Information about Almi’s processing of personal data within Almi Invest
This policy describes how Almi collects, uses, stores, and shares personal data about you who are seeking investment, are a co-investor, are employed by a company Almi is or has invested in, or are otherwise involved in investments with Almi Invest AB and its subsidiaries.
Within the Almi Group (hereinafter Almi), Almi AB has a joint controllership with its respective subsidiaries for the processing of personal data. In the context of investments, the controllership is shared between Almi AB, Almi Invest AB, and the subsidiary within Almi that manages or has managed the investment in a particular subsidiary.
Personal data may be processed about the following parties that may be involved in the investment process.
handled in the following areas and treatments about you who are:
- Representative such as a signatory or CEO of the company seeking investment (“investment object”) or that has received investment (“fund company”)
- Principal
- Co-financier – business angel, company representative
- Board member in a portfolio company
- Potential new investors
- Buyer at the exit of a portfolio company
- Employee in the investment object
- Shareholder in a portfolio company
- Broker
When we refer to you as a data subject, it means that the personal data comes directly from you whom we handle personal data about.
Categories of Personal Data and Examples of Personal Data
The information below states how Almi processes your personal data and specifies which categories of personal data are included in each processing. The table below indicates examples of personal data handled in each category of personal data.
| Categories of Personal Data | Examples of Personal Data |
| User-generated data | Cookies, logs |
| Criminal data | Judgment on economic crime |
| Demographic data | Date of birth, gender, marital status |
| Financial data | UC, account statements |
| Company data | Company name, organization number (personal number for sole proprietorship) |
| Identity data | Name, personal number, username, various types of IDs such as Customer ID, employee number or IP address, signature, passport number, protected ID |
| Communication | Content of emails, type of case, editorial content, meeting notes, attendance at meetings |
| Contact details | Address, phone number, email |
| Organizational information | Role, title, group affiliation |
| Politically exposed position | Indicated if you have such a position or not |
Almi’s Processing of Your Personal Data as a Customer
Below is how Almi process your personal data, where the legal basis is a legitimate interest.
For more information about Almi’s legitimate interest and the assessment that has been made, please contact Almi’s Data Protection Officer.
| Processing | Categories of Personal Data Processed | Purpose of Processing | How Personal Data is Collected |
| Archiving of Pitch Deck | Company data, Identity data, Contact details | Saving pitch decks for evaluation for a potential future investment. | You as data subject, Representatives |
| Anti-fraud | Financial information, Company data, Communication, Contact details, Organizational data | Check and review suspected fraud and report it to the police. | You as data subject, Representatives, Generated internally |
| Agreement Documents Invest | Identity data, Contact details | Handling of agreement documents in investments, shareholder agreements, investment agreements, etc. | You as data subject or the company the registered person is employed by |
| Due Diligence | Financial data, Company data, Identity data, Competence data, Contact details | Conduct due diligence to check, evaluate, and assess the risk of a potential investment. | Representatives |
| Compliance - Control and audit | Company data, Identity data, Contact details |
The purpose is to ensure that Almi complies with applicable laws, regulations, and internal policies. The processing of personal data may be necessary in order to carry out initiated audits. |
Collected internally |
| Documentation | Company data, Identity data, Contact details | Document decisions and attendance at meetings, as well as the basis on which decisions are made. | You as data subject |
| Electronic communication |
Company data, Identity data, Communication, Contact details |
Communicate electronically with Almi or within Almi (all communication via email, Teams, etc.) | You as data subject |
| Exit – Archiving of Documentation | Company data, Identity data, Contact details | Archiving of documentation during sales and previous fund companies. | You as data subject or representative |
| Exit - Sale | Company data, Identity data, Contact details | Sale of fund companies. | Collected internally |
| External Communication press and media | Identity data | Publishing pressreleases. | You as data subject |
| Handling of video and images |
Identity data, Audio- and image-/video material |
Use and storage of images for internal and external purposes. | You as data subject |
| Incident management | Identity data | The purpose of processing personal data for incident management is to ensure that the organization can handle and address incidents effectively, while complying with data protection legislation such as the GDPR. This involves collecting, using, and safeguarding the personal data necessary to investigate, report, and resolve security incidents. | The person reporting or collected internally |
