INTEGRITETSPOLICY – SCIOZ AB
Last updated: 26 January 2026
SCIOZ AB values your privacy. This privacy policy explains when, how, and why we collect, use, disclose, and store personal data from our website, as well as what rights you have under the EU General Data Protection Regulation (GDPR). We process your personal data in a lawful, appropriate, and secure manner and strive to be transparent about our handling of data. This policy applies to all visitors and users of SCIOZ AB’s website (“the Website”), including those who contact us via the Website’s contact form or use our digital services here. By using the Website and/or submitting information through it, you accept that your personal data is processed in accordance with this policy and applicable legislation.
Data Controller
SCIOZ AB (company registration number 559453-0593), with registered office in Örebro, is the data controller for the processing of personal data described in this policy. Our postal address is Östra Vintergatan 8 apt. 1202, c/o Daniel Hernández, 703 43 Örebro, Sweden. You can find our contact details under the section Contact below if you have questions about how we process personal data.
Collection of Personal Data
Personal data refers to information that can be linked to an identified or identifiable natural person, such as name, address, email address, telephone number, or IP address. SCIOZ AB collects personal data about you mainly in two ways: (1) information you provide yourself (e.g. via the contact form), and (2) information generated automatically through your use of the Website (e.g. via cookies and logs).
Categories of Personal Data and Purposes
Contact details via forms:
If you fill in our contact form, we collect your name, telephone number, and email address. We use this information to respond to your inquiry, provide you with the information you requested, or discuss a potential collaboration. The purpose is thus to enable communication with you as someone who has contacted us. The legal basis for this processing is our legitimate interest in responding to inquiries from potential customers or partners (and, where applicable, to take steps at your request prior to entering into a potential agreement). The data is used solely to manage your contact request, and we do not process it for marketing purposes without your explicit consent. We also do not retain this personal data longer than necessary to fulfill this purpose (see Retention Period below).
Technical visit data:
When you visit our Website, certain technical information is automatically registered, including IP address, browser type/version, operating system, timestamps, and which pages are visited. This information is collected by our server logs and/or through necessary cookies. The purpose of this processing is to ensure the Website’s basic functionality, IT security, and to enable us to keep anonymous statistics on traffic. The legal basis is our legitimate interest in providing a secure, functioning website and understanding how the Website is used in order to improve it. Although IP addresses may in themselves constitute personal data under GDPR, we do not use log or tracking data to identify individual visitors, but only for the purposes stated above.
Cookies and user behavior:
We use cookies on the Website. Some cookies are necessary for the Website to function, while others are optional and are used only if you give your consent. Analytics cookies help us understand how visitors interact with the Website by collecting information about user behavior (e.g. which pages are visited, for how long, and which links are clicked). This allows us to analyze data and improve our services and content. Marketing cookies are used to track visitors’ web usage over time and across different websites, in order to display personalized and relevant advertisements for our products or services. Marketing cookies make it possible, for example, that if you have visited our Website, you may later see advertisements for SCIOZ AB’s products on other websites or social media. These non-essential cookies (analytics and marketing) may involve the processing of personal data such as online identifiers, cookie IDs, and IP addresses. The legal basis for our use of analytics and marketing cookies is consent. We do not place such cookies without your prior approval, which is obtained via our cookie banner. You may at any time choose to allow or reject analytics and marketing cookies and withdraw a given consent (read more about how to manage cookies in our Cookie Policy).
Retention Period
We retain personal data only for as long as necessary to fulfill the purposes for which the data was collected, or as long as required by applicable laws and regulations.
Contact inquiries:
Data submitted via the contact form is stored only for as long as needed to handle your inquiry and any follow-up. As a guideline, we normally store this data for up to 12 months after the matter has been concluded, in case further dialogue becomes relevant. Thereafter, the information is deleted or anonymized.
Analytics data (web statistics):
Data collected through analytics cookies is aggregated and anonymized to the greatest extent possible. We follow recommended retention periods for such data – generally retaining collected statistics for up to 14 months before they are automatically deleted. Specific retention periods for our analytics cookies are stated in our Cookie Policy, but typically analytics cookies are stored for no longer than one year unless you delete them manually earlier.
Marketing data:
Information from marketing cookies (e.g. advertising IDs and tracking data) is used for advertising purposes for a limited time. Our marketing cookies are in most cases valid for up to 12 months, but we may cease using them earlier if you withdraw your consent. Note that third-party platforms providing marketing cookies (e.g. Google or Facebook) may store certain data according to their own policies; see the respective party’s privacy policy for details.
We regularly review the personal data we store and delete or anonymize data that is no longer needed. However, personal data required to fulfill legal obligations (e.g. accounting laws) may be stored for longer periods as required by law, regardless of the general time limits stated above.
Sharing of Personal Data
SCIOZ AB never sells your personal data to third parties. However, we may need to share personal data with selected recipients in order to operate our business and provide the Website:
Service providers (data processors):
We use external providers for the operation and maintenance of our Website, as well as for certain functions such as analytics and marketing. For example, we may use an IT provider for web hosting/server operation or services such as Google Analytics for analytics. These providers act solely on our instructions and on our behalf. We ensure through agreements that all data processors protect your personal data and provide sufficient guarantees regarding security and confidentiality. They may not use the data for their own purposes and are bound by confidentiality requirements.
Third parties who are independent data controllers:
Certain cookies and third-party plugins on our Website mean that external parties also collect personal data. If you, for example, consent to our analytics and marketing cookies, providers such as Google (Google Analytics) or Meta/Facebook (Facebook Pixel) may gain access to certain information about your visit. These parties become independent data controllers for the further processing of the personal data they receive, meaning their own privacy policies apply to the subsequent handling. We recommend that you read the privacy policies of such external actors to understand how they process data. SCIOZ AB does not disclose more data than necessary to third parties – they receive only what the cookies or integrations in question automatically transfer.
Authorities and legal requirements:
SCIOZ AB may disclose necessary information to authorities, courts, or other competent bodies if we are legally obliged to do so, or if required to protect our legal interests in connection with, for example, detection of crime or handling of a legal dispute. For instance, we may need to share information with the Swedish Tax Agency, the Police, or other authorities if required by law or official decision.
Where personal data is shared with an entity that is an independent data controller (e.g. an authority or a company we link to), that organization’s own privacy policy applies to their processing of the data. We take reasonable measures to ensure that we only share personal data when justified and necessary.
Transfer of Data Outside the EU/EEA
SCIOZ AB strives to store and process personal data within the EU/EEA. In some cases, however, personal data may be transferred to countries outside the EU/EEA (“third countries”). For example, our third-party providers for analytics or marketing may have operations in the United States, meaning that data collected via cookies may be transferred to servers in the U.S.
When we transfer personal data to a country outside the EU/EEA, we ensure that appropriate safeguards are taken to protect your data, in accordance with Chapter V of the GDPR. Such measures may include:
- Adequate level of protection: Transfer to countries that the European Commission considers to have an adequate level of protection through a formal adequacy decision.
- Standard Contractual Clauses: In the absence of an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (SCCs) with the recipient. We assess on a case-by-case basis whether additional technical or organizational measures are needed beyond the SCCs.
- Other safeguards: Where necessary, we implement supplementary safeguards such as data encryption, pseudonymization, access restrictions, and similar measures to ensure that your personal data remains protected after the transfer.
You have the right to obtain information about whether your personal data is transferred to a third country. If you have questions regarding our international data transfers, please contact us (see Contact below).
Your Rights
When we process your personal data, you have several rights under the GDPR. You may exercise your rights by contacting us – see Contact. We will respond without undue delay, normally within one month.
Right of access: You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, access to the personal data and information about the processing.
Right to rectification: If any data about you is inaccurate or incomplete, you have the right to request that it be corrected or completed.
Right to erasure: Under certain circumstances, you have the right to have your personal data erased, for example if the data is no longer necessary for the purposes for which it was collected, or if processing is based on consent and you withdraw that consent. The right to erasure is not absolute.
Right to restriction of processing: You have the right to request restriction of processing in certain situations.
Right to object: You have the right to object to processing based on legitimate interest.
Right to data portability: Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format.
Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time.
Right to lodge a complaint: You have the right to lodge a complaint with the competent supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (IMY).
Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, alteration, or unlawful processing. In the event of a personal data breach, we will act promptly and, where required, notify the supervisory authority and affected individuals.
Changes to This Policy
We may update this privacy policy as needed. The latest version is always available on the Website.
Last updated: 26 January 2026
Contact
SCIOZ AB
Org. no. 559453–0593
Address: Östra Vintergatan 8 apt. 1202, c/o Daniel Hernandez, 703 43 Örebro, Sweden
Email: