top of page

Privacy Policy

Business Contacts and Website Visitors

Last updated: March 25, 2025

​

Information on how we process your personal data

​

1. Introduction

This Privacy Policy (the “Policy”) describes how NP Innovation AB, reg. no. 556660-5704 (“we”, “us” or “our”), with address Flintyxegatan 8A, SE 213 76 Malmö, Sweden, processes your personal data when you visit and use our website or come into contact with us because of our business and services – usually because you represent a corporate customer, supplier or a partner of ours.

We are responsible for the processing of your personal data as described in the Policy in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us, e.g. via the address above or via our email address: info@npin.se.

​

It is important to us that you feel comfortable with how we process your personal data, and we therefore ask you to read through this Policy, which we may update from time to time. If we make changes to the Policy, the new version will apply from the time it is published on our website. At the top of the page, you can see the date of the latest version of this Policy.

​

2. How we collect your personal data

The personal data we process relating to you is mainly collected from you when you visit and use our website or when we come into contact with you – e.g. via email, telephone or personal meetings, conferences, conventions or similar occasions. We may also collect your personal data from a third party, usually from the company or organization you represent.​

​

3. How we process your personal data

​

3.1 Introduction
 

We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for our processing of your personal data, which in our context generally means one of the following legal bases.


Performance of a contract – the processing is necessary in order for us to provide you with our services or otherwise perform a contract between us (this applies if you conduct your business in a sole proprietorship), or to take steps at your request prior to entering into a contract.

If you are acting on behalf of someone else, e.g. in the capacity of representative of a company (which usually is the case), our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.
 

Performance of legal obligations – the processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

​

Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).

​

Consent – the processing is carried out with your prior consent, where we inter alia are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing.

​

Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long we store your personal data. For information on who we share your personal data with, please refer to Section 5 of this Policy.

​

3.2 To maintain and improve our website

​

Purposes of the processing

Collect statistical data and analyse the web traffic on our website as well as other technical information generated when visiting our website, in order to maintain and improve its functionality, the user experience, and in order to discover and handle errors, breaches and incidents.

To do this we use third party analytics services. The statistics we produce and the analysis we carry out by using these services are based on aggregated data and other de-identified or anonymized data.

Categories of personal data

The personal data we process consist of:

• IP-address

• Other technical information generated through visits on our website, such as the type of technical device that you have used, web browser, visited pages as well as the time of the visits (browser information, time zone at the place from which you visited our website, other web traffic information)

 

Legal basis: Legitimate interest, where our legitimate interest is to collect information to maintain and improve the functionality, content, and security of our website. Collection of information by use of cookies and similar technologies is carried out based on your consent, unless they are strictly necessary in order for you to be able to access and use our website in an appropriate manner. For more information on how we use cookies and similar technologies, please see our cookie policy here.  

 

Storage period: We retain information on how visitors interact with our website for no longer than six (6) months. In most cases, the collected personal data is converted to aggregated data (anonymized data) before the expiration of that time period, in connection with us producing statistical data.

 

3.3 To create potential business relationships
 

Purposes of the processing

Contact and communication with you for the purposes of creating a business relationship with you and/or the company or organization you represent.

This includes, among other things, communication via email regarding our business, services and current activities (see also Section 3.6 below).
 

Categories of personal data

The personal data we process consist of:

• First and last name

• Contact details such as email address, telephone number, location and business address

•Professional title and information regarding the company or organization you represent

• Information that you otherwise provide us with in our communications with you

 

Legal basis: Legitimate interests, where our legitimate interest is to create a business relationship with you and/or the company or organization you represent.

 

Storage period: We retain your personal data for a period of six (6) months after the data was collected. If a business relationship is established between us and you and/or the company or organization you represent during this time, we will however continue to process your personal data in accordance with Section 3.4-3.6 below.

 

3.4 To maintain and develop existing business relationships
 

Purposes of the processing

Contact and communication with you in your capacity as, or representative of, one of our existing customers, partners, suppliers or other business contacts, in order to maintain and develop our business relationship with you and/or the company or organization you represent.

This includes, among other things, regular administration and communication regarding our customer, partner and supplier agreements and communication via email about our business, services and our current activities (see also Sections 3.5 and 3.6 below).

