CIMS

Privacy Policy

This privacy policy explains how we, at GetCims AB, (“GETCIMS”), handle your personal data in different situations. We’re providing this information to comply with the European Union’s General Data Protection Regulation (GDPR), which requires transparency in data processing practices.

Data controller

GETCIMS acts as a data controller for the processing of your personal data in the following situations:

  • when you visit our website (cookies),
  • when you register as an influencer,
  • as part of our influencer database,
  • when you communicate with us,
  • when you represent a customer, supplier, vendor or other third party, 
  • when you are subject to direct marketing

Below, you can read more about the various purposes of our processing of your personal data in different situations. You can also see which data we process, what the legal basis for our processing is, for how long we store the personal data and who we share it with.

Further, in the section “Your rights etc.” you can read about your rights and how to contact us.

Personal data, purpose, and legal basis etc.

When you visit our website (cookies)

What information do we collect when you visit our website (cookies)?

When you browse our website, we use “cookies” to gather information about your visit. This might include things like the pages you visit, your browser type, and your IP address. Some of this data may be considered personal information.

Why do we collect this information?

We use this data for two main reasons:

  • To keep your experience smooth and secure: Cookies help us maintain a stable and secure website environment for everyone.
  • To understand our visitors: Cookies also help us track website traffic and gather anonymous statistics about our visitors. This allows us to improve your browsing experience.

In some cases, we may use cookies for targeted advertising based on your browsing behavior. However, this requires your consent.

Sharing your information:

We only share information about your website usage with third-party service providers that you have specifically allowed to place cookies on your device.

How long do we keep your data?

The data collected through cookies is stored for varying lengths of time depending on the specific cookie. You can find more details about cookie lifespans in our separate Cookie Policy.

When you register as an influencer

You’ll be asked to provide some basic details to get started. This includes your name, contact information, email address, and the social media channels you manage. We collect this information to grant you access to our services and ensure your account security with a unique password.

Additionally, with your permission during sign-up, we may process information about your gender, location, content you share on your social profiles (including photos), and relevant statistics like reach and impressions. This helps us streamline reporting and communication for influencer marketing campaigns connecting you with brands. You have complete control over what information you share.

The legal reasons for processing your data fall under two GDPR articles:

  • Article 6(1)(b): This allows us to process information necessary to fulfill our agreement with you (based on the sign-up terms).
  • Article 6(1)(f): This covers our legitimate interest in providing you with platform access and ensuring secure account login.

Furthermore, for specific activities you agree to during sign-up, the legal basis is Article 6(1)(a) of the GDPR.

Data Retention:

  • Sign-up and account data will be deleted after 3 years of inactivity.
  • If you request account deletion, your personal data will be removed within 48 hours.

Data Sharing:

We may share your data with our clients (brands).

We also utilize processors who assist with hosting, developing, and maintaining our IT systems. These processors may have access to your data. More information on data transfer to third countries is available below.

As part of our Influencer database

To connect our clients with the perfect influencers, we maintain a database of publicly available information. This database is built using data scraping tools that collect information from open social media profiles (like TikTok and Instagram).

The type of information we collect includes:

  • Influencer name and social media handles
  • Publicly shared content about the influencer’s activities (e.g., number of followers)
  • Areas of focus, brands, or products the influencer promotes
  • Posting frequency, views / impressions and engagement rate

This raw data is then analyzed using custom metrics to generate valuable statistics. These insights are shared with our clients to help them develop targeted branding and marketing strategies that leverage influencer partnerships.

Why We Collect This Information (Legal Basis):

We rely on Article 6(1)(f) of the GDPR. This allows us to pursue a legitimate interest: collecting and processing publicly available influencer data to match client needs. Our goal is to connect clients with the most relevant influencers for their specific campaigns, which benefits both parties.

Your Right to Opt-Out

Influencers have the right to object to our processing of their data, including any automated analysis (profiling).  To opt-out, simply email gdpr_contact@getcims.com. We will stop processing your data unless we have a compelling reason to override your objection (e.g., legal claims).

Data Retention

Influencer data and content (like posts) are generally deleted after 36 months. If an influencer edits or deletes their profile, we reflect those changes within 30 days.

Data Sharing

We share influencer data with our clients who use our services. Additionally, your data may be disclosed to relevant business partners (like external advisors) and our data processors who support our IT systems (more information on data transfer to third countries is available below).

Communication with Us

When you contact us (via email, contact forms, etc.), your communication may contain personal data (e.g., name, email, company affiliation).  We may also receive your data from a third party, like your employer.

Why We Process Your Data (Legal Basis):

We process this data under Article 6(1)(f) of the GDPR to manage customer relationships, answer inquiries and fulfill agreements with companies you represent.

Data Retention for Communication

  • If you don’t represent a customer, supplier, etc., your communication data is deleted 5 years after the financial year your inquiry is handled.
  • If you represent a customer, supplier, etc., your communication data is deleted 5 years after the business relationship ends.

Data Sharing for Communication

We may disclose data included in your communication records to relevant public authorities (for legal reasons) and business partners (like external advisors).  We also share data with our data processors who support our IT systems (more information on data transfer to third countries is available below).

Important Note:

If our services involve processing personal data on behalf of a specific client, a separate data processing agreement will be established between GETCIMS and that client.  In such cases, the client acts as the data controller, and GETCIMS operates as a data processor.

When you are subject to direct marketing

When you sign up for our newsletter or other marketing communications on our website, we collect your name, email address, and any preferences you choose. This allows us to send you targeted updates on our products, knowledge base articles, and newsletters that align with your interests.

Why We Use Your Data (Legal Basis):

We rely on your consent (Article 6(1)(a) of the GDPR) to send you marketing materials. Additionally, for tailoring these communications to your preferences (profiling), we use Article 6(1)(f) of the GDPR, which allows us to pursue our legitimate interest in making our marketing relevant to you.

Your Control Over Your Data

You have the right to object to our processing of your data for marketing purposes, including any profiling we do to personalize those messages. You can also withdraw your consent at any time.  See our “Contact Us” section below for details.

Data Retention

We will delete your data related to our newsletters 3 years after our last email is sent, unless you unsubscribe before then.

Data Sharing

We share your data with our data processors who support our IT systems (more information on data transfer to third countries is available below).

Transfer of your personal data to third countries etc.

In some cases, we may transfer your data to processors located outside the European Union (EU) and European Economic Area (EEA), specifically to the United States.  This transfer is based on the European Commission’s Decision of June 4, 2021, which approves Standard Contractual Clauses for data transfers to third countries under the General Data Protection Regulation (GDPR).

We understand you might want more details about this international transfer. If you’d like a copy of the Standard Contractual Clauses we rely on, please feel free to contact us using the information below.

Your rights etc.

We understand your right to privacy and want to ensure you have control over your personal information. Here’s a breakdown of your rights:

Right to Withdraw Consent: You have the option to revoke your permission for us to process your data at any time. Simply contact us through the information below (“Contact Us”). Withdrawing consent won’t affect past processing based on your prior approval.

Right to Access: You can confirm if we hold and process your personal data. If so, you can request a digital copy.

Right to Restrict Processing: Under certain circumstances, you can request limitations on how we handle your data, particularly if you believe its accuracy or legality might be compromised.

Right to Rectification: If any of your information is inaccurate or incomplete, you have the right to request correction and completion.

Right to Object to the processing: In specific situations, you can request that we cease processing your personal data altogether.

Right to Data Portability: You have the right to receive your provided data in a structured, commonly used, and machine-readable format. You can also request us to transfer this data to another entity, if technically feasible.

Right to Erasure: Under specific circumstances, you can request the deletion of your personal data. This applies when the data is no longer required for its original purpose.

Complaint to a supervisory authority 

If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Swedish Authority for Privacy Protection via their website, https://www.imy.se

To exercise your rights, contact us using the details provided below.

Contact us

If you have any questions about how we process personal data;

Getcims AB
Stora Nygatan 13
411 08 Gothenburg
Sweden
Company registration no.: 559478-8415
info@getcims.com