Privacy Policy
Document revision D
11 November 2025
1. Data Controller
Scandiflash AB, reg. no. 556233-2154
Palmbladsgatan 1, SE-754 50 Uppsala, Sweden
Email: mailbox@scandiflash.com
Phone: +46 (0)18 55 75 10
Scandiflash AB (“we”, “our”, “us”) is the controller for the processing of personal data described in this policy.
2. Scope of this Policy
This policy explains how Scandiflash collects, uses, stores, transfers and protects personal data related to:
Customers and potential customers
Suppliers and business partners
Website visitors
Job candidates
Individuals contacting us by email, phone, or through our website
When Scandiflash processes data on behalf of a customer (for example under a service agreement), the customer is the data controller and Scandiflash acts as data processor under a separate data processing agreement.
3. Categories of Data Subjects and Personal Data
Depending on your relationship with us, we may process the following categories of data subjects and personal data:
| Data subject | Personal Data categories |
| Customer and contract management | Name, contact details (email, phone, address), information relating to your workplace (e.g. name of your employer, department, title etc.), personal identity number (if sole proprietor), any personal data in invoices and contracts and correspondence. |
| Supplier and partner management | Name, contact details, information relating to your workplace (e.g. name of your employer, department, title etc.), personal identity number (if sole proprietor) and any personal data in invoices and contracts. |
| Website visitor | IP-address, device settings (e.g. device and web browser type, operating system, time zone) and information generated by enabled cookies in accordance with our cookie policy [link to cookie policy]. |
| Job candidate | Name, contact details, identity verification and permits, merits, job details, interview and tests and background checks. |
| Individual contacting us | Name, email address, and any information you choose to include when contacting us. |
Note: We do not collect or analyse visitor behaviour on our website and we do not use analytics tools.
- Purpose and Legal Basis
We process personal data for the following purposes and based on the following legal grounds:
| Data subject | Purpose | Legal basis (Art. 6 GDPR) | |
| Customer and contract management |
We process the personal data for the purposes of providing our services or products, facilitate customer service, manage invoices, marketing, sales- and performance analysis, and comply with obligations relating to accounting and tax reporting. The personal data used for the purpose of sales- and performance analysis of our business is aggregated and anonymised. |
The personal data is primarily processed based on our legitimate interest of being able to perform our contract with the company you represent or to comply with a legal obligation. We may also process the personal data on the basis of our legitimate interest to improve our customer service and/or your consent to advertise similar services or products offered by us. | |
| Supplier and partner management |
We process the personal data for the purpose of completing the order of a purchased service or product, and fulfil the obligations stated in the agreement with the supplier that you represent.
|
The personal data is primarily processed based on our legitimate interest of being able to perform our contract with the supplier you represent or to comply with a legal obligation. We may also process the personal data on the basis of our legitimate interest to maintain and improve our services and products towards the end customer. | |
| Website visitor |
We process personal data as your IP-address and device settings to the extent this information is necessary to provide our website and ensure our network security. We may also process your personal data depending on what cookies you have activated on the website. With the exception of strictly necessary cookies, the information collected by our use of cookies will be based on your consent. For further details regarding our use of cookies, please visit our cookie policy. |
The personal data is processed on the basis of our legitimate interest of providing our website and ensure our network security. Some personal data will be processed based on your consent. | |
| Job candidate | We process the personal data for the purpose of performing and managing the recruitment process. |
Personal data relating to contact details, merits, job details as well as interview and tests are processed on the basis of our legitimate interest to ensure an efficient and correct recruitment process. Personal data relating to identity verification and permitsis processed to comply with our legal obligations. Personal data relating to background checks is processed to comply with our legal obligations when relating to security clearances, or on the basis of our legitimate interest when it is of crucial importance to determine the suitability of a person in relation to the applied position. With your consent, your personal data may also be processed for future recruitments. |
|
| Individual contacting us | We process the personal data for the purpose of communicating with representatives of our customers and suppliers, as well as other individuals contacting us. | We have a legitimate interest to process personal data related to individuals who contact us in order to communicate with them. |
- Retention Periods
We store personal data only as long as necessary for the purpose it was collected:
- Billing data for bookkeeping and tax purposes: Stored for seven (7) years (according to Swedish accounting law).
- Information relating to payment claims will be stored for up to ten (10) years. Any agreement you have with us will be stored, at a minimum for as long as you are a customer and for any period thereafter that is necessary to fulfil any obligations set out in the agreement or to comply with a legal obligation.
- Supplier data: Stored for the duration of the contract and as long as legally required.
- Data related to website visitors: The storage period will depend on your cookie preferences and the applicable type of cookie, in relation to the collected personal data, and otherwise for as long as your web browser remains open, please see our cookie policy.
- Data related to job candidates: Stored for two (2) years after the recruitment process has ended. If you have given your consent for us to process your personal data for future recruitment, we will store the personal data until such time you have withdrawn your consent or earlier on our own initiative. For successful candidates any personal data relevant to your employment will be included in your personnel file and stored by us during your employment period. Following the termination of your employment the personal data will be stored for a period of time based on applicable law and in accordance with our internal policies.
- General correspondence: Stored for up to 2 years after last contact.
When the retention period expires, the data will be deleted or anonymised.
- Sharing of Personal Data
We may share personal data with trusted service providers who assist us in operating our business, such as:
- IT and hosting service providers within the EU/EEA
- Accounting and auditing partners
- Public authorities when required by law
All processors act under a written agreement and may only process data according to our instructions.
No personal data is transferred outside the EU/EEA without adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercising of your rights. We ensure that your privacy is protected by an adequate level of data protection through for example EU Standard Contractual Clauses based on the EU commission’s model clauses complemented by supplementary security measures if necessary. If you would like more information on the security measures in place, please contact us.
- Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. This includes access control, secure backups, and confidentiality obligations for our staff.
- Your Rights
You have the following rights under the GDPR:
- The right to obtain confirmation whether we process personal data about you, and in such case obtain access to it in the legally prescribed manner;
- The right of rectification – to correct inaccurate or incomplete data about you.
- The right of erasure (“right to be forgotten”) – to request deletion under certain conditions.
- The right of restriction of processing, provided there are no lgela reasons to continue the processing.
- The right of data portability (where technically feasible).
- The right to object to processing based on legitimate interest.
- Withdrawal of consent at any time.
To exercise your rights, contact us at mailbox@scandiflash.com. Please note that in order to ascertain that the correct person is submitting a request for a measure pursuant to the above, we may need to verify your identity. We will respond within 30 days.
If you believe your data is processed unlawfully, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY): www.imy.se.
- Cookies
Our website uses only essential cookies required for basic functionality. We do not use cookies for analytics, tracking, or advertising.
You can control cookies through your browser settings.
- Changes to this Policy
We may update this Privacy Policy when necessary to reflect changes in legal requirements or our processing practices. The latest version is always available at scandiflash.com/privacy-policy.
- Contact
For any questions about personal data or this policy, please contact:
mailbox@scandiflash.com
Scandiflash AB, Palmbladsgatan 1, SE-754 50 Uppsala, Sweden