November 20, 2023, version 1.0
Privacy Policy
Regarding the processing of personal data in the PictureMyLife diary.
About the PictureMyLife Diary
This information is intended for users of the PictureMyLife diary and describes how we collect, use, transfer, and store personal data from the Subscriber (or a contact person of a Subscriber), the Main User, and/or the diary invitees, when we act as data controller.
Personal data refers to all types of information that can be directly or indirectly traced to a living individual.
We process personal data for various purposes. The principle is that this processing must be transparent and that the data subject (the person to whom the personal data relates) can be informed about why, when, and how the processing takes place. “Processing” refers to the management, collection, storage, editing, and/or deletion of personal data.
Terms used in this privacy policy have the meaning assigned in our General Terms and/or Terms of Use.
If you have any questions about our privacy protection, feel free to contact us. Our contact information can be found under “Questions and complaints” below.
Data Controller
Picture My Life Communication AB, reg. no. 556982-7792, is the data controller for the processing of your personal data as described in this privacy policy and is therefore responsible for ensuring that your data is processed correctly and securely in accordance with applicable legislation.
Part of our processing is carried out on behalf of the Subscriber. For those processes, we act as data processor (data processing agreement). We have entered into a data processing agreement with all Subscribers.
Diary Posts
The core of the Diary is sharing experiences and promoting communication. In this respect, the Diary is similar to social media, with the key difference being that only invited users (maximum 30) can access the content.
The Main User can fill in “Important information about me” and “Treat me like this.” These fields may contain personal data. The data entered here is considered a post. We strongly discourage sharing sensitive information.
In principle, the person who posts in the Diary is responsible for what they publish and is therefore considered the data controller for the processing of personal data associated with that post. The organization you may work for and that provides access to the Diary may also be considered a data controller if it has influence over or a deciding voice in the content of the posts.
Personal Data We Process
To access and use the Diary, the Subscriber, Main User, and Invitees must provide personal data.
We may collect, process, and store the following personal data:
Name
Address, email address, phone number
The IP address used to access the Diary
Payment or billing information and payment history
Photo of the Main User
Other data shared with us via email or other communication channels (e.g., customer service/support)
When and Why Do We Process Your Personal Data?
When we enter into an agreement with the Subscriber and during the term of the agreement
We process personal data for the purpose of entering into and executing a Subscription Agreement with a Subscriber and throughout its duration. This includes contact details, addresses, payment or billing information—anything necessary to establish and fulfill the agreement and ensure payment. Free trial periods also fall under this agreement, although billing data is not required for those.
We also process data during the agreement to assist Subscribers with customer service or support.
If the Subscriber is a private individual, the legal basis for processing is the performance of the contract.
If the Subscriber is a legal entity (e.g., a company or organization), the legal basis is a legitimate interest to maintain contact in order to enter into and fulfill the agreement (balancing of interests), and a legal obligation regarding accounting.
When you are invited to and use a Diary
If you are invited to a Diary, you must create an account with PictureMyLife to gain access. We then collect your name, email address, phone number, and the type of organization you represent.
We may also process your data to provide customer service or support during the subscription period.
The legal basis is the performance of a contract with you (the data subject).
Other Purposes
We may also process personal data for the following purposes:
Verifying identities at login and detecting potential misuse
Informing users of changes to the Diary or terms of use
Ensuring that only users with proper authorization can access certain diaries
Ensuring that users in a Diary (Admin, Main User, Invitees) can reliably identify one another
Preventing data loss, fraud (e.g., via identity checks), or other misuse
The legal basis for these activities is either performance of a contract with the data subject or (if we have a contract with the organization you represent) our legitimate interest in properly performing that contract.
External Links
The Diary may contain links to other websites or applications. We are not responsible for how those platforms handle personal data. We recommend you review their policies carefully. This applies, for example, if you authenticate using Freja eID (or a similar function supported by PictureMyLife).
Data Retention
We only retain personal data for as long as needed to fulfill the purposes described in this privacy policy, our General Terms, or Terms of Use—or as required by law (e.g., bookkeeping).
Disclosure to Third Parties
We do not share personal data with third parties unless required to comply with a legal obligation or fulfill our commitments to you, customers, or partners. We will never sell your personal data to third parties for advertising purposes.
We may share data when required by law, or to prevent, detect, and prosecute illegal or suspected illegal activity, or to respond to legal processes or protect our rights.
We always ensure there is a legal basis for such disclosure, and if the third party acts as a processor on our behalf, we have a data processing agreement in place.
As such, we may share your personal data with GetAccept or a similar provider of e-signature systems, and with other vendors or partners.
We strive not to transfer your data outside the EU/EEA. If transfer is necessary, we ensure appropriate safeguards are in place to maintain a level of protection equivalent to that within the EU/EEA.
Your Rights
As a data subject, you have the following rights under applicable privacy legislation:
| Right | Description |
|---|---|
| Right of access | You have the right to access your personal data and receive a copy of the data we process about you. |
| Right to rectification | If the data we hold is incorrect, incomplete, or outdated, you have the right to request correction. |
| Right to erasure | You may request that we delete your data if we have no legal basis to retain it. |
| Right to object | Under certain conditions, you have the right to object to our processing of your data. |
| Right to restrict processing | In some cases, you may request that we limit the processing of your data. We may then only store it. |
| Right to data portability | If processing is based on your consent or a contract, you may request your data in a readable format and transfer it to another controller. |
Please note that exercising these rights may limit your access to and use of the Diary. You can submit a request by emailing hello@picturemylife.se or using the contact details below.
Questions and Complaints
If you have questions or concerns about this privacy policy or how we handle your personal data, please contact us:
PictureMyLife Communication AB
Box 455
701 49 Örebro, Sweden
Email: hello@picturemylife.se
You always have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten):
Box 8114,
104 20 Stockholm, Sweden
English (UK) 
Nederlands 
Norsk bokmål 
Deutsch 
Français 
Dansk