Add organization

Privacy Policy | Sweden Directory – GDPR & Cookies

Last updated: November 12, 2025

This Policy explains how SverigesForetagsGuide (“we,” “Service”) processes personal data in accordance with the GDPR and the Swedish Data Protection Act (2018:218) (hereinafter referred to as the “Swedish Data Protection Act”).

1) Data Controller (personuppgiftsansvarig)

SverigesForetagsGuide

E‑mail for Privacy Requests (GDPR): sverigesforetagsguide@gmail.com

The postal address for communication on privacy issues is not used — please send requests by e‑mail.

2) What data do we collect

  • Credentials: e‑mail, password (stored only as a hash with salt), nickname/display name.
  • Company card data: name, address, website, phone/clock, description; name and e‑mail of the contact person (if you specify them) — when adding/editing the card through the functions "Lägg till ett företag gratis" and "Rätta ett kortfel".
  • Messages from the following forms: the text of the request and e‑mail (if you leave it for a reply).
  • Cookies and technical data: IP/device/browser, referral URL, timestamps (the minimum required for website operation, security, and consistent analytics/marketing — see Cookie Policy and cookie settings banner on the website). The site provides the Necessary / Analytics / Marketing cookie categories and the ability to reject non-mandatory cookies and manage preferences.

We do not request payment, passport data, or personnummer (Swedish Personal Identification number). If you send such data by mistake, we will delete it.

3) Purposes and legal grounds of processing

Cookies and legal bases (GDPR)
Category Purpose Legal basis (GDPR)
Registration & Account Account creation/login, email confirmation, password reset Art. 6(1)(b) — contract
Strictly necessary cookies & technical data Basic site functionality, security, abuse prevention Art. 6(1)(f) — legitimate interests
Analytics cookies Traffic measurement, content/speed improvement Art. 6(1)(a) — consent
Marketing cookies (e.g., Google Ads) Ads display / conversion measurement Art. 6(1)(a) — consent

You can change/revoke your consent via the "Cookieinstallningar /Cookiepolicy" banner at the bottom of the website at any time. The requirement for active consent to non-mandatory cookies stems from Swedish Electronic Communications Legislation (LEK) and the position of the PTS regulator.

4) To whom we transfer the data (recipient categories)

  • Hosting and infrastructure: data centers in the EU/EEA (including possibly Sweden/EU).
  • Web analytics: Google Analytics 4 (only with your consent).
  • Advertising/Marketing: Google platforms (Google Ads / Google Marketing Platform — by agreement).

The contractors act according to our instructions and concluded processing agreements (Art. 28 GDPR). We do not sell personal data.

5) International transfers

When using Google services, individual data may be processed outside the EEA (for example, in the USA).

We rely on:

  • EU–US Data Privacy Framework (DPF) — for DPF-certified recipients (for example, Google LLC indicates the appropriate certification), and/or
  • Standard Contractual Provisions (SCC) with additional measures.

The EU–US DPF adequacy decision was made by the European Commission on July 10, 2023; Google publicly declares compliance with the DPF.

6) Shelf life

  • Account (e‑mail, nickname, password hash): while you are using the Service; when you delete your account, we delete / anonymize it within a reasonable time.
  • Cookies: until their expiration date or until your deletion/withdrawal of consent (see the Cookie Policy for details).
  • Hosting technical logs: up to 90 days (security/diagnostics).
  • Analytics/marketing data in reports: usually up to 14 months (see provider settings).

7) Your rights

You have the following rights: access, correction, deletion (including account deletion), restriction, portability, objection (for processing based on a legitimate interest, including refusal from direct marketing), as well as revocation of consent to analytics/marketing.

Requests are for sverigesforetagsguide@gmail.com . The response period is up to 30 days (can be extended for complex requests).

8) Children

The service is not aimed at children under the age of 13. In cases where a child's consent is legally required for online services, Sweden has set a "digital age of consent" of 13 (if the child is under 13, the consent of the parent/guardian is required).

9) Security

HTTPS, storing passwords only in the form of a hash with a salt, access rights differentiation, monitoring and regular updates.

10) Publication and sources of business information

The company cards are created by the representatives or moderators of the catalog themselves; the functions "Lägg till ett företag gratis" and "Rätta ett kortfel" (error correction) are available on the website, which allows updating the data. If the card contains personal data (for example, the name of a contact person), you have the right to request their deletion/depersonalization. We consider such requests individually and, by default, respect objections to the use of personal data in a public card.

11) Updates

The date at the top is the current version. We will announce significant changes on the website.

12) Contacts and complaints

Privacy issues: sverigesforetagsguide@gmail.com

If you are not satisfied with our response, you have the right to file a complaint with the Swedish Integritetsskyddsmyndigheten (IMY) supervisory authority. IMY

Contacts: imy@imy.se, +46 (0)8 657 61 00, Box 8114, 104 20 Stockholm, Sweden.