This privacy policy describes the personal data we collect, how and why we use it, and the choices and rights you have regarding the personal data you share with us. This privacy policy applies when you register as a participant to take part in studies and tests, enter into a contract with us, visit our website (https://www.feedbackfrog.com), contact us or subscribe to our newsletter. When we refer to “we” or “us”, we mean FeedbackFrog AB, which is responsible for the processing of personal data described here.
We encourage you to read this privacy policy carefully to understand how we may collect, use and share your personal data.

If you have any questions about this privacy policy, you can always contact us at gdpr@feedbackfrog.com

1. What is personal data?

Personal data means any information that can be used to identify you, such as your name, address, email and telephone, or device data (where it can reveal your approximate location or otherwise be linked to you).

2. How do you use my personal data?

We may use your personal data for the following purposes.
● Provide access to the platform and your user account. If you want to access our participant platform, we need your personal data to create a user account.
● Match participant profiles with studies. If you register to participate in studies, we need to process your data to match your profile with different studies and to notify you when there is a study that matches your profile.
● Provide compensation for your participation. If you participate in a study, we will process your data to compensate you for your participation.
● Enabling smooth visits to our website. When you visit our website, we process various technical data (read more in the paragraph below) to provide a secure and functional website.
● Entering into and fulfilling contracts. If you are a company representative, we may process your contact details to conclude and fulfill contracts.
● Communication and customer service. We process your contact details and information provided in communication with us to communicate with you about studies you have enrolled in and to respond to other requests.

● Development of our services. We collect and analyze user data (such as how many users visit different pages of our website) to develop and improve our services. This may involve collecting user data to maintain and improve the performance of our website and services and to develop new features.
● Protect us and our services. We may process your personal data to comply with legal requirements, protect our legal rights and prevent fraud and other illegal or malicious activities that may affect us, our services or our customers.

● Billing, administration and accounting. If you or the company you represent has entered into a contract with us, we may process your contact details for billing and administration purposes.
● Marketing. We collect your data to market our services on other websites and on social media.
● Recruitment. If you apply for an open position at FeedbackFrog, we will process your job application and related information.

3. What personal data will you process?

What data we collect about you depends on the reason you are in contact with us and what data you choose to share with us. For the purposes described above, we may collect and use the following types of personal data:
● Login information, such as email and password to create and verify your user account.
● Contact details, such as name, email and phone number.
● General information about you, such as age, place of residence and gender identity.
● Information requested for a specific study, such as language skills, profession, ownership of certain products, health information, approximate salary, etc. The information collected depends on the study you are applying for.
● Personal identification number, when needed for secure identification.
● Automatically collected technical data about your device, such as your device’s IP or MAC number.
● Ad identifiers generated by your device that allow advertising on other websites and social media and provide information on how you interact with our ads (if you consent to our marketing).
● Job applications, which may include contact details, date of birth, gender, photo and other information included in your CV or cover letter, as well as information included in notes and evaluations carried out by us in connection with the employment process.

4. Why do you use my data?

Performance of a contract

Certain processing operations described above are necessary for us to provide the services you have requested and to fulfill what we have agreed to under our General Terms and Conditions, or under any other contract entered into between you and us. Under the General Conditions, this includes processing that is necessary to provide you with access to the platform and website, matching profiles with studies, communication, and to provide compensation for your participation in a study. In the context of other contracts, we will mainly collect contact and billing information. If we do not have access to this data, we cannot provide all parts of the services to you.

Balancing of interests

Some processing operations are based on our legitimate interest to use the data for various purposes. For an interest to be considered legitimate by law, the interest and the processing must not override your fundamental rights or freedoms. When we use personal data based on a balance of interests, we consider that we have a legitimate reason to use the data and have assessed that the use will not violate your rights or freedoms. For example, we consider that we have a legitimate interest in using your personal data to protect and improve our services and to manage recruitment when you have submitted an application to us.

If you have a user account, are a test participant, customer or have otherwise been in contact with us, we may also send you newsletters based on our legitimate interest to promote our services. However, you can unsubscribe at any time by following the “unsubscribe” link in the newsletter.

Consent

We only process some personal data if you consent to it. For example, we will not market our services to you on other websites and social media, unless you have agreed to us using your personal data for marketing purposes. We ask for your consent to receive marketing through our cookie banner when you visit our website. You can read more about how we use cookies and how you can consent or reject them in the section “What are cookies and how are they used?”.

Legal obligation

In addition to what is stated above, we may also need to collect and store personal data in order to fulfill certain legal obligations to which we are subject, such as retaining certain accounting information under the Swedish Accounting Act, or if you are a participant in a study, retaining your contact details and social security number to report your compensation to the Swedish Tax Agency.

5. Who has access to my personal data?

Partners conducting studies

Our business concept is to match participants with studies conducted by our partners. If we match you with a study and you choose to participate in it, we will share data with the partner conducting the study. We will only share the data necessary for the study. This typically includes your first name, age and information from the questionnaire you have completed when applying for the specific study.

After we share the above information with the relevant partner, the partner is independently responsible for all personal data processed by the partner during the study. Each partner is considered an independent data controller for the study and is responsible for ensuring that your personal data is processed in accordance with the GDPR and other applicable laws both during and after the study.

