Summary of the data protection within the Bonnier Group companies
Bonnier is a long-term family-owned company, which also characterize our processing of personal data. Our ambition is to always process personal data in accordance with current regulations and in a secure, efficient and value-creating manner. Protecting the privacy of the individual user is critical to maintaining customer trust and developing the long-term customer relationships we strive for.
Bonnier Group AB is the owner of the media group Bonnier group. The Bonnier Group companies are completely independent from the Bonnier Group AB and makes their own decisions. They thus have independent controllership over personal data and are not covered by this policy. Where you have an engagement with one of our subsidiaries, that subsidiary is responsible for how they handle your personal data. They provide data protection policies that apply to the services, websites and applications offered to you. Please read these when signing up for a subscription, downloading an app, purchasing a product or service, or registering an account.
For Bonnier companies outside Sweden, the terms and conditions specified in the country in question apply. If you have questions or wish to assert your rights regarding the data processed by our subsidiaries, please contact them directly.
The companies that are part of the Bonnier group are listed under the Companies & Brands section here at bonnier.com. You will find contact information for our largest group companies under the heading Contact information below.
Summary of the data protection within Bonnier Group AB
This data privacy notice explains how Bonnier AB, with Swedish organization number 556508-3663 (“Bonnier”), manages your personal data as a data controller. We use information that we collect, or that you as a customer, employee of another Bonnier company or supplier provide to us by, for example, e-mail, for these main reasons:
- In order to fulfill our obligations towards suppliers or customers, we use contact information that we collect through contracts directly with you or your employer or otherwise when we are in contact with you when we receive your contact information in relation with this purpose.
- In order to be able to respond to questions or comments received by e-mail from employees of other Bonnier companies or from customers or suppliers, we need to process e-mails, names and any other personal data provided through the e-mail,
- In order to fulfill the legal obligations imposed on us by, for example, the Accounting Act (Bokföringslagen), we need to store accounting information, which may contain personal data, for a prescribed period of time,
- We have security in place in order to protect ourselves against external and internal threats and process technical logs where personal data may exist.
For the above processing of of your personal data, Bonnier Group AB is the personal data controller. You will find information on how to contact us under the heading Contact information below
How we collect and use personal information
Reasons for sharing your personal information
Security for your personal information
Where we store and process personal information
Our retention of personal information
Cookies and similar technology
Changes to this Privacy Notice
Our principles
Bonnier is a family-owned company over many generations, and long-term thinking characterizes our processing of personal data. Processing user data in accordance with current regulations and in a safe, efficient manner that adds value is crucial for developing attractive media products for both users and advertisers. Protecting the privacy of the individual user is crucial in maintaining customer confidence and developing the long-term customer relationships we aim for. Bonnier’s management and the management of our subsidiary companies are responsible for ensuring that personal data are handled in accordance with relevant legislation and in a manner that maintains customer confidence.
How we collect and use personal information
Bonnier collects data to fulfill agreements with our suppliers, employees, partners such as investors, and to provide the best possible service to you.
We use information related to you for the following purposes:
- We write articles of important events which are published on Bonnier.com. These articles may contain names and photos of people that Bonnier likes to give attention and recognition for various reasons. For this processing we believe that we have a legitimate interest.
- To be able to write articles and share news on Bonnier.com, Bonnier keeps pictures of people connected to Bonnier and who has contributed at a Bonnier-event or likewise. For this processing we believe that we have a legitimate interest.
- Bonnier holds large events to which people connected to Bonnier, such as investors, industry professionals and the like, are invited. For these events we use contact information and we may also collect information on food choices etc. We only keep this information in order to handle the event. For this processing we believe that we have a legitimate interest.
- Bonnier manages the scholarship fund Albert Bonnier’s 100th anniversary in which contact information is processed about the scholarship committee members and prize winners and the reasons for the justification of nominations and awards.
- Bonnier uses Microsoft services, such as Azure AD, where contact information about users (mostly employee and consultants but guest accounts may also be set up. When Teams, is used, the e-mail address of the user of Teams in Bonnier AB’s environment will be processed by Bonnier. Sharepoint is also used to store documentation in which information about data subjects may be included.
- In order to secure your data Bonnier has contracted an IT-security partner who runs a SOC on Bonniers behalf to make sure that Bonnier´s data is secured and to ensure that the data is protected from future threats.
- In order to be able to handle requests from data subjects, such as a request to access or delete your data or request any of your other rights in accordance with the GDPR, we will process the personal data we have stored about you in order to fulfill this legal requirement.
Other purposes. If we plan to use personal data for a new purpose outside what is described in this policy, you will be informed of such use before or in connection with the collection of personal data, and we will ask you for your consent. Alternatively, we will ask for your consent after collection, but before we will use your personal information for a new purpose.
Reasons for sharing your personal information
Sometimes it may be necessary for us to share your information with other companies within our group or with companies that provide services on our behalf (such as storing our data or providing support services) so that we can provide you with our services or fulfilling legal requirements.
In cases where we share information about you with others, we have confirmed that these companies comply with our data protection requirements and are not allowed to use the personal data they receive for any other purpose.
We share personal information with our subsidiaries that we control. We also share information with companies that we have hired to provide IT-service support, such as storage, or IT-security with safeguarding and securing our systems and services, who need access to personal data in order to provide these services. We may also disclose personal information as part of a joint venture, such as a merger or sale of assets.
