Privacy Policy

Last update: 8 November 2022

1. Introduction

 

Why and who?

Anecdote cares about privacy and protecting the Personal Data handled by us. This means that we care about your personal integrity and actively work to protect it.


In this Policy we overall describe how and the purposes for which we use your Personal Data as well as what lawful basis we use and what measures we take to protect Personal Data. We also provide information on how you exercise the rights you have linked to our Processing of Personal data.

Anecdote, Inc, ("Anecdote", "we", "us", "our") is the Controller of all Personal Data listed in this Privacy Policy (the "Policy"). 


This Policy provides information on how we handle Personal Data when you communicate with us, visit our website www.anec,app and www.anec.cc or use our products or services (together the "Functions").


The intended recipient of the information provided in this Policy is:

  • Users of the Services

  • Employees of potential customers

  • Employees of existing customers

  • Visitors of our website

 

Definitions

"Applicable Law" refers to the legislation applicable to the Processing of Personal Data, including the GDPR, supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or EU supervisory authority.
 

"Controller" is the company/organization that decides for what purposes and in what way personal data is to be processed and is responsible for the Processing of Personal Data in accordance with Applicable Law.


"Data Subject" is the living, natural person whose Personal Data is being processed.

"Personal Data" is all information relating, directly or indirectly, to an identifiable natural person.


"Processing" means any operation or set of operations which is performed on Personal data, e.g. storage, modification, reading, handover and similar.


"Processor" is the company/organization that processes Personal Data on behalf of the Controller and can therefore only process the Personal Data according to the instructions of the Controller and the Applicable Law.

The definitions above shall apply in the Policy regardless if they are capitalized or not.


Anecdote's role as a Controller

The information in this Policy covers Personal Data Processing for which Anecdote is the Controller. As a Controller we are responsible for the Processing for which we decide the purpose of ("the why") and the means for the Processing (what methods, what Personal Data and for how long it is stored. The Policy does not describe how we Process Personal Data in the role of a Processor - i.e. when we process Personal Data on behalf of our customers.  

2. Sources of personal data

We collect information about you and how you interact with us in several ways, including:

  • Information you provide to us directly

  • Information collected from your employer or co-workers

  • Information automatically collected from your interactions with our website, products or services

  • Information from publicly available sources

  • Information from other third parties
     

3. Personal data types processed

  • Identifiers, such as name, username, postal address, email addresses,  instant messaging IDs, internet protocol (IP) address, phone number, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers.

  • Geolocation information, such as continent, country, region, city from your IP address or mobile device location

  • Professional or employment-related information, for example your company or employer, company information (e.g. website), your job title and role or your team

  • Commercial Information such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  • Internet/Electronic Network Activity or Usage, e.g. browsing history, search history, information about your device, operating system, location, and other information regarding your interactions with our products and services 

  • Inferences drawn from any of the information we collect to create a customer profile (e.g. company size, usage etc)
     

4. How we use your data

We may use each category of your information described above in the following ways:

  • To provide, administer, maintain, improve and/or analyze our Services

  • To communicate with you

  • To develop new products and services

  • To prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks; and

  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties

  • To comply with requests related to corporate transactions, e.g sales, mergers, acquisitions, reorganizations, bankruptcy and other corporate events


Aggregated Information. We may use your data in  a de-identified, anonymized, or aggregated format, if permitted in the applicable law.
 

5. How we process your data

Anecdote's Processing of Personal Data

We have a responsibility to describe and demonstrate how we fulfill the requirements that are imposed on us when we Process your Personal Data. This section aims to give you an understanding of what type of Personal Data we Process and for what reasons. 

 

For how long do we store your Personal Data?

We will keep your Personal Data as long as it is necessary for the purpose for which it was collected. Depending on the lawful basis on which we support the Processing, this may 

  •  be regulated in a contract, 

  •  be dependent on valid consent,

  •  be stated in legislation or 

  • followed by an internal assessment based on a legitimate interest assessment (LIA). 

 

We never store your Personal Data longer than necessary and delete Personal Data regularly. Anecdote also takes reasonable actions to keep the Personal Data being Processed updated and to delete outdated and otherwise incorrect or redundant Personal Data.


How do we get access to your Personal Data?

