Top Notch Club

Oh no, something went wrong. Please check your network connection and try again.

Privacy Policy

This privacy policy describes how Top Notch Club Nordics AB processes the personal data of its customers, potential customers and websites visitors.

1. CONTROLLER

Top Notch Club Nordics AB
Business identity code: 559475-1652
Address: c/o Rob Taylar, Slottsstigen 6, 182 63 Djursholm

The contact person in matters related to this privacy policy is: CEO, Rob Taylar
E-mail: rob@topnotchclub.com

2. PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF THE PERSONAL DATA

Top Notch Club Nordics AB (“we”, “us”, “Top Notch Club”) processes personal data for the defined purposes and only to the extend necessary. The purposes and legal basis of the processing of personal data, according to the EU General Data Protection Regulation are as follows:

2.1. Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

In relation to the obligations arising from contracts to which data subject is party, or in the event we are taking steps prior to entering into a contract at the requests of the data subject, we are processing personal data as follows:

  • Providing the services and management of related measures
  • Fulfilling and managing the contractual rights and obligations of the parties in relation to the customer relationship
  • Processing of requests for proposals
  • Invoicing

2.2. Compliance with a legal obligation to which we are subject

We are obligated to process your personal data for the following purposes in order to comply with the legal obligations:

  • Executing obligations imposed on legislation

2.3. Data subject’s consent

In the following purposes we process your personal data if you have given the consent for such processing:

  • Usage statistics and site optimization management on the websites of Top Notch Club (cookies)

2.4. Legitimate interests pursued by us or by a third party

We process your personal data under our or third party’s legitimate interest for the following purposes:

  • Management and development of the customer relationship;
  • Management and development of our services;
  • Execution of draws and competitions;
  • Customer surveys and collecting and processing customer feedback;
  • Statistical purposes for analysing customer data;
  • To protect our business and financial interests, carry out risk management obligations and establish, exercise or defend legal claims.

The legitimate interest is based on customer relationship between Top Notch Club and the data subject. When processing personal data based on our legitimate interest, we weigh the benefits and potential disadvantages of processing, and have assessed that our data subjects’ rights and interests do not override our legitimate interest in processing personal data. You have the right to object to the processing of personal data based on legitimate interest.

2.5. Processing of special categories under article 9 of the EU General Data Protection Regulation

In some cases, we may need to process special categories of personal data in order to take into account customer’s special needs relating to their health or other physical state. Processing of such special categories of personal data is based on the article 9(2)(e) or (a).

3. CONTENT OF THE PERSONAL DATA AND CATEGORIES OF PERSONAL DATA CONCERNED

We process personal data of the following data subjects:

  • Potential customers and customers
  • Website visitors

The personal data processed contains the following personal data:

  • Basic information of the customer and potential customer, such as first name and last name
  • Contact details: phone number, e-mail, address, postal number and place of residence
  • The company represented by the data subject (employer) and the position at the company
  • The services and/or products chosen by the data subject
  • Payment and invoicing details

Provision of the above described personal data to the controller is a requirement necessary to enter into a contract with the data subject as collecting such data is requirement for performing the obligations of the controller. If the data subject does not give this personal data to the controller, then the controller may not be able to make a contract with the data subject.

4. REGULAR SOURCES OF THE PERSONAL DATA

Personal data is primarily collected from the data subject, for example, when the data subject reserves and purchases the products and/or services or products on our site.

5. DATA RETENTION

We will retain your personal data only as long as and only to the extent that is necessary in relation to the initial and compatible purposes of processing.

In addition, the personal data below will be stored in accordance with the following time periods or criteria used to determine that time period:

  • Information related to the customer relationship: for the duration of the customer relationship and for a period of time required under applicable legislation and for settling of possible claims.
  • Complaint handling: 7 years from settlement or closure
  • Contracts: current year plus 6 years or plus 12 years (if the agreement is executed as a deed)
  • Data subject rights requests including subject access requests: current year plus 6 years
  • Personal data included in the accounting documents mentioned in the Accounting Act (1336/1997) will be retained for a period of six (6) or ten (10) years from the end of the financial year depending on the nature of the accounting documents. If a provision of law requires that the documents should be retained for a longer period, that provision will be complied with.

We erase special categories of personal data immediately when there no longer is a need for its processing.

