PRIVACY POLICY

Comprehensive data protection in compliance with GDPR, EU regulations, and Swedish law

Last updated: August 29, 2025
Aligned with GDPR principles

Important Information

This privacy policy is designed to align with the General Data Protection Regulation (GDPR), Swedish Data Protection Act, and other applicable EU regulations. You have specific rights regarding your personal data, and we're committed to protecting your privacy.

Data Controller & Overview

Data Controller

Company: Bromander Global AB

Address: Ringaby 432, 718 92 Frövi, Sweden

Company Reg. No: 559529-7879

VAT No: SE559529787901

Registered for F-tax in Sweden

Contact: support@bromanderglobal.com

Bromander Global AB ("we," "our," or "us") is a Swedish technology holding company registered in Frövi, Sweden. We own and operate digital products including Shinery and Smart Bookkeeping. As the data controller, we determine the purposes and means of processing your personal data.

This Privacy Policy is designed to align with the General Data Protection Regulation (GDPR), the Swedish Data Protection Act (2018:218), and other applicable EU and Swedish regulations. Each of our digital services may have additional specific privacy terms for their respective features.

Data We Collect

We collect personal data in the following categories:

Identity & Contact Information

  • Full name, email address, phone number
  • Company name, job title, professional information
  • Address, postal code, country of residence
  • Account credentials and authentication data

Technical & Usage Data

  • IP address, browser type, device identifiers
  • Operating system, screen resolution, language preferences
  • Website navigation patterns, page views, time spent
  • Referral sources, search terms, click patterns
  • Session recordings (anonymized), heatmap data

Communication & Content

  • Email correspondence, chat messages, support tickets
  • Feedback, surveys, reviews, and testimonials
  • Marketing preferences and communication history
  • Meeting notes, call recordings (with consent)

Cookies & Tracking Technologies

  • Essential cookies for website functionality
  • Analytics cookies (Google Analytics, Mixpanel)
  • Marketing cookies (with consent)
  • Social media pixels and tracking beacons
  • Local storage data and session information

Special Categories of Data

We do not intentionally collect special categories of personal data (health, racial/ethnic origin, political opinions, religious beliefs, biometric data) unless explicitly required and with your explicit consent.

How We Use Your Data

We process your personal data for the following purposes, always based on a valid legal ground:

Service Delivery & Customer Support

  • Providing and maintaining our services
  • Processing transactions and managing accounts
  • Responding to inquiries and providing support
  • Troubleshooting and technical assistance

Analytics & Improvements

  • Analyzing website usage and performance
  • Improving user experience and functionality
  • Conducting research and development
  • A/B testing and feature optimization

Marketing & Communication

  • Sending newsletters and product updates (with consent)
  • Personalized marketing communications
  • Event invitations and industry insights
  • Social media engagement and advertising

Legal & Security

  • Compliance with legal obligations
  • Fraud prevention and security monitoring
  • Protecting our rights and interests
  • Law enforcement cooperation when required

Data Sharing & Third Parties

We may share your personal data with the following categories of recipients:

Service Providers & Processors

  • Cloud Infrastructure: AWS, Google Cloud (data hosting)
  • Analytics: Google Analytics, Mixpanel (website analytics)
  • Communication: Mailchimp, SendGrid (email services)
  • Support: Intercom, Zendesk (customer service)
  • Payment Processing: Stripe, PayPal (transactions)

Legal Requirements

We may disclose your data when required by law, court orders, or to protect our rights, users' safety, or comply with legal processes.

Business Transfers

In case of merger, acquisition, or sale, your data may be transferred as part of the business assets, with continued protection under this privacy policy.

We Do NOT:

  • Sell your personal data to third parties
  • Share data for third-party marketing without consent
  • Transfer data outside EU/EEA without adequate protections

Your Data Protection Rights

Under GDPR and Swedish law, you have the following rights regarding your personal data:

Right of Access (Art. 15)

Request access to your personal data and information about how we process it.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ('right to be forgotten').

Right to Restrict Processing (Art. 18)

Request limitation of processing in certain circumstances.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests or direct marketing.

How to Exercise Your Rights

Email: support@bromanderglobal.com

Response Time: Within 30 days (may be extended to 60 days for complex requests)

We may need to verify your identity before processing your request. If we refuse your request, we'll explain why and inform you of your right to complain to the Swedish Authority for Privacy Protection (IMY).

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Account Data

Active accounts: Until account deletion + 30 days for backup recovery

Inactive accounts: 3 years from last login, then automatic deletion

Communication Data

Customer support: 7 years (Swedish business record requirements)

Marketing communications: Until consent withdrawal + 30 days

Analytics Data

Website analytics: 26 months (Google Analytics default)

Performance data: 12 months for optimization purposes

Legal & Financial

Financial records: 7 years (Swedish Bookkeeping Act)

Legal documentation: As required by applicable law

Security Measures

We implement comprehensive technical and organizational measures to protect your personal data:

Technical Safeguards

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA)
  • Regular security audits and penetration testing
  • Automated threat detection and monitoring
  • Secure cloud infrastructure (SOC 2 compliant)

Access Controls

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Secure authentication protocols
  • Employee background checks

Organizational Measures

  • Regular staff training on data protection
  • Incident response and breach procedures
  • Privacy by design and by default
  • Data Processing Impact Assessments (DPIA)
  • Vendor security assessments

Compliance

  • ISO 27001 security framework
  • GDPR compliance monitoring
  • Swedish data protection standards
  • Regular compliance audits
  • Third-party security certifications

Data Breach Response

In the unlikely event of a data breach, we will notify the Swedish Authority for Privacy Protection (IMY) within 72 hours and affected individuals without undue delay, as required by GDPR Article 33-34.

Cookies & Tracking

We use cookies and similar tracking technologies to enhance your browsing experience. You can manage your cookie preferences at any time.

Essential Cookies (Required)

These cookies are necessary for the website to function and cannot be switched off.

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance

Analytics Cookies (Opt-in)

Help us understand how visitors interact with our website.

  • Google Analytics (anonymized IP)
  • Page views and user journey tracking
  • Performance monitoring

Marketing Cookies (Consent Required)

Used to deliver personalized content and advertisements.

  • LinkedIn Insight Tag
  • Google Ads conversion tracking
  • Social media integration

Cookie Management

You can control cookies through:

  • Our cookie banner and preference center
  • Browser settings (may affect website functionality)
  • Opt-out links for specific services
  • Contact us at privacy@bromanderglobal.com

Our Digital Services

Bromander Global AB develops and operates these digital services, each with specific privacy considerations:

Shinery

Privacy-first digital wellness platform with local data storage and zero tracking philosophy.

View Privacy Policy

Smart Bookkeeping

Financial management platform with bank-level security and encrypted data processing.

View Privacy Policy

Contact & Support

For questions about this Privacy Policy, data processing, or to exercise your rights, please contact us:

General Contact

Bromander Global AB

Ringaby 432, 718 92 Frövi, Sweden

support@bromanderglobal.com

Company Reg. No: 559529-7879

VAT No: SE559529787901

Registered for F-tax in Sweden

File a Complaint

If you're unsatisfied with our response, you can file a complaint with:

Swedish Authority for Privacy Protection (IMY)

Website: imy.se

Email: imy@imy.se

Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated via email and prominently displayed on our website. Continued use after changes constitutes acceptance.

Quick Response

We aim to respond to all privacy-related inquiries as soon as reasonably possible, and always within the timeframe required by law (typically 30 days, extendable to 60 days for complex requests).

Bromander Global | Innovative Solutions for Modern Businesses