Privacy Policy
1. Introduction – What is Personal Data?
“Personal data” refers to any information that directly or indirectly can be linked to a living individual. Infrasec Sweden AB (Org. No. 556624-1674) is the data controller for the personal data you provide to us or that we collect from other sources. We always treat personal data with the utmost respect for individual privacy. This privacy policy explains our principles, how we collect and process personal data, and your rights as a data subject. These guidelines do not override any rights you may have under the General Data Protection Regulation (GDPR) or other legally binding regulations.
2. Collection of Personal Data
We collect personal data in the following ways:
You provide it directly to us when, for example, becoming a customer or contacting us through our website, customer service, sales, email, forms, or logged-in services.
You provide your data to a third-party service provider or intermediary who concludes a service agreement with Infrasec on your behalf.
Data is generated through your purchases and usage of our services, or when you file a case or complaint.
We may also collect data from third-party sources, such as:
Credit information from banks or credit agencies.
Data from our business partners.
2.1 Infrasec Websites
You can visit our website (www.infrasec.se) without submitting any personal data. In such cases, we only collect anonymous statistics, such as the time and duration of visits and pages visited. We also use cookies to ensure proper website functionality.
If you log into our online services, your visit may be linked to your customer number or username, enabling more personalized communication.
2.2 Categories of Personal Data We Collect
Customer Information: Name, address, phone number, email, and communication preferences.
Purchase Data: Products/services bought, credit ratings, payment history, customer number, and passwords.
Technical Data: Connection types and service disruption history.
Service Records: Correspondence, purchase history, complaints, and feedback.
Usage Data: User-generated content, login activity, device and interaction data.
Recorded Data: Call recordings, verbal authorizations, and training material.
Special Categories of Data: Sensitive data (as defined in GDPR Article 9) is only processed with explicit consent or where required by law.
2.3 Information Provided at the Time of Collection
When we collect personal data, we inform you about:
The data controller.
The purpose and legal basis for processing.
Contact information for the data protection officer.
Your rights under the GDPR.
Retention periods for the data.
If any information is unclear or incomplete, please contact us for clarification.
3. Use and Legal Basis for Processing
We only process personal data for purposes permitted under GDPR. The most common legal basis is the performance of a contract. Typical purposes include:
Customer onboarding and contract signing.
Providing quotes or offers.
Delivering products/services.
Handling customer service matters.
With legitimate interest as a basis, we may process data to:
Market and profile products and services.
Send newsletters.
Improve services and user experience.
Conduct statistical analysis.
We also process data when required by law, such as for invoicing under the Accounting Act. If no legal basis applies, we may ask for your consent, which you can withdraw at any time.
4. Sharing of Personal Data
Your data may be shared with other companies within our corporate group for marketing and service purposes. It may also be shared with:
IT service providers
Customer service providers
Sales and installation partners
Technical contractors
Telemarketing firms
Print and digital communication providers
Media and advertising agencies
In certain cases, we may be legally required to disclose data to authorities such as the police. We do not regularly transfer personal data outside the EU/EEA.
5. Data Collected from Third Parties
When entering new contracts, credit checks are performed using data from SPAR (Statens personadressregister) and credit institutions.
We may also collect personal data from public sources to identify appropriate target groups for marketing. Sometimes, we purchase personal data from external sources based on consent provided to those parties.
We also receive data from partners to whom you have provided consent for transfer, or from Fortnox.se and Visma.se for invoice handling or digital correspondence.
6. Access to Personal Data
Only individuals who need access to personal data to perform their job are authorized to do so. Our subcontractors must meet the same data protection standards as Infrasec Sweden AB.
7. Data Retention (Storage and Deletion)
We retain personal data only as long as necessary. After contract termination, we retain your data for 36 months. This also applies to contact persons of corporate clients.
Some data is retained longer due to legal obligations, such as accounting laws (up to 7 years). We may also retain data longer in the event of a dispute, warranty, or investigation.
8. Your Rights
8.1 Right of Access
You may request a copy of your personal data and information about how it is processed. We will respond within 1 month and send the data to your registered address.
8.2 Right to Rectification
You may request correction of incorrect or unlawfully processed personal data.
8.3 Right to Erasure (“Right to be Forgotten”)
You can request erasure if:
Processing is based solely on consent and you withdraw it.
The data is no longer necessary for the purpose.
It is used for direct marketing and you object.
The data has been processed unlawfully.
You object to processing based on legitimate interest and your interests outweigh ours.
Legal obligation requires deletion.
8.4 Right to Object to Automated Decision-Making
We do not engage in automated decision-making or profiling that produces legal effects.
8.5 Right to Data Portability
You may request a copy of your personal data in a machine-readable format (e.g., Excel) for transfer to another provider.
8.6 Right to Restrict Processing
You may request restricted processing, for example, if you dispute the data’s accuracy.
8.7 Right to Object
If we process your data on the basis of legitimate interest, you may object. We must then demonstrate overriding legitimate grounds to continue processing.
8.8 Direct Marketing and Newsletters
You may opt out of marketing communications at any time by contacting us or via the unsubscribe link in our emails. You can also choose your preferred communication channels.
8.9 Profiling
We may perform profiling to deliver personalized offers and services based on your preferences and past behavior. You may opt out at any time.
8.10 Right to Compensation
You may be entitled to compensation if you suffer damage due to our data processing practices. Claims can be directed to Infrasec Sweden AB.
9. Changes to This Policy
This policy may be updated to reflect changes in legislation or business practices. Any updates will be published on our website. Contractual terms take precedence unless they conflict with your legal rights.
10. Contact Details
Data Controller:
Infrasec Sweden AB
Org. No: 556624-1674
Rosengatan 8,
172 70 Sundbyberg, Sweden
Email: info@infrasec.se
Phone: +46 (0)8-411 12 40
For privacy-related matters, you may also contact our Data Protection Officer using the above contact details.
Requests for access to your data:
Should be sent to the address or email above.
Supervisory Authority:
If you are dissatisfied with our handling of your personal data, you can file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten):
www.imy.se