**Virtualsweden AB GDPR Policy**

*Last Updated: 2023 09 01

**1. Introduction**

Virtualsweden AB ("Virtualsweden," "we," "our," or "us") is committed to protecting the privacy and personal data of our website visitors, customers, and business partners. This GDPR Policy outlines how we collect, process, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

**2. Data Controller**

Virtualsweden AB, with its registered office at [Address], is the data controller responsible for the processing of personal data under this policy.

**3. Scope**

This policy applies to all personal data collected, processed, and stored by Virtualsweden AB through the website [virtualsweden.se], as well as any other means of data processing associated with our products and services.

**4. Principles of Data Protection**

Virtualsweden AB adheres to the following principles regarding the processing of personal data:

- Lawfulness, fairness, and transparency.
- Purpose limitation.
- Data minimization.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality.

**5. Types of Personal Data Processed**

We may collect and process the following types of personal data:

- Contact information (e.g., name, email address, phone number).
- User credentials (e.g., username, password).
- Usage data (e.g., IP address, browser type, pages visited).
- Customer support data (e.g., inquiries, communication history).
- Marketing preferences and consent data.

**6. Purposes of Data Processing**

We process personal data for the following purposes:

- Providing information and services requested by users.
- Managing customer accounts and transactions.
- Sending marketing communications with user consent.
- Improving and optimizing our website and services.
- Complying with legal obligations.

**7. Legal Basis for Processing**

We rely on the following legal bases for processing personal data:

- The necessity of processing for the performance of a contract.
- Compliance with legal obligations.
- Consent provided by the data subject.
- Legitimate interests pursued by Virtualsweden AB.

**8. Data Subject Rights**

Under the GDPR, data subjects have the following rights:

- Right to access: Request access to personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request the deletion of your personal data.
- Right to restrict processing: Request limitations on how we process your data.
- Right to data portability: Request a copy of your data in a structured format.
- Right to object: Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: Withdraw consent for processing based on consent.

**9. Data Security**

Virtualsweden AB employs appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, access controls, and regular security assessments.

**10. Data Transfers**

Personal data may be transferred to and processed by third parties, including service providers and partners, who assist us in delivering our services. We ensure that such transfers are made in compliance with applicable data protection laws.

**11. Data Retention**

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.

**12. Changes to this Policy**

VirtualSweden AB may update this GDPR Policy periodically to reflect changes in our data processing practices or legal requirements. The updated policy will be posted on our website.

**13. Contact Information**

If you have any questions or concerns about this GDPR Policy or wish to exercise your data subject rights, please contact us at:

Virtualsweden AB
Email: info[a]virtualsweden.se

**14. Complaints**

If you believe that your personal data rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority.

By using our website and services, you consent to the practices described in this GDPR Policy. We encourage you to review this policy regularly to stay informed about our data processing activities.