Privacy policy – 20NINE Business

The privacy policy refers to 20NINE Group and applies for the parent company 20NINE TECH AB and all of its subsidiaries.


Definition of Confidential Information.


“Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information includes Your Business Data in explicit form, this does not include Provided Contact Content or Public Content. Your Business Data in anonymous form is not classified as confidential and can be used according to 4.6 in our Terms of use; Our Confidential Information includes the Service and Content; and Confidential Information of each party includes the terms and conditions of this Agreement and all Order Forms (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. (v) Your Data or Your Business Data in anonymized form.


Protection of Confidential Information.
The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this Section.


Compelled Disclosure.
The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.





1. Introduction

1.1.  20-Nine Tech AB (“
20-Nine”, “we”, “us” or “our”) values how the information and data you provide to us is collected, used and shared. 20-Nine is a data controller for the purposes of this Privacy Policy (“Policy”). This means that we determine what we do with the information we collect from you and how we look after it. 20-Nine is dedicated to respecting and protecting your privacy in compliance with the applicable laws, regulations and obligations on data use and privacy.

1.2.  This Privacy Policy describes what information we may collect about you; how we use and share your information; how we protect it; and what choices you have about how that information is used and shared.

2. Scope of Application

2.1.  This Policy applies to the processing of personal information of all employees, suppliers, customers, job applicants, former employees, partners, consultants, and all other third parties.

2.2.  As used in this Policy, ‘
Personal Data’ includes information that can be used to identify a natural individual.

2.3.  For employees, this Policy will form part of your contract of employment and should be read together with the contract. For non-employees, this Policy will form part of the terms and conditions of your engagement or appointment or partnership or otherwise.


3. Who is responsible for this Policy?

3.1. 20-Nine and its affiliated entities are responsible for the processing of your Personal Data as described in this Privacy Policy.



4. Collection of Personal Data

4.1. 20-Nine may collect and use the following types of Personal Data about you:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender. Information contained in identification documents such as passport or national identification card. Academic and professional qualifications, skills, experience and employment history, including start and end dates, with previous employers and with 20-Nine.

Contact Details includes physical address, email address and telephone numbers.

Financial Data includes bank account and payment card details. Payment and remuneration details such as pay slips, and other income earning information, such as payment summaries from your employer, statements from banks and financial institutions, employment termination payment summaries, receipts for work-related expenses, entitlement to benefits such as medical, pensions and/or insurance cover.

Sensitive Personal Data such as information relating to your health condition, race, ethnic region, religion, sexual orientation or gender for purposes of ensuring diversity and equality of employment opportunities;


4.1.5.  Information collected from the use of 20-Nine’s superapp, equipment or your personal equipment, (where you have given us access).

4.1.6.  Government-issued identification numbers such as personal identification number (PIN).

4.1.7.  Criminal record data and checks.


4.2.  We may obtain your Personal Data either directly from you or someone else (such as a credit reference agency, former employer, or reference) or it could be created by us. It could be provided or created during your engagement or appointment for suppliers, customers, partners and third- parties; or during the recruitment process or the course of your employment or even after your termination for employees.

4.3.  You might be required to provide Personal Data relating to other individuals to us about your spouse, dependents or other family members for insurance purposes or as part of your emergency contacts list. This is particularly relevant to employees.

4.4.  20-Nine may collect and process sensitive personal data about you as part of our employment obligations and for the following reasons:

4.4.1.  for purposes of ensuring diversity and equality of employment opportunities;

4.4.2.  your sickness absence, health and medical conditions.

4.5. Where we do collect and process such sensitive personal data, 20-Nine has adopted appropriate technical safeguards such as encrypted traffic, firewalls, antii – virus software, encryption, multi factor authentication, demilitarized zones (DMZ) and access controlsto protect your sensitive personal data.


5. Processing of your Personal Data


5.1. We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we will use your Personal Data. Please contact us if you require details about the specific legal grounds we are relying on to process your Personal Data where more than one ground has been set out in the table below.

5.2. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

5.2.1. Where we need to perform the contract we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

5.2.3. Where we need to comply with a legal obligation.


5.3. Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.


6. Your Rights as a Data Subject

6.1. You may exercise the rights of a data subject available to you under the applicable laws, regulations and obligations on data use and privacyin relation to your Personal Data. This includes the right to:

6.1.1.  be informed of the use of your Personal Data;

6.1.2.  access your Personal Data held by 20-Nine;

6.1.3.  object to processing of part of or all your Personal Data;

6.1.4.  request for the erasure of your Personal Data;

6.1.5.  request for the correction of your Personal Data where it is incomplete, inaccurate or outdated;

6.1.6.  request the restriction of processing of your Personal Data;

6.1.7.  request 20-Nine to provide data, by portable means, to another data controller or data processor by means of an express request;

6.1.8.  withdraw your consent where the processing of your Personal Data is based on consent.

6.2.  If you wish to exercise any of the rights set out above, please contact 20-Nine or 20-Nine’s Data Protection Officer.

6.3.  To realize any of the above requests, we may need to request specific information from you to help us confirm your identity as a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it.

6.4.  You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights set out above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances and we will notify you of the reasons for declining to comply with your requests.



7. Retention of your Personal Data

7.1. 20-Nine will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes for collection including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

7.2. 20-Nine may retain your personal data for a longer period if:-

7.2.1. it is required or authorized by law;

7.2.2. it is reasonably necessary for a lawful purpose including instance where you have lodged a complaint or if 20-Nine reasonably believes that there is a prospect of litigation in respect to our relationship with you;

and authorized or consented by you.


7.3. After the expiry of the applicable retention period, we will delete, erase, anonymise or pseudonymise any information we hold about you.


8. Disclosure of your Personal Data


8.1. We may share and disclose your Personal Data in accordance with applicable data protection laws with:-

8.1.1.  third parties where this supports the administration of your appointment, engagement and/or employment;

8.1.2.  emergency service providers where an emergency arises and it is necessary for your rescue, health and safety including your approximate location; and

8.1.3.  law-enforcement agencies, regulatory authorities, courts or other public authorities in response to a demand issued with the appropriate lawful mandate and where the form and scope of the demand is compliant with the law.

8.2. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the applicable data protection laws. We do not allow third party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.


9. International Transfers

9.1.  From time to time 20-Nine may transfer your Personal Data to other jurisdictions . In the event of such a transfer, we will ensure that this is done in accordance with the applicable data protection laws including on the basis of contractual measures or other legal transfer mechanisms permitted under the applicable data protection laws. We shall ensure that appropriate safeguards or adequate measures are in place prior to the transfer of your Personal Data.

9.2.  Please contact us if you require more information on the specific mechanism used by 20-Nine when transferring your Personal Data to other jurisdictions.


10. Data Security

10.1.  20-Nine takes your privacy seriously and has therefore put in place processes, policies, security controls, tools and other adequate technical and operational measures to protect your Personal Data from accidental or unlawful destruction, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.

10.2.  Where 20-Nine engages third parties to process Personal Data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of the data.


11. Complaints


If you have any complaints or queries in connection with this Privacy Policy or our Personal Data handling practices, please contact



12. Breach of this Policy


12.1. If you are aware of potential security incident or breach of Personal Data, please report it to



13. Amendments to this Policy


13.1. 20-Nine reserves the right to amend or modify this Policy at any time. In the event 20-Nine amends this Policy, 20-Nine will provide appropriate notice to you and avail an updated copy of the Policy.


13.2. This Policy was last updated on 17 February 2023.