Privacy Policy
How we handle your personal data
Last updated: 2026-01-15
About this Privacy Policy
This privacy policy describes how VER&IT AB ("we", "us", "our"), which provides the Securapilot service, processes personal data in cases where we are the data controller. This includes personal data processed in connection with:
- Visits to securapilot.com
- Registration and use of the Securapilot account
- Contact with us via email or other communication channels
- Participation in webinars, newsletters or marketing activities
Securapilot as Data Processor
When you as a customer use Securapilot to manage personal data within your organization (e.g., in the GDPR module, risk management or vendor management), VER&IT AB acts as a data processor. In these cases, your organization is the data controller for the data registered in the system.
A separate data processing agreement (DPA) is signed with each customer that regulates this processing. Contact your organization's data protection officer for information on how personal data is processed within your Securapilot installation.
Data Controller
What is Personal Data?
Personal data is any information that can be directly or indirectly linked to a living natural person. Examples of personal data:
- Name and contact details (email, phone number, address)
- Personal identification number and organization number
- IP address and other technical identifiers
- Username and password
- Images where a person can be identified
- Information about employment and role in the organization
What Personal Data We Collect
During registration and account management
- Name and email address
- Organization name and registration number
- Phone number (optional)
- Role and position
- Password (encrypted)
When using the service
- Login history and activity logs
- IP address and browser information
- User settings and preferences
When contacting us
- Content of emails and support cases
- Contact details you provide in forms
When visiting the website
- Cookies and similar technologies (see cookies section)
- Visitor statistics and page views
Why We Process Your Personal Data
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Provide and administer the service | Contract | During contract period + 12 months |
| Customer support and communication | Contract / Legitimate interest | 2 years after case closure |
| Improve and develop the service | Legitimate interest | Anonymized continuously |
| Security and abuse prevention | Legitimate interest / Legal obligation | 12 months (logs) |
| Marketing and newsletters | Consent | Until consent is withdrawn |
| Accounting and invoicing | Legal obligation | 7 years (accounting law) |
Who Has Access to Your Personal Data?
Your personal data is only accessible to persons who need it to perform their duties. We may share personal data with the following categories of recipients:
- Service providers: Hosting, email, payment and other services necessary to operate Securapilot
- Authorities: When we are required by law (e.g., tax authorities, police)
- Auditors and legal advisors: When needed for auditing or legal advice
We never sell your personal data to third parties.
Where Your Personal Data is Processed
We always strive to process your personal data within the EU/EEA. All primary data storage takes place on servers in Sweden and within the EU.
In some cases, personal data may be transferred to countries outside the EU/EEA, for example when using international service providers. In such cases, we ensure that the transfer is made in accordance with GDPR through:
- EU Commission's standard contractual clauses
- Adequate level of protection according to EU Commission decision
- Other approved safeguards according to GDPR
Your Rights
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
Right of access
You have the right to receive confirmation of whether we process your personal data and, if so, access to the data and information about how it is processed.
Right to rectification
You have the right to have incorrect personal data corrected and incomplete data completed.
Right to erasure ("right to be forgotten")
Under certain circumstances, you have the right to have your personal data deleted, e.g., if the data is no longer necessary for the purpose or if you withdraw your consent.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted in certain situations, e.g., while an objection is being investigated.
Right to data portability
You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format, and to transfer this data to another data controller.
Right to object
You have the right to object to processing based on legitimate interest. You can object to direct marketing at any time.
Right to withdraw consent
If processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.
To exercise your rights, contact us at dpo@securapilot.com. We will respond to your request within 30 days.
Cookies and Web Analytics
Cookie-free web analytics
We use Matomo to collect anonymous visitor statistics. Our implementation is configured to work completely without cookies, which means:
- No tracking cookies are placed on your device
- Your IP address is anonymized
- We cannot identify you as an individual
- No consent is required under GDPR for this type of anonymous statistics
We respect the browser's "Do Not Track" setting. You can also if you prefer.
Local storage technologies
We use the browser's local storage (localStorage) to save:
- Theme preference: Whether you prefer light or dark mode
- Language setting: Your chosen language
- Opt-out status: If you have opted out of statistics
This data is stored only locally in your browser and is never sent to our servers.
Cookies in the Securapilot application
When you log in to the Securapilot application (app.securapilot.com), session cookies are used for authentication. These are necessary for the service to function and do not require separate consent.
Security
We take the security of your personal data very seriously. We have implemented appropriate technical and organizational measures to protect your data, including:
- Encryption of data both in transit (TLS) and at rest
- Two-factor authentication (2FA)
- Role-based access control
- Continuous monitoring and logging
- Regular security audits and penetration tests
- Database-per-tenant architecture for complete data isolation
Changes to the Privacy Policy
We may update this privacy policy as needed. For material changes, we will inform you via email or through a notice in the service. The latest version is always available on this page with the date of the last update.
Complaints
If you believe we are processing your personal data in violation of the GDPR, you have the right to file a complaint with the supervisory authority:
Swedish Authority for Privacy Protection (IMY)
Box 8114, 104 20 Stockholm
Phone: +46 8-657 61 00
Email: imy@imy.se
Website: www.imy.se
Contact Us
Do you have questions about how we process your personal data or want to exercise your rights? Contact us:
Data Protection Questions
Email: dpo@securapilot.com
General Inquiries
Email: info@securapilot.com