Privacy Policy
Privacy Policy – NiTiAB
Valid starting on 28/09/2025
Last updated: 28/09/2025
Table of Contents
Introduction
What is Personal Data and What Does Processing Mean?
Scope of This Policy
What This Policy Covers
Data Controller
NiTiAB as Data Controller
Legal Basis for Processing Personal Data
What Personal Data We Process and Why
Consent and Consequences of Withdrawal
Data Portability
Retention Periods
Data Protection Measures
Sharing of Personal Data
Embedded Content and Third-Party Data Handling
Your Rights
Profiling and Direct Marketing
Cookies
Security Disclaimer
Changes to This Policy
Contact and Grievance Officer
1. Introduction
By accessing or using any of NiTiAB’s services, websites, or digital platforms, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to the policy, do not use our services.
We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy describes how we handle your personal data and your rights in relation to it.
2. What is Personal Data and What Does Processing Mean?
2.1 Personal data is any information that can identify a living person, directly or indirectly. Examples include:
Name
Personal identity number
Email address
IP address
Photos, videos, and device identifiers
2.2 Processing includes any operation such as:
Collection
Use
Storage
Alteration
Transfer
Deletion
3. Scope of This Policy
This policy applies to all data subjects whose personal data we collect, including:
Clients
Website visitors
Individuals contacting us via any channel
4. What This Policy Covers
This policy governs all processing of personal data by NiTiAB in relation to our services, marketing, communication, and digital infrastructure.
5. Data Controller
A Data Controller determines how and why personal data is processed.
6. NiTiAB as Data Controller
NiTiAB Org.nr 556986-5271 is the Data Controller for all processing of your personal data.
7. Legal Basis for Processing Personal Data
We process personal data under the following legal grounds:
Consent
Contractual necessity
Legal obligation
Legitimate interest (e.g. marketing, fraud prevention, analytics)
Multiple legal bases may apply to a single processing activity.
8. What Personal Data We Process and Why
8.1 Communication and Customer Service
We may process your name, contact details, and any information you voluntarily provide.
Purpose: To respond to questions, provide support, and improve our service.
Legal basis: Legitimate interest.
Retention: Up to 12 months after the matter is closed.
8.2 Website Use and Wi-Fi Access
We process data such as IP address, MAC address, browser type, and interaction data.
Purpose: To deliver services, maintain security, and improve performance.
Legal basis: Contract (Wi-Fi), Legitimate interest (website and analytics).
Retention: Website: 3 months; Wi-Fi: 6 months.
9. Consent and Consequences of Withdrawal
You may withdraw consent at any time. However, if you do not provide necessary data or withdraw consent for its processing, you may lose access to some or all services. This includes services that depend on user identification or communication.
10. Data Portability
You have the right to request that your personal data be transferred to another data controller in a commonly used, machine-readable format, where processing is based on consent or contractual necessity.
11. Retention Periods
We retain personal data only as long as necessary for the stated purpose or as required by law. Certain data may be stored longer for legal, accounting, or security reasons.
12. Data Protection Measures
Technical safeguards: encryption, firewall protection, and secure networks
Organisational safeguards: role-based access, staff GDPR training
Breach protocol: incidents are assessed, mitigated, and reported in accordance with legal requirements
13. Sharing of Personal Data
We may share your data with:
Service providers and subcontractors under Data Processing Agreements
Authorities, if legally required or to protect legal rights
We never sell your data.
14. Embedded Content and Third-Party Tracking
Our site may include embedded content (e.g. videos, articles). Such content behaves as if you visited the third-party site, which may collect data, use cookies, or track your interaction. NiTiAB is not responsible for the privacy practices of external sites.
15. Your Rights
You have the right to:
Access your personal data
Rectify incorrect data
Erase data under certain conditions
Restrict or object to processing
Withdraw consent
Request data portability
Lodge a complaint with the Swedish Authority for Privacy Protection (IMY)
16. Profiling and Direct Marketing
You have the right to object to:
Direct marketing
Automated decision-making or profiling related to marketing activities
You can opt out via any marketing message or by contacting us directly.
17. Cookies
We use cookies for functionality, analytics, and personalization. You can manage cookie preferences through your browser settings. Details are available in our [Cookie Policy]([insert link]).
18. Security Disclaimer
We use appropriate safeguards to protect your data, but no system is completely secure. You use our services and submit personal data at your own risk.
19. Changes to This Policy
We may update this policy without prior notice. Updates become effective 180 days after publication unless stated otherwise. Continued use of services implies acceptance of the updated terms.
20. Contact and Grievance Officer
NiTiAB
Odenvägen 40B, 181 32 Lidingö
nicklas@niti.se
Requests must be submitted in writing and include identification. Responses will be sent to your address as registered in Sweden’s National Population Register.