Privacy Policy

1 Preamble

Challenge the Fabric (CTF) is a cross-industry initiative hosted by Ekman Group and organized with the Swedish Fashion Council with the aim to connect the supply chain of man-made cellulosic fibres (MMCF). Together with partners from the forest, textile, and fashion industries CTF wants to accelerate the dialogue about man-made cellulosic fibres (MMCF) as an alternative to fabrics from non-renewable or other resource-intensive materials.

We want to highlight the potential of the MMCF portfolio and invite industry members to identify barriers to growth and to take collective actions that will result in meaningful impacts.

Companies are, through their association with Challenge the Fabric, offered various collaboration opportunities. In connection with these opportunities, we may process personal data.

The CTF Privacy Notice is information to you, as a private person and a CTF event participant, recipient of CTF communications, or business partner, and describes what personal data is processed, how and for what purpose, as well as your personal rights (EU only).


2 Data Controller

Challenge the Fabric AB, registration number 559162-3839 (part of Ekman Group)
P.O. Box 230, 401 23 Gothenburg, Sweden
Polhemsplatsen 5, 411 11 Gothenburg, Sweden
E-mail address: ctf@ekmangroup.com

3 Personal data processed

Registration and signing up for events and newsletters (including expressed interest in offers, services, previous use of services, participation in events, or initiated contact), as well as being or becoming a business partner to CTF entails processing of personal data.


4 Categories of personal data subjects

a) Event participants.
b) CTF Award applicants.
c) Recipients of newsletters and other communications (direct marketing via e-mail, text message and other digital channels such as social media, direct marketing from partners, production of event material for marketing purpose).
d) Business partners and potential business partners.

5 Sources of personal data

a) Event participant application and registration form, and potentially photography, video, and sound recordings from an event.
b) CTF Award application form.
c) Newsletter sign-up form (including checked box on event registration).
d) Business partners and potential business partners/Contracts, Internet, Credit reporting firms, Due Diligence research tools.

6 Personal data processed

a) Name, contact details, title (based on the information on the registration form) and potentially photography, video, and sound recording from an event.
b) Name, address, contact details, gender identity, citizenship, education background, photographs.
c) Name, contact details, title.
d) Name, contact details, title, company, IP-address, and possibly tax id number and date of birth.

7 Purpose of processing of personal data

a) Administration of event application and registration (including food allergies and special dietary needs), communication before and during the event, administration of invoicing and payment of event fees and other services, follow-up and evaluation of an event. Photography, video and/or voice recordings may be used for marketing purposes in CTF’s channels.
b) Administration of the CTF Award application and procedure, including marketing during and after the competition has ended.
c) Communication regarding upcoming events and other business and industry news.
d) To conduct business and manage business partner relations, including due diligence as part of trade compliance regulations.

8 Legal basis for processing of personal data

a) Voluntary/consent.
b) Voluntary/consent (marketing purposes), legitimate interest (to administer the competition).
c) Voluntary/consent.
d) Contract, pending contract, legitimate interest (conduct business), international trade compliance laws.

9 Recipients/category of recipients of personal data

a) Event registration administrators (Sweden and Switzerland).
b) CTF Award administrators and jury (Sweden, EU and international, see 10.b.).
c) Communications administrators (Sweden and Switzerland).
d) Companies within the Ekman Group, Credit insurance companies, auditors and others to fulfill business obligations, follow legal requirements and conduct business, and only when necessary and lawful.

10 International transfer of personal data

a) Event participants’ personal data may be transferred to Switzerland (for administrative purposes).
b) CTF Award applicants’ personal data will be reviewed by the CTF Award jury, some members of which may be located outside of the EU, where personal data is not regulated according to the GDPR.
c) Newsletter and communication receivers’ personal data may be transferred to Switzerland (for administrative purposes).
d) Business partners’ personal data may be transferred internationally where necessary to conduct business and on a legal basis.

11 Period data is kept

a) Event participants’ personal data will be kept for two (2) years after the event. Any submitted evaluation related to an event is kept for a period of three (3) years. Photos/videos and/or voice recordings will be kept and potentially used for five (5) years, when it will be re-evaluated.
b) CTF Award applicants’ email and photographs will be kept for (2) years after the competition has ended for marketing purposes, unless deleted upon request by the applicant.
c) Personal data related to newsletter and communications recipients will be kept until communications are no longer wanted (opt-out is available at any time), or two (2) years after latest activity (by activity means use of our services, participation in our events, contact or otherwise expressed interest in our services).
d) Business partners’ personal data will be kept per contract, per accounting, tax or business and compliance laws or per legitimate interest.

12 Right to access, rectification, erasure, restrict processing and object to processing of personal data (EU only)
As a private person in the EU you have many rights regarding your personal data which is collected and stored. In summary, these include:

a) the right to transparency and access with respect to the personal data that is stored and processed
b) the right to corrections of any mistakes in the personal data and erasure in certain situations
c) the right to restriction of processing in certain circumstances
d) the right to object at any time to processing of personal data concerning you that is carried out based on our legitimate interest and you have specific reasons to object to such processing.

Forms for the above requests are available via GDPR@ekmangroup.com.

13 Right to portability (EU only)

The right to data portability, i.e. to receive personal data collected about you in a structured, commonly used and machine-readable format.
Form for the above request is available via GDPR@ekmangroup.com.

14 Right to lodge complaint with a Data Protection Authority (EU only)

Supervisory authorities in each EU country will monitor the processing of personal data in accordance with the GDPR and complaints should be lodged directly with them.
Further information can be found at the bottom of this Privacy Notice. Before any complaint is lodged with the DPA, the local Ekman Personal Data Protection Administrator, as well as the Ekman Personal Data Protection Control Group, should be contacted at GDPR@ekmangroup.com.

15 Right to compensation in case of a breach (EU only)

As a private person in the EU, you have the right to claim compensation for damages caused by any potential breach of data protection legislation.

16 Security measures

Technical and organizational measures have been implemented to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing.
These measures include, but are not limited to, the Ekman Personal Data Protection Policy, GDPR training of personnel, Whistleblowing service, IS/IT policies, The Ekman Personal Data Protection Control Group, internal audit function, Personal Data Protection Agreements (GDPR) with vendors/processors, GDPR instructions and Q&A for our personnel, consent forms, and other controls which might include passwords, backups, encryption, locks etc.

17 Questions and concerns

If you have any questions or concerns regarding protection of your personal data, please contact GDPR@ekmangroup.com.

We will make every effort to resolve any concern you may have.

This Privacy Notice is also found at: https://challengethefabric.com/
Gothenburg, December 2023