BASELOAD CAPITAL PRIVACY POLICY

1 INTRODUCTION

At Baseload Capital Sweden AB reg. no. 559143-5051 (“Baseload Capital”, “we”, “us”, “our”), one of our main priorities is your privacy. It is important to us that you feel safe when we process your personal data. Here (in this “privacy policy”) you can learn more about what personal data we collect and process about you, why we do it, and what rights you have.

In most situations described below, Baseload Capital is the sole data controller for the processing of your personal data, meaning that we are solely responsible for making sure that this is done in accordance with applicable legislation. However, when it comes to project funding in a Baseload Capital subsidiary (section 3.2), we may be joint controllers together with the Baseload Capital subsidiary involved in the investment. In these situations, we are jointly responsible to ensure that the applicable privacy legislation is complied with. Regardless, you are always welcome to contact us if you want to learn more about how your personal data are being processed or if you want to exercise any of your rights.

2 INDIVIDUALS COVERED BY THIS NOTICE AND THE PERSONAL DATA WE PROCESS

2.1 Who we process personal data about

We process personal data about individuals who are in contact with us and our business, including:

  • Representatives of companies that we invest in or are considering investing in
  • Representatives of companies that invest in the projects
  • Representatives of our owners
  • Representatives of companies that provide us their services
  • Individuals who otherwise contact us or visit our website

2.2 The personal data that we process

Contact information such as name, telephone number, address, and e-mail address.
Company information such as company name, your role in the company and ownership percentage.
KYC information such as personal identification number, citizenship, proof of residence, copy of identification (such as passport or drivers’ license), employment, income, assets, tax status, country of tax residence, accounts and transactions with other institutions, screening against government and/or law enforcement sanctions lists and additional information for any politically exposed person. This information, we may be required by law to collect.
Statistical information and information for analysis such as IP-address, browser type, internet service provider (ISP) and digital footprints by browsing the website (such as weblogs, date and time stamp, referring/exit pages, number of clicks, etc.), log files, etc.

2.3 How we collect personal data

Mainly, we collect your personal data directly from you (including from your device) when you communicate or in any other way interact with us. In some cases, we may also collect your personal data from other sources, namely when we collect it from available public sources/registers (for instance if you are the appointed contact person of a company we wish to get in touch with). We may also collect it from the company where you are employed.

3 SITUATIONS WHERE YOUR PERSONAL DATA ARE PROCESSED

3.1 Mergers and acquisitions

3.1.1 Examining companies to invest in

When we examine a company that we may want to invest in, we process contact information and company information about representatives. The legal basis is our legitimate interest in understanding more about the company (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the period we examine the company, which is usually during a period of twelve months. If we decide to invest, we may keep it for a longer period, please see below.

3.1.2 Conducting know-your-customer (KYC) checks

Before we make an investment, we must confirm the identity of the applicable representatives and perform a KYC-check in accordance with anti-money laundering and countering terrorism legislation. For this purpose, we will process contact, company, and KYC information about said representatives. The legal basis is compliance with a legal obligation (GDPR, article 6.1(c) – Lag (2017:630) om åtgärder mot penningtvätt och finansiering av terrorism). We will keep your personal data for five years (in some seldom cases ten years) from the time of the KYC-check.

3.1.3 Portfolio companies

If we choose to invest in a company, we process contact information and company information of representatives of the company. The legal basis is our legitimate interest in concluding and managing an agreement with the company you represent, as well as to be able to fulfil the terms and conditions of our investment (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the period we have an investment in the company you represent and for ten years thereafter.

3.2 Project funding

If you represent a company that invests in any of our projects, we and the Baseload Capital subsidiary will process your contact information and company information. Baseload Capital and the Baseload Capital subsidiary are joint controllers for the processing of your personal data within the scope of the investment. The legal basis is our legitimate interest in concluding and managing an agreement with the company you represent, as well as to be able to fulfil the terms and conditions of the project funding (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the period the company you represent has an investment in the project and for ten years thereafter.

3.3 When you represent one of our owners

If you represent one of our owners, we will process contact information and company information about you. The legal basis is our legitimate interest in concluding and managing an agreement with the company you represent, as well as to be able to fulfil the terms and conditions of the company’s ownership (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the period we have an applicable agreement with the company you represent/the company is one of our owners and for ten years thereafter.

