Privacy Policy
Last updated: 9 September 2025
This Privacy Policy explains how EBS Sweden AB, “EBS Sweden”, “we”, “us”, or “our” collect, use, share, and protect personal data when you use ebssweden.com (the “Website”), interact with us, or receive our services. We process personal data as a controller under the EU/EEA General Data Protection Regulation (GDPR) and applicable Swedish law.
Quick summary: We only collect what we need to run our Website and business, we never sell personal data, and you can exercise your privacy rights at any time.
1. Who is responsible and how to contact us
- Controller: EBS Sweden AB
- Registered address: Grindstuvägen 44-46, SE-167 33 Bromma, Sweden
- Email (privacy): info@ebssweden.com
- Telephone: +46 8 735 00 10
- Data Protection Officer (DPO): Mats Kristoffersson
If you have questions about this Policy or how we handle your data, please contact us using the details above.
2. Scope
This Policy applies to the Website, related subdomains, and any services that link to it. It does not apply to third‑party sites or services we do not control.
3. Personal data we collect
We collect the following categories of personal data:
3.1 Data you provide directly
- Contact data: name, email address, phone number, company, job title, and any information you include in forms or correspondence (e.g., support requests, demo/bookings, event registrations).
- Account & billing (if applicable): username, password, billing address, VAT number, and payment‑related information handled via our payment provider.
- Recruitment (if applicable): CV/resume, cover letter, LinkedIn profile, references, eligibility‑to‑work information.
3.2 Data collected automatically
- Technical data: IP address, device and browser type/version, operating system, language, referral/exit pages, and timestamps.
- Usage data: pages viewed, clicks, scrolls, time on page, and other interaction data.
- Cookies and similar technologies: see Section 8 (Cookies) for details and choices.
3.3 Data from third parties (where lawful)
- Service providers and partners: analytics, advertising (if used), event platforms.
- Public sources and social media: if you interact with our profiles or choose social sign‑in (if enabled).
4. Purposes and legal bases
We process personal data only when we have a lawful basis under GDPR. The table below summarises purposes, typical data, and legal bases.
| Purpose | What we do | Typical data | Legal basis |
|---|---|---|---|
| Provide and operate the Website and services | Host content, enable features, fulfil your requests | Technical/Usage data, Contact data | Legitimate interests (to run our Website) and/or Contract (Art. 6(1)(b)) where we provide requested services |
| Communicate with you | Respond to enquiries, send service messages | Contact data, enquiry details | Legitimate interests or Contract |
| Marketing communications (optional) | Newsletters, product updates, event invites | Contact data, preferences | Consent (Art. 6(1)(a)); you may withdraw at any time |
| Analytics (Google Analytics 4) | Measure and understand the use of our Website, improve content and performance | Technical/Usage data, pseudonymous IDs, approximate location | Consent (for non‑essential cookies/SDKs) |
| Advertising & retargeting (Meta Pixel) | Measure conversions, build audiences, and show relevant ads | Technical/Usage data, pseudonymous IDs, events (e.g., page view, add to cart) | Consent (for non‑essential cookies/trackers) |
| Security and fraud prevention | Detect, investigate, and prevent abuse | Technical data, logs, IP address | Legitimate interests |
| Compliance and legal claims | Keep records to comply with the law, defend legal rights | Identity, transaction, and log data | Legal obligation (Art. 6(1)(c)) and Legitimate interests |
| Recruitment (if applicable) | Evaluate applications and manage hiring | CV, cover letter, interview notes | Legitimate interests and Pre‑contractual steps |
Where we rely on consent, you can withdraw it at any time (see Section 10).
5. Sharing your personal data
We do not sell your personal data. We share it only with:
- Service providers (processors): hosting, maintenance, analytics, email delivery, customer support, payment processing, webinar/event platforms. They may access personal data solely to perform services for us and must follow our instructions.
- Professional advisers: lawyers, accountants, auditors under confidentiality obligations.
- Authorities and law enforcement: where required by law or to protect rights, safety, or property.
- Business transfers: in connection with a merger, acquisition, or sale of assets (we’ll notify you where required by law).
Key processors we use for this Website:
- Google LLC (Google Analytics 4). Purpose: site analytics and performance measurement. Data: pseudonymous identifiers (e.g.,
_gacookie), device/browser information, pages viewed, events (e.g., clicks, scroll depth), and approximate location. Controls: consent banner; Google’s Analytics Opt‑out Add‑on and Ads Settings. Retention: configured between 2–26 months for event data (subject to our settings). Privacy: policies.google.com/privacy; controls: tools.google.com/dlpage/gaoptout and adssettings.google.com. - Meta Platforms Ireland Ltd. and Meta Platforms, Inc. (Meta Pixel). Purpose: advertising analytics, conversion measurement and retargeting on Meta technologies. Data: pseudonymous identifiers (e.g.,
_fbp), device/browser information, page URLs, and events (e.g., PageView). We rely on prior consent in the EEA. Privacy: www.facebook.com/privacy/policy; ad preferences/controls: www.facebook.com/adpreferences and www.youronlinechoices.eu.
A current list of processors is available upon request.