We collect your Personal Data in a number of different ways. We mainly get access to your Personal Data by you providing your Personal Data to us. 

 

Lawful basis

In order for us to be able to process your Personal Data, it is required that we have so-called legal basis for each process. In our business, we process your personal data mainly on the following grounds:

 

Consent - Anecdote may process your personal data after you have given your consent to the Processing. Information regarding the processing is always provided in connection to the request of consent.


6. Disclosure of personal data

In order to run our business, we may need help from others who will process Personal Data on our behalf, so-called Processors.


In cases where our Processors transfer Personal Data outside the EU/EEA, we have ensured that the level of protection is adequate, and in compliance with Applicable Law, by controlling that either of the following requirements are fulfilled: 

  • the EU Commission has determined that the level of protection is adequate in the third country where the data is processed;

  • the Processor has signed up to the EU Commission's standard contract clauses (SCCs) for data transfer to non-EU/EEA countries; or

  • the Processor has taken other appropriate safeguards prior to the transfer and that such safeguards comply with Applicable law.
     

We may also need to disclose your personal information to certain designated authorities in order to fulfill obligations under applicable law or legally binding judgements.

 

Our processors

Anecdote does not sell your Personal Data to third parties and of course we do not share your Personal Data with just anyone. However, in some cases we may need to share your Personal Data with selected third parties. If so, we make sure that the transfer happens in a secure way that protects your privacy. To follow are categories of recipients with whom we may share your data.
 

  • Service Providers: We may need to share personal data with our service providers to meet our operational needs. Examples of service providers are hosting services, cloud services, and other technology services providers, email communication software and email newsletter services, advertising and marketing services, and web analytics services. 

  • Corporate transactions: We may need to disclose your personal data if we are involved in corporate transactions such as reorganization, bankruptcy, receivership, or transition of service to another provider (collectively a “Transaction”). Examples of parties to whom we may need to disclose information are counterparties and others assisting the Transaction as well as successors or affiliates that are part of the transaction. 

  • Legal Requirements: We may need to disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.

  • Affiliates: We may share Personal Information with our affiliates, meaning an entity that controls, is controlled by, or is under common control with Anecdote. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.


7. How we keep your data safe

Anecdote has taken technical and organizational measures to ensure that your Personal Data is processed securely and protected from loss, abuse and unauthorized access.

Organizational security measures are measures that are implemented in work methods and routines within the organization, such as Internal governance documents (policies/instructions), training assigning a data protection responsibility and conducting a data protection impact assessment. 

Technical security measures are measures implemented throughout all technical solutions including encryption, access control levels, secure networks and zero-trust design in our applications.

 

8. Your data protection rights

You are the one in control of your Personal Data and we always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
 

Access - You always have the right to receive information about the Processing of data that concerns you. We only provide information if we have been able to verify that it is you that are requesting the information.


Rectification - If you find that the Personal Data we process about you is incorrect, let us know and we will fix it!


Erasure - Do you want us to completely forget about you? You have the right to be forgotten and request deletion of your Personal Data when the Processing is no longer necessary for the purpose for which it was collected. If we are required to retain your information under applicable law or a contract that we have entered with you, we will ensure that it is processed only for the specific purpose set forth in such applicable law or contract. We will thereafter erase the information as soon as possible. 


Objections - Do you disagree with our assessment that a legitimate interest for Processing your Personal Data overrides your interest in protecting your privacy? Don't worry - in such case, we will review our legitimate interest assessment. Of course, we add your objection to the balance and make a new assessment to see if we can still justify our Processing of your Personal Data. If you object to direct marketing, we will immediately delete your personal information without making an assessment.

Restriction - You can also ask us to restrict our Processing of your Personal Data

  • Whilst we are Processing a request from you for any of your other rights;

  • If, instead of requesting erasure, you want us to limit the Processing of Personal Data for a specific purpose. For example, if you do not want us to send advertising to you in the future, we still need to save your name in order to know that we should not contact you; or

  • In cases where we no longer need the information in relation to the purpose for which it was collected, provided that you do not have an interest in retaining it to make a legal claim.

 

Data portability - We may provide you with the data that you have submitted to us or that we have received from you in connection with a contract that we have entered with you. You will receive your information in a commonly used and machine-readable format that you can transfer to another personal data manager.