3.4 When you visit our website

To provide, operate, maintain, improve, personalize, and expand our website we use cookies and other similar tracking technologies. The cookies are used to store information about your settings and the pages you visit, both on our website and others, in order to, inter alia, optimize your browsing experience as well as to improve the website’s functions. The website includes necessary, statistical, and marketing cookies.

Depending on your cookie preferences, we will process statistical information and information for analysis about the website visitor. The legal basis for our processing of personal data collected through cookies is your consent (GDPR, article 6.1(a)). For further information on our use of cookies, please visit the Cookie Settings on our website, which includes a detailed list of the cookies we use and the applicable retention periods.

3.5 When you contact us through one of our communication channels (for a purpose not otherwise described herein)

If you contact us via email, our website, or through any other channel, we will process your contact information and company information, as well as any personal data you include when contacting us. The processing is based on our legitimate interest in maintaining communication with you and addressing your inquiries, in accordance with GDPR, article 6.1(f). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during a period of two years.

3.6 To comply with laws, legal obligations and voluntary undertakings

3.6.1 To comply with legal obligations
Legal obligation (GDPR, article 6.1(c)) Categories of personal data Retention period
Handle and respond to data subject rights requests Contact information as well as information provided in your request and additional information required to meet your request For up to one year from the date your request has been met
Handle incidents and participate in supervisions The categories of personal data relating to you that are necessary and requested during the incident / supervision For as long as the incident or subsequent supervision is ongoing and one year thereafter
Bookkeeping Personal data relating to you that constitute transactional data (such as information regarding bank account, payment details, etc.) Up to and including the seventh year after the end of the financial year the transaction took place

 

3.6.2 Claims, complaints and legal disputes

To administer, investigate and respond to claims and complaints, including to establish, exercise, or defend legal claims, we will process your contact information as well as other information you provide us that is relevant for the claim, complaint, or dispute. The legal basis for the processing is our legitimate interest to administer your claim or complaint (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the period we investigate and administer your claim, complaint, and dispute and for ten years thereafter.

3.6.3 Mergers and acquisitions of Baseload or our assets

In the event of a merger, acquisition, or a sale of all or parts of our assets, we will transfer the categories of personal data relating to you that are covered by the merger or acquisition to the new owner. The legal basis for the processing is our legitimate interest to proceed with a merger or acquisition and transfer relevant personal data for this purpose (GDPR, article 6.1(f)). Contact us if you want to learn more about how we balance your interests against ours. No personal data is stored for this particular purpose.

3.7 If you represent one of our service providers

We will process contact information and company information about representatives/contact persons of service providers that provide us with services. The legal basis for our processing is our legitimate interest in concluding and managing an agreement with the service provider and fulfilling the terms and conditions of such agreement (GDPR, article 6.1(f)). Contact us if you want to learn more about how we balance your interests against ours. We will keep your personal data during the period we have an agreement with the company you represent and for ten years thereafter.

4 WHO WE SHARE YOUR PERSONAL DATA WITH

We may need to share your personal data with others to manage our business and to comply with laws and regulations. This includes:

  • Other Baseload Capital group companies, as we may share your personal data with our group companies to enable e.g., localized support and investments.
  • IT service providers who manage the necessary operation, technical support, and maintenance of our IT solutions, such as internally used systems, platforms, and hosting services.
  • Providers of analytics services (such as Google Analytics and HubSpot).
  • Providers of social media platforms (such as LinkedIn).
  • Providers of recruitment services (such as Teamtailor).
  • External advisors and consultants who help us in different areas of our business (such as financial advisors, lawyers, and auditors).
  • Potential buyers in case of a merger, an acquisition, or a sale of all or parts of our assets.
  • Authorities in the event of a request.
  • Courts in the event of a dispute or other proceedings.

5 GEOGRAPHY

We strive to process your personal data within the EU/EEA area. However, in some situations it may be processed outside the EU/EEA (e.g., in Japan, Taiwan, and the USA), such as when we share your personal data with our group companies operating outside the EU/EEA.

