Privacy Policy
Version Lens Sweden AB (operating under “Nalvin”)
Effective date: 6 May 2025
Table of Contents
Introduction
Data Controller & Contact Details
Definitions
Scope & Applicability
Categories of Personal Data Collected
Purposes of Processing & Legal Basis
Cookies & Tracking Technologies
Data Sharing & Disclosure
Cross-Border Transfers
Data Retention
Data Security
Your Rights
Children’s Privacy
Changes to This Policy
Governing Law & Supervisory Authority
1. Introduction
Version Lens Sweden AB, operating under as Nalvin (“we”, “us” or “Nalvin”), respects your privacy and is committed to protecting your Personal Data in accordance with the EU General Data Protection Regulation (“GDPR”) and the Swedish Data Protection Act (Lag 2018:218). This Privacy Policy explains how we collect, use, disclose and safeguard your Personal Data when you:
Visit our website or use our Service;
Communicate with us via email or other channels;
Engage with us at events or through marketing activities.
Please read this Policy carefully. If you do not agree with our practices, please do not access or use our Service.
2. Data Controller & Contact Details
Data Controller:
Version Lens Sweden AB (559388-6657)
Sveavägen 35, 113 50 Stockholm, Sweden
General Contact:
Email: contact@versionlens.com
Data Protection Officer (DPO):
Fredrik Stockman
Email: dpo@versionlens.com
3. Definitions
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
User: An individual who registers for or uses the Service.
Customer: A legal entity subscribing to the Service on behalf of its Users.
4. Scope & Applicability
This Policy applies to all Personal Data processed by Nalvin in its capacity as Data Controller, including data collected:
Directly from you (e.g. registration forms, correspondence);
Automatically when you visit our website (e.g. through cookies);
From third parties (e.g. integrations, marketing partners) to the extent permitted by law.
5. Categories of Personal Data Collected
Category | Examples |
---|---|
Identity & Contact Data | Name, email address, phone number, job title, organisation name |
Account Data | Username, password hash, usage logs, billing address |
Technical Data | IP address, browser type, device identifiers, operating system |
Usage Data | Pages visited, features used, time stamps, error logs |
Communication Data | Support tickets, chat transcripts, email correspondence |
Marketing & Analytics | Cookie identifiers, click-stream data, analytics identifiers |
6. Purposes of Processing & Legal Basis
Purpose | Legal Basis |
---|---|
Provision of Service | Performance of contract (Art. 6(1)(b) GDPR) |
Account management & authentication | Legitimate interests (Art. 6(1)(f) GDPR) |
Customer support & troubleshooting | Performance of contract |
Billing & payment processing | Performance of contract |
Marketing communications (where consent given) | Consent (Art. 6(1)(a) GDPR) |
Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
Website analytics & improvement | Legitimate interests |
We will only ask for consent where required by law, and you may withdraw consent at any time.
7. Cookies & Tracking Technologies
We use cookies and similar technologies to improve user experience, analyse traffic and deliver personalised content.
Essential Cookies: Required for core functionality.
Performance & Analytics Cookies: Measure site usage (e.g. Google Analytics).
Marketing Cookies: Deliver relevant advertising.
You can manage your cookie preferences via our cookie banner or your browser settings. For more details, see our Cookie Policy at [link].
8. Data Sharing & Disclosure
We may share Personal Data with:
Service providers: Hosting, payment processors (e.g. Stripe), analytics under NDA;
Integrations: Only when configured by the Customer (e.g. Slack, Jira);
Legal authorities: To comply with legal obligations or defend our rights;
Business transfers: In the event of merger, acquisition or sale, subject to confidentiality and data protection obligations.
We do not sell your Personal Data.
9. Cross-Border Transfers
Personal Data may be transferred to, and maintained on, servers located outside the EEA (e.g. AWS in the US). We ensure such transfers occur only under appropriate safeguards, such as:
Standard Contractual Clauses approved by the European Commission;
Binding Corporate Rules; or
Adequacy decisions.
10. Data Retention
We retain Personal Data only as long as necessary for the purposes set out herein or to comply with legal obligations. Retention periods vary by category:
Account Data & Billing Records: 7 years (per Swedish accounting law)
Support & Communication Data: Up to 3 years after last interaction
Website Analytics: Up to 24 months, then aggregated or anonymised
Upon request or at termination of services, we will delete or anonymise your Personal Data unless required otherwise by law.
11. Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
Encryption of data in transit (TLS) and at rest;
Access controls and multi-factor authentication;
Regular security assessments and monitoring;
Incident response procedures.
However, no system is entirely immune to attack; if a data breach occurs, we will notify the DPA and affected individuals as required by GDPR.
12. Your Rights
Under the GDPR, you have the right to:
Access: Request a copy of your Personal Data.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion (“right to be forgotten”).
Restriction: Limit the processing of your data.
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests or direct marketing.
Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise your rights, contact our DPO at dpo@versionlens.com. We will respond within one month.
13. Children’s Privacy
Our Service is not directed at children under 16. We do not knowingly collect Personal Data from minors. If you believe we have inadvertently collected data from a child, please contact us to request deletion.
14. Changes to This Policy
We may update this Policy from time to time. We will notify you of material changes by posting the new Policy on our website with a revised “Effective date.” Continued use after changes constitutes acceptance.
15. Governing Law & Supervisory Authority
This Policy and our data processing are governed by Swedish law and the GDPR. You have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) at any time.
End of Privacy Policy