Privacy Policy

Removal of data

If you want to remove your data and/or potential content you have created on HEART 17, simply send us an email and we’ll take care of it! Please note - if you have a log-in on, it’s important that the email is sent from the same account.
Request data removal

1. Introduction

HEART 17 AB ("we", "us") is a non-profit company, primarily aimed at engaging audiences around the 17 SDGs (the "Sustainable Development Goals"). HEART 17 has developed a service, where you can choose to listen to voices and take part in "initiatives", which are created by so called "changemakers". The changemakers are people of influence in areas that are of relevance to the SDGs. All initiatives created by changemakers will have the purpose of, directly or indirectly, contributing to the SDGs. By choosing to listen to or take part of an initiative, you engage and contribute to the SDGs.

HEART 17 AB care about your privacy and we always aim to achieve a high level of protection of the personal data that we process about you. This privacy policy informs you about our processing of your personal data and your rights under data protection legislation.

This privacy policy applies to you who; (i) participate in initiatives on our platform, (ii) is a "Changemaker" (i.e. a creator of initiatives on the platform), (iii) sign the Manifesto and (iiii) visit the website without logging on.

2. Personal data

Participation in initiatives

In order to participate in an initiative, you must log in to either Facebook or Google using the provided log in function. If you choose to log in through one of these external login providers, we will receive your user name and/or e-mail address from Facebook or Google and process it.

When you are logged in to the service through one of the above external login providers and participate in an initiative created on the platform, we will process personal data related to your current location, the initiatives that you choose to participate in and other information that you publish on the platform, e.g. photos and videos.

Please note that information that you have participated in a certain initiative may constitute special categories of personal data pursuant to article 9 of the GDPR, such as information on your political opinions.


If you are a Changemaker, we will process your contact details (name, email and telephone number) and picture. We will also process personal data related to the initiative that you create and other information that you choose to publish about yourself.

Sign the Manifesto

If you sign the Manifesto, we will process your contact details (name, email and country and (if chosen) company/organization.

Visitors of our website

We will process personal data related to all individuals visiting our platforms by way of cookies and similar technologies, such as IP-address, device ID and other technical data. You can read more about the cookies used by us in our cookie policy.

3. Purposes and Legal Ground for processing

Your personal data will be processed for the purposes and based on the legal grounds described below:

Provide and enable usage of our platform and services – We will process your personal data to provide the platform including the services and functions provided on the platform and to enable you to participate in or create initiatives on the platform. Our processing of your personal data may be necessary to fulfill obligations in the agreement with you, our because we have a legitimate interest in providing and enabling usage of our platform and services.

If you participate in an initiative and choose to publish your picture in connection with the initiative, this may constitute the processing of special categories of personal data. We will collect your consent prior to publishing information on your participation in an initiative.

Communication and marketing – We will process your personal data to be able to communicate and sending marketing, e.g. regarding available actions, to you (including direct marketing via email, SMS or MMS).If you have a customer relationship with us, your personal data will be processed based on our legitimate interest in communicating and sending marketing to you. If you do not have a customer relationship with us, we will collect your consent prior to sending such communication and marketing to you.

Statistics and reports – We will process your personal data in order to review the effect of campaigns and initiatives and create statistics regarding the usage of our platform and the impact of initiatives. These processing activities will be based on our legitimate interest in obtaining statistics and reports.

Management, development, test and security – We will process your personal data for the development and testing of our IT systems in order to secure that our platform upholds high quality as well as identifying and preventing security attacks such as viruses. These processing activities will be based on our legitimate interest of managing, developing, testing and uphold high security of our platform.

4. Retention period

We only process personal data for as long as it is necessary to fulfil the purposes of the processing. Your e-mail account information will be stored for as long as you are an active user of our service. If your account has been inactive for 2 years, your e-mail account information will automatically be deleted.

Photos and videos will be deleted automatically when the initiative in which the photo or video was published, ends. If your account has been inactive for 2 years, all photos and videos across all initiatives will be automatically deleted.

Your location data will be automatically deleted when the initiative, in which your approximate location has been published on the activity map, ends.

5. Limitations in the transfer of personal data

We may engage external partners and suppliers to perform services on our behalf, e.g. to provide IT services, or to assist in marketing, analysis or statistics. The performance of these services may entail such parties, both within and outside of the EU/EEA, obtaining access to your personal data.

Companies which are processing personal data on behalf of HEART 17 are obliged to sign an agreement with us in order to ensure a high level of protection for your personal data. For partners located outside the EU/EEA, additional protective measures are undertaken, e.g. the signing of an agreement which includes the European Commission’s model clauses for data transfers, which can be found on the European Commission’s website.

We may transfer personal data to a third party, such as the police or other authority, in the course of an investigation or otherwise when so obliged by law or governmental decision.

6. Security measures for protection of personal data

A high level of security for your personal data is of utmost importance to HEART 17, and we have in place appropriate technical and organizational security measures to protect your personal data from unauthorized access, modification, dissemination or destruction.

7. Your rights

You have certain rights in relation to your personal data. Below, we have summarized these rights.

Right to access – a right to obtain confirmation and information of the processing of your personal data.

Right to rectification – a right to have your personal data corrected.

Right to erasure – a right to have your personal data erased. This right is limited to data that, by law, requires your consent to be processed, if you withdraw that consent and oppose the processing.

Right to object – a right to object against our processing if the legal ground for the processing is based on a balancing of interests or if it is used for direct marketing.

Right to restrict data processing – a right to demand that the processing of personal data is restricted, e.g. if you oppose the correctness of the data. While the matter is investigated, HEART 17's access to the data in question is restricted.

Right to data portability – a right to request that personal data be sent from one data controller to another. This right is restricted to data, which you have submitted to us.

You always have the right to lodge a complaint with the Swedish Data Protection Authority,[A3] if you believe that your personal data is not processed in accordance with applicable legislation.

8. Contact information to the data controller

If you want to request information about our privacy policy or exercise your rights as described above, you can contact us at:

HEART 17 AB (company reg. no. 559214-1914)
Götgatan 22A
Stockholm 118 46