arvid anderson consulting ab
EN SV
~/ arvidanderson.seprivacy

Privacy Policy

This policy explains what personal data Arvid Anderson Consulting AB (the “Company”, “we”, “us”) collects, how it is used, the legal basis for processing, and the rights you have under the EU General Data Protection Regulation (GDPR).

controllerArvid Anderson Consulting AB org.nr559462-4156 effective2026-05-05 version1.0

01Data Controller

Who is responsible for your data

The data controller responsible for the processing of your personal data is Arvid Anderson Consulting AB, a Swedish limited company (aktiebolag) with organisation number 559462-4156, registered at Majorsgatan 1, 413 08 Göteborg, Sweden.

You can reach us at hello@arvidanderson.se for any privacy-related questions or requests.

02Scope

What this policy covers

This policy applies to personal data processed in connection with:

  • The website arvidanderson.se and any subdomains we operate.
  • Mobile and desktop applications published by the Company on app stores or other distribution channels.
  • Consultancy engagements and business communications (email, contracts, invoicing).

Where a specific application has its own privacy notice — for example a client-branded app — that notice takes precedence for data processed within that application.

03Data We Collect

Categories of personal data

We try to collect as little personal data as possible. Depending on how you interact with us, we may process:

  • Contact data — name, email address, company, role, and the contents of any message you send us.
  • Business data — billing address, VAT number, signed contracts and invoices, where you engage us as a client or supplier.
  • Technical data — IP address, user agent, referrer, and pages requested when you visit our website. This is processed in short-lived server logs for security and reliability.
  • Application data — data you provide to or generate within an application we publish. The categories vary by app and are described in that app’s in-product privacy notice and on its App Store / Google Play listing.

Our website does not use advertising cookies, third-party analytics or tracking pixels.

04Purposes & Legal Basis

Why we process data

We process personal data for the following purposes, on the legal bases indicated:

  • To respond to enquiries — legitimate interests (Art. 6(1)(f) GDPR).
  • To deliver consultancy services under a contract with you or your employer — performance of a contract (Art. 6(1)(b) GDPR).
  • To meet legal obligations, including bookkeeping, tax and accounting requirements under Swedish law — legal obligation (Art. 6(1)(c) GDPR).
  • To operate and secure our website and applications, including preventing abuse — legitimate interests (Art. 6(1)(f) GDPR).

05Sharing & Processors

Who has access to your data

We do not sell personal data. We share data only with carefully selected service providers who process it on our behalf under written data-processing agreements. Typical categories include:

  • Cloud hosting and email infrastructure providers.
  • Accounting and invoicing software used to meet bookkeeping obligations.
  • App store operators (Apple, Google) where you obtain an application from us.

We may also disclose data when required by law, court order or a binding request from a competent authority.

06Retention

How long we keep data

We keep personal data only as long as necessary for the purposes above. Specifically:

  • General correspondence — up to 24 months from last contact.
  • Contracts, invoices and related accounting records — at least 7 years, as required by the Swedish Bookkeeping Act (bokföringslagen).
  • Server logs — up to 90 days.
  • Application data — as described in the relevant app’s privacy notice; otherwise, until the account is deleted or the engagement ends.

07International Transfers

Data outside the EU/EEA

We prefer to keep data within the EU/EEA. Where a service provider processes data outside that area, we rely on appropriate safeguards under the GDPR — typically the European Commission’s Standard Contractual Clauses (SCCs) and, where relevant, supplementary measures.

08Your Rights

Rights available to you

Subject to the conditions in the GDPR, you have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of your data (the “right to be forgotten”).
  • Request restriction of, or object to, certain processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) — imy.se.

To exercise any of these rights, email hello@arvidanderson.se. We respond within one month.

09Security

How we protect your data

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss or alteration. These include encrypted transport (TLS), access controls, principle-of-least-privilege for service accounts, and regular review of dependencies.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you and the relevant supervisory authority as required by the GDPR.

10Children

Use by minors

Our website and consultancy services are directed at businesses and adults. We do not knowingly collect personal data from children under 13 (or the equivalent minimum age in your jurisdiction). Specific applications may have their own age requirements stated on their App Store / Google Play listing.

11Changes

Updates to this policy

We may update this policy from time to time. The current version is always available at arvidanderson.se/privacy, with the effective date shown at the top of the page. Material changes will be communicated by email to active clients.

12Contact

Get in touch

For questions about this policy or about how we handle your data:

Arvid Anderson Consulting AB
Majorsgatan 1
413 08 Göteborg, Sweden
hello@arvidanderson.se