Finally, we may need to disclose or save your information when we consider it necessary to:
- Follow the law or legal process and provide information to the police and other relevant law enforcement authorities.
- Protect our data subject from fraud
- Manage and maintain the security of our products, including preventing or stopping an attack on our systems or networks.
- Protect the rights or property of Bonnier, including enforcing the terms governing your use of our services; but if we obtain information that someone is using our services to trade stolen intellectual or physical property belonging to Bonnier, we will not investigate a customer’s private data ourselves, rather we would then transfer the matter to a law enforcement authority.
Your individual rights
Bonnier complies with current data protection laws of the European Union, which, where appropriate, include the following rights:
- You are free to request access to your data (as defined in the law), and receive confirmation that Bonnier processes your data, and to receive a copy of your personal data,
- Your also have the right to request correction if the data we have about you is wrong, and in certain circumstances, deletion of your personal data.
- You are entitled to request limiting and to object to the processing of your personal information that we collect for our legitimate interest.
- You have the right to file complaints with a data protection authority. Ingegritetsskyddsmyndigheten is the authority in Sweden that oversees how we as a company comply with the legislation.
- If the processing of personal data is based on your consent, you are entitled to withdraw your consent for future processing of your personal information at any time.
Security for your personal information
Bonnier uses a range of security techniques and security methods to protect your personal data from unauthorized access, unwanted changes and data loss. We use both technical and organizational measures. As an example we always do due diligence on potential suppliers and we put data processing agreements in place. If we consider a processing to be potentially high risk we perform data protection impact assessments (DPIA). We also apply data minimization and we pseudonymize data where applicable.
As example of technical security, the personal information that you provide is stored on computer systems that have limited access to, and are in protected premises. When transferring very sensitive data (such as credit card number and password) via the internet, these data are protected by encryption.
We also have a Security Operation Center (SOC) setup with an external IT-security organization to monitor the existence of any external threats to our information.
Where we store and process personal information
Personal data managed by Bonnier can be stored and processed in the region in which you live, in Sweden or in other countries where Bonnier, our partners, subsidiaries or suppliers are active. We take steps to ensure that the information we collect in accordance with this Privacy Notice is dealt with in accordance with the provisions of this policy and in accordance with applicable laws where the information is available.
If we would transfer your personal data to a controller or a processor in third countries, i.e. countries outside the EU/EEA, we perform transfer impact assessments (TIAs) and make sure to put additional security measures in place,such as the use of EU standard contractual clauses as appropriate security measures.
Our retention of personal information
Bonnier retains personal information as long as it is necessary to provide the products and services, fulfill the transactions you have requested and approved, or for other necessary purposes, such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs may vary for different types of data and for different types of products, services and contexts, actual retention periods may vary. Criteria that determine how long we store data are, for example:
How long are personal data needed to provide the products and services? This includes, among other things, maintaining and improving the performance of products and services, protecting our systems and administering necessary business and accounting information. This is the general rule underlying the calculation of most retention periods.
Is the personal information particularly sensitive? In that case, a shorter retention period is usually used.
Have users approved the use of a longer conservation period? In that case, we store the information in accordance with your consent.
Does Bonnier have legal or contractual obligations or otherwise is committed to storing the information? Examples may be mandatory legislation on retention of information in certain jurisdictions, government orders to preserve data relevant to investigations, or data that must be retained in order to resolve a dispute.
Cookies and similar technology
Bonnier uses a limited amount of cookies in order for the website to function properly. For information about which cookies bonnier.com has on our website, see our Cookie Policy.
Changes to this Privacy Notice
We will update our Privacy Notice as needed to reflect customer feedback and changes to our services. When a policy is updated, the latest update date changes at the top of the policy and the changes are described in the Change History section below. If there are major changes to the policy or to how Bonnier uses your personal data, you will be notified via web or email before the changes come into force to the extent required by law. Please read this Privacy Notice from time to time to stay informed about how Bonnier protects your personal information and privacy.
Contact us
Bonnier AB the controller for the personal data processed by the organization.
If you want to reach Bonnier’s DPO or request any of your individual rights, please email Bonnier Group AB:s DPO: carin.wenner@bonnier.se
If you would like to request any of your individual rights against any other Bonnier Group company, please contact that company. (your will find contact information to Bonnier Groups largest companies here) https://www.bonnier.com/kontakter/
Change history
May 2018: Clarifications due to the entry into force of the new Data Protection Regulation (“GDPR”) on May 25, 2018. The updated Privacy Notice will automatically enter into force for all existing customers and visitors on May 25, 2018. Your continued use of our services from that date will be subject to the new Privacy Notice. The policy has also been revised to be concise, clear and comprehensible, and easier to understand.
June 2019: Clarifications due to the Bonnier Group’s structural change through which the Bonnier Group’s subsidiaries independence vis-à-vis the group parent company Bonnier Group AB. The Bonnier companies’ subsidiaries have published their own data protection policies in which it appears in detail how the companies handle their own personal data.
October 2021: Clarifications regarding Bonnier Group’s cookie handling, where references to cookies that are no longer set have been removed, as well as clarifications of Bonnier companies’ data protection contacts.
June 2023: Review and changes relevant to the purpose of which processing takes place, update of security measures and contact information.