Other suppliers who help us provide our services

For the purposes we have described above under section “How do you use my personal data?” It is sometimes necessary for us to use suppliers. We use suppliers to provide, improve, promote and protect our services. In order to perform their services, it is sometimes necessary for suppliers to have access to your personal data. Suppliers may only use your personal data in accordance with our instructions and we only share data that is necessary to perform the service in question. We never sell personal data to third parties.

Public authorities

We may share personal data with authorities or other third parties when required by law or regulation or when necessary to protect or defend our rights and interests, or those of our users, employees, directors or shareholders, and/or to ensure the safety and security of our services.

Other third parties

Should we be merged or sold (in whole or in part), your personal data will be shared with or transferred to the merged or purchasing entity. In such a case, your data will continue to be processed in accordance with this privacy policy.

6. What are cookies and how are they used?

In addition to the data you provide directly to us when using our services, some data is automatically obtained from your device using “cookies” or similar tracking technologies when you visit our website. Cookies are small text files used to store or access information stored on your computer or mobile device. Cookies can remember a user’s activity on, for example, a website in different ways and can store information both during the website visit and between visits. The information in cookies can also be used to track your browsing on other websites that use the same cookie.

We use cookies to:
● ensure the basic functionality of the website, such as allowing you to log in and fill in questionnaires.
● maintain the security of the website, for example by providing a secure login.
● provide you with access to enhanced website functionality, such as automatic country recognition and language settings.
● analyze the use of our website and help us make it better by collecting aggregated statistics on which pages are popular and which sections visitors click on the website and how long they stay on the page (if you consent).
● market and advertise our services by displaying advertisements on other websites and social media based on which pages you have clicked on our website and on other websites that use the same cookie (if you consent).

Some cookies, such as those used to provide basic functionality and maintain security, are necessary for the website to function as intended, and these will be automatically installed on your device based on our legitimate interest in providing you with a functional and secure website. Other cookies, such as those used for marketing and analytical purposes, will only be installed if you allow us to use such cookies via the cookie banner when you first visit our website.

The cookies placed on your device are so-called third-party cookies, which means that third parties have access to the information collected through the cookies. Each cookie has a unique expiry date, which can be viewed in the cookie banner by selecting “settings”.

When you visit our website, you will be asked to indicate your cookie preferences. You can choose to allow all cookies, including marketing and analytics cookies, to allow only certain types of cookies, or to reject all cookies that are not necessary for browsing the website. If you have accepted certain cookies and change your mind, you can disable cookies or adjust your preferences at any time by clicking on “Cookies” at the bottom of the website.

7. How do you protect my personal data?

We take several measures to keep your personal data secure and protected against unauthorized or unlawful processing and against accidental loss, destruction or damage. We take both technical and organizational measures to protect your data through access control, access control and encryption procedures. We also ensure that our third-party suppliers provide appropriate security measures.

8. Where is my personal data stored?

The personal data we collect about you is mainly processed and stored within the EU but may be transferred to countries outside the EU where our partners or suppliers are located. Before transferring personal data outside the EU, we will ensure that appropriate safeguards are in place to protect your personal data, for example by using the standard contractual clauses approved by the European Commission together with additional safeguards.

9. How long do you keep my personal data?

The length of time we keep your personal data varies depending on the purpose for which we collected the data. Your personal data is used for as long as it is necessary to fulfill the purpose for which we collected the data. The purposes of the data collection are listed under “How do you use my personal data?”.
In some cases, we need to keep your data longer to comply with applicable laws (including those relating to accounting), to enable dispute resolution and to protect our interests. All personal data that we store is subject to this privacy policy.

If you have not used your user account for a period of two (2) years, we will send you a reminder asking if you want to keep your user account. If you have not responded or logged into your account within ninety
(90) days of receiving such notice, your account and related personal data will be permanently deleted, unless we are legally required to retain the information for a longer period of time.

10. What rights do I have regarding my personal data?

You always have the following rights in relation to your personal data:
● Right of access (register extract) – a right to access information about what personal data we process about you.
● Right to rectification – a right to have inaccurate personal data about yourself corrected.
● Right to erasure – a right to have your personal data erased under certain conditions.
● Right to restriction of processing – a right to have the processing of your personal data restricted until inaccurate data has been corrected or other objections have been resolved.
● Right to data portability – a right to request that personal data be moved from one controller to another. This right is limited to data that you yourself have provided to us.
● Right to object – a right to object to the processing of your personal data based on our legitimate interests (balancing of interests).
● Right to information about data collection – a right to receive information about the sources used to collect your personal data (when the information is not provided by you).
● Right to data portability – a right to have your data transferred to another service when technically feasible.

You can exercise your rights described above by sending a request to gdpr@feedbackfrog.com We will respond to your request within 30 days. Please note that there may be requirements and regulations that

limit your rights, for example, there may be legal obligations that prevent us from disclosing or transferring parts of your data, or from blocking or deleting your data.

We always intend to handle any requests, complaints or concerns you may have regarding our use of your data in a lawful, fair and transparent manner. However, if you feel that your rights have been violated, you always have the right to file a complaint with the Data Protection Authority (https://www.imy.se).

11. Amendments and updates to this privacy policy
We may make changes to this privacy policy. If we make material changes that affect your rights, we will notify you of the change on our website or by email before it takes effect.

Last modified [February 1st 2024].

12. Company information

FeedbackFrog AB
Org. no. 559136-0499
Birger Jarlsgatan 37, 111 45, Stockholm, Sweden
GDPR contact email: gdpr@feedbackfrog.com