Privacy Policy
Komply.1 AB
Effective Date: January 2025 | Version 1.0
1. Introduction
Komply.1 AB, org.nr 559480-3560 ("Komply.1", "we", "us", or "our") respects and cares about your privacy. We want you to feel safe when we process your personal data. This Privacy Policy explains how we ensure your personal data is processed lawfully and securely in accordance with applicable law, including the General Data Protection Regulation (EU) 2016/679 ("GDPR").
This Privacy Policy applies to visitors of our websites (komply.one, recoger.co, velador.co, aimigas.co, and related domains), users of our services, and current, prospective, or former customers and business contacts.
2. Data Controller
Komply.1 AB is the data controller for the processing described in this policy. This means we are responsible for ensuring that this processing complies with applicable law.
Important distinction: When our customers use our services (such as Recoger or Velador) to process their own users' data, Komply.1 acts as a data processor on behalf of the customer. In such cases, the customer is responsible for informing their data subjects about the processing.
3. Categories of Personal Data We Process
| Category | Examples |
|---|---|
| User Identification | Name, phone number, email address, job title, organization, and affiliation |
| Usage Data | Behavior on our websites or services, form submissions, feature usage patterns |
| Device Data | IP address, internet connection details, operating system, time zone, device information |
| Technical Data | Response times, usage times, error logs, session data |
| Transaction Data | Purchased services, invoices, payment information (processed by our payment provider) |
| Communication Data | Content from support messages, inquiries, and correspondence with us |
4. Why We Process Your Personal Data
We process your data for specific purposes, each with a legal basis under GDPR:
4.1 To Deliver Our Services
We process your data to fulfill our contractual obligations, including:
- Managing your account and providing access to our services
- Processing payments and maintaining transaction records
- Sending service-related communications (updates, invoices, security notices)
- Providing customer support
Legal basis: Performance of contract (GDPR Art. 6(1)(b))
Retention: Duration of the contract plus 7 years for transaction data (Swedish Accounting Act requirement).
4.2 To Improve Our Services
We analyze usage patterns to enhance user experience, develop new features, and improve our platforms.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) in continuously improving our services.
Retention: Duration of contract; data is anonymized or deleted afterward.
4.3 To Keep You Informed
With your consent, we may send marketing communications about new features, educational resources, and relevant updates.
Legal basis: Consent (GDPR Art. 6(1)(a)) or legitimate interest for existing customers.
Retention: 12 months from last interaction. You can opt out at any time.
4.4 To Comply with Legal Obligations
We process data to meet accounting, tax, and regulatory requirements, and to verify your identity when you exercise GDPR rights.
Legal basis: Legal obligation (GDPR Art. 6(1)(c)).
Retention: As required by law (e.g., 7 years for accounting records under Swedish law).
4.5 To Protect Our Systems and Business
We analyze data to identify security threats, prevent fraud, and protect the integrity of our IT environment.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) in maintaining security.
4.6 To Establish or Defend Legal Claims
In limited cases, we may retain data to resolve disputes or defend legal claims.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)).
Retention: Until the matter is resolved.
5. How We Share Your Data
We do not sell your personal data. We share data only when necessary and with appropriate safeguards:
| Recipient Category | Purpose | Examples |
|---|---|---|
| Service Providers | Deliver our services and operate our business | Cloud hosting, payment processing, analytics, customer support tools |
| Professional Advisors | Legal, accounting, and compliance matters | Lawyers, auditors, accountants |
| Public Authorities | Legal obligations and lawful requests | Tax authorities, regulatory bodies, law enforcement (when required by law) |
| Business Partners | Joint offerings (only with your consent) | Integration partners, co-marketing activities |
All service providers are bound by data processing agreements ensuring GDPR compliance.
6. International Data Transfers
We strive to process your data within the European Union (EU) and European Economic Area (EEA). When we transfer data outside the EU/EEA, we ensure adequate protection through:
- EU adequacy decisions (transfers to countries with equivalent data protection)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Additional technical and organizational measures where appropriate
You may request information about specific transfer mechanisms by contacting us.
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your data (subject to legal retention requirements) |
| Restriction | Request that we limit processing of your data in certain circumstances |
| Data Portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests or for direct marketing |
| Withdraw Consent | Withdraw consent at any time (does not affect prior lawful processing) |
To exercise your rights, contact us at privacy@komply.one. We will respond within 30 days.
8. Automated Decision-Making
We do not use automated systems to make decisions that significantly impact you without human involvement.
9. Cookies and Tracking
Our services use:
- Essential cookies: Required for authentication, session management, and core functionality
- Analytics cookies: Used only with your consent to understand how visitors use our sites
You can manage cookie preferences through your browser settings or our cookie consent mechanism.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit and at rest
- Access controls and authentication requirements
- Regular security assessments and monitoring
- Employee training on data protection
- Incident response procedures
In the event of a data breach posing high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR.
11. Children's Privacy
Our services are designed for business use and are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.
12. Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity. We will notify you of any such transfer and your rights in that situation.
13. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated through our website with an updated effective date. Your continued use of our services after changes take effect constitutes acceptance of the revised policy.
14. Contact Us
For questions about this policy, to exercise your rights, or to raise concerns:
Komply.1 AB
Org.nr: 559480-3560
Stockholm, Sweden
Email: privacy@komply.one
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. In Sweden:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm
Website: www.imy.se
Email: imy@imy.se