Skip to content

Data protection · GDPR

Privacy policy

How Norrhavet Group AB handles personal data — what we collect, why, how long, and what rights you have.

Last updated: 2026-07-06

Data controller

Norrhavet Group AB is the data controller for the processing described here. Questions and rights requests go to gdpr@norrhavet.com.

What data we collect

We collect the data you enter in our forms (name, email, company, message) plus technical logs (IP address, user agent, timestamp) for security and operations.

Purpose and legal basis

Contact and sounding forms are processed to reply to you (contract/enquiry, art. 6.1 b). Lead magnets and newsletters run on consent (art. 6.1 a). Legitimate interest (art. 6.1 f) covers security logs and analytics of our own site.

Retention

Contact enquiries: 12 months. Leads and downloads: 24 months from last activity. Newsletter subscription: until you unsubscribe. Security logs: 90 days.

Subprocessors

We use Lovable (SaaS platform), Lovable Cloud (database and auth, EU region) and Lovable AI Gateway (AI models). Subprocessor register available on request.

Your rights

You have the right of access, rectification, erasure, portability, objection and restriction under GDPR art. 15–22. You can withdraw consent at any time. Complaints go to the Swedish IMY.

Automated decision-making

We do not use automated decision-making or profiling with legal effect.

Book a call