Privacy Notice

Privacy Notice

Personal data controller

Coffee Stain Group AB
Tullhusgatan 1 B
652 09 Karlstad, Sweden
Company registration number: 559280-0014
Contact: gdpr@coffeestaingroup.com

How personal data is collected through our website

Our website does not automatically collect personal data. However, it includes embedded forms and links to external services. When you choose to use these features, the personal data you submit is collected and processed within those external systems. We will also process your personal data if you contact us.

In this Privacy Notice, you can read more about our purposes for processing personal data, which personal data we process, for how long we process it, and about your rights.

Publishing pitches (Google Form)

If you submit a publishing pitch, your personal data is collected through a Google Form and processed and stored within the Google services we use. Google acts as our data processor in accordance with their privacy terms. Our purpose with this processing is to review the pitch and to be able to communicate with you. We will process any personal data included in the pitches during the time when we review the pitch. The categories of personal data are email address, name, country, and pitch information which might include phone number, images and links to videos. Our legal basis for the processing is our legitimate interest to receive and review pitches.

Job applications (Teamtailor)

All job application data is processed by Teamtailor. To read more about the processing of personal data for recruitment, kindly read the Privacy Notice for job applicants.

Press release subscription (MFN)

If you subscribe to press releases, your email address is sent directly to MFN and stored in their system. You may unsubscribe at any time via the link in their emails. The purpose of our processing is to be able to send you necessary information about the business. We will process your email address until you unsubscribe from the service. Our legal basis for this processing is your consent.

Whistleblowing (Hailey)

Whistleblowing reports are submitted and processed through Hailey’s external system. We process any personal data contained in whistleblowing reports solely for the purpose of investigating the reported information. Any personal data that is not required for the investigation will be deleted. We will continue to process the necessary personal data until the investigation is finished. We will store personal data which is necessary for the documentation of reports for a period of two years after the case is closed.

Our legal basis for this processing is our legal obligation to investigate whistleblowing reports.

Responding to email communication

When you contact us by email, we process the personal data contained in your message so that we can reply and handle your request. The processing is based on our legitimate interest in managing incoming communication.

We retain the information only for as long as it is needed to address your inquiry. In some cases, we may keep the correspondence longer if required to protect our legal rights or to comply with applicable laws.

Your rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Request restriction of processing
  • Request data portability
  • Withdraw consent (where applicable)
  • Object to processing based on legitimate interest
  • Lodge a complaint with the Swedish Authority for Privacy Protection (IMY): https://www.imy.se/

To exercise your rights regarding our processing of your personal data processed, please contact Coffee Stain Group at gdpr@coffeestaingroup.com. We will handle your request and coordinate with our service providers where necessary. Kindly note that it might not be possible for us to meet your request in whole, for example if we are under legal obligation to process the data. If so, we will provide you with an explanation.

International transfers

Our external providers may process your personal data outside the EU/EEA on our behalf. We have entered into contracts with each provider, ensuring that they take on appropriate safeguards in accordance with GDPR.

Updates to this notice

We may update this notice if our processing changes. The latest version is always available on our website.

Last updated: 2025-12-04