EN Kundportal

GDPR-information

Senast uppdaterad: mars 2026

1. Our Commitment

POISE AB is committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679. We apply the six GDPR principles in all processing activities:

  • Lawfulness, fairness, and transparency
  • Purpose limitation — data collected for specified, explicit purposes
  • Data minimisation — only data that is necessary
  • Accuracy — kept up to date
  • Storage limitation — retained only as long as necessary
  • Integrity and confidentiality — protected against unauthorised processing

2. Data Location and Sovereignty

All personal data is processed and stored within the European Union. We do not transfer data outside the EU/EEA. Our infrastructure is hosted in Sweden and the EU, ensuring full compliance with EU data sovereignty requirements.

3. Your Rights

Under GDPR, you have the following rights:

  • Right of access (Article 15) — obtain a copy of your personal data
  • Right to rectification (Article 16) — correct inaccurate data
  • Right to erasure (Article 17) — request deletion of your data
  • Right to restrict processing (Article 18)
  • Right to data portability (Article 20) — receive your data in a machine-readable format
  • Right to object (Article 21) — object to processing based on legitimate interest
  • Right to withdraw consent — at any time, without affecting prior processing

4. Exercising Your Rights

To exercise any of your rights, contact us at info@poise.se. We will verify your identity and respond within 30 days. If your request is complex, we may extend this by up to 60 additional days with notification.

5. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the Swedish Authority for Privacy Protection (IMY) within 72 hours
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all breaches and remediation actions

6. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to individuals' rights and freedoms, in accordance with Article 35.

7. Sub-processors

We use the following categories of sub-processors, all bound by data processing agreements:

  • EU-based hosting infrastructure providers
  • Email delivery services (EU-based)

8. Supervisory Authority

You have the right to lodge a complaint with:

Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
www.imy.se
Email: imy@imy.se

9. Contact

POISE AB
Brunnsgatan 9, 172 68 Sundbyberg, Sweden
Email: info@poise.se