Privacy Notice
This privacy notice sets out how Magic Riddle Technology AB, incorporated in Sweden with company number 559431-0400 (“Riddle”), collects and otherwise processes your personal data.
If you have any questions about this notice or how we process your data, or want to exercise your rights, please contact us on kyle.rowley@getriddle.com.
1. Data controller
If you have any questions about this notice or how we process your data, or want to exercise your rights, please contact us on [].
Please note that we are a data processor for any personal data uploaded by you to our platform, meaning that such uploaded data is not covered by this notice.
2. Personal data we collect
We collect and process the following types of personal data:
Contact information: Name, email address, postal address, phone number, etc.
Usage data: Username, password, account and content preferences, how you navigate in our services, which functions you use, etc.
Transaction and payment Information: Information about your payments to us, such as invoicing information and other payment information.
Technical data and device information: IP address, browser type, device information, errors, response time, etc
3. How we use your personal data
In this section you can read about for which purposes we use your data, which types we use for each purpose, based on which so-called “legal basis”, and how long we perform the purpose.
5. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this notice unless a longer retention period is required or permitted by law. Especially the Swedish bookkeeping law requires accounting data to be kept for seven years after the year a transaction was made.
Swedish statutory limitation law also prescribes that Riddle need to keep personal data necessary to protect it from claims for ten years after our service was used.
6. Your Rights
You have the following rights regarding your personal data. You can exercise them by contacting us through the email address listed on the top of this notice.
The right to access and receive a copy of your personal data, as well as receive specific information on how we have processed it.
The right to rectify any inaccurate or incomplete personal data.
The right to erase your personal data (“right to be forgotten”), unless Riddle is unable to do this based on legal obligation or due to compelling legitimate grounds.
Right to object to the processing of your personal data. You have the right to object to processing of your personal data which is based on our legitimate interest (Article 6(1)(f) GDPR), by referencing your specific circumstances. You can always object to our use of your personal data for marketing purposes.
The right to restrict the processing of your personal data. You can request this for example while we administrate you exercising your right to object, or your right to data.
The right to data portability, ie. to receive your personal data in an electronic/machine readable format.
Right to withdraw your consent. This means that we will stop processing your data for purposes on which we rely on your consent.
To submit a complaint to the Swedish Data Protection Authority, Integritetsskyddsmyndigheten.
7. When we can transfer your personal data outside of the EEA, and how we protect it
We always strive to process your personal data within the European Economic Area (“EEA”). However, sometimes we might need to transfer your data also outside this region.
When we do this, we make sure the data is kept equally secure as in the EEA, and that protective measures are implemented as required. Such measures might be technical in nature such as encryption or pseudonymisation, but we might also rely on the following administrative security measures, as allowed by the GDPR:
if the European Commission has decided that the country outside of the UK/EEA to which your personal data are transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR, or
the European Commission’s standard clauses have been entered into between Riddle and the recipient of the personal data outside the EEA. In these cases, we also assess whether there are laws in the recipient country that affects the protection of your personal data, or
that the transfer is covered by the EU-US Data Privacy Framework.
If you want a copy on any of these instruments you can contact us and request them.
7. When we can transfer your personal data outside of the EEA, and how we protect it
We reserve the right to update or modify this privacy notice at any time. You should therefore consult this notice regularly when you use our services.
Let’s solve this
Riddle together