Privacy policy

Our Normal Association, org.nr 802499-1641, (”Association”, ”we”, ”our” or ”us”) operates a web-based service that helps families with children with disabilities find and connect with each other; ournormal.org (“ON”).

This privacy policy is a complement to our terms of use (“Terms”). In the event of any inconsistencies between this privacy policy and the Terms, the Terms shall prevail.

The association is the data controller for the processing of personal data handled within our operations, including this website, as described further in this policy. If you have any questions about our processing of your personal data, please feel free to contact us at info@ournormal.org or via the contact details in section 8.

The type of processing (which is a collective term in the EU’s General Data Protection Regulation (“GDPR”) for actions related to your personal data) that we perform regarding your personal data depends on the context in which you have contact with us and the capacity in which you act. To facilitate for you, we have divided the policy into different category sections based on the type of contact you have with us, for example, when you create membership, sign up for newsletters, customer service, where under each category, you can read about the processing that is performed.

Information about health, such as the type of disability, is considered “sensitive data” under the GDPR and therefore has stronger protection. For the processing of this data, explicit consent must be obtained (see section 2.1 below). Therefore, upon registration, you must expressly consent to the processing of such data about you or your child. It is important that you have the right to consent to this processing on behalf of your child, and it is your responsibility to ensure that you have this opportunity. Here and here you can read more about the processing of “sensitive data.”

After the category sections, there is information in several sections that are common to all types of services. In these sections, you can read about who we share your personal data with, where we process your personal data, what rights you have against us, and how you can contact us. Below you can see an overview of each section.

  1. What personal data is used for what purpose, with what legal basis, and for how long?
  2. Who do we share your personal data with?
  3. Where do we process your personal data?
  4. What rights you have against us
  5. Cookies and other tracking technologies
  6. Security
  7. We value your personal privacy and your interest in ensuring that your and your children’s and family members’ personal data is treated with the utmost care. We therefore apply high security standards and do our utmost to ensure high data security.
    To protect the information you choose to share with the Association and within the framework of ON, we take several security measures, including the following:
    a) SSL certificate encrypts and protects all data transfers
    b) Web server with high performance and security protection, managed under contract with a professional and experienced hosting provider
    c) Implemented routines for handling data, such as password management and procedures for handling reporting of profiles.
  8. Changes to, and updates of, the Privacy Policy
  9. How to easily contact us

It is important to us that you feel confident about the personal data we collect and, above all, how we process it. Therefore, this policy covers necessary information about this, which is why we believe it is important that you read and understand the information.

Please note that our website contains links to websites operated by someone other than us. These websites have (or should have) their own provisions on how the company processes personal data. We have no control over what happens there and cannot take responsibility for it. If you use these websites, you should therefore take a closer look at that website’s privacy policy.

1. What personal data is used for what purpose, with what legal basis, and for how long?

1.1 Membership on ON

For what purposes we process your personal data, i.e., what we do and why?
We collect your personal data when you register as a member of ON and use them to create an account on ON and for you to be able to use the service (including logging in, creating/updating a profile, and contacting and being contacted by other user families via your account).

Your personal data may also be processed to contact you via email/your ON account regarding possible participation in a panel, and (if relevant) administration of the panel you have chosen to participate in.

What personal data we process and where it comes from?
As a user, you are asked to provide information about yourself and your family when registering your account and when you regularly update your profile. You choose which information you want to share, but some of the information is mandatory to create an account.

Mandatory information from you (non-sensitive personal data):

  • your email address;
  • username and password;
  • profile photo; and
  • geographic information marked on map view.

Optional information from you (non-sensitive personal data):

  • number of children in the family and ages;
  • interests;
  • language;
  • usernames on Facebook, Twitter, Instagram, and website/blog; and
  • a brief personal description.

Optional information from you (sensitive personal data):

  • type of disability and specific disability you have experience with.

What is our legal basis for the processing?
To fulfill the contract with you.
Sensitive personal data: Your consent. You can withdraw this at any time. More information about your right to withdraw your consent can be found in section 4.8.

How long do we process your personal data for the specific purpose?
Non-sensitive personal data: This processing continues until you unregister as a member.
Sensitive personal data: As long as we have your consent (i.e., until you withdraw your consent, more information about your right to withdraw your consent can be found in section 4.8), or until you choose to delete the information on the account or unregister as a member.

1.2 Customer service or other communication

For what purposes we process your personal data, i.e., what we do and why?
We collect your personal data, either by you sending an email to us, contacting us via social media, or through a phone call with you. The information you provide will be used for the purpose of answering your questions.

What personal data we process and where it comes from?
From you:

  • your email address;
  • your phone number; and
  • other personal data that you choose to share through text in free-text fields.

What is our legal basis for the processing?
Our legitimate interest in being able to offer you customer service or communication.

How long do we process your personal data for the specific purpose?
This processing continues as long as the case for which you requested customer service is ongoing.
This processing continues as long as the communication takes place and is saved for up to 3 years thereafter. For more information, see below in section 5.

