Privacy Policy

For application and platform usage

1.0 General

&Repeat (“we”, “our”) has the utmost respect for the personal data of our customers (“you”, “your”). We will repay the trust you are showing us by using our service by treating your data with all the respect necessary to keep it safe.

&Repeat will collect personal data submitted by visitors of our website www.andrepeat.io (the “Website”) and by our customers when personal accounts are created and when customers use the service for sorting packaging, collecting credits and paying with credits (the “Service”).

This privacy policy (the ”Privacy Policy”) describes how &Repeat AB, Reg. No. 559191-3610, with registered address Birger Jarlsgatan 57C, 113 56 Stockholm, Sweden,(“&Repeat”) as a data controller, processes personal data of visitors of our website and of our customers when using the service. We are responsible for ensuring that the personal data are processed correctly and in accordance with applicable data protection laws.

Questions regarding this Privacy Policy and/or &Repeat’s processing of your personal data can be sent to privacy@andrepeat.io.

2.0 Personal data processed, purposes and legal grounds

We will process your data for the following purposes:

A. a) Entering into, fulfilling, administering and developing our contractual relationship with you as a customer. We process your personal data for the purposes of internal administration, customer management, to provide, personalize and improve the customer experience of the Services. To do this we process the following personal data:

  • Phone location data

  • Contact details (such as name, address, e-mail address and phone number)

  • Device ID of your mobile phone

  • Photos of recycling points which you upload to our platform (the “Platform”)

  • Information about your use of the Service, for example, your use and registration of recycling points.

Our lawful basis for the processing of your personal data for this purpose is to fulfil our contractual obligations with you and to serve our legitimate interest to conduct our business.

B. Developing the Service regarding functionality, security and methods. To do this we process the following personal data:

  • IP address

  • Information about your device, such as make, model, and operating system

  • Information about you such as that described in (a)

  • Information about your use of the Service, for example, the date, time and duration of your usage.

Our lawful basis for the processing of your personal data for this purpose is our legitimate interest to be able to develop the Services and to increase our understanding of the markets and customers. Wherever possible, we anonymise or aggregate data processed for this purpose.

C. To comply with laws and regulations. To do this &Repeat may use any of your personal data.

&Repeat has obligations under applicable laws and regulations that require &Repeat to retain and process some personal data in order to comply with such laws and regulations, such as bookkeeping laws etc. Our lawful basis for the processing of your personal data for this purpose is our legal obligation.

D. To protect &Repeat’s or third parties’ rights e.g. defending, exercising or establishing legal claims. To do this we may use any of your personal data.

Our lawful basis for the processing of your personal data for this purpose is our legitimate interest to protect &Repeat’s and/or third parties’ rights.

E. For the purpose of carrying out marketing campaigns. To do this we may use any of your personal data including:

Our lawful basis for the processing of your personal data for this purpose is Our legitimate interest to protect &REPEAT’s and/or third parties’ rights (Article 6(1)(f) GDPR).

  • Contact details (such as name, e-mail address and phone number)

  • Device ID of your mobile phone

  • IP address

We may want to inform you about our Services and relevant offers from third parties by sending you marketing. This information can be sent by e-mail, push notifications and in our app. Your personal data may also be processed with the purpose of evaluating marketing campaigns including us sending personal data, mainly e-mail addresses, to relevant marketing campaign partners. Our lawful basis for the processing of your personal data for this purpose is either our legitimate interest in marketing our business and analysing the efficiency of our marketing, or consent for third party marketing as described above. You can at any time unsubscribe or withdraw your consent by contacting us at privacy@andrepeat.io.

We will also process personal data when you visit our Website. We gather information from your browser when you access our Website in order to measure the number of visitors, location, unique device ID, network and computer performance, browser type, language, IP address etc.

3.0 Transfer of personal data

As part of the processing of personal data described in section 2 above, we may transfer personal data to third parties such as:

- IT service providers
The purpose of these transfers is to be able to deliver the Service to you. These IT service providers process the personal data in the capacity of data processors on behalf of &Repeat. These IT service providers only have access to and process data that are required to deliver the Service to you. Furthermore, data is anonymised and aggregated when possible. We chose our suppliers with the utmost care and govern their processing of personal data in written agreements.

