Privacy Policy
Version Lens Sweden AB (operating under “Nalvin”)
Effective date: 6 May 2025

Table of Contents

  1. Introduction

  2. Data Controller & Contact Details

  3. Definitions

  4. Scope & Applicability

  5. Categories of Personal Data Collected

  6. Purposes of Processing & Legal Basis

  7. Cookies & Tracking Technologies

  8. Data Sharing & Disclosure

  9. Cross-Border Transfers

  10. Data Retention

  11. Data Security

  12. Your Rights

  13. Children’s Privacy

  14. Changes to This Policy

  15. Governing Law & Supervisory Authority

1. Introduction

Version Lens Sweden AB, operating under as Nalvin (“we”, “us” or “Nalvin”), respects your privacy and is committed to protecting your Personal Data in accordance with the EU General Data Protection Regulation (“GDPR”) and the Swedish Data Protection Act (Lag 2018:218). This Privacy Policy explains how we collect, use, disclose and safeguard your Personal Data when you:

  • Visit our website or use our Service;

  • Communicate with us via email or other channels;

  • Engage with us at events or through marketing activities.

Please read this Policy carefully. If you do not agree with our practices, please do not access or use our Service.

2. Data Controller & Contact Details

Data Controller:
Version Lens Sweden AB (559388-6657)
Sveavägen 35, 113 50 Stockholm, Sweden

General Contact:
Email: contact@versionlens.com

Data Protection Officer (DPO):
Fredrik Stockman
Email: dpo@versionlens.com

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).

  • User: An individual who registers for or uses the Service.

  • Customer: A legal entity subscribing to the Service on behalf of its Users.

4. Scope & Applicability

This Policy applies to all Personal Data processed by Nalvin in its capacity as Data Controller, including data collected:

  • Directly from you (e.g. registration forms, correspondence);

  • Automatically when you visit our website (e.g. through cookies);

  • From third parties (e.g. integrations, marketing partners) to the extent permitted by law.

5. Categories of Personal Data Collected

Category

Examples

Identity & Contact Data

Name, email address, phone number, job title, organisation name

Account Data

Username, password hash, usage logs, billing address

Technical Data

IP address, browser type, device identifiers, operating system

Usage Data

Pages visited, features used, time stamps, error logs

Communication Data

Support tickets, chat transcripts, email correspondence

Marketing & Analytics

Cookie identifiers, click-stream data, analytics identifiers

6. Purposes of Processing & Legal Basis

Purpose

Legal Basis

Provision of Service

Performance of contract (Art. 6(1)(b) GDPR)

Account management & authentication

Legitimate interests (Art. 6(1)(f) GDPR)

Customer support & troubleshooting

Performance of contract

Billing & payment processing

Performance of contract

Marketing communications (where consent given)

Consent (Art. 6(1)(a) GDPR)

Compliance with legal obligations

Legal obligation (Art. 6(1)(c) GDPR)

Website analytics & improvement

Legitimate interests

We will only ask for consent where required by law, and you may withdraw consent at any time.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to improve user experience, analyse traffic and deliver personalised content.

  • Essential Cookies: Required for core functionality.

  • Performance & Analytics Cookies: Measure site usage (e.g. Google Analytics).

  • Marketing Cookies: Deliver relevant advertising.

You can manage your cookie preferences via our cookie banner or your browser settings. For more details, see our Cookie Policy at [link].

8. Data Sharing & Disclosure

We may share Personal Data with:

  • Service providers: Hosting, payment processors (e.g. Stripe), analytics under NDA;

  • Integrations: Only when configured by the Customer (e.g. Slack, Jira);

  • Legal authorities: To comply with legal obligations or defend our rights;

  • Business transfers: In the event of merger, acquisition or sale, subject to confidentiality and data protection obligations.

We do not sell your Personal Data.

9. Cross-Border Transfers

Personal Data may be transferred to, and maintained on, servers located outside the EEA (e.g. AWS in the US). We ensure such transfers occur only under appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission;

  • Binding Corporate Rules; or

  • Adequacy decisions.

10. Data Retention

We retain Personal Data only as long as necessary for the purposes set out herein or to comply with legal obligations. Retention periods vary by category:

  • Account Data & Billing Records: 7 years (per Swedish accounting law)

  • Support & Communication Data: Up to 3 years after last interaction

  • Website Analytics: Up to 24 months, then aggregated or anonymised

Upon request or at termination of services, we will delete or anonymise your Personal Data unless required otherwise by law.

11. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit (TLS) and at rest;

  • Access controls and multi-factor authentication;

  • Regular security assessments and monitoring;

  • Incident response procedures.

However, no system is entirely immune to attack; if a data breach occurs, we will notify the DPA and affected individuals as required by GDPR.

12. Your Rights

Under the GDPR, you have the right to:

  1. Access: Request a copy of your Personal Data.

  2. Rectification: Correct inaccurate or incomplete data.

  3. Erasure: Request deletion (“right to be forgotten”).

  4. Restriction: Limit the processing of your data.

  5. Portability: Receive your data in a structured, machine-readable format.

  6. Objection: Object to processing based on legitimate interests or direct marketing.

  7. Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise your rights, contact our DPO at dpo@versionlens.com. We will respond within one month.

13. Children’s Privacy

Our Service is not directed at children under 16. We do not knowingly collect Personal Data from minors. If you believe we have inadvertently collected data from a child, please contact us to request deletion.

14. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by posting the new Policy on our website with a revised “Effective date.” Continued use after changes constitutes acceptance.

15. Governing Law & Supervisory Authority

This Policy and our data processing are governed by Swedish law and the GDPR. You have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) at any time.

End of Privacy Policy