Privacy policy
This policy describes how HDL Commerce AB collects, uses and protects personal data when you use our website, platform and services — in accordance with the General Data Protection Regulation (GDPR).
01 Data controller
HDL Commerce AB (org.nr 559355-7324), Kullagatan 12, 252 20 Helsingborg, is the data controller for the processing of personal data on our websites and in our marketing. When we operate the commerce platform on behalf of a customer, we act as a data processor for that customer, who is then responsible for their end customers’ data. This relationship is governed by a data processing agreement (DPA).
02 Data we collect
We collect data you provide yourself and data generated when you use our services:
- Contact details — name, work email, company, phone number, e.g. when you book a demo or contact us.
- Account details — login credentials and roles for those who administer the platform.
- Usage data — logs, IP address, device and browser, and how you interact with the service.
- Communication — the content of emails, support tickets and forms.
We never collect more data than is needed for the purpose, and we do not request sensitive personal data.
03 Purposes & legal basis
| Purpose | Legal basis |
|---|---|
| Delivering and operating the platform | Performance of contract |
| Responding to enquiries & support | Legitimate interest |
| Booking and conducting demos | Legitimate interest / consent |
| Newsletter & marketing | Consent |
| Security, logging & troubleshooting | Legitimate interest |
| Meeting accounting & legal requirements | Legal obligation |
04 Sharing & sub-processors
We never sell your personal data. We share it only with carefully selected sub-processors who help us deliver the service — e.g. for hosting, email, payments and analytics. All are bound by data processing agreements.
Our infrastructure runs within the EU/EEA. Should a transfer to a third country become necessary, it will only take place with appropriate safeguards, such as the EU standard contractual clauses.
05 Retention & deletion
We keep data only as long as needed for the purpose it was collected for:
- Customer data — for the duration of the agreement and at most 24 months thereafter.
- Leads & demo requests — up to 24 months from the last contact.
- Newsletter — until you unsubscribe.
- Accounting records — 7 years in accordance with the Swedish Accounting Act.
06 Security
We apply technical and organizational security measures to protect data against loss, misuse and unauthorized access — including encryption in transit and at rest, access control, logging and continuous security patching. The platform is monitored around the clock.
07 Your rights
Under the GDPR you have the right to:
- request a copy of the personal data we process about you,
- have inaccurate data corrected,
- request erasure (“the right to be forgotten”),
- request restriction of or object to processing,
- receive your data in a machine-readable format (data portability),
- withdraw consent at any time.
To exercise a right, email dataskydd@hdlcommerce.se. We respond without undue delay and within one month at the latest.
08 Contact & complaints
If you have questions about how we process your data, reach us at dataskydd@hdlcommerce.se or via the contact page. You also have the right to lodge a complaint with the supervisory authority, the Swedish Authority for Privacy Protection (IMY).
Want to know more about how we protect data?
Our team is happy to answer questions about data protection, DPAs and hosting in Sweden.