Latest update: May 25, 2018

Cookie and Privacy Policy

This policy describes Above Agency AB's personal data management practices and applies from May 25, 2018.


The purpose of this policy is to clearly and transparently know what types of personal data we handle, how we treat them, and how to take advantage of your rights. The policy follows the provisions of the EU General Data Protection Ordinance (GDPR). It is also supplemented by internal guidelines for handling personal data.

Who should read this Privacy Policy?

This Privacy Policy is relevant for anyone visiting our websites, using our services or otherwise interacting with us.

What personal data do we handle?

The collection and processing of personal data is not a core activity for us at Above Agency AB. However, like any other company, we handle personal data in our internal administration and for marketing purposes.

Personal data that is handled in our internal administration and in our own channels


Social Media

We are responsible for the content, including personal data, published in social media channels run in Above Agency ABs own name. This means that in social media channels where we have the ability to control the content, we are responsible for keeping a regular view of publications and moderating the content so that the channel does not contain, for example, infringing personal data. In addition, each platform's own privacy policy applies.

Marketing and Mailing

We store contact information to current customers, past customers, potential customers and other relevant parties we are in contact with in order to market our business. We do this primarily by emailing marketing of our services, event invitations and so on. Subscriptions always contain an opt-out option for those who no longer want to know such information from us.

Media production and photography

We also conduct media production (film and audio recording) and photography for personal use. Typically, it is about documenting events that occur in our own name as well as marketing and documentation of our own business.


We process personal data that appear in the agreements we sign. For example, there may be agreements with customers, subcontractors, partners and employees. The data typically deals with basic contact information that is necessary to fulfill the agreement.


Those who contact us to apply for work with us automatically agree that we process your personal information when submitting them to us in the form of letters, resume and other documentation. Looking for your employment with us, we store your data for 270 days before deleting.


We use Google Analytics to monitor visitor flows on our own site. For this purpose, the tool's own privacy policy applies.


We use cookies to enhance your user experience and to give you access to some functionality as a visitor. A cookie is a small text file that is stored on your computer by the site you are visiting. Cookies allow information about how visitors interact with the site. We use cookies for primarily three different purposes: web analytics, advertising and improving customer experience.

For web analytics, we mainly use Google Analytics. This helps us, among other things, to get information about how our visitors interact with the site. Data from the cookie is used for internal web analytics and marketing, but is also included in Google's demographics and interest reports.

If you do not accept the use of cookies on our website as described above, you can change your browser settings so that no cookies are stored on your computer. We refer to your browser's user manual for further instructions. Keep in mind that some features may not work properly if you do not allow the use of cookies.


We handle personal information that occurs in the email conversations we have, partly with our customers but also with employees, subcontractors, other types of collaborators and external partners. We also use the Mailchimp email marketing tool to send newsletters, for this purpose, the tool's privacy policy.


How is your personal information processed?


The legality of the treatment

Our processing of personal data, whether done on behalf of our clients or for our internal administration or marketing, is based on the basic principles of personal data management as stated by GDPR. We only process personal data after we ensure that we have legal basis under the GDPR to do so.

With regard to personal data management within the context of customer assignments, it is typically based on the so-called "balance of interests" as a legal basis.

We own the right to process personal data if it is necessary to fulfill an agreement, for example with a customer, a partner, a subcontractor or an employee, as well as to fulfill legal obligations, for example towards the authorities. It may involve processing data for laws or other regulations requiring it.

In some cases, active consent of the registrant makes the processing of its personal data legal. It is also a requirement that the tasks under the regulation are considered sensitive. In cases where the law requires it or where the situation requirements it, we collect an active consent for treatment from the data subject.


Information to registered

In our personal data processing we also look to meet the information obligation as described in GDPR, and inform you about your data that is being processed by us. This is provided that the personal data it is not already made public, such as by being openly available (for example, on the internet or in the media) or actively published or provided by the registered person.

Restriction of access

We have routines and working methods to handle personal information safely. The starting point is that only the employees and, if applicable, the customer we perform the task of requiring the personal data to perform their duties shall have access to them.


Personal data that is no longer used, for example, because the customer assignment within which they were processed has been terminated, because the information for other reasons has become out of date for the task, for termination of an agreement or cooperation, or similarly, is deleted regularly.

The exception is whether personal data need to be saved for a time to live up to, for example, a complaint period, if there is reason to believe that the termination of the assignment, agreement or cooperation in the near future will be transferred to a new assignment, agreement or cooperation with the same counterparty, or if It is in our interest to be able to report on the performance of the assignment.

Transfer of personal data

We do not transfer personal data in cases other than those expressly stated in this policy. This may, for example, be about personal data we have handled on behalf of a customer and where it is included in our mission that the information is to be handed over to the customer or personal data handled within a tool or digital platform where our own policy does not apply without is the tool or platform policy that applies.

Otherwise, transfer of personal data takes place between Above Agency and, if applicable, partners when our customer assignments so require.

IT security

We comply with data protection requirements set by GDPR. This includes encrypting our networks and limiting access to data to avoid personal data incidents. We have internal policies and practices for IT security as well as handling personal data incidents that meet the statutory requirements.

Changes to this Privacy Policy

We, the Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller removes the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.


Your rights


You have rights and they are important to us!

Generally, we believe you have the right to have your data processed only in accordance with your expectations. But you also have rights laid down by applicable law, below you can read more about them, first the ones we believe might be most relevant for you.

Under the General Data Protection Regulation (GDPR)/(EU) 2016/679:

You have the right to be informed about certain details on the processing of your data. We provide this information through our Transparency Widget above.

You have the right to receive a copy of the personal data we process about you. You can receive this data by reaching out to us.

You have the right to correct the personal data we process about you if you see that it is inaccurate.

You have the right to withdraw your consent that allows us to use cookies and similar technologies by changing your browser settings.


You have the right to erasure if:

  • the personal data is no longer necessary for the purposes it was collected for;

  • your particular situation gives you the right to object to processing on grounds of legitimate interest (see more below);

  • processing the personal data has been unlawful; or

  • there is a legal obligation under EU or Swedish law for us to erase the data.


You have the right to request us to restrict the processing of your data if:

  • the personal data we have about you is inaccurate;

  • The processing is unlawful and you ask us to restrict the use of the personal data instead of erasing it;

  • we no longer need the personal data for the purposes of the processing, but if we still need it for the establishment, exercise or defence of legal claims; or

  • you have objected to the processing claiming that the legal basis of legitimate interest is invalid and are waiting for the verification of this claim.


You have the right to object to the processing of your data if:

  • you can show that your interests, rights and freedoms regarding the personal data outweigh our interest to process your personal data; or

  • we process your personal data for direct marketing purposes.


You have the right to data portability:

  • for personal data that you provided to us; and

  • if the legal basis for the processing of the personal data is the fulfilment of contract or consent.

  • We will send a copy of your data in a commonly used and machine-readable format to you or a person/organisation appointed by you.


How to exercise your rights?


Send us an email at and we’ll do our best to figure it out together. If you are unhappy with the way we process your personal data you can always file a complaint with the Swedish data protection authorities at 



For questions about our privacy policy or regarding our personal data processing, contact