Privacy Policy

Introduction

crystallogic AB ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services.

As the data controller, crystallogic processes your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

Data We Collect

The data we collect depends on how you interact with our website and services. We collect the following types of personal information:

Information You Provide Directly

• Contact information (name, email address, phone number)
• Company details (company name, position, business information)
• Communication preferences and enquiry details
• Any other information you choose to provide in forms or communications

Information Collected Automatically

• Website usage data (pages visited, time spent, navigation patterns)
• Technical information (IP address, browser type, device information)
• Cookies and tracking technologies data
• Referral sources and marketing campaign interactions

How We Use Your Information

We process your personal data for the following purposes based on legitimate legal grounds:

Service Provision (Contract Performance)

• Responding to your enquiries and providing requested information
• Delivering audit services and professional consultations
• Managing client relationships and service delivery
• Processing payments and maintaining business records

Business Operations (Legitimate Interest)

• Improving our website functionality and user experience
• Analysing service performance and business development
• Maintaining security and preventing fraud
• Conducting internal business analysis and planning

Marketing Communications (Consent)

With your explicit consent, we may use your data to send you marketing communications about our services, industry insights, and relevant business information. You can withdraw this consent at any time.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following limited circumstances:

• With trusted service providers who assist in our business operations (hosting, analytics, payment processing)
• When required by law, legal process, or regulatory requirements
• To protect our rights, property, or safety, or that of others
• In connection with business transfers or corporate transactions

All third-party service providers are contractually bound to protect your data and use it only for specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Specific retention periods include:

• Contact enquiries: 3 years from last contact
• Client service records: 7 years after service completion