 

Withdraw consent - If you have given consent to one or several specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only withdraw your consent for future Processing of Personal Data and not for Processing that has already taken place.

 

How you use your rights

You may, at any time, request the information we store about you. Please note that it may take up to 30 days to provide the full information. Contact us via legal@anec.app for requests. 

If we don't keep our promise

 

If you think that we are not Processing your Personal Data correctly, even after you have notified us of this, you are always entitled to submit your complaint to the Swedish Authority for Privacy Protection.

More information about our obligations and your rights can be found at https://www.imy.se/

You can contact the authority via e-mail at: imy@imy.se


9. Changes to this policy

We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you about the changes in advance so that you are given the opportunity to take a position on the updated policy.


10. Contact

Please contact us if you have questions about your rights or if you have any other questions about how we process your personal information:  

Anecdote, Inc

651 N Broad St, Suite 206, Middletown, Delaware, 19709

legal@anec.app  


11. Supplemental terms  for California residents

Pursuant to the California Consumer Privacy Act (“CCPA”), this section applies to certain personal data collected about California residents where Anecdote acts as a “business” and supplements the rest of our Notice above.

This section does not apply to the following information:

  • Information about individuals who are not California residents;

  • Information we collect from individuals with whom we engage in solely a business-to-business relationship, such as employees of our business partners and customers; and

  • Information that we process as a “service provider” to our business customers. In such cases, we follow the instructions of our business partner when processing your personal data, and you should contact that business for more information about how your personal data is processed.


Sources of personal data: See Section 2 above.


Uses of personal data: See Section 4 related to the business and commercial purposes for which we collect personal information.


Disclosing personal data: 

Our data disclosure practices are described in:

  •  Section 3 (Collection of Personal data)

  •  Section 6 (Disclosures of Personal data - also illustrated in below list) 

  • We do not sell personal data (as such term is defined under the CCPA) 


Categories of data collected and their respective third party categories with whom we may disclose personal information for a business purpose:


Identifiers

  • Affiliates and subsidiaries

  • Service providers

  • With third parties at your direction or that are necessary to complete transactions

  • Providers of legal, security, and safety assistance and resources

  • Entities involved in a corporate transaction

  • Entities to which you have consented to the disclosure


Geolocation information

  • Affiliates and subsidiaries

  • Service providers

  • With third parties at your direction or that are necessary to complete transactions

  • Providers of legal, security, and safety assistance and resources

  • Entities involved in a corporate transaction

  • Entities to which you have consented to the disclosure


Demographic Information

  • Affiliates and subsidiaries

  • Service providers

  • With third parties at your direction or that are necessary to complete transactions

  • Providers of legal, security, and safety assistance and resources

  • Entities involved in a corporate transaction

  • Entities to which you have consented to the disclosure
     

Commercial information

  • Affiliates and subsidiaries

  • Service providers

  • With third parties at your direction or that are necessary to complete transactions

  • Providers of legal, security, and safety assistance and resources

  • Entities involved in a corporate transaction

  • Entities to which you have consented to the disclosure


Internet or other electronic network activity

  • Affiliates and subsidiaries

  • Service providers

  • With third parties at your direction or that are necessary to complete transactions

  • Providers of legal, security, and safety assistance and resources

  • Entities involved in a corporate transaction

  • Entities to which you have consented to the disclosure


Inferences

  • Affiliates and subsidiaries

  • Service providers

  • With third parties at your direction or that are necessary to complete transactions

  • Providers of legal, security, and safety assistance and resources

  • Entities involved in a corporate transaction

  • Entities to which you have consented to the disclosure


Your Rights:


Subject to legal limitations, certain California residents may exercise the following rights by submitting a request in this webform or emailing us at legal@anec.app.

  • Right to Know. You have the right to be informed about how and why and when data is collected, what data or categories of data is collected, as well as the disclosure of use and sales of PI. You have the right to request information about specific personal data we have collected about you

  • Right to Delete. You have the right to request that we delete personal data that we have collected from you.

  • Right to Opt Out. We do not sell personal information.

  • Right to Non-Discrimination: We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights.
     

To process your request we will:

  • Need to obtain information to in order to be able to verify your identity and locate you in our records

  • Respond to requests to Delete and requests to Know within ten days, unless we need more time in which case we will notify you and may take up to thirty days total to respond to your request.