Welcome to Multiply’s Privacy Policy!
Multiply takes your privacy very seriously and is committed to protecting your personal data. Please read this Privacy Policy (“policy”) carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your “personal data”) in connection with your use of our Platform. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
This privacy policy is divided into the following sections:
This privacy policy is divided into the following sections:
•
Who we are, purpose of this privacy policy and our processing role
•
Contact details
•
Personal data we collect about you
•
How your personal data is collected
•
How and why we use your personal data
•
Marketing
•
Who we share your personal data with
•
How long your personal data will be kept
•
Transferring your personal data out of the European Economic Area (EEA)
•
Cookies
•
Your rights
•
Keeping your personal data secure
•
How to complain
•
Changes to this privacy policy
Any word with a capital letter in this policy shall have the same meaning as in the Platform Terms of Acceptable Use, unless otherwise stated. The Platform Terms of Acceptable Use are accessible at here.
1.3
These Terms supplement any separate Multiply SaaS Subscription Agreement (Agreement) you have entered into if you are a corporate customer (Customer). In the event of a conflict between these Terms and your Agreement with us as. Customer, your Agreement will prevail. Customers are solely responsible for ensuring their Authorised Users comply fully with these Terms.
Who we are, purpose of this policy and our processing role
Multiply Potential AB is a company registered in Sweden under company number 559225-3768 (“Multiply”). Multiply operates a web-based platform, website, mobile and desktop app as available (together, our “Platform”) which provide a connected all-in-one workspace and collaboration forum for all of your documents, developments, files, meetings, information, data and people you collaborate with. For more information about us, please visit our “About us” page on our website: multiply.co.
As such, we collect and use the personal data of two different categories of data subjects:
1.
Users with accounts on our Platform; and
2.
Customers with a subscription agreement governing use of our Platform pursuant to which they can give access to their Authorised Users.
For the avoidance of doubt, all Content uploaded on our Platform by or on behalf of a Customer or Authorised User shall remain the User’s or Customer’s property (as applicable). The User or Customer shall be considered a controller of all personal data contained in such Content, Multiply simply being a processor of such data, within the meaning of the applicable privacy laws.
Multiply however collects, uses and is responsible for certain personal data about you. When we do so we are subject to the EU GDPR (the General Data Protection Regulation (EU) 2016/79, as amended from time to time) and the UK GDPR (the UK General Data Protection Regulation), as applicable based on your location in the European Union or the United Kingdom, and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
Multiply however collects, uses and is responsible for certain personal data about you. When we do so we are subject to the EU GDPR (the General Data Protection Regulation (EU) 2016/79, as amended from time to time) and the UK GDPR (the UK General Data Protection Regulation), as applicable based on your location in the European Union or the United Kingdom, and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
Contact Us
Please contact us if you have any questions about this policy or the information we hold about you.
If you wish to contact us, please send an email to privacy@multiply.co, write to Attn. Privacy Team, Multiply Potential AB c/o KIVRA: 559225-3768, 106 31 Stockholm, Stockholms län.
If you wish to contact us, please send an email to privacy@multiply.co, write to Attn. Privacy Team, Multiply Potential AB c/o KIVRA: 559225-3768, 106 31 Stockholm, Stockholms län.
Our collection of your personal data
We collect personal data about you when you access our Platform, create an account with us, contact us or sign up for our newsletter. The personal data we collect about you depends on the particular activities carried out through our website.
If you create a User account on the Platform, we will collect and use the following data about you:
If you create a User account on the Platform, we will collect and use the following data about you:
•
your name, address and contact information, including email address and telephone number and company details (where relevant)
•
account details, such as login details
•
IP address
•
location data (when you choose to give this to us)
•
details of Content you upload and share with other Users
•
details of your usage and activity on the Platform
•
information to check and verify your identity, eg date of birth
•
details of any information, feedback or other matters you give to us by phone, email, post or via social media
•
your account details, such as username and login details
•
your activities on, and use of, our Platform
•
information about the services we provide to you
•
your contact history, purchase history and saved items
•
details of any social media or other online profiles you share with us
•
your responses to surveys, competitions and promotions
If you are a Customer, alongside the data above, we will also collect and use the following personal data about you:
•
company’s name, address, number and other business information
•
account details, such as login details
•
number of permitted accesses/Authorised Users
•
details of your Authorised Users
•
email addresses and account details of Authorised Users
•
Billing information, transaction and payment card or other payment method information
•
Information about the services we provide to you
•
Your contact history, contracts with us and any purchase history
If you do not provide personal data we ask for where it is indicated to be required at the point of collection, it will delay or prevent us from providing services to you as explained below.
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.
How your personal data is collected
We collect personal data from you:
•
directly, when you enter or send us information, such as when you register or create an account with us, contact us (including via email), send us feedback or complete customer surveys, and
•
indirectly, such as via a Customer when you are one of Customer’s Authorised Users, or your usage activity while using your account on our Platform.