We always ensure that your personal data enjoys a high level of protection, even when the personal data is processed outside of the EU/EEA. In most cases, the importing party will reside in a country that has been deemed to offer adequate protection by the EU Commission (such as Japan) or adheres to the EU-US Data Privacy Framework (GDPR, article 45). If not, we will enter into the EU Standard Contractual Clauses (GDPR, article 46). In addition, we take additional technical and organisational security measures when needed.

6 YOUR RIGHTS

6.1 Right of access

You have the right to know if we process personal data about you or not. If we do, you also have the right to receive information about the personal data we process and why we do it. Further, you have the right to receive a copy of all personal data we have about you. If you are interested in any specific information, please indicate this in your request. For example, you can specify if you are interested in a certain type of information, such as the specific contact details we have about you, or if you want information from a certain time period.

6.2 Right to rectification

If the personal data we hold about you is inaccurate, you have the right to have the personal data corrected. You also have the right to complete incomplete personal data, including by providing supplementary information. Once we have corrected or completed your personal data, we will inform those we have shared your personal data with (when applicable) about the update, if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your personal data with. If you request to have data corrected, you also have the right to request that we restrict our processing during the time we investigate the matter.

6.3 Right to erasure (right to be forgotten)

In certain cases, you have the right to request that your personal data are erased, e.g.:

  • If the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or
  • When the personal data have been unlawfully processed.

If we erase the personal data following your request, we will also inform those we have shared your personal data with (when applicable), if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your personal data with.

6.4 Right to request restriction

Restriction means that the personal data are marked so that they may only be used for certain limited purposes in the future. The right to restriction applies:

  • When you believe the personal data are inaccurate/incomplete and you have requested rectification. If so, you can also request that we restrict our processing while we investigate if the personal data are accurate/complete or not.
  • If the processing is unlawful but you do not want the personal data to be erased.
  • When you have objected to the processing and during the time we verify our legitimate grounds.
  • When we no longer need the personal data for the purposes for which we collected it, but you need it to be able to establish, exercise, or defend legal claims.

Even if you have requested that we restrict our processing of your personal data, we have the right to use it for storage, to assert or defend legal claims, or to protect someone else’s rights. We may also use the personal data for reasons relating to important public interest. We will let you know before the restriction expires.

If we restrict the processing of your personal data, we will also inform those we have shared your personal data with (when applicable), if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your personal data with.

6.5 Right to object

You have the right to object to processing that is based on our legitimate interest. If you object to the use, we will, based on your situation, evaluate if our interests in using the personal data outweigh your interests in the personal data not being used for that purpose. If we are unable to provide compelling legitimate grounds that override yours, we will stop using the personal data you object to – provided we do not have to use the data to establish, exercise, or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter.

You always have the right to object to, and unsubscribe from, direct marketing.

6.6 Right to data portability

If the processing is based on your consent or an agreement between us, you have the right to obtain personal data that you have provided to us in a structured, commonly used, and machine-readable format and transfer it to another controller (“data portability”). Please note that we seldom use one of these legal bases to justify our processing.

6.7 Right to withdraw consent

You have the right to withdraw your consent for a specific processing at any time. Your withdrawal will not affect processing that has already been carried out. Please note that we seldom use consent to justify our processing.

6.8 How to exercise your rights and right to complain

If you want to exercise any of your rights, please contact us using the below contact information. If you have any objections or complaints about the way we process your personal data, please let us know and we will do our best to help you. You also have the right to lodge a complaint with the supervisory authority where you live, work, or where you believe an infringement has taken place. In Sweden, the supervisory authority is the Swedish Supervisory Authority for Privacy Protection (IMY).

7 CONTACT INFORMATION

Baseload Capital is responsible for the processing of personal data described here. If you have any questions about how your personal data are processed, please contact us by using the contact details below.

Address: Ingmar Bergmans gata 4, 113 46 Stockholm, Sweden

 

8 CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this privacy policy from time to time. We will inform you of any changes by posting the updated privacy notice on our website. If we make any material changes, we will send you a notification by e-mail.

Privacy Policy Updates

We reserve the right to change this privacy policy from time to time. We will inform you of any changes by posting the updated privacy notice on our website. If we make any material changes, we will send you a notification by e-mail.

Accept