1.3 Subscription to newsletters/marketing

For what purposes we process your personal data, i.e., what we do and why?
We collect your personal data and use it to contact you via email. We use a service provider for distribution of this. Your personal data will be shared with them for this purpose. More information about sharing can be found in section 2.1.1.

What personal data we process and where it comes from?
From you:
your name; and

your email address.

What is our legal basis for the processing?
Your consent. You can withdraw this at any time. More information about your right to withdraw your consent can be found in section 4.8.

How long do we process your personal data for the specific purpose?
This processing continues as long as we have your consent (i.e., until you withdraw your consent, more information about your right to withdraw your consent can be found in section 4.8).

1.4 Ordering of posters and flyers

For what purposes we process your personal data, i.e., what we do and why?
We collect your personal data and use it to provide posters and flyers.

What personal data we process and where it comes from?

From you:

  • your name;
  • your email address;
  • your address; and
  • your city.

What is our legal basis for the processing?
To fulfill the contract with you.

How long do we process your personal data for the specific purpose?
This processing continues as long as the delivery has been completed and is saved for up to 3 years thereafter. For more information, see below in section 5.

1.5 Website users

For what purposes we process your personal data, i.e., what we do and why?
We collect your personal data when you visit our website to optimize your website experience.

What personal data we process and where it comes from?
From other sources:

  • technical information generated through your use of the website;
  • information about your internet device, such as IP address, language settings, browser settings, operating system;
  • time and date of the visit to the website

What is our legal basis for the processing?
Our legitimate interest in being able to provide our website.

How long do we process your personal data for the specific purpose?
This processing continues during your visit to the website and is saved for up to 24 months thereafter. For more information, see below in section 5.

1.6 Statistics and improvement of our services

For what purposes we process your personal data, i.e., what we do and why?
Your personal data may be processed for the purpose of establishing statistics and improving our services.

What personal data we process and where it comes from?
We process user data and data on how you use services to create aggregated demographic information and statistics related to data traffic.

What is our legal basis for the processing?
The processing is based on a balancing of interests. We have a legitimate interest in using data for e.g., statistics and improvement of our services. We ensure that our interest outweighs your right not to have your data processed, among other things, by limiting and possibly anonymizing the data.

How long do we process your personal data for the specific purpose?
Once the data has been anonymized, no further processing of personal data occurs, but your data is stored and processed as long as you are a member of ON.

2. Who do we share your personal data with?

If we process your personal data according to section 1, some or all of this personal data may be shared with certain specific recipients. When we share your personal data, we ensure that the recipient processes them in accordance with this privacy information, by, among other things, entering into data transfer agreements or data processing agreements with the recipients. The agreements ensure that your data are processed in accordance with the GDPR and this privacy policy. We want to emphasize that we do not sell your personal data to any third party.

2.1 Categories of recipients we may share your personal data with

2.1.1 Suppliers and subcontractors

Recipient: We have agreements with other companies that perform certain services on our behalf. These services include, among others, analysis of information and providing search results and links or providers of IT and communication services or service providers for distribution of newsletters/marketing. These companies have access to your personal data to the extent they need them to fulfill their mission, but they may not use or share the data for other purposes.

We may also collaborate with other organizations, NGOs, foundations that share our goals of working for inclusion in society. In cases where such collaborations occur, this privacy policy must always be followed, and they then act as data processors for us, which is regulated by data processing agreements.

Purpose and legal basis: Sometimes we need to access services from other companies. In that case, we have a legitimate interest in being able to access these. If sharing your personal data is necessary to fulfill that interest, and the interest outweighs your right to not have your data processed, sharing may occur on the legal basis of legitimate interest. However, these companies may not process or use your personal data for any other purposes than performing the services under the agreement.

2.2 Objections to sharing your personal data

You have the right to object to the sharing of your personal data, based on circumstances specific to your individual case. More information about your right to object can be found in section 4.5.

3. Where do we process your personal data?

We always strive to process your personal data within the EU/EEA. However, in some cases, we may need to transfer personal data to recipients in third countries (such as if we need to use a supplier or subcontractor that processes data on servers outside the EU/EEA). Any such potential third-country transfers will only take place provided that it is permitted under data protection legislation, and the Association is responsible for ensuring that your personal data is handled securely, with an adequate level of protection comparable to and at the same level as the protection offered within the EU/EEA.

Right to receive a copy – If you would like further information about transfers to countries outside the EU/EEA, or if you would like to receive a copy of the protective measure we have used, you can contact us using the contact details provided in section 8 below.

4. What rights you have regarding us

You have certain rights under applicable law when we process your personal data. Below, we describe each right and what it means for you in relation to the personal data we process. If you want to read more about what the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) writes about these rights, there are links under each section to the relevant page on the Swedish Data Protection Authority’s website.

If you want to exercise any of these rights, learn more, or have questions, please feel free to contact us at info@ournormal.org or via the contact details provided in section 8 below.

4.1 Right to information

You have the right to be informed about how we process your personal data. In this privacy policy, we generally describe which personal data are processed by us in different contexts. If you want to know more about whether we process your personal data, and to what extent this is done, you can contact us as described above and request information about which personal data we process.

For more information on the right to information – see here.

