Privacy Policy

Data controller

The controller responsible for processing your personal data is Riror AB (organization number: 559281-9758, postal address: c/o Robert Leal, Jungmansgatan 67 Lgh 1002, 621 51 Visby, Sweden). We are the data controller under the GDPR.

What data do we collect?

We may process, for example:

• Contact details you provide in contact forms or when requesting a quote (name, email, phone number, company name).
• Content of messages you send to us.
• Technical information such as browser and device type via log files.
• Anonymized website statistics via Simple Analytics (no personal data is collected, see below).

Why do we use the data?

We use personal data to:

• Respond to inquiries and manage contact channels you initiate.
• Deliver and perform the services you have ordered, where your personal data may be needed as part of the assignment, and improve our services and website.
• Fulfil contracts and prepare or administer assignments.
• Comply with legal requirements and protect our legitimate interests (e.g. security and abuse prevention), to the extent permitted by law.

Legal basis

Processing is based on Article 6 of the GDPR, typically on the basis of contract or steps prior to a contract, legitimate interest (e.g. operation and security of the website, provided a balancing test is carried out), legal obligation where required, or consent when you have explicitly agreed to a specific purpose.

Cookies

Our website does not use cookies. We do not use tracking scripts and do not set any cookies in your browser.

Website analytics

We use Simple Analytics to collect anonymized statistics about how the website is used. Simple Analytics does not store IP addresses, does not set cookies and does not track individual visitors. All data is stored within the EU. No consent is required as no personal data is processed.

Third-party services

We may use providers such as email, form solutions, hosting, analytics tools or font providers. These may process personal data as sub-processors under our instructions and applicable agreements. Transfers outside the EU/EEA only take place with appropriate safeguards, such as standard contractual clauses or adequacy decisions.

How long do we keep data?

Data is retained for as long as needed for the purpose, during the contract period, or the time required by applicable legislation. When the data is no longer needed it is deleted or anonymized.

Your rights

Under the GDPR you have the right to, among other things:

• Access which personal data we process about you.
• Request correction of inaccurate data.
• Under certain conditions, request erasure or restriction of processing.
• Object to processing based on legitimate interest.
• Request data portability where applicable.
• Withdraw consent when processing is based on consent, without affecting processing prior to withdrawal.
• Lodge a complaint with Integritetsskyddsmyndigheten (IMY), www.imy.se.

To exercise your rights, contact us using the details below.

Data sharing and selling

We never sell your personal data to third parties. Data is only shared with providers who need it to perform services on our behalf, under contract and in accordance with applicable data protection legislation.

Changes to this policy

We may update this policy from time to time. Changes are published on this page with a new date.

Security

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss or misuse. However, no transmission over the internet is entirely risk-free.

Contact us

If you have questions about this policy or how we process your personal data, you can reach us at kontakt@riror.se or via our contact form.