Categories of personal data

The personal data we process consist of:

• First and last name

• Contact details such as email address, telephone number, location and business address

• Professional title and information regarding the company or organization you represent

• Information that you otherwise provide us with in our communication with you

 

Legal basis: Legitimate interest, where our legitimate interest is to maintain and develop our business relationship with you or the company or organization you represent.

 

Storage period: We retain your personal data for as long as we have a business relationship with you or the company or organization you represent, but no longer than two (2) years after the last time we were in contact in our business relationship.
 

Please note that we may need to store your personal data for a longer time for other purposes, e.g. if we need to take measures in order to establish, exercise or defend legal claims. We may also need to store your personal data for a longer time in order to fullfil our legal obligations, e.g. relating to bookkeeping in accordance with the Swedish Accounting Act (see further Section 3.7 below).

 

3.5 To administer the conclusion and performance of contracts
 

Purposes of the processing

Administration and communication in order to conclude or perform a contract between us and you and/or the company or organization you represent.

This includes, among other things, invoicing and customary contract management, as well as following up and documentation of contract related matters.

Categories of personal data

The personal data we process consist of:

• First and last name

• Contact details such as email address, telephone number, location and business address

• Professional title and information regarding the company or organization you represent

• Information that you provide to us in contract related matters with you and/or the company you represent, e.g. questions and feedback on contracted services

 

Legal basis: The processing is necessary to conclude and perform a contract with you or the company or organization that you represent. If you are acting on behalf of someone else, e.g. in the capacity of representative of a customer, partner or supplier to us, our processing is carried out based on our legitimate interests, where our legitimate interest is to conclude as well as perform the agreement with the company or organization you represent.

 

Storage period: We process and store your personal data for as long as we have a business relationship with you and/or the company or organization you represent, but no longer than two (2) years after the last time we were in contact in our business relationship.

​

Please note that we may need to store your personal data for a longer time for other purposes, e.g. if we need to take measures in order to establish, exercise or defend legal claims. We may also need to store your personal data for a longer time in order to fulfil our legal obligations, e.g. relating to bookkeeping according to the Swedish Accounting Act (see further Section 3.7 below).

 

3.6 Newsletters and other marketing messages
 

Purposes of the processing

To administer and send marketing messages via email for the purposes of providing information about our business, services and current activities.

Categories of personal data

The personal data we process consist of:

• Email address

• First and last name

 

Legal basis: We only send marketing messages via email to you if you have registered for them and thereby consented to receiving them. If you are an existing customer, we only send marketing messages via email to you if the content is relevant in relation to you and the company or organization you represent. Our marketing is then based on our legitimate interests, where our legitimate interest is to be able to market ourselves and our services. You can always opt-out of this kind of communication either by using the link provided in each marketing communication and newsletter sent from us, or by e-mailing us at info@npin.se.

 

Storage period: We retain your personal data to send marketing messages via email to you as long as you have not opted out from receiving further messages. Please note that a withdrawal of your consent does not affect the legality of the processing we carried out during the time we had your consent.

 

3.7 To fullfil legal obligations or to establish, exercise or defend legal claims

We may process your personal data in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

We may also process your personal data so that you, or the company or organization you represent, we or any relevant third party can establish, exercise or defend legal claims, e.g. in connection with an ongoing dispute.
 

4. Security measures

We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities. In addition, data processing agreements have been entered into with our suppliers of systems and services (see further Sections 5 and 6 below).
 

5. How we share your personal data

Access to your personal data is limited to recipients who require such access for the purposes described in Section 3 above or as otherwise stated below. Your personal data will therefore be shared with the following categories of third-party recipients:
 

(a) Group companies: We will share your personal data with other companies within our group for the purposes of internal management services, accounting, marketing and other services. If we share your personal data with other companies within our group, we will ensure that the personal data continues to be processed in line with this Policy.


(b) Service providers: We use third-party service providers to manage parts of our business operations. We will share personal data with such third parties in order for them to supply us with services, e.g. IT services or other administrative functions or provide services as sub-contractors in connection with our own services. When we use such service providers, we enter into data processing agreements and take other suitable measures to ensure that your personal data is processed in line with this Policy.
 

(c) Our partners: We will from time to time cooperate with external parties in order to improve our services and business. Such parties either process your personal data as data controllers according to their own terms and policies for handling personal data, or as our data processors according to our instructions. In the latter case, we enter into data processing agreements and take other suitable measures to ensure that your personal data is processed in line with this Policy.