4.2 Right to access your personal data (record extract)

We can also provide you with a copy, a so-called record extract, of the personal data processed by us. In the record extract, we provide information about, among other things, which categories of personal data are processed, what the personal data are used for, how long the data will be stored, which personal data have been shared, and where the data come from.

For more information on the right of access – see here.

4.3 Right to rectification

We strive to always have correct personal data about you and update them when necessary. If you discover that we are nevertheless processing incorrect data about you, you have the right to contact us as described above to have them corrected.

As a member, you always have the opportunity to, at any time on your own, add or change your information on your account and delete and remove your information when you terminate your membership. Through the service, you can delete your own family profile upon request. If any problem persists, please contact info@ournormal.org, and we will assist with the matter or with deleting the account.

You also have the right to ask us to complete incomplete information if this is relevant to the purposes for which your data are processed by providing us with additional information.

For more information on the right to rectification – see here.

4.4 Right to erasure (right to be forgotten)

You have the right to request the erasure of your personal data. However, this right is not absolute. For us to delete your data, certain conditions must be met. For example, you may have the right to have data erased if they are no longer necessary for the purposes for which they were collected, if you withdraw your consent, or if you object to us using your data for direct marketing.

The right to erasure is also limited if any exceptions apply to the data in question. For example, we have the right to retain the data if it is necessary to establish, exercise, or defend legal claims.

For more information on the right to erasure – see here.

4.5 Right to object

You always have the right to object to our processing if the legal basis for processing (as stated in the various treatments above in section 1) is that it is necessary for purposes related to our legitimate interests.

If you object, we are not allowed to process the data anymore unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if it is for the establishment, exercise, or defense of legal claims. If we believe we have such compelling legitimate grounds, or if the data are needed for the establishment, exercise, or defense of legal claims, we will notify you of this and the reasons for the assessment.

You can also object to your personal data being processed for marketing purposes (including profiling if this is part of it). If you do so, we will cease processing for these purposes.

For more information on the right to object – see here.

4.6 Right to restriction

You can request that the processing of your data be restricted, for example, if you do not believe that the data we have about you are correct or if you believe that the processing is unlawful. You can also request that the processing of personal data be restricted while we examine whether our legitimate interest outweighs your interest in privacy when you object to the processing (see more about this in section 4.5 above).

For more information on the right to restriction – see here.

4.7 Right to data portability

If the legal basis for our processing is consent or the performance of a contract, you have the right to have the personal data you have provided to us disclosed in a structured, commonly used, and machine-readable format. However, this requires that the processing is automated (i.e., not in physical form on paper). If it is technically feasible, and you wish, we can transfer your data to another data controller.

For more information on the right to data portability – see here.

4.8 Right to withdraw your consent

You can withdraw all or part of the consent you have given at any time, with effect from the withdrawal (i.e., the processing of personal data that we have carried out before the withdrawal is not affected). You can do this by contacting us via the contact details in section 8. In direct marketing via email, withdrawal can be done through a link in the current mailout.

4.9 Right to lodge a complaint with the competent supervisory authority

You can lodge a complaint with the Swedish Data Protection Authority (or another supervisory authority) if you believe that our processing of your personal data does not comply with applicable law.

For more information on the right to lodge a complaint – see here.

4.10 Requirements to exercise your rights

To protect your privacy, we may, if necessary, require you to verify your identity when you contact us to exercise your rights.

We handle your request to exercise your rights promptly. Your request is normally answered within one month from the date it was received by us. Only in the case of an unusually complicated request or if we have received a large number of requests, the response time may be extended by up to two months. If an extension of the response time is made, you will be notified of this.

5. Cookies and other tracking technologies

To deliver our services with the highest possible quality and gather statistics on usage, we use so-called cookies and similar tracking technologies on the website. When you visit the website, you will be asked if you consent to our use of cookies (excluding necessary cookies that do not require your consent). You can delete cookies from your browser and adjust your cookie settings at any time. You can read more about cookies in our Cookie Policy. In the terms, we describe, among other things, the types of cookies we use, what they are used for, and how long they are stored. Not allowing cookies may cause the service to not function as intended.

6. Security

We care about your personal privacy and your interest in ensuring that your, your children’s, and your family members’ personal data are treated with the utmost care. Therefore, we apply high-security standards and make every effort to ensure high data security.

To protect the information you choose to share with the Association and within the framework of ON, we implement several security measures, including the following:

  • SSL certificates encrypt and protect all data transfers.
  • Web servers with high performance and security protection are managed under agreements with professional and experienced hosting providers.
  • Implemented procedures for handling data, such as password management and procedures for handling profile reporting.

7. Changes to, and updates of, the Privacy Policy

We may make changes to the privacy policy if necessary to describe how we process your personal data. All such changes will be published here on the website, so you should read through the privacy policy regularly and each time you use our services.

8. How to contact us most easily

If you have any questions or comments regarding the processing of your personal data, you can primarily contact us via the email address below.

Our Normal Association

Adress:
Ståthållaregatan 7A
S-414 69 Göteborg

E-post: info@ournormal.org.

Telefonnummer: +46 733 988 289