This privacy policy (hereinafter referred to as “this policy”) sets out the guidelines for how Base Affiliate will treat the information and personal data you provide…

This Privacy Policy (hereinafter referred to as “this Policy”) sets out the policies on how Base Affiliate will treat the information and personal data that you have provided to us and which will enable us to effectively manage your relationship with us.

This Policy applies to our websites, applications, products and/or services that link to this Policy or for which there is no separate policy (hereinafter referred to as “Our Services”). This Privacy Policy is designed to give you a better understanding of the information we collect, why we collect that information, how we manage that information, who we share that personal information with, and your rights in relation to collection , processing and disclosure of such data and other relevant privacy and security issues.

Any personal information that you provide to us or that we already hold will be processed in accordance with and in the manner described in this Privacy Policy. All information is provided through the Base Affiliate website (the “Site”) or by other means that Base Affiliate may make available from time to time.

By reading this policy, you understand and agree that your personal data may be processed in the manner specified in this policy. If you do not agree to the terms of this Privacy Policy, you should not use the Website or otherwise submit your personal information to us.

Any reference in this Policy to “Base Affiliate”, “us”, “we” or “our/our” refers to the data controller of personal data, i.e. H. Base Affiliate, a Swedish company with registration number 559298-0253 and registered address at Uranusvägen 12 A, 184 50 Åkersberga. and who owns the website

All processing of personal data carried out by Base Affiliate as described in this Privacy Policy is in accordance with:

– Regulation (EU) 2024/679 of the European Parliament and of the Council of April 27, 2024 on the protection of natural persons with regard to the processing of personal data, on the free movement of data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “ Ordinance” or “GDPR”).

The GDPR is hereinafter collectively referred to as “Privacy Laws”.

Base Affiliate determines how and for what purpose the personal data is processed and therefore acts as a “Personal Data Controller” within the meaning of the applicable data protection laws.


Responsible for personal data

“Personal Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes for which Personal Data are processed and how the processing is carried out; if the purposes and nature of the processing are determined by Union law or the law of a Member State, the controller for the processing of personal data or the specific criteria for the designation of the data subject may be met by Union law or the law of the Member States.

Personal Data Assistant

“Personal data processor” means the natural or legal person, public authority, agency or other body that processes personal data on behalf of a personal data controller.

Personal Data

“Personal Data” means any information that identifies you as an individual or that relates to an identified or identifiable natural person.


Base Affiliate stores your personal information digitally on encrypted hard drives.

Protection of personal data

Personal information we store is protected by the highest security procedures and systems customary in the industry. We are committed to protecting personal information not only through quality and high standards, but also through the best and most effective application of the law. We are obliged to only process personal data if this processing is based on genuine and legitimate grounds based on one of the legal bases listed in the GDPR.

Treatment based on our legitimate interests

A legitimate interest is when we have a business or commercial reason to process personal data. In such cases, we are committed to protecting your personal data and the way in which that data is processed and to ensuring that such processing is not unfair to you or your interests.

If we decide to process your personal data on the basis of legitimate interests, we will inform you which legitimate interests are affected and provide a mechanism for you to ask any questions and/or to object to this processing have. It is important to note that Base Affiliate is not obliged to stop processing if the grounds for processing outweigh your right to object.

Treatment based on your consent

Consent is not the only basis on which we may or must rely to process your personal data. We only process personal data on the basis of your consent in cases where we cannot or do not want to rely on an underlying legal basis (e.g. compliance with a legal obligation or legitimate interest). If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time and in the same way as before. In the event that you exercise your right to withdraw your consent, we will assess whether we are able (or required) to process your personal data on a legal basis other than consent. In this case we will notify you accordingly. Withdrawing your consent does not invalidate processing operations that were carried out before you withdrew your consent.

Treatment based on consent

In order to avoid any possible misunderstanding, we would like to point out that we process your personal data on the basis of your consent in the limited cases where we cannot or do not want to rely on another legal basis (e.g. our legitimate interests). .

In cases where the processing is based on your consent (which we will never assume has been given, but which we must have obtained from you in a clear and explicit manner), you have the right to withdraw your consent at any time and this as you should have left it to us.

If you exercise your right to withdraw your consent at any time (by writing to us at the postal address or email address below), we will determine at that stage whether there is an alternative legal basis for processing your personal data (for example on the basis of a legal obligation to which we are subject) which gives us the right (or even the obligation) to process your personal data without your consent and inform you in such cases.

