Privacy policy

Version 2024-05-03

It is important to us, Cohen Advisory AB, company registration number 559462-6284, to protect all personal data that we process. This Privacy Policy includes information on how we process your personal data, and it applies in relation to all processing activities that we conduct in the capacity of data controller. Of course, we only process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (the ”GDPR”) and other applicable laws.

1. Introduction and Important terms

For this Privacy Policy to get easier to read, some of the terms used herein are described below.

The term ”personal data” (or sometimes just ”data” or ”information”) refers to information about you or someone else (i.e., to any identifiable, natural person), even if linking the information to you or someone else would require some effort. This could for instance be information about your phone number or your workplace.

The term ”processing” refers to any action taken, such as use or collection, by us in relation to personal data. The processing can either be automatic or manual.

The term ”data controller” refers to the person who is responsible for certain processing of personal data, thus determines the purpose of the processing. We, Cohen Advisory AB, are the data controller in relation to the processing of personal data which we conduct on our own behalf, and it is such processing that is covered by this Privacy Policy. You find our contact details further down in this policy.

The term ”you”, when used herein, refers to a person whose personal data we process in the capacity of data controller. Depending on your relationship with us or actions taken by you, i.e., which type of data subject you are (see the left column below in Section2), the information in Section 2 below may be applicable. The different kind of data subjects whose personal data we process in accordance with this Privacy Policy are the following:

1. Potential customers’ employees and consultants (and, where applicable, founders and shareholders)

2. Our customers’ employees and consultants (and, where applicable, founders and shareholders)

3. Persons who are involved or otherwise relevant for an assignment that we perform for a customer of ours

4. Persons who represent our suppliers, partners, and other persons within our network

5. Persons who apply for a job with us or who are otherwise subject to a recruitment process of ours.

2. Processing of personal data

Below you will find information on how, for how long, and based on what legal ground we process your personal data as well as what kind of personal data we process.

Data subjec

Potential customers’ employees and consultants

Potential customers’ employees and consultants

Customers’ employees and consultants

Customers’ employees and consultants

Persons who are relevant for an assignment

Persons representing our suppliers, partners, and other persons within our network

Persons representing our suppliers, partners, and other persons within our network

Persons representing our suppliers, partners, and other persons within our network

Persons who apply for a job with us

All categories of data subjects

All categories of data subjects

All categories of data subjects

All categories of data subjects

Processing and purpose of processing

To be able to create business relationships with new customers, we collect the data, compile the data in our system for any future contact with you, control if there is a conflict of interests and we communicate with you by email, phone (by talking, texting or otherwise) and/or in another way.

To be able to comply with legal obligations in connection with us creating new business relationships with customers, we collect the data, compile the data in our system and, where required, disclose the data to authorities.

To be able to perform and administrate such assignments that we and your employer/principal have agreed on, including provide our services, for invoicing purposes and to be able to identify you (should you be a sole trader), we collect the data, compile the data in our system for customer management, we communicate with you by email, phone (by talking, texting or otherwise) and  use the data to be able to get paid.

To be able to, for marketing or information purposes, inform about us and our services and products, we compile the information in our system and use it to send news and information emails and similar. Should you no longer wish to receive such information, we also compile and use such information to ensure that no more emails are sent to you.

To be able to provide the services that we have agreed with our customers on, and to the extent you are relevant for a specific assignment, we may need to process your personal data (for instance by inserting you as a party to an agreement). Due to our duty of confidentiality which applies between us and our customers, we cannot, unfortunately, provide further information about such processing to anyone other than the relevant customer. However, all processing activities will be in accordance with the GDPR and other applicable regulations.

To be able to create business relationships with new suppliers, partners, and other persons within our network, we collect the data, compile the data in our system for any future contact with you, control whether there is a conflict of interests and we communicate with you by email, phone (by talking, texting or otherwise) and/or in another way.

If we have entered into an agreement with a supplier, partner or other person within our network, the purpose of the processing is dependent on what have been agreed with you/the company that you represent. In general, if processing takes place for us to be able to perform and administrate what has been agreed to. If the agreement implies that we shall provide our services to you/your company or something similar, what is stated above in relation to our processing of the personal data of our customer’s employees/consultants when performing and administrating assignments applies.

To be able to, for marketing or information purposes, inform about us and our services and products, we compile the information in our system and use it to send news and information emails and similar. Should you no longer wish to receive such information, we also compile and use such information to ensure that no more emails are sent to you.

For us to be able to find suitable persons to hire for employment, we compile the data in our system for any future contact with you, we communicate with you by email, phone (by talking, texting or otherwise) and/or in another way, and use the data in connection with eventual job interviews and in connection with taking of references.

We may need to process certain personal data in order to fulfil an obligation under law (for example, to fulfil our obligation to keep accounts). The types of processing that may occur is dependent on what legal obligations that we have from time to time. For example, we may use the information on invoices that we have sent to your employer/principal (directly or indirectly) in order to keep accounts. It could also be that we share your data with authorities to the extent they require us to do so.