For more information about information we collect indirectly about you using cookies and other similar technologies, please see the section on ‘Cookies’ below.
How and why we use your personal data
We use this personal data to:
•
Create and manage your account with us
•
Verify your identity
•
Provide our services and Platform to you;
•
Customise our Platform and its content to your particular preferences and requirements
•
Notify you of any changes to our Platform or to our services that may affect you
•
Improve our Platform and services
Under data protection law, we can only use your personal data if we have a lawful basis for doing so, e.g.:
•
where you have given consent
•
to comply with our legal and regulatory obligations
•
for the performance of a contract with you or to take steps at your request before entering into a contract; or
•
for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ above).
The table below explains what we use your personal data for and why.
The table below explains what we use your personal data for and why.
Purpose for processing your personal data
Lawful basis for processing including basis of legitimate interest
To create and manage your User or Customer account on our Platform.
Performance of a contract with you
To provide our Platform services to you.
Performance of a contract with you
To process and deliver your account purchase / subscription including to:Manage payments, fees and charges;Collect and recover money owed to us.
Performance of a contract with you
Necessary for our legitimate interests (to recover debts due to us)
Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:Notifying you about changes to our Terms of Acceptable Use or other policies;
Asking you to leave a review or take a survey.
Asking you to leave a review or take a survey.
Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how Users use our Platform/services)
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how Users use our Platform/services)
To conduct checks to identify you and verify your identity or to help prevent and detect fraud against you or us
To comply with our legal and regulatory obligations
For our legitimate interests, i.e. to minimise fraud that could be damaging for you and/or us
For our legitimate interests, i.e. to minimise fraud that could be damaging for you and/or us
To administer and protect our business and Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
Necessary for our legitimate interests (for running our business, provision of administration and our Platform, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
Necessary to comply with a legal obligation
Necessary to comply with a legal obligation
To enforce legal rights or defend or undertake legal proceedings
Depending on the circumstances:
—to comply with our legal and regulatory obligations
—in other cases, for our legitimate interests, i.e. to protect our business, interests and rights
—to comply with our legal and regulatory obligations
—in other cases, for our legitimate interests, i.e. to protect our business, interests and rights
Customise our Platform and its content to your particular preferences based on a record of your selected preferences or on your use of our Platform
Depending on the circumstances:
—your consent - see ‘Cookies’ below
—where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you
If you have provided such a consent you may withdraw it at any time by (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
—your consent - see ‘Cookies’ below
—where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you
If you have provided such a consent you may withdraw it at any time by (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
To use data analytics to improve our Platform, services, marketing, customer relationships and experiences.
Necessary for our legitimate interests (to define types of users for our materials and services, to keep our Platform updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you.
Necessary for our legitimate interests (to develop our materials/services and grow our business)
Updating and enhancing Customer and User records
Depending on the circumstances:
—to perform our contract with you or to take steps at your request before entering into a contract
—to comply with our legal and regulatory obligations
—where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our Customers and Users about existing accounts and subscriptions and new services
—to perform our contract with you or to take steps at your request before entering into a contract
—to comply with our legal and regulatory obligations
—where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our Customers and Users about existing accounts and subscriptions and new services
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant
To comply with our legal and regulatory obligations
Marketing our services to existing and former Users and Customers
For our legitimate interests, i.e. to promote our business to existing and former Users and Customers
See ‘Marketing’ below for further information
See ‘Marketing’ below for further information
The audit of our business
For our legitimate interests, i.e. demonstrate we operate at the highest standards
To share your personal data with third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvencyIn such cases information will be anonymised where possible and only shared where necessary
Depending on the circumstances:
—to comply with our legal and regulatory obligations
—in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets
—to comply with our legal and regulatory obligations
—in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets
How and why we use your personal data—Special category personal data
Certain personal data we collect is treated as a special category to which additional protections apply under data protection law. Such data includes personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic data, biometric data (when used to uniquely identify an individual and data concerning health, sex life or sexual orientation.
We do not collect such data unless you choose to give it to us or where you make such data manifestly public (such as by posting the same on the Platform). Where we do process such special category personal data, we will always ensure we are permitted to do so under data protection laws. Please note that any such special category data contained in any Content posted to our Platform is under the control of the User or Customer posting such Content and you must reach you to such User or Customer if you have any questions in respect of such Special category personal data. If you have a complaint about how another User or Customer uses your Special category personal data on our Platform that you cannot resolve with such User or Customer directly, then please do contact us using the details above: ‘Contact Us’.
We do not collect such data unless you choose to give it to us or where you make such data manifestly public (such as by posting the same on the Platform). Where we do process such special category personal data, we will always ensure we are permitted to do so under data protection laws. Please note that any such special category data contained in any Content posted to our Platform is under the control of the User or Customer posting such Content and you must reach you to such User or Customer if you have any questions in respect of such Special category personal data. If you have a complaint about how another User or Customer uses your Special category personal data on our Platform that you cannot resolve with such User or Customer directly, then please do contact us using the details above: ‘Contact Us’.