If we ask you for such personal data, you can always refuse, but if you refuse to provide the necessary information necessary to perform the requested services, it is not necessarily certain that we can provide those services (in particular, if consent is the only legal basis we have).

Just to be clear, consent is not the only basis that allows us to process your personal data. In the previous section above we have described the various bases on which we rely when processing your personal data for specific purposes.


When you visit our website, we automatically collect special categories of personal information through the use of cookies and similar technologies.

For more detailed information on what cookies are and how and why we process such data in this way (including the difference between necessary and non-essential cookies), please see our detailed but easy to understand cookie policy.

other purposes

We may need to use and store personal information to prevent loss and to protect our rights, integrity, safety or property or the rights of others, in accordance with our legitimate interests.

storage of data

We retain data for limited periods when necessary for legitimate business or legal purposes. We try to ensure that our services protect data from accidental or malicious deletion. Because of this, there may be delays from the time you delete something until copies are deleted from our active and backup systems. If you need more information, contact us at

Authorized disclosure of personal data to third parties

Without prejudice to any other provision of this Privacy Policy, Personal Data concerning you may be disclosed to authorized third parties inside or outside the EU/EEA where such disclosure is permitted or required by Personal Data Protection Laws and/or other applicable legislation. These authorized third parties may include, but are not limited to, Base affiliates, other third parties and organizations such as law enforcement agencies, partner accounting and auditing firms, regulators, competent authorities and digital marketing providers. We may also share such personal information with organizations that you have introduced to us, third parties with whom you have asked or allowed us to share your information, or other third parties with whom we need to share your personal information on our behalf provide products and/or services you have requested. The personal data shared depends on the products and/or services you wish to use.

Where such personal information needs to be transferred outside of the EEA – European Economic Area – we will ensure that all necessary and appropriate safeguards are in place. We may also share personal information with other companies within affiliates or subsidiaries and with business partners or subsequent rights holders of our operations. The way data transfer outside the EEA is handled is detailed below. Your personal data will never be shared with third parties for marketing purposes (unless you give your consent).

Disclosure of personal data to other categories of recipients

Relevant information may also be disclosed (and always in accordance with data protection laws) to/with Base Affiliate members and employees, to/with other companies within Base Affiliate (e.g. in accordance with legal obligations) and/or to or shared with/with affiliates and/or subcontractors based in the European Union where relevant to any of the purposes described in this Privacy Policy (including to/with our service providers who enable the functionality of the website and/or the services you have requested ). Personal information will only be shared by us for the purpose of providing the services you have requested or for other lawful reasons (including authorized disclosures that do not require your consent).

Any authorized disclosures will be made in accordance with data protection laws (e.g. all of our processors of personal data are bound by the requirements of these data protection laws, including a strict obligation to keep any information received confidential and to ensure that their employees/employees are also subject to similar obligations). The service providers mentioned above (our data processors) are also subject to a number of other obligations (in particular those listed in Article 28 of the GDPR).

Your personal data will never be shared with third parties for marketing purposes (unless you give your consent).

internet communication

You should be aware that data sent over the Internet can be transmitted across international borders, even if the sender and recipient of the data are in the same country. We cannot be responsible for anything you or any third party does or does not do in relation to personal information before we receive it, including but not limited to the transmission of personal information from you to us via a country that is less comprehensive Data protection than within the European Union and this independent of technical aids (e.g. WhatsApp, Skype, Dropbox etc.).

In addition, we accept no responsibility for the security of your data in connection with transmission over the Internet, unless our responsibility is expressly set out in a law in Sweden.

accuracy of the personal data

Every reasonable effort is made to keep the personal information we hold about you up to date and as accurate as possible. You can review the information we hold about you at any time by contacting us as set out below. If you discover any inaccuracies, we will correct them and delete them if necessary. Below you will find a detailed list of your legal rights under applicable data protection law.

Links to Third Party Sites

Links to third party websites provided by us are clearly marked and we are in no way responsible (nor can we be deemed to endorse in any way) the content of such websites (including any applicable privacy policy or data processing). We strongly encourage you to read the privacy policies of these third party websites.

Transfer of data outside the EEA

Your personal data will only be transferred outside the EEA or another non-EEA country which the European Commission considers to offer an adequate level of protection (also referred to as “white-listed countries” – listed here / law/law-topic /data-protection/international-dimension-data-protection/adaquacy-decisions_en ) in the following cases: If you have given us your express consent to do so; where necessary to establish or perform any agreement entered into between you and the Base Partner; or to comply with legal obligations and obligations and to act accordingly.