We may need to process certain personal data in order to safeguard our or someone else’s rights and/or interests in the event of a legal claim against us or someone else. The type of processing is depending on each situation. Normally, we may need to use the data in connection with court proceedings or when having a dialogue with a counterparty or counterparty counsel.

To be able to reconstruct, such as divide into several businesses, or if someone wishes to invest in us, acquire us or a part of us, or any of our assets, we might have to disclose your personal data to such potential investor or purchaser (who is bound by a confidentiality obligation), for instance as part of a due diligence investigation, and take other measures within the scope of the above-mentioned purpose (such as discussing with a counterparty about their findings). For the avoidance of doubt, the processing of your personal data will continually be in accordance with this policy, unless you are informed otherwise.

If you on your own initiative provide us with other personal data than the one that we it requested, we may process them by, for instance, compiling them in our systems and communicate with you about them by email, phone (by talking, texting or otherwise) and/or in another way.

Type of personal data

Contact details such as name, work title, phone number and email address.

Your personal identification data (such as your personal ID number, your nationality, and a copy of your ID card) required for our compliance with the Swedish Money Laundering Act (2017:630) (Swedish: penningtvättslagen) and other applicable law (from time to time) for discouraging money laundering.

Contact details such as name, work title, phone number, email address, information about your employer’s or principal’s order/current agreement, information about previous agreements, conversation data, and, should you be a sole trader, your personal ID number and invoicing and other payment data.

Email address and, in some cases, your name.

It is hard to predict all types of personal data that we may process, however, in many cases we process information about your name and other contact details, information about your employment, your shareholding and/or meeting notes that includes your personal data.

Contact details such as name, work title, phone number and email address.

In most cases only contact details such as name, work title, phone number and email address. If you provide us with other personal data, we will also process such data. We might also request that you provide us with additional data as depending on the type of agreement to be or which has been entered into.

Email address and, in some cases, your name.

Contact details such as name, phone number and email address, information included in your CV and other parts of your application, as well as notes from eventual job interviews and our taking of references.

Eventually, we may have to process your contact information such as name, work title, telephone number, email address, information about your employer’s/principal’s order/the relevant agreement, previous agreements, information about your employment, your shareholding in a certain company, your consultancy assignment or similar, and, should you be a sole trader, your personal ID number and invoice or other payment information.

All categories of personal data set forth above or below in this column may be processed.

All categories of personal data set forth above or below in this column may be processed.

Since we cannot control what information you provide us with, any type of personal data may be processed.

Legal ground for processing

It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data.

The processing of personal data is necessary for compliance with a legal obligation.

It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. In some cases, our processing is based on the agreement between your employer/principal and us.

We have a legitimate interest in being able to market ourselves and provide information about us, and that is the legal ground for our processing. We are obliged to not continue to send newsletters to you should you not wish to receive them anymore, which is why such processing is based on our legitimate interest in complying with applicable law and respecting your wishes.

Our processing may be based on the agreement between us and our customer. In some cases, it will however be based on our legitimate interest, after having carefully assessed the matter, in providing our services and thereupon process the data.

It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data.

It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. In some cases, the processing will be based on the agreement between you/your employer/your principal and us.

We have a legitimate interest in being able to market and inform about ourselves and that is the legal ground for our processing. We are obliged to not continue to send newsletters and similar information to you should you not wish to receive such anymore, which is why we base the relevant processing on our legitimate interest in complying with applicable law and respecting your wishes.

If you submit an application to us, this means that you give your consent to our processing of your information. If we, as a result of our own searching activities, find that you are a potential candidate and therefore process your data, we do so because it is necessary for us in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data.

Such processing of personal data may take place on the basis that we have a legal obligation that requires the processing.

Should we need to process personal data for the stated purpose, we consider, after having carefully assessed the matter, that we have a legitimate interest in doing so.

If we process data due to the stated purpose, such processing will be based on our legitimate interest, after having carefully assessed the matter, in being able to restructure ourselves, finance our business or as otherwise stated, and thereby process your personal data.

The legal ground for our processing is dependent on the type of data provided by you and the reason for it. The processing may thus be based on your consent, an agreement, our legitimate interest or other legal ground.

How we receive the personal data

It varies; for instance, we might receive it directly from you when you contact us, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website.

Most of the personal data, we have received directly from you. It may also be that we collect it from the internet.

Most of the personal data that we process about you, we have received directly from you. For instance, it might be that you provide us with information when your employer/principal, through you, engage with us for the provision of services, or when you send emails to us. It might also be that your employer/principal or one of your colleagues provides us with information about you.

It varies; for instance, we might receive it directly from you when contacting us, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website.

Most of the personal data that we process, we have received from our customer or a counterparty or the legal counsel of the counterparty. It may also be that we collect the data from the internet.

It varies; for instance, we might receive it directly from you when contacting us, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website.

Most of the personal data that we process about you, we have received directly from you. For instance, it might be that you provide us with information when your employer/principal, through you, have entered into an agreement with us. It might also be that your employer/principal or one of your colleagues provides us with information about you. Further, we might also, where needed, collect it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website.