6. International data transfers
We primarily process data within the EU/EEA. If we transfer personal data outside the EEA (e.g., to the United States):
- Where the recipient participates in the EU‑U.S. Data Privacy Framework (DPF), we rely on that adequacy decision for transfers.
- Otherwise, we use the European Commission’s Standard Contractual Clauses (SCCs) and, where relevant, supplementary measures and transfer risk assessments.
Vendors we use (such as Google and Meta) may process data in multiple regions. We take steps to ensure appropriate safeguards are in place before any transfer.
7. Data retention
We keep personal data only for as long as necessary for the purposes set out above, and to comply with legal, accounting, or reporting requirements. Typical periods are:
| Category | Retention period |
|---|---|
| Enquiry and support records | Up to 24 months after the last interaction |
| Marketing contacts | Until you withdraw consent or we note inactivity (e.g., 24 months) |
| Contract and billing records | 7 years to comply with Swedish accounting rules (or longer if required to resolve disputes) |
| Security logs | 12 months unless needed longer for investigations |
| Recruitment data | Normally, 12 months after the hiring process ends (unless you consent to a longer talent‑pool retention) |
We may anonymise data so it is no longer associated with you; we may retain anonymised data indefinitely.
8. Cookies and similar technologies
We use cookies and similar technologies to run the Website and (if you allow) to measure and improve performance and advertising. We categorise cookies as:
- Strictly necessary: required for core functionality and security. (These are always on.)
- Performance/analytics (optional): help us understand how the Website is used.
- Functionality (optional): remember your choices.
- Advertising (optional): measure and deliver ads.
You can manage your preferences at any time via [Cookie Settings] on the Website or your browser settings. Refusing optional cookies may affect some features.
8.1 Our analytics and ads vendors
Google Analytics 4 (GA4). We use GA4 to understand how visitors use our Website. GA4 collects pseudonymous data, including page views, events (e.g., clicks), device/browser information, and approximate location. GA4 uses first‑party cookies like _ga _ga_*. We have configured data retention within Google’s available settings. You can refuse analytics via our cookie banner, install Google’s Analytics Opt‑out Add‑on, and manage personalised ads in Google Ads Settings.
Meta Pixel. We use the Meta Pixel to measure conversions and build audiences for advertising on Meta technologies (Facebook, Instagram). The Pixel sets cookies _fbp and sends events like PageView from our pages. We only load the Pixel after you’ve given consent via our cookie banner. You can manage your ad preferences in your Meta account and at YourOnlineChoices.eu. [If we enable Advanced Matching or use Conversions API, we will update this policy to describe the additional data processed (e.g., hashed contact fields).]
8.2 Cookie details (illustrative)
Actual cookies and durations may vary by browser and vendor updates. See the Cookie Settings tab for the current detailed list.
| Cookie | Provider | Purpose | Expiry |
|---|---|---|---|
_ga | Google Analytics | Distinguish users | 2 years |
_ga_* | Google Analytics | Persist session state | 2 years |
_gid | Google Analytics | Distinguish users per day | 24 hours |
_fbp | Meta | Store and track visits for ads | 3 months |
fr | Meta (facebook.com) | Ad delivery and retargeting | 3 months |
8.3 Managing your choices
- Use our Cookie Settings to grant or withdraw consent at any time.
- Adjust your browser settings to block or delete cookies.
- Vendor controls: Google Analytics Opt‑out Add‑on and Ads Settings; Meta Ad Preferences; industry opt‑out via YourOnlineChoices.eu.
Note: Blocking cookies may impact some Website features.
9. Security
We apply technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access controls, least‑privilege and need‑to‑know principles, logging, and regular backups. No method of transmission or storage is 100% secure; we continually improve our safeguards.
10. Your rights (EEA/UK)
Subject to conditions and exceptions in the GDPR, you have the right to:
- Access your personal data and obtain a copy
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Data portability (receive data in a structured, commonly used, machine‑readable format)
- Object to processing based on legitimate interests and to object at any time to direct marketing
- Withdraw consent at any time where processing is based on consent
To exercise your rights, contact us at [info@ebssweden.com]. We may need to verify your identity. We aim to respond within one month (extendable by two months for complex requests).
You also have the right to complain to the Swedish supervisory authority Integritetsskyddsmyndigheten (IMY) if you believe your data has been processed unlawfully. See www.imy.se for contact details.
11. Children’s privacy
Our Website and services are not directed to children, and we do not knowingly collect personal data from children under 13. If you are in the EEA, we do not knowingly collect data from children under the age required by local law for consent to information society services. If you believe a child has provided us with personal data, please contact us to request deletion.
12. Third‑party links and integrations
The Website may contain links to third‑party sites, plug‑ins, or integrations (e.g., maps, video embeds, social media widgets). Those third parties may collect data about you, subject to their own privacy policies. We are not responsible for their practices.
13. Changes to this Policy
We may update this Policy from time to time. We will post the updated version on this page and update the “Last updated” date. For material changes, we will take additional steps to inform you where required by law.
14. How to contact us
If you have questions, concerns, or requests about this Policy or your personal data, please contact:
EBS Sweden (Controller)
Email: info@ebssweden.com
Address: EBS Sweden AB, Grindstuvägen 44-46, 167 33 Bromma, Sweden