When personal data is transferred outside the EEA, within Base Affiliate or to one of Base Affiliate’s business partners, we ensure that all appropriate safeguards are in place to ensure that the same protections are offered and the same standards are applied as within the EEA . You have the right to obtain a copy of these safeguards by contacting us at the address below.

Agreements containing EU Standard Contractual Clauses (EU Standard Clauses) are used, which require that the legal entity receiving the personal data apply the same standards to which it would be subject if operating within the EEA. When data is transferred to the United States and the company receiving the data is registered under the Privacy Shield (a framework that ensures the protection of personal data), the transfer is presumed to have the same level of protection as provided by approved by the European Commission.

rights of the data subject

Base Affiliate is committed to providing you with the best possible support if you wish to exercise any of your rights in relation to your personal data. In some cases we may need to verify your identity before complying with your request to exercise a relevant right.

right of access

You have the right to ask us whether we are processing personal data concerning you, and if we are, you have the right to access that personal data and the following information: what personal data we have, why we are processing it, who we are disclosing how long we intend to keep them (if possible),

– whether we transfer them abroad and what guarantees we apply to protect them, what are your rights, how to lodge a complaint,

– where we obtained your personal data from; and – whether we carried out automated decision-making (including profiling) and related information.

Right to Rectification

You have the right to contact us and request that your incorrect or incomplete personal data be corrected and/or supplemented.

Right to Erasure (“Right to be Forgotten”)

You have the right to ask us to erase your personal data and we will do so immediately, but only where:

• the personal data are no longer needed for the purposes for which they were collected; or

• you have withdrawn your consent (in cases where the processing is based on your consent) and we have no other legal basis for processing your personal data; or

• You have successfully exercised your right to object (as described below); or

• your personal data has been processed unlawfully; or

• Erasure is required to comply with a legal obligation to which we are subject; or

• There are special circumstances related to children’s rights.

Regardless of the circumstances, we are not legally obliged to comply with your request for erasure if the processing of your personal data is necessary for compliance with a legal obligation imposed on us.

Right to restriction of treatment

You have the right to ask us to restrict the processing of your personal data. However, you are only entitled to exercise this right if:

– the accuracy of your personal data is contested (see the right to rectification above), for a period enabling us to verify the accuracy of the personal data; or

– the processing is unlawful and you object to the erasure of your personal data; or

– We no longer need the personal data for the purposes for which they were collected, but you need the personal data to assert, exercise or defend legal claims; or

– You have exercised your right to object and a review of our legitimate grounds for lifting your objection is ongoing.

If you successfully exercise this right, we can only process your personal data:

• When we have your consent; or

• To establish, exercise or defend legal claims; or

• To protect the rights of another person or entity; or

• Consideration of important public interests.

Right to data portability

You have the right to request that we return any personal data that you have previously provided to us. We will provide this data in a structured, commonly used, machine-readable format or (where technically feasible) transfer the data directly to another data controller, provided this does not affect the rights and freedoms of others. You are only entitled to exercise this right if:

– The processing is based on your consent or on the basis of an agreement with you; and The processing is automated.

Right to withdraw consent

For more information on this right, see the “Processing based on consent” section above.

Right to object to treatment

In certain circumstances you have the right to object to the processing of your personal data. If we only process your personal data for one of the following purposes:

– The processing is necessary for the performance of a task in the public interest; or

– When the processing is necessary for purposes related to our legitimate interests or those of a third party.

The processing will only be stopped if the data controller has not provided compelling or legitimate reasons which outweigh your objections set out in such a request and which require continued processing.

If your data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.

In all cases other than those mentioned above, this general right of objection does not apply.

Right to Complaint

As a data subject, you can always lodge a complaint with a competent data protection supervisory authority if you believe that Base Affiliate has violated one of your rights. The competent supervisory authority in Malta is the IDPC (“Office of the Information and Data Protection Commissioner”).

Notwithstanding this right, before lodging a complaint with IDPC, we ask that you resolve any issues you have with us.

It is important to note that notwithstanding these rights, the Base Affiliate may refuse such a request if it has reasonable justification for such a decision. A denied request does not prevent you from lodging a complaint with the relevant data protection supervisory authority.

company information

If you have any questions or comments about data protection or would like to exercise any of your individual rights, please contact us at: or write to the above addresses.