It varies; for instance, we might receive it directly from you when contacting us, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website.

If you submit an application to us, the data is thus collected directly from you. We may also collect the data ourselves from the internet, including from social media (such as LinkedIn), or another third party (such as from someone telling us about you). Personal data may also be collected directly from you in connection with job interviews and in connection with taking of references.

Most of the personal data that we process about you, we have received directly from you. For instance, it might be that you provide us with information when your employer/principal, through you, engage with us for the provision of services, or when you send emails to us. It might also be that your employer/principal or one of your colleagues provides us with information about you.

Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply.

Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply.

We receive the data directly from you, your employer/principal or another third party.

3. Storage periods

We process personal data only for as long as it is necessary to fulfil the purpose with the processing. When we no longer need certain personal data for the processing stated above, we delete it. Depending on the legal ground for the processing, the period during which we process the personal data may be governed by an agreement, be subject to a valid consent, be specified in legislation or be a result of our own assessment based on our legitimate interest.

4. Security

We have taken technical and organizational measures to ensure that your personal data is protected in the best possible way (such as by introducing passwords, two-step verification, secure networks, instructions, when choosing our systems etc.). We ensure that your personal data is not disclosed other than when necessary (which varies depending on the type of personal data and the purpose of the processing) and otherwise ensure that it is protected from loss and unauthorized access.

5. Disclosures

The personal data that we process is available to a limited number of persons within our organisation (which varies depending on the type of personal data and the purpose of the processing) who are employees or consultants. We also share personal data with our subcontractors and, where applicable, to potential investors and purchasers according to Section 2 above, to the extent necessary for us to be able to achieve the purpose of the personal data processing. We never share more information than necessary given the purpose of the sharing. We choose our subcontractors with great care and enter into data processing agreements with all of them, meaning that they may only process personal data in accordance with applicable law and our instructions. We use or may use, as from time to time, subcontractors / third-party tools for the following purposes:

i)                     IT system support

ii)                   Email marketing

iii)                  Electronic contract signing and contract management

iv)                  Document management / storage

v)                    Consultation with partners

vi)                  Invoicing and financial support

1Further, it may happen that we share personal data with authorities when legally required to do so, and to such (natural or legal) persons who our customer has instructed us to share information with.

We strive for your personal data to be processed within the EU / EEA. However, some of our subcontractors are domiciled outside the EU / EEA, and therefore personal data may sometimes be transferred and processed outside the EU / EEA where other rules on personal data processing apply. However, we will always take all necessary measures to ensure that your personal data is processed with appropriate safeguards in accordance with the GDPR and other applicable laws.

6. Your rights

Due to our processing of your personal data, you have the following rights:

i)                     You have the right to

a.         access the personal data which concerns you and which is processed by us, and

b.        should it or parts of it be inaccurate and/or incomplete, have it rectified or completed.

ii)                   You have the right to demand

a.         that we erase the personal data which concerns you and which is processed by us,

b.        that we restrict our processing of your personal data, and/or

c.         that we completely discontinue our processing of your personal data.

iii)                  You have the right to exercise your right to data portability (i.e., the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format which may be transmitted to another controller).

iv)                  Should our processing of your personal data be based on your consent, you have the right to withdraw such consent (in relation to future processing).

The rights set forth above apply subject to the duty of confidentiality which we have in relation to our customers. Such duty of confidentiality implies that we cannot disclose certain data that our customers have shared with us.

If you wish to exercise one or several of your rights, you are welcome to contact us via the contact details provided in Section 7 below. If you exercise your rights as described above, we may not be able to cooperate or have continued contact with you (or the company that you represent), provide our services to you (or the company that you represent), include you in a recruitment process etc.

The rights set forth above are not absolute, and you only have the right to exercise them to the extent it would be in accordance with the GDPR and other applicable law. For example, we might have to continue to process your personal data i) for the purpose which it was collected, ii) according to our conclusion after having carefully weighed interests, or iii) otherwise according to EU law or the national law of an EU country.

Further, you have the right to make complaints about how we process your personal data if you believe that this is not done in accordance with applicable laws. You may do this by contacting the Swedish Authority for Privacy Protection (Swedish: Integritetsskyddsmyndigheten), for instance by using the email address imy@imy.se. Other contact information for the Authority for Privacy Protection can be found here: https://www.imy.se/kontakta-oss/.

7. Contact and questions

If you have any questions about our personal data processing or want to exercise your rights as set out above, you are welcome to contact us. The easiest way to reach us is to send an email to privacy@cohenlaw.se. Also, you are always welcome to send us a letter. Our address is: Cohen Advisory AB, c/o Cohen, Vanadisvägen 26A, 113 46 Stockholm, Sweden.

8. Privacy policy updates

We may make changes to this Privacy Policy. The latest version of it is always available upon request and on our website. Before any material amendments to this Privacy Policy enter into force, we will inform you about them (for instance through a notice on your website or an email) before continuing the processing of your personal data.