Privacy Policy
ADVIGA AB welcomes your visit to our website and your interest in our company.
We take the protection of your personal data very seriously and want you to feel safe and comfortable when visiting our website.
For this reason, this privacy policy informs you about which personal data we process when you visit our website and what rights you have. We therefore ask you to read the following carefully.
Personal data means any information relating to an identified or identifiable natural person. This includes, for example, your name, address and contact details, or your e-mail address. Processing means any operation performed on personal data, whether or not by automated means, such as collection, recording, storage, use, disclosure, restriction, erasure or destruction.
Data subject means any identified or identifiable natural person whose personal data is processed by the controller. Controller means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. User covers all categories of data subjects, including our business partners and other visitors to our website.
For the terminology used, we additionally refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller as defined by data protection law
ADVIGA AB
Fluxerum 2
S-577 99 Pauliström
Phone: +46 73 9549815
Email: hej@adviga.se
2. Data Protection Officer
If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly. The data protection officer is also available for requests for information, applications or complaints: hej@adviga.se
3. Scope & Processing of Personal Data
3.1. Your Visit to Our Website
When you visit our website, your browser transmits certain data to our web server for technical reasons. This includes the following data (so-called server log files): IP address; date and time of the request; time zone difference from Greenwich Mean Time (GMT); content of the request (specific page); operating system and HTTP status code; volume of data transferred; website from which the request originates (“Referrer URL”); browser, language and version of the browser software.
3.1.1. Legal Basis & Purpose of Processing & Storage Duration
The storage of this data in log files is necessary to ensure the functionality of the website. It also serves to optimise the website and to ensure the security of our IT systems. We collect this data on the basis of our legitimate interest within the meaning of Art. 6(1)(f) GDPR, in order to display our website and ensure its security. Information in log files is stored for security reasons for a maximum of seven days and is then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the relevant incident has been finally clarified.
3.1.2. Right to Object and Erasure
The collection of data for the provision of the website and its storage in log files is technically mandatory for the operation of the website. Consequently, users have no right to object.
3.2. Contacting Us
You can contact us by e-mail or by telephone. When you contact us by e-mail, the personal data transmitted with your message (e.g. name, e-mail address and the content of the message) will be processed. When you contact us by telephone, the data you provide during the call will be processed for the purpose of handling your enquiry.
3.2.1. Recipients of the Data
The data transmitted to us is processed by the internal departments responsible for the respective business process.
3.2.2. Legal Basis & Purpose of Processing & Storage Duration
The processing of this personal data is used to handle your enquiry. When you contact us, your details are processed for the handling of the contact enquiry pursuant to Art. 6(1)(b) GDPR. We delete personal data when it is no longer required for the purposes for which it was collected; for contact data this is the case when the respective conversation with the user has ended.
3.2.3. Right to Object and Erasure
You have the right to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. Please address such revocations to hej@adviga.se. All personal data stored in the course of contacting us will then be deleted.
3.3. Cookies
This website does not use any cookies. We set no cookies whatsoever — neither technically necessary ones nor cookies for analysis, tracking or reach measurement. Our audience measurement (see section 6) works entirely without cookies. A cookie consent banner is therefore not required.
3.4. Scope, Purpose & Legal Basis of Processing Customer Data
ADVIGA AB processes customer data within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, server administration, data analysis/consulting services and training services.
We process master data (e.g. names or addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), contractual data (e.g. subject matter of the contract, term), payment data (e.g. bank details, payment history), and usage and metadata. We do not generally process special categories of personal data unless these are components of a commissioned processing activity. The purpose of processing is the provision of contractual services, accounting, and our customer service. The legal bases are Art. 6(1)(b) GDPR (contractual services) and Art. 6(1)(f) GDPR (analysis, statistics, optimisation, security measures). When processing data provided to us within the scope of a contract, we act in accordance with the instructions of the client and the statutory requirements for commissioned processing under Art. 28 GDPR.
ADVIGA AB deletes this data after expiry of statutory warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; where statutory archiving obligations apply, deletion takes place after their expiry. In the case of data disclosed to us by the client within the scope of a contract, we delete the data in accordance with the requirements of the contract, generally upon termination of the contract.
4. Data Security
We take technical, contractual and organisational measures to ensure data security in accordance with the state of the art. In this way, we ensure that the provisions of data protection laws, in particular the GDPR, are complied with and that the data processed by us is protected against destruction, loss, alteration and unauthorised access. These security measures also include the encrypted transmission of data between your browser and our servers (SSL/TLS). All information you transmit to us is stored and processed on our servers within the European Union.
5. Disclosure of Data to Third Parties
We do not actively disclose your personal data to third parties for advertising, tracking or commercial purposes. Disclosure only takes place insofar as this is necessary for the performance of a contract concluded with you (Art. 6(1)(b) GDPR); insofar as we are legally obliged to disclose the data (Art. 6(1)(c) GDPR); or within the scope of commissioned processing pursuant to Art. 28 GDPR by service providers carefully selected and contractually bound by us.
Categories of Processors
We operate the web server and the associated infrastructure ourselves on root servers leased by us. These are located in data centres within the European Union (location: Federal Republic of Germany). The operators of these data centres provide technical infrastructure services and, due to the rental relationships, formally have the status of processors within the meaning of Art. 28 GDPR. Data processing agreements have been concluded with these operators. No transfer of data to third countries outside the EU/EEA takes place.
6. Audience Measurement with Umami Analytics
For the statistical analysis of visitor behaviour on this website, we use the self-hosted open-source software Umami Analytics. Umami runs on a server operated by us within the European Union (Helsinki, Finland); no data is transmitted to third countries. Umami is designed with privacy in mind: no cookies are set; no personal data is collected; IP addresses are used solely to generate anonymous, daily-rotating visitor hashes and are not stored; no cross-device or cross-site tracking is performed.
We only record aggregated information about the use of this website, such as pages visited, time on page, approximate country of origin, browser used, and device and operating system type. The legal basis for this processing is Art. 6(1)(f) GDPR (our legitimate interest in a statistically informed optimisation of our online offering). Since no cookies are set and no personal data is stored, consent under Section 25 TDDDG or the ePrivacy directive is not required. You can find more information about Umami at umami.is.
7. Third-Party Services
We do not use any third-party services (e.g. Google Analytics, Google Fonts, Google Maps, YouTube embeds, social media plugins) on our pages. All content is delivered directly from our own server.
8. Protection of Minors
Consent to the processing of personal data may only be given by a person of full legal age. For information society services, consent of a child is permissible from the age of sixteen pursuant to Art. 8 GDPR.
9. Your Rights
If we process personal data of yours, you are a data subject within the meaning of the GDPR and you have the following rights with regard to the personal data concerning you: right of access (Art. 15 GDPR); right to rectification (Art. 16 GDPR); right to erasure (Art. 17 GDPR); right to restriction of processing (Art. 18 GDPR); right to data portability (Art. 20 GDPR); right to object to processing (Art. 21 GDPR); right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
10. Changes to this Privacy Policy
We reserve the right to modify this privacy policy in order to adapt it to changes in the legal situation, or in the event of changes to the service or data processing. However, this only applies to declarations regarding data processing. Insofar as user consent is required, or insofar as parts of this privacy policy contain provisions of the contractual relationship with users, the changes will only be made with the consent of the users. Please inform yourself regularly about the content of this privacy policy.