to third parties
 We may also share personal data with authorities acting on their own mission in accordance with laws or authority decisions, e.g. Finansinspektionen, Datainspektionen, the legal courts, the tax authority or the police

How long do we save personal data?

Infranode Holding AB is a registered alternative investment fund manager (fund management) with Finansinspektionen. This means that all information about our businesses, our services, business relations, clients etc. must be archived and retained for at least five (5) years - although even longer archiving may be necessary

Retention periods
 Should the personal data be collected on basis of the Know Your Customer rules in the regulations for measures against money laundering and financing of terrorism the personal data will be saved for at least five (5) years. If the individual that the data belongs to has been subject to an investigation, which we are prohibited from informing the individual of, it will have to be saved for ten (10) years
 The requirement to retain information regarding our fund management may mean that we are prevented from disposing personal data pertaining to you before the five years have elapsed since collection of it is needed to fulfil rights and obligations under an agreement, or specific regulatory requirements
 Information needed for accounting and book keeping shall be saved in accordance with the Accounting Act for at least seven (7) years

What rights do you have in regards to your personal data

Your rights include the right to know what personal data on you that we process and possess, and you have the right to object or restrict such processing. You also have the right to correct or complete it, or in some cases to have it erased, or to be transferred to another party. Additionally, you have the right to file a formal complaint.

If we have obtained the personal data through your explicit consent you have the right to, at any time, withdraw that consent. We will then erase it, unless there is some other legal basis for our right to process the personal data, e.g. a legal agreement between us, that makes it necessary for us to keep it.

Exercising your rights
 Should you have any questions concerning your rights or wish to exercise any of them you are most welcome to contact us at info@infranode.se and we will help you as best we can. Please note that you must be able to identify yourself to be able to exercise your rights
 We will process your question and / or request without undue delay and no later than one (1) month after we have received said request and we will inform you of the measures we have taken in relation to your request or inquiry
 If your request is complicated or comprehensive the time frame may be extended with up to two (2) months. In such a case we will inform you about the delay and the reason(s) for it
 Should a request be unfounded or unreasonable Infranode is entitled to refuse to take any action, or to levy a reasonable fee for the processing of the request
 Should you be unsatisfied with our processing of your personal data or any request you have the right to file a complaint against Infranode with Datainspektionen that is the Swedish supervisory authority for data protection rules

How do we protect your personal data?

Infranode applies both technical and organizational measures to protect your personal data against unlawful access and loss. Specific authorization and / or technical authentication is required to process and / or move personal data within Infranode or to an external, authorized, party.