| Manage Ownership | Company data, Identity data, Contact details | Contact with stakeholders, shareholders, etc., to manage ownership in fund management companies. | You as data subject |
| Communication | Company data, Identity data, Communication, Contact details | Document our communication with you who have contact with Almi Invest. | You as data subject |
| Contact with stakeholders | Identity data, Contact details | Document Almi's communication with the individual in contact with Almi Invest | You as data subject or supplier |
| Contact Investors | Identity data, Contact details | Processing of contact details of potential and existing investors. This includes managing investor contact information to keep track of whom we have been in contact with and for case management purposes. It covers initial or follow-up contact with Almi for a potential business relationship or general networking purposes. | Official sources |
| Logs and monitoring | User-generated data, Identity data | Logging and monitoring the use of hardware and systems to be able to trace what happened in case of errors or irregularities or for other security reasons. | Generated internally |
| Pitch Deck | Company data, Identity data, Contact details | Receive, analyse, and evaluate pitch decks. | You as data subject or representative |
| Reporting statistics money laundering/terrorism | Identity data, | The management is provided with an overview via statistics on risk levels, trends, and any shortcomings in controls. Through the statistics, one can follow up on how effectively internal controls work and if further actions need to be taken. | Generated internally |
| System Testing | Company data, Identity data, Communication, Contact details, Organizational Information | Testing of systems/applications/APIs before they go into production to ensure functionality and security. | Collected internally |
| Evaluate Group Dynamics in Investment Object | Identity data, Competence data | Conduct tests on staff in potential investment objects to evaluate their group dynamics and ability to run the company and strengthen team members. | You as the registered person |
Processing where personal data is collected with legal obligation as the legal basis
If personal data is not provided for the processes listed below, it will affect your ability to be involved in an investment
| Processing | Categories of Personal Data Processed | Purpose of Processing | Retention Period | How Personal Data is Collected |
| AML Customer Due Diligence |
Criminal data, Financial data, Company data, Identity data, Contact details, Organizational Information, Politically exposed position |
Compliance with regulatory requirements by aiming to achieve proper customer due diligence in all business relationships, both prior to their establishment and on an ongoing basis throughout their duration. Conducting risk assessments (customer due diligence) with the purpose of preventing money laundering, terrorist financing, and serious crime in the context of financing, venture capital, and business advisory services. | 5 years (in some cases 10 years) after the end of the customer relationship | You as the data subject, Representatives, UC, Swedish Companies Registration Office, Swedish Tax Agency, PEP register, Public sources |
| Accounting | Identity data, Company data | Archiving of documentation for invoicing for accounting purposes. | 7 years from archiving | Representatives |
| Transaction Monitoring | Financial data, Company data, Identity data, Contact details, Organizational Information |
For ongoing business relationships, monitor transactions to Almi such as repayments/interests for financing, transactions, or exits, with the aim of avoiding, as far as possible, Almi’s involvement in criminal transaction flows. Verify incoming payments in order to prevent money laundering. | 10 years from the end of the customer relationship | Representatives |
| Data subject rights | All types of personal data | Receive and respond to data subject rights requests under the GDPR, as well as carry out the action requested by the data subject, e.g. access requests and erasure of personal data | 1 year | Collected internally |
| Information to the police/Financial police |
Bank details Identity data, Contact details, Organizational Information, Politically exposed position |
Provide information to the Police Authority according to legal requirements in case of suspicion of money laundering or financing of terrorism. | 5 years after the application has been made, 30 days for the information | Collected internally |
| Annual reporting to the Financial Supervisory Authority |
Identity data, Politically exposed position |
Prepare a basis for compiling aggregated statistics for the annual reporting to the Financial Supervisory Authority as required by regulations. No personal data is shared with the FI, but processing of personal data is required in certain cases to obtain statistics. | After the statistics have been submitted. | The Data subject |
Retention of Personal Data
Personal data will be stored as long as necessary to fulfil the purpose of the processing.