- Marketing Partners
The purpose of these transfers is to help &Repeat in developing and delivering marketing messages and with other marketing related assignments.
Please also note that our Services may contain links to and from the websites of third parties such as our partner network. If you follow the link to any of these websites, please note that these websites may have their own privacy policies and we do not accept any responsibility or liability for the websites or these policies.

- Courts and counterparties
The purpose of these transfers is to establish, exercise and/or defend legal claims.

- Regulators
The purpose of these transfers is to comply with applicable laws, regulations and rules and requests of law enforcers, regulatory and other similar governmental bodies such as;

  • Professional services firms (e.g. auditors and lawyers)

  • Law enforcement agencies (e.g. the Police)

- Potential acquirers and sellers
The purpose of these transfers is to share necessary information with potential acquirers and/or sellers in a merger or acquisition process where &Repeat is involved.

Should &Repeat transfer personal data outside of EU/EEA, protective measures will be taken to ensure an adequate level of data protection, for example by contractually binding transfers to comply with EU standards.

4.0 Storage of personal data

We maintain information about you for as long as we provide Services to you as a customer, and as long it is required for us to perform any related business activities in line with the purposes listed above. Once your personal data is no longer necessary for our business purposes, we will remove and/or destroy the personal data unless we have agreed with you that we should keep the personal data, or unless we have obtained a court or administrative order to do so, or if it is otherwise stipulated by law, e.g. for bookkeeping reasons.

5.0 Rights and preferences

GDPR assigns certain rights to individuals in relation to their personal data. As available and except if limited under applicable law, your rights are:

  • Right of access – You have the right to request access to and be informed of, the personal data of yours that we process;

  • Right to rectification – You have the right to request that we update or amend your personal data if it is inaccurate or incomplete;

  • Right to erasure – You have the right to request that we delete your personal data;

  • Right to restrict – You have the right to request that we temporarily or permanently stop processing all or some of your personal data;
    o the right to object to us processing your personal data at any time if we are using legitimate interest (Article 6(1)(f) GDPR) as lawful basis for the processing;

    o the right to object to your personal data being processed for direct marketing purposes

  • Right to data portability – You have the right to request a copy of your personal data in a commonly used machine-readable format and the right to transmit that personal data for use in another party’s service; and

  • Right not to be subject to automated decision-making – You have the right to not be subject to a decision based solely on automated decision-making, including profiling, if the decision would have a legal effect on you or produce a similarly significant effect.

Contact us by using the contact information in section 1 of this Privacy Policy if you want to exercise any of your rights above. &Repeat will normally answer your request within one month.

Please note that the limitation or deletion of your personal data may mean that we will be unable to provide you with our Services.

In addition to the rights mentioned above, you have the right to lodge a complaint about the processing of your personal data with a supervisory authority. Each country have their own supervisory authority specified in the list below:

  • Sweden: the Swedish Data Protection Authority (Sw. Datainspektionen).

  • Norway: the Norwegian Data Protection Authority (No. Datatilsynet).

  • Denmark: the Danish Data Protection Agency (Da. Datatilsynet).

6.0 Security

We are dedicated to keeping your personal data safe and use technical as well as organisational measures to maintain high standards of security. However, please acknowledge that no system is ever completely secure. We are utilizing several methods to ensure a high security level such as pseudonymization, encryption, access and retention policies to safeguard against unauthorized access and unnecessary retention of personal data.

Your password safeguards your personal account, so we recommend you to;
- Keep it safe
- Use a strong unique password
- Never share your password
- Limit access to your browser and;
- Log out after using the Service.

7.0 Changes to this Privacy Policy

We may from time to time make changes to this Privacy Policy.

If material changes are made, we will provide you with a notice as appropriate given the circumstances, e.g., by displaying a notice in the Service or by sending you an email or other type of notification. Make sure to read any such notice carefully.

If you have any questions in regards of the above:

Email: support@andrepeat.io