Privacy Policy

Last Updated: 2024-08-19

This Privacy Policy describes how Opper Technology AB, Västerängsvägen 51 A, 182 47 Enebyberg, Sweden, reg. no. 559446-3720 ("Opper," "we," "us," or "our"), collects, uses, and shares personal information when you use our Platform as a Service ("PaaS") for creating safe and production-grade Artificial Intelligence ("AI") functions within the European Economic Area ("EEA") in compliance with the General Data Protection Regulation (GDPR).

We are committed to protecting your privacy and ensuring that your personal data is handled responsibly in compliance with the General Data Protection Regulation (GDPR). Please read this Privacy Policy carefully to understand how your data is used when communicating or doing business with us.

1. What is personal data?

Personal data means any data that can be used to identify you personally, such as your name, address, contact information, device data (as your device may disclose your approximate location or be otherwise connected to you), and more. For the sake of simplicity, we also refer to personal data as “data” in this Privacy Policy.

2. For what purposes will we use your personal data?

Providing the PaaS Service. We use personal data to provide access to and operate the PaaS Service.

Service Improvements.

We use the information we collect to provide and improve our PaaS, including to personalize your experience, analyze trends, and optimize our platform's performance and functionality.

Communication and customer service.

We process your contact details and information provided in communication with us to respond to service queries, other requests, and to provide customer support. Additionally, we may use your contact information to communicate with you about important updates and notifications. The processing is based on our legitimate interest to provide customer service.

Invoicing, administration, and bookkeeping.

If you or the company you represent have entered into any agreement with us, we may process your contact details for invoicing and administration purposes.The processing is necessary for the performance of the applicable contract and for compliance with legal obligations to which we are subject, such as retaining certain accounting information in accordance with the Swedish Accounting Act..

Recruiting.

If you apply for a vacant position at Opper AI, we will process your job application and related information.

3. What data will we collect?

What data we collect about you depends on why you’re in contact with us and what data you choose to share with us. For the purposes above, we may collect and use the following types of data about you.

• Log-in information, such as email and password to create and verify your user account.

• Contact details, such as name, company and e-mail.

• Information from other sites (with your consent), such as profile information from Google.

• Information provided when communicating with us by email, web forms, mail, or other offline means.

• Device and log data, information that identifies you and your device, such as your IP address, login information, approximate geolocation based on your IP address, browser type, and how you use our services. This data is automatically sent by your browser or API client when you interact with our services.

• Redacted payment information received from a third-party payment service provider.

• Other data on how you use our website, such as aggregated and anonymized data about how you move on our website and what products and sites you click.

• Job applications, which may include contact details, date of birth, gender, photo, and other information included in your resume or cover letter, as well as information included in notes and evaluations executed by us in connection with application reviews and job interviews.

• Other data: Any additional data that may become relevant or necessary to collect based on your configuration of our services or selection of third-party services.

4. What legal grounds do we have for processing your personal data?

Fulfilment of contract

Some of the data processing described above is necessary for us to provide the services you have requested and to fulfil our obligations under the Terms of Service or any other contract entered into between you and us. This includes, under the Terms of Service, processing that is essential for providing our services, granting access to the platform and website, and facilitating communication. Without access to this data, we will not be able to provide all parts of the services to you.

Legitimate interest

Some of the data processing is based on our legitimate interest to use the data. For an interest to be considered legitimate, our use of the data may not override your fundamental rights or interests. When we use data based on legitimate interest, we believe we have a reasonable cause for using the data and have assessed that the use will not violate your rights or interests. For example, we find that we have a legitimate interest in using certain data for managing our business operations, enabling smooth surfing on our website and improving our services.

If you are an existing customer or have otherwise been in contact with us, we may also send newsletters to you based on our legitimate interest to market our services. You may, however, opt-out of receiving marketing communications from us by following the unsubscribe instructions provided in the communication or by contacting us at support@opper.ai.

Consent

Some data is only processed if you consent to us using the data for the proposed purpose.

Legal requirements

In addition to what is stated above, we may also need to collect and store data to comply with certain legal obligations we are subject to, such as retaining accounting information in accordance with the Swedish Accounting Act.