Marketing
We would like to send you information about the Platform and our services, including exclusive offers, promotions or new services, which may be of interest to you. Where we have your consent to do so or it is in our legitime interest to do so, we may do this by email, telephone, text message, post or automated call.
If you are an existing Customer or User or have been in touch with us about our Platform and Services, we may have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not need your consent to send you marketing information which relates to our Platform or services or anything that this similar to these. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
In all other cases, we will only ever send you marketing materials where we have your prior consent to do so.
In all cases, you have the right to opt out of receiving marketing communications at any time by:
If you are an existing Customer or User or have been in touch with us about our Platform and Services, we may have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not need your consent to send you marketing information which relates to our Platform or services or anything that this similar to these. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
In all other cases, we will only ever send you marketing materials where we have your prior consent to do so.
In all cases, you have the right to opt out of receiving marketing communications at any time by:
•
contacting us at unsubscribe@multiply.co.
•
using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts, or
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell OR share it with other organisations for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
We will always treat your personal data with the utmost respect and never sell OR share it with other organisations for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
Who we share your personal data with
If you are a User or Customer on our Platform, we share your personal data such with:
•
third parties we use to help deliver our Platform and services to you, e.g. payment service providers; and
•
other third parties we use to help us run our business and Platform, e.g. marketing agencies or website hosts, developers and analytics providers.
Some of those third parties may be based outside the EEA. When that is the case, we only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you. For further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’ below.
We or the third parties mentioned above occasionally also share personal data with:
We or the third parties mentioned above occasionally also share personal data with:
•
our and their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations
•
our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations
•
law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations
•
other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations
Transferring your personal data out of the EEA
The EEA and other countries outside the EEA have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to share your personal data to countries outside the EEA. In those cases, we will comply with applicable EEA laws designed to ensure the privacy of your personal data.
Under data protection laws, we can only transfer your personal data to a country outside the EEA where:
It is sometimes necessary for us to share your personal data to countries outside the EEA. In those cases, we will comply with applicable EEA laws designed to ensure the privacy of your personal data.
Under data protection laws, we can only transfer your personal data to a country outside the EEA where:
•
the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here.
•
there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
•
a specific exception applies under relevant data protection law.
Where we transfer your personal data outside the EEA, we do so on the basis of an adequacy decision or (where such is not available) on the basis of legally-approved standard data protection clauses issued further to Article 46(2) of the GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law and reflected in an update to this policy.
Any changes to the destinations to which we send personal data or in the transfer mechanisms we use to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.
If you would like further information about data transferred outside the EEA, please contact us (see ‘How to contact us’ above).
Any changes to the destinations to which we send personal data or in the transfer mechanisms we use to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.
If you would like further information about data transferred outside the EEA, please contact us (see ‘How to contact us’ above).
How long your personal data will be kept
We will not keep your personal data for longer than required for the purpose for which it is processed. In addition, we will comply with different retention periods set by the law for the retention of different types of personal data. Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
Cookies
A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our Platform. We use cookies on our Platform. For further information on cookies our use of them, when we will request your consent before placing them and how to disable them, please see our cookie policy.
Your rights
You generally have the following rights, which you can usually exercise free of charge:
Access to a copy of your personal data
The right to be provided with a copy of your personal data
Correction (also known as rectification)
The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations
Restriction of use
The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
Data portability
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object to use
The right to object:
—at any time to your personal data being used for direct marketing (including profiling)
—in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
—at any time to your personal data being used for direct marketing (including profiling)
—in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
We do not make any such decisions based on data collected by our Platform
We do not make any such decisions based on data collected by our Platform
The right to withdraw consents
If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time
Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ above). You may also find it helpful to refer to the website of the Swedish Authority for Privacy Protection, accessible here: www.imy.se/en/.
If you would like to exercise any of those rights, please email, call or write to us - see above: ‘How to contact us’.
When contacting us please:
If you would like to exercise any of those rights, please email, call or write to us - see above: ‘How to contact us’.
When contacting us please:
•
provide enough information to identify yourself, such as your full name, address and Customer or User account details and any additional identity information we may reasonably request from you, and
•
let us know which right(s) you want to exercise and the information to which your request relates
Your rights
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see above ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with:
You also have the right to lodge a complaint with:
•
The Swedish Authority for Privacy Protection (IMY)
•
A relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA. If you do not know your data protection supervisory authority, you can find a list and their contact here.
The Swedish Authority for Privacy Protection (IMY) may be contacted using the details at www.imy.se or by telephone: +46 8 657 6100.
Changes to this privacy policy
We may change this privacy policy from time to time—when we make significant changes we will take steps to inform you, for example by including a prominent link to a description of those changes on our Platform for a reasonable period or by other means, such as email.