Personal Data Policy
You should always feel secure when providing your personal data to us. With this personal data policy, we want to show how we ensure that your personal data is processed in accordance with current data protection legislation.
What is personal data?
Personal data is any information that can be directly or indirectly linked to a living person. Examples of personal data include photographs, names, personal identification numbers, postal addresses, and email addresses
What personal data does Cirkus Cirkör process?
The personal data we process depends on the relationship you have with us. Below, we describe the most common categories of personal data that we process.
- Employees/contractors (individual company): First and last name, personal identification number, postal address, phone number, email, bank information, CV, driving licence possession.
- Contractors (limited company): Contact person, phone number, email.
- Course participants and drop-in participants: First and last name, personal identification number, postal address, phone number, email, dietary restrictions/allergies, courses attended.
- Newsletter subscribers: First and last name, email.
- Organisers/customers: Contact person, position, phone number, email.
- Partners: Contact person, positions, phone number, email.
- Suppliers: Contact person, position, phone number, email.
- Donors: Contact person, position, phone number, email.
- Journalists/bloggers/influencers/media representatives: Contact person, position, phone number, email.
- Photographs, film, sound recordings: first and last name, email with written consent.
Legal basis and purpose for processing
Cirkus Cirkör processes personal data for several different purposes. The main purposes are to:
- Manage course bookings and communication with course participants, organisers and customers.
- Plan, sell and conduct performances, workshops, events, and other activities.
- Document, evaluate, develop, and market our operations.
- Fulfil our commitments as a partner and social actor.
Each processing of personal data by Cirkus Cirkör can be justified based on one or more of the following legal grounds:
Fulfilment of legal obligation
Example: For employees and contractors, we must process certain personal data to meet the requirements of tax legislation and accounting laws.
Fulfilment of contract
Example: We must handle personal data for organisers and customers to communicate, deliver and invoice the ordered services. We must handle personal data for course participants to provide information, record attendance, keep statistics and arrange insurance.
Legitimate interest / individual interest, balancing of interests / academic interest
Example: We analyse training statistics to manage, plan, and develop our course activities. For research purposes regarding the development of Cirkus Cirkör, we process certain personal data. We send out member offers as we assess that our interest in informing and marketing our activities outweighs the member's interest in not being subject to marketing.
Consent
Example: When you sign up for one of our newsletters, you consent to us processing your personal data. When photographing for marketing or documenting Cirkör's activities, we ask for written consent. This occurs in conjunction with photography. For children under 16 years old, a guardian must sign the consent form.
Storage periods
To protect your personal data, Cirkus Cirkör continuously works to maintain and improve a range of security measures. This includes protecting documents and records (in paper form) containing personal data, information security protection against intrusions into IT systems, and organisational protection (e.g., only those who need it for their work have access to personal data).
We store personal data as long as necessary to fulfil the abovementioned purposes.
Members-course participants
Personal data is stored for 12 months after the course ends. You can also contact us earlier to remove your or your child's personal data from the booking system if the participant has left the course.
Employees, contractors
Personal data is stored as long as there is a legal obligation for those who have been or are employed.
Cirkus Cirkör never sells personal data to third parties
Cirkus Cirkör may, however, disclose your personal data to the following categories of recipients:
Authorities
Cirkus Cirkör discloses necessary personal data to authorities if we are required by law to do so.
Collectively agreed organisations
Cirkus Cirkör is a collectively affiliated workplace and discloses personal data to insurance companies administering agreed labour market and pension insurance.
Payroll administrator
Cirkus Cirkör has an external system supplier for the payroll processing program, a data processing agreement has been established between the system supplier and Cirkus Cirkör.
Membership and course booking system
Cirkus Cirkör has an external system supplier for the membership and course booking system, a data processing agreement has been established between the system supplier and Cirkus Cirkör.
Insurance company for training insurance
Cirkus Cirkör arranges individual training insurance for certain courses, currently the Parkour, Acrobatics, and Cirkör course. For those participating in these courses, personal data is disclosed to the insurance company Pensum.
Clients/partners/media
With consent from artists/educators, Cirkus Cirkör may disclose their names and phone numbers to clients/partners/media for information, marketing, and media contacts.
Your rights
Under the data protection regulation, you as a registered individual have several rights towards Cirkus Cirkör.
Right to access your personal data
You have the right to receive confirmation of whether Cirkus Cirkör processes your personal data, and if so, receive a copy of the personal data in question.
Right to rectification
Cirkus Cirkör strives to ensure that all information processed by us is accurate. If you discover errors in your data, you can request that we correct the incorrect data. We will then correct the errors.
Right to data portability
If you want to obtain your personal data from Cirkus Cirkör to use them elsewhere, you have the right to receive them in a structured, commonly used, and machine-readable format and transfer them to another data controller. This assumes that the transfer is technically possible and can be done with reasonable effort for Cirkus Cirkör. In almost all cases, it will be easier for you to provide the other party with your personal data yourself. This right is limited to data processed with your consent or to fulfil a contract with you and only applies to personal data you have provided yourself.
Right to restriction of processing
If you want Cirkus Cirkör to process your personal data only for limited purposes, you can request a restriction of the processing. We will then mark the data to ensure that it is not subject to further processing and cannot be changed.
Right to erasure
If you want us to cease processing your personal data entirely, you can in certain cases request the deletion of these. We will then delete all data that can be linked to you as a person. Once the deletion is completed, you will receive confirmation via email and then we will also delete the sent email.
If you believe we have done wrong
If you believe that Cirkus Cirkör processes your personal data in violation of applicable legislation or that we have handled your request incorrectly when you wanted to exercise your rights as stated above, you can report this to the Data Inspection Authority.
Data controller and data protection officer
Cirkör AB, organisation number 556557-4349 and
Cirkus Cirkör Non-profit association, organisation number 802401-3248
Rotemannavägen 10, 145 57 Norsborg
cirkus@cirkor.se, www.cirkor.seData Protection Officer: Ernesto León Mondragón