Privacy - Policy

1. Preamble

Sigrid Systems is committed to upholding the highest ethical standards and respecting user privacy in the delivery of our services.

We are dedicated to strictly enforcing personal data protection regulations, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the General Data Protection Regulation (hereinafter the "GDPR").

Therefore, we invite you to carefully read this document (hereinafter, the "Privacy Policy"), which defines the rules applicable to the collection and processing of your personal data.

​

If you have any questions about our Privacy Policy or the processing of your personal information, please contact us at: info@sigrid-systems.com.

​

2. Definitions

In this Privacy Policy:

a) "Personal data" means any information relating to an identified or identifiable natural person (the "User"). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, or an online identifier.

​

b) "Consent" means any freely given, specific, informed, and unambiguous indication of the User's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

​

c) "Processing" means any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.

​

d) "Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future.

​

e) "Controller" means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing. For this Privacy Policy, the data controller is Sigrid Systems.

​

f) "Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

​

g) "Third party" means a natural or legal person, public authority, agency, or body other than the User, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

​

h) "Recipient" means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.

​

i) "Supervisory authority" means an independent public authority established by an EU Member State responsible for monitoring the application of the GDPR. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY).

​

j) "Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific User without the use of additional information, which is kept separately.

​

k) "Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

​

​

3. Acceptance and Update of the Privacy Policy

By using our Services, you indicate that you have read and accepted this Privacy Policy without restriction. If you do not agree with any of its terms, you are free not to use our Services.

​

This Privacy Policy may be modified or updated to comply with legal, regulatory, and technical developments. Your personal data will always be processed in accordance with the policy in force at the time of its collection.

​

​

4. Processing of Your Personal Data

​

4.1 Personal Data We Collect
We collect personal data when you wish to learn more about our activities (e.g., via contact forms), receive our news (newsletter subscriptions), or use our services (registration forms). This data is used to provide access to our platform, identify and authenticate Users, improve our Services, and send relevant communications.

If you provide us with the personal data of your employees so they can access our services, you certify that you have obtained their consent for us to process their information.

​

The personal data we may collect includes your surname, first name, telephone number, email address, profession, and field of specialisation. Fields that are mandatory will be marked accordingly.

​

​

4.2 Purpose of Processing

Your personal data is collected and processed for the following purposes:
a) To provide and manage our Services.
b) To manage your orders for services and subscriptions.
c) To communicate with you, answer your questions, and improve the quality of our services.
d) To combat online fraud.
e) To resolve any disputes or issues related to the use of our services.
f) To improve your user experience on the Sigrid Systems website.

​

​

4.3 Legal Basis
The collection of your personal data is based on your consent and the acceptance of our contractual documents (e.g., General Terms and Conditions). As provided for in Article 7 of the GDPR, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

​

​

4.4 Data Protection Contact

For any inquiries or questions regarding data protection and GDPR compliance at Sigrid Systems, please contact us at info@sigrid-systems.com.

​

​

5. Sharing and Transfer of Personal Data

​

5.1 Sharing of Personal Data
Your personal data may be transmitted to third-party subcontractors involved in providing our services (e.g., technical and hosting providers, customer support, security incident management).

Sigrid Systems undertakes to share your personal data only with trusted service providers who process it on our behalf, according to our instructions, and in compliance with this Privacy Policy and other appropriate security measures.

Your personal data may also be disclosed to a third party if we are required to do so by law, regulation, or court order, or if such disclosure is necessary for an investigation or legal proceeding.

​

5.2 Transfer of Personal Data
Some of your data may be processed by service providers located outside the European Union. When this occurs, Sigrid Systems ensures that such transfers are governed by appropriate legal mechanisms, such as the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision, to guarantee a level of data protection equivalent to that of the EU.

​

​

6. Retention of Personal Data

​

Sigrid Systems will keep your personal data only for the time strictly necessary to fulfill the purposes for which it was collected, and in any event, within the limits imposed by law.

We may retain certain information for a period after the closure of your account (not exceeding 36 months) to meet our legal, accounting, and tax obligations, and to prevent potential unlawful behavior. During this period, your data will be deactivated and no longer accessible online.

​

7. Security of Personal Data

Your personal data is stored on secure servers located within the European Union. We implement all necessary physical, technical, and organizational security measures to protect your personal data from unauthorized access, disclosure, modification, or destruction. While we and our subcontractors deploy appropriate measures, we cannot guarantee that your communications will never be intercepted or disclosed by a third party.

​

​

8. User Rights

You have the following rights regarding your personal data:
a) Right of access: To verify your data.
b) Right to rectification: To update or correct your data.
c) Right to restriction of processing: To "freeze" the use of your data.
d) Right to portability: To export your data in a readable format.
e) Right to object: To stop the processing of your data for a specific purpose.
f) Right to erasure ("right to be forgotten"): To delete your data or personal account.
g) Right not to be subject to automated decision-making, including profiling.

​

You can exercise these rights at any time by sending an email to: info@sigrid-systems.com.

​

​

We may request additional information to confirm your identity if we have reasonable doubts. We will respond to your request within one month, which may be extended by two additional months for complex requests. We will inform you of any such extension within the first month.