We evaluate the need to store personal data regularly. In addition, we perform all possible reasonable measures to ensure that any inaccurate, incorrect or outdated personal data will be deleted or corrected without delay.

6. THE RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA AND THE REGULAR DISCLOSURES OF PERSONAL DATA

We share your personal data within Top Notch Club when we have a genuine business need for that.

We may share your personal data with third parties in connection with an event or other service or product we provide, including but not limited to security providers, event promoters and promoter ticket agents.

We use external service providers (data processors) acting on behalf of us when needed. We have agreed on the data processing agreement with all our data processors. We require all our data processors to respect the security of the personal data and to treat it in accordance with the law. We do not allow our data processors to use the personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may disclose the personal data to third parties based on legal obligations of us or based on the official disclosure requests of the recipients based on applicable legislation.

7. TRANSFER OF THE PERSONAL DATA OUTSIDE THE EU OR THE EEA OR INTERNATIONAL ORGANISATION

The personal data is transferred outside the EU or the EEA in cases where needed, for example to IT- suppliers. In these cases, we ensure the lawfulness of the transfer by using appropriate safeguards. A copy of them is available by contacting the contact person mentioned above.

8. DESCRIPTION OF THE SECURITY PRINCIPLES

We have appropriate security measures in place to prevent your personal data being accidentally lost, or used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to personnel who have a genuine business need to know it to fulfil their duties. All personnel who have access to your personal data will only process your personal data on our instructions and they shall be subject to a duty of confidentiality.

We also have policies and procedures in place to deal with any suspected data breach so that we can act quickly to minimise any potential damage. We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We restrict technically the access to our information systems with personal usernames and passwords and the necessity of access rights are regularly assessed. In addition, we collect appropriate user log data regarding our systems.

9. AUTOMATED DECISION MAKING AND PROFILING

Customers’ personal data will be processed by the means of automated decision making or profiling.

10. COOKIES

Our websites use cookies to distinguish you from other users of our sites/apps. This helps us to provide you with a good experience when you browse our sites and to improve our sites, products and services.

For more information about the cookies we use and the reasons why we use them, please see our Cookies Policy [insert link]. We request your consent before using analytical or performance cookies, functionality cookies or targeting cookies, but do not require your consent to use strictly necessary cookies.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly.

11. RIGHTS OF THE DATA SUBJECT

You have a number of important rights in respect of personal data that we process about you. Those include:

Right to request access to your information – you can request a copy of your personal data which we hold and to receive certain information relating to that data (this is known as a ‘subject access request’). If you would like a copy of some or all of this information please contact us and let us know what information you would like.

Right to require us to correct any mistakes in your information – you can require us to rectify inaccurate information or to complete incomplete data. If you would like to do this, please contact us to let us know the information that is incorrect or incomplete and what it should be replaced with.

Right to object to how we process your personal data – you can ask us to stop processing of your personal data compelling legitimate interests pursued by us or a third party on grounds relating to your particular situation unless our legitimate interests shall override the interests, rights and freedoms of yours or processing is necessary for the establishment, exercise or defense of legal claims.

Right to withdraw your consent – where we are processing personal data relating to you on the basis that we have your consent to do so, you may withdraw your consent at any time (this will not affect the lawfulness of any processing carried out before you withdraw your consent). If you withdraw your consent, we may not be able to provide certain products or services to you.

Right to restrict processing – you can ask us to suspend the processing of your personal data in certain circumstances, for example, if you have notified us there is a mistake in the information we hold about you, you may ask us to suspend processing until that mistake is rectified or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to erasure – otherwise known as ‘the right to be forgotten’ – you can ask us to delete or remove your personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or if you have successfully objected to processing (note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.)

Right to receive or ask for your personal data to be transferred to a third party in a structured, commonly used and machine-readable format (note that this right only applies to automated processing of personal data concerning and provided by you and to which you initially provided consent for us to use or where we used the information to perform a contract with you).

The right to lodge a complaint with a supervisory authority – you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation. In Sweden processing of personal data is supervised by Integritetsskyddsmyndigheten and the contact details can be found on their website www.imy.se.

You can contact the contact person mentioned above in any matters related to requests or questions about your rights.

12. CHANGES TO THIS PRIVACY POLICY

Your privacy is important to us and we are constantly reviewing our policies and procedures to ensure we are meeting the high standards we set ourselves. We may amend this privacy policy from time to time.

This privacy policy was last updated on 17 April 2024.