 

(d) Sale or transfer of business or assets: We will share your personal data with a buyer/investor or prospective buyer/investor in the event of a sale, assignment or other transfer of all or parts of our shares, assets or operations. When such transfer of personal data occurs, we will take actions in order to ensure that the receiving party processes your personal data in accordance with this Policy. The purpose of such sharing or processing of your personal data is to allow a (potential) buyer/investor to carry out an assessment of us as a company and, where necessary, take actions and make preparations in the event a sale, assignment or other transfer should occur, where such sharing or processing of your personal data is carried out with reference to the legitimate interests of allowing such assessment, actions and preparations by the (potential) buyer/investor.

​

(e) Public authorities: We will share your personal data with public authorities such as the Swedish Tax Agency or the Police when required by law, regulation or court or authority decision, in order to fulfil the legal obligations specified therein.

 

6. Where we process your personal data

Our goal is to always process your personal data within the EU/EEA. However, as some of our suppliers are international, your personal data will be transferred to countries outside the EU/EEA in accordance with our agreements with the suppliers. In such cases, we are obliged to ensure that the transfer takes place in accordance with applicable data protection legislation before the data is transferred, e.g. by ensuring that the country to which the data is transferred meets the requirements for an adequate level of protection in accordance with the European Commission’s decision, or by ensuring that the transfer is covered by appropriate protection measures in the form of e.g. standard contractual clauses decided by the European Commission which ensure that appropriate measures are taken to safeguard your rights and freedoms.

​

Via the following link, you will find information about the countries outside the EU/EEA that the EU Commission has decided meet an adequate level of protection for permitted transfer of personal data.

​

Via the following link you will find the standard contractual clauses decided by the European Commission ensuring that appropriate safeguards are applied by the recipient of personal data after transfer from the EU/EEA.

​

7. Your rights

You have rights in relation to us and our processing of your personal data. Below, you will find information about your rights and how you can exercise them.
 

Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights where applicable. We also ask you to note that we may need more information from you in order to e.g. confirm your identity before proceeding with your request to exercise your rights.

To exercise your rights or request information about them we ask that you contact us, which is most easily done via email: info@npin.se.
 

7.1 Right of access

​

You have the right to obtain a confirmation as to whether or not we process your personal data. Where we process your personal data, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories of personal data and the recipients of such personal data.

​

7.2 Right to rectification

​

You have the right to request that we correct any incorrect personal data we process about you, as well as request that we complete incomplete information.

​

7.3 Right to erasure
 

You may request that we erase your personal data without undue delay in the following situations:

  • The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • Our processing is based on your consent, and you withdraw your consent for the relevant processing;

  • You object to processing that we carry out based on a legitimate interest, and your objection overrides our or another party’s legitimate interest of the processing;

  • The processed personal data is unlawfully processed;

  • The processed personal data has to be erased for our compliance with one or more legal obligations.


7.4 Right to restriction
 

You may request that we restrict the processing of your personal data in the following situations:

  • You contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;

  • The processing is unlawful and you oppose erasure of the personal data and request restriction instead;

  • The personal data is no longer needed for the purposes of the processing, but is necessary for you for the establishment, exercise or defence of legal claims;

  • You have objected to the processing of the personal data which we carry out based on a legitimate interest, pending the verification whether your objection overrides our or another party’s legitimate interest to continue with the processing.​

​

7.5 Right to object
 

You may object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.


7.6 Right to data portability

​

If our processing of your personal data is (i) based on the performance of a contract with you or (ii) your consent, you have the right to receive the personal data you have provided us relating to you in an electronic format. You also have the right to have the personal data transferred from us directly to another data controller, where technically feasible.

We ask you to observe that this right to so called data portability does not cover personal data which we process manually.

 

7.7 Right to withdraw consent

​

If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on your consent before your withdrawal.

 

8. Complaints with the supervisory authority

In Sweden, the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for supervising the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. However, you may file a complaint with the Swedish Authority for Privacy Protection at any time.

​​

​​

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email: info@npinnovation.se

By visiting this page on our website: https://www.npinnovation.se/contact

By phone number: +46 405 75 000

bottom of page