Privacy policy

Introduction 

At Elvaco, we value your privacy and are committed to processing your personal data in secure, transparent, and lawful manner. This Privacy Policy explains how we handle personal data when you visit our website, use our products, or otherwise interact with us. We encourage you to read this policy carefully to understand your rights and how we protect your information.  

Compliance with Applicable Laws 

We process personal data in accordance with the General Data Protection Regulation (GDPR) and relevant national laws. 
We are committed to ensuring that personal data is: 

• Processed lawfully, fairly, and transparently 

• Collected for specified, explicit, and legitimate purposes 

• Adequate, relevant, and limited to what is necessary 

• Accurate and kept up to date 

• Stored no longer than necessary 

• Protected using appropriate technical and organizational measures 

We also comply with legal requirements for international data transfers and ensure that your rights under applicable data protection laws are respected at all times. 

Personal Data We Collect 

We collect personal data when you interact with our website, our products, or our communication channels. The types of personal data we collect include: 

• Contact information such as name, email address, and phone number 

• Company information, including company name and role 

• Login and account details, where applicable 

• Technical data, such as IP address, browser type, and device information 

• Usage data, such as pages visited, features used, and interaction with content 

• Marketing preferences and communication history 

• Any other information you voluntarily provide through forms or communication with us 

We also process meter data received through our products and platforms. This data may include values associated with consumption, readings, or device behavior. This data is processed on behalf of our customers and is not used for Elvaco’s own purposes. In such cases, Elvaco acts as a data processor, and the customer remains the data controller. 

We do not collect any data considered Sensitive Personal Data according to GDPR. 

Purpose for Processing 

We process personal data to deliver our products and services, operate our platforms, and manage customer relationships. Each processing activity is based on a lawful purpose, such as fulfilling contractual obligations, complying with legal requirements, or supporting operational needs and communication preferences. 

We use personal data only for the purposes for which it was collected. We do not process data for unrelated or incompatible purposes unless required by law or with your explicit consent. If our processing purposes change in a significant way, we will inform you and, where required, request renewed consent. 

Elvaco does not engage in profiling or automated decision-making that produces legal or similarly significant effects. 

Data Retention 

We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, contractual, or regulatory requirements. 

Retention periods may vary depending on the type of data and the context in which it is processed. For example: 

• Contact and communication data will be retained as long as necessary to manage our relationship with you 

• Data processed based on your consent will be retained until you withdraw your consent or request deletion 

• Technical and security-related logs may be retained for a limited time to ensure system integrity and compliance 

Once the retention period has expired, personal data will be securely deleted or anonymized, unless further storage is required by law or to establish, exercise, or defend legal claims. 

Sharing of Personal Data 

We will only share personal data when it is necessary to provide our services, fulfill legal obligations, or support our business operations in a secure and compliant manner. 
We may share personal data with: 

• Service providers that support our operations, including IT infrastructure, customer communication, analytics, and marketing service 

• Authorities or regulators, if required by law or valid legal requests 

• Other trusted third parties, when necessary for the purposes described in this policy 

All third parties that process personal data on our behalf are contractually required to:  

• Follow applicable data protection laws 

• Use the data only for specified purposes 

• Implement appropriate technical and organizational security measures 

We do not sell or share personal data under any circumstances. 

Where required, we enter into Data Processing Agreements (DPAs) with third-party processors in accordance with Article 28 of the GDPR. 

Storage and Transfer of Personal Data 

We store and process all personal data exclusively within the European Union (EU) and the European Economic Area (EEA), regardless of where the individual is located. This applies to all third-party data we handle. 

We do not transfer personal data outside the EU/EEA. If such a transfer becomes necessary in the future, we will ensure it is carried out in accordance with applicable data protection laws and supported by appropriate safeguards, such as: 

• Standard Contractual Clauses approved by the European Commission, or 

• Other legally recognized mechanisms that ensure an adequate level of protection. 

Where required by law, or if a transfer could significantly impact your rights, we will inform you in advance and request your consent. 

We continuously review our data handling practices to ensure ongoing legal compliance and data security. 

Data Security Measures 

We take data security seriously and implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or destruction. 

These measures include, but are not limited to: 

• Encryption of data during transmission and storage 

• Access controls and user authentication procedures 

• Secure cloud and server infrastructure 

• Logging and monitoring of access and activity 

• Regular security assessments and updates 

• Employee training and internal policies on data protection 

We review our security practices regularly to ensure that they remain appropriate in light of the types of data we process and the risks associated with that processing. 
Access to personal data is restricted to employees and authorized third parties who need the information to perform their tasks and who are bound by confidentiality obligations. 

Your Data Protection Rights 

In accordance with applicable data protection laws, you have the following rights in relation to your personal data: 

Note! We do not use automated decision-making, including profiling, that produces legal or similarly significant effects on individuals. 

Cookies and Tracking Technologies 

We use cookies and similar technologies on our website to support essential functionality, improve user experience, and analyze website traffic. 

When you visit our site, you are asked to consent to non-essential cookies. You can manage your cookie preferences at any time via your browser settings or our cookie banner. 

For more information about the cookies we use, their purposes, and how to control them, please refer to our Cookie Policy. 

Updates to This Privacy Policy 

We may update this Privacy Policy when necessary to reflect changes in legal requirements, our services, or how we process personal data. 

Any updates will be published on this page with an updated effective date. If changes are significant, we will inform you through appropriate channels, such as email or our newsletter. 

If the updates require renewed consent, we will ask for your consent before applying the new terms. 

We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Contact information

Elvaco AB
info@elvaco.se