5. Who can access your personal data?

Payment service providers

In order to provide secure payments, we use well-renowned third-party payment service provider Stripe in our check-out. To provide you with payment options, they need to access your payment information. Please keep in mind that these payment service providers have an independent responsibility for the data that they collect as part of providing the requested payment services. The service providers are considered as the data controller for the transaction, and the payment data and they are responsible for your data being processed in accordance with the GDPR as well as other applicable laws. By using the check-out, you agree with the terms of use of the payment provider that you use and acknowledge that their privacy policy applies to the purchase. The terms and conditions of the service provider will be shown in the checkout prior to completing your payment.

Other suppliers that help us provide our service

For the purposes we have described above (see “For what purpose will we use your personal data?”) it is sometimes necessary for us to share your data with third parties. We use certain partners to help us provide, improve, promote, and protect our services. For example, we use suppliers to manage marketing, data storage, and web hosting on our behalf. These suppliers may only use your data in accordance with our instructions and we only share such data that is required to perform the service in question. We do not sell any personal data to partners or any other third parties. Authorities

We may share data with authorities or other third parties when required by law or regulations, or when it is necessary to ensure the safety and security of our services, or to protect or defend the legitimate rights and interests of Opper, or those of our users, employees, directors or shareholders.

Other third parties

If we were to be merged or sold (in whole or in part), your data will be shared with or transferred to the merged or buying entity. In such a case, your data will continue to be processed in accordance with this Privacy Policy.

6. How do we protect your personal data?

We take several steps to keep your data secure and protect it against unauthorized or unlawful processing, and against accidental loss, destruction, or damage. Your data is encrypted and stored on secure servers and is accessible only by relevant authorized personnel who need access to perform Opper’s services. All requests to access data and the actual access to data are logged to ensure accountability and traceability. This data includes organizations and their users, functions and evaluations, indexes, and events.

Authorized Opper personnel access these systems through secure accounts on AWS, protected by SAML login with Google as the authentication provider. All Google accounts used for access are secured with mandatory two-factor authentication (2FA) or passkey authentication. More details of our security measures can be found in the Opper Platform Security Overview.

7. Where is your personal data stored?

The data that we collect about you is mainly processed and stored within the European Union but may be transferred to other countries where our partners or suppliers are located or maintain facilities. Before transferring data outside of the European Union, we will ensure adequate mechanisms to protect your data, for example by using the Standard Contractual Clauses as approved by the European Commission.

8. For how long do we store your personal data?

How long we keep your data will vary depending on the purpose for which we collected the data. As a general rule, your data is used as long as it’s necessary for the purpose we collected the data for. The purposes for the data collection are listed under “How will we use your personal data?”.

In some cases, we need to store your data longer to comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. All data that we store will be subject to this Privacy Policy.

9. What rights do you have?

You always have the following rights in relation to your personal data:

The right to access your data. You always have the right to understand what personal information we process about you and request a copy of your data.

The right to correct inaccurate information. You always have the right to correct or ask us to correct any inaccurate data about you.

The right to request erasure or restriction of your data. You have the right to have us erase or restrict the use of your data that is no longer needed for the purposes for which we collected the data. You also have a right to object to any processing you find unlawful or unnecessary for the informed purposes.

The right to data portability. When technically possible, you have the right to get your data transferred to another service provider.

You may exercise your rights described above by sending a request to support@opper.ai. We will respond to your request within 30 days. Please note that there may be restrictions for us to erase certain data, such as data that we are required to store by law or regulations.

We are always committed to handle any request, complaint, or concern that you may have about our use of your data in a lawful, fair and transparent way. If, however, you believe that your rights have been violated you always have the right to file a complaint with the Swedish Authority for Privacy Protection (https://www.imy.se), or the supervisory authority in your country of residence.

10. Childrens’ Privacy

Our PaaS is not directed to children under the age of 16, and we do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected personal data from a child under the age of 16, we will take steps to delete such data as soon as possible.

11. Changes and updates to this Privacy Policy

Occasionally we may, in our discretion, make changes to the Privacy Policy. If we make material changes to the Privacy Policy, we will notify you at our website.

12. More Questions?

If you have any questions about this Privacy Policy, e-mail them to support@opper.ai, and be sure to indicate the nature of your question or concern.