Disclosure of Personal Data
Personal data may be disclosed to other investors, authorities, and system providers used by Almi. For exact information on who your personal data has been disclosed to, please contact Almi’s Data Protection Officer. Note that disclosures to the police will not be notified to you, and Almi cannot inform you if there is a suspicion of a crime in accordance with the Law (2017:630) on measures against money laundering and terrorist financing.
Your personal data is stored within the EU, but Almi may use IT system providers with parent and/or subsidiary companies in countries outside the EU (third countries) and/or subcontractors in third countries. This may result in the transfer of your personal data. Transfers to third countries are made based on the EU Commission’s adequacy decisions or standard contractual clauses.
Updates of this information
This information may be updated, and significant changes will be indicated here.
2024-07-02: Restructuring and clarification regarding processing, legal basis, where personal data is obtained from, and to whom it may be disclosed.
2025-04-29: Clarified purposes and added new and deleted inactive processing activities.
Protection of Personal Data
We have taken appropriate administrative, technical, organizational, and physical security measures to protect the data we have about you from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Your Rights according to GDPR
As a data subject, you have the following rights regarding the personal data Almi holds about you:
Request Access to Your Personal Data
You have the right to access the personal data that Almi holds about you. This is also known as the right to a personal data extract. This means you have the right to request a copy of all personal data that Almi processes about you. This copy should be provided without delay and no later than one month after the request has been received.
Request rectification of Incorrect or Incomplete Personal Data
If personal data is incorrect or incomplete, you have the right to request rectification of the data, with the limitations specified by law or other regulations.
Request erasure
You have the right to contact Almi and request that personal data about you be deleted in the following cases. Deletion should be done without undue delay.
- If the personal data is no longer needed to fulfil the purposes for which it was collected
- You withdraw your consent on which the processing is based and there is no other legal basis for the processing
- You object to the processing
- The personal data has been processed unlawfully
- Personal data must be deleted to comply with a legal obligation
Restriction of Personal Data Processing
You have the right to request that Almi restrict its processing if it is unclear if and when Almi must delete your personal data. Restriction means that Almi, except for storage, may only process your personal data with your consent, to establish, exercise, or defend legal claims, or to protect someone else’s rights. You can use the right to restriction in the following cases.
- You dispute the accuracy of the personal data and Almi should investigate whether the personal data should be corrected
- You do not want Almi to delete your personal data
- Processing is unlawful, and you oppose the deletion of the personal data and instead request a restriction on its use
- Almi no longer needs the personal data, but you need it to establish, exercise, or defend legal claims
- You have objected to the processing and Almi is investigating your objection, but a decision has not yet been made
Object to Processing Based on Almi’s Legitimate Interest
You have the right to object at any time to processing if the processing is based on Almi’s legitimate interest, i.e., the legal basis for the processing is a balance of interests. For Almi to continue processing the personal data after receiving an objection, Almi must demonstrate compelling reasons that Almi’s interest outweighs your interests, rights, and freedoms. Alternatively, Almi must prove that the processing is for the establishment, exercise, or defence of legal claims.
You always have the right to object to direct marketing.
Data Portability
If processing is based on consent or contract and the processing is automated, i.e., using technology without human assistance, and you have provided personal data in a commonly used, machine-readable format, you have the right to transfer this data to another data controller.
Withdraw Your Consent
For processing based on consent, you have the right to withdraw your consent at any time. This means that Almi may no longer process your personal data for the purpose.
Contact Almi or the Swedish Supervisory Authority
For questions, exercising your rights, or other data protection matters that you want to discuss with Almi, you can contact dataskyddsombud@almi.se or write a letter to Almi AB, Dataskyddsombud, Box 70396, 107 24 Stockholm. You can also file a complaint about Almi’s processing of personal data by contacting the Swedish Supervisory Authority IMY by sending an email to imy@imy.se or writing a letter to Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm.