This privacy policy explains how Nordedge AB processes personal data when you use our website, contact us, request a quote or become a customer. It is written to be clear, practical and useful for visitors and customers.
Nordedge AB, company reg. no. 559414-7026, Husarvikstorget 4, 115 47 Stockholm, Sweden, is the controller for personal data processing carried out for our own purposes.
You can reach us about data protection at andreas@nordedge.io. Please state which processing activity or matter your question concerns so we can help you faster.
This policy applies when you visit nordedge.io, use our forms, contact us, book a consultation, request a quote, enter into an agreement with us or communicate with us as part of a project.
When Nordedge processes personal data on behalf of a customer in a customer project, the customer is normally the controller and Nordedge is the processor. That processing is governed by a data processing agreement.
| Situation | Personal data | Purpose | Lawful basis | Retention |
|---|---|---|---|---|
| Contact, quote and consultation | Name, company, email, phone number, message and other information you send to us. | Answer questions, book meetings, provide quotes and follow up an enquiry. | Legitimate interest or steps before entering into a contract. | Normally up to 24 months after the latest contact if no agreement is entered into. |
| Customer relationship and projects | Contact details, role, company details, agreements, project material, technical requirements, approvals and support cases. | Deliver websites, SEO, digital marketing, AI optimization, support and other agreed services. | Contract, legitimate interest and in some cases legal obligation. | During the agreement period and afterwards for as long as needed for support, warranty, accounting or legal claims. |
| Website visits | IP address, device information, browser, approximate location, referring page, page views and technical log data. | Security, troubleshooting, operations, statistics and website improvement. | Legitimate interest. Consent is used for non-essential cookies or similar technologies. | Technical logs are normally stored for a short time. Analytics data is stored according to the relevant tool settings. |
| Marketing and newsletters | Name, email, company, areas of interest, communication history and consent status. | Send relevant information, invitations, follow-ups and offers. | Consent or legitimate interest where permitted by law. | Until you unsubscribe, withdraw consent or object to the processing. |
| Invoicing and administration | Billing address, company registration number, contact person, order history, payment details and accounting material. | Administer payments, accounting, taxes, agreements and legal requirements. | Legal obligation, contract and legitimate interest. | According to accounting rules and for as long as needed to handle legal claims. |
We do not sell personal data. We share data when it is needed to run the business, deliver services or comply with legal requirements.
We aim to use suppliers that process personal data within the EU/EEA. If data is transferred to a country outside the EU/EEA, we use appropriate safeguards, such as the European Commission's Standard Contractual Clauses, adequacy decisions or other mechanisms allowed by data protection law.
When assessing suppliers, we consider the type of data processed, the purpose, the security level and the contractual terms that apply.
We normally respond within one month. If a request is complex or extensive, the period may be extended under the GDPR.
We use technical and organisational security measures adapted to the risk, such as access controls, limited access, supplier review, secure hosting and incident handling routines.
Access to personal data is only given to people and suppliers who need the data for their work or assignment.
If you believe that we process your personal data incorrectly, please contact us first so we can investigate and correct the issue.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection, IMY. We may update this policy when our processing activities, suppliers or legal requirements change. The latest version is always published on the website.
