Privacy policy
1. Introduction
Credence Invest i Stockholm AB respects the privacy of individuals who visit our website, contact us, request information, book meetings or otherwise interact with us.
This privacy policy explains how we collect, use, store and protect personal data, and how individuals may exercise their rights under applicable data protection law.
Credence processes personal data in accordance with Regulation (EU) 2016/679, the general data protection regulation, and other applicable Swedish and European data protection rules.
2. Controller
For the purposes of applicable data protection law, the controller of personal data processed in connection with this website and our business communications is:
Lugnets Allé 18 Bv
120 66 Stockholm
Sweden
Website: www.credence.se
For privacy-related questions, please contact us by email at: info@credence.se
3. Scope of this policy
This privacy policy applies to personal data processed when an individual:
- Visits the Credence website
- Contacts Credence by email or through a website form
- Books or requests a meeting with a Credence partner
- Communicates with Credence in a professional capacity
- Provides information in connection with a potential mandate, partnership or business relationship
- Interacts with Credence through LinkedIn or other professional channels
- Receives communications from Credence
This policy does not apply to websites, services or platforms operated by third parties, even where such services are linked from the Credence website.
4. Categories of personal data
Credence may process the following categories of personal data:
- Identification data, such as name, title, company and professional role.
- Contact data, such as email address, telephone number, business address and country.
- Professional information, such as company affiliation, sector, area of interest and business context.
- Communication data, such as messages, correspondence, meeting notes and submitted enquiries.
- Meeting and booking data, such as requested meeting time, meeting participants and calendar details.
- Technical data, such as IP address, browser type, device information, website usage data and cookie identifiers.
- Compliance-related information, where relevant to a mandate, such as KYC, due diligence or business verification information.
Credence does not intentionally collect sensitive personal data through the website. Visitors should not submit sensitive personal data unless specifically requested by Credence for a defined and lawful purpose.
5. Sources of personal data
Credence may collect personal data directly from the individual, from the organisation the individual represents, from professional correspondence, from meeting booking tools, from publicly available professional sources, from business partners or from third-party service providers used in connection with the website and business administration.
6. Purposes of processing
Credence may process personal data for the following purposes:
- To respond to enquiries and communication.
- To arrange and conduct meetings.
- To assess potential mandates, partnerships or business relationships.
- To provide advisory, structuring and related professional services.
- To administer invite-only project finance programs, where applicable.
- To manage professional relationships with clients, partners, advisers and counterparties.
- To conduct KYC, due diligence, compliance and risk assessment where required.
- To operate, protect and improve the website.
- To maintain internal records and business administration.
- To comply with legal, regulatory, accounting and contractual obligations.
- To protect Credence’s legitimate business interests, rights and security.
7. Legal bases for processing
Credence relies on one or more of the following legal bases when processing personal data:
- Consent, where the individual has given clear consent for a specific purpose.
- Contract, where processing is necessary to perform or take steps prior to entering into a contract.
- Legal obligation, where processing is required to comply with applicable law.
- Legitimate interests, where processing is necessary for Credence’s legitimate business interests and such interests are not overridden by the individual’s rights and freedoms.
Credence’s legitimate interests may include professional communication, business development, mandate assessment, relationship management, website operation, security, record keeping and the protection of legal and commercial interests.
8. Cookies and similar technologies
The Credence website may use cookies and similar technologies to enable website functionality, improve user experience, understand website traffic and support security.
Where required by law, non-essential cookies will only be used with the visitor’s consent.
Visitors may manage cookie preferences through the website cookie banner or through their browser settings.
A separate cookie notice may be published on the website if analytics, marketing cookies or third-party tracking technologies are used.
9. Sharing of personal data
Credence may share personal data with selected recipients where necessary and lawful.
Recipients may include:
- IT and hosting providers.
- Website and analytics providers.
- Email and calendar providers.
- Booking platform providers.
- CRM or business administration providers.
- Professional advisers, including legal, tax, accounting and compliance advisers.
- Banks, financial institutions, project partners, investors or counterparties where relevant to a mandate and subject to appropriate confidentiality.
- Public authorities, courts or regulators where required by law.
Credence does not sell personal data.
10. International transfers
Credence may process or transfer personal data outside Sweden and the European Economic Area where necessary for business operations, technology services, communications, international mandates or cooperation with partners and advisers.
Where personal data is transferred outside the European Economic Area, Credence will seek to ensure that appropriate safeguards are in place, such as an adequacy decision, standard contractual clauses or other lawful transfer mechanisms under applicable data protection law.
11. Security
Credence applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
Such measures may include access controls, confidentiality obligations, secure systems, restricted access, data minimisation, secure communication practices and internal governance procedures.
No electronic communication or storage system is completely secure. However, Credence works to maintain a level of security appropriate to the nature of the personal data and the risks involved.
12. Data retention
Credence retains personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory, contractual, accounting, reporting and legitimate business requirements.
Retention periods may vary depending on the type of data, the purpose of processing, the nature of the relationship and applicable legal obligations.
Where personal data is no longer required, Credence will delete, anonymise or securely restrict further processing of such data.
13. Individual rights
Subject to applicable law and certain limitations, individuals may have the right to:
- Request access to their personal data.
- Request correction of inaccurate or incomplete personal data.
- Request deletion of personal data.
- Request restriction of processing.
- Object to processing based on legitimate interests.
- Withdraw consent where processing is based on consent.
- Request data portability where applicable.
- Lodge a complaint with a supervisory authority.
Requests may be submitted to Credence using the contact details in this policy.
Credence may need to verify the identity of the requesting individual before responding to a request.
14. Supervisory authority
Individuals have the right to lodge a complaint with the Swedish authority for privacy protection, Integritetsskyddsmyndigheten, or another competent data protection authority in the EU or EEA.
Credence encourages individuals to contact us first so that we may address any concern directly where possible.
15. Professional communications
Credence may use professional contact details to communicate with clients, partners, advisers and other business contacts in relation to existing or potential business relationships.
Such communications may include meeting coordination, mandate-related updates, professional invitations, company information or other relevant business communication.
Recipients may opt out of non-essential communications by contacting Credence.
16. Third-party services and links
The Credence website may contain links to third-party websites or use third-party services, including booking tools, analytics tools, hosting providers, email providers or social media platforms.
Credence is not responsible for the privacy practices of third-party websites or services. Visitors should review the privacy policies of those third parties before using their services.
17. Changes to this policy
Credence may update this privacy policy from time to time to reflect changes in law, technology, business operations or data processing practices.
The latest version will be published on the Credence website.
18. Contact
Questions regarding this privacy policy or Credence’s processing of personal data may be directed to:
Lugnets Allé 18 Bv
120 66 Stockholm
Sweden
Email: info@credence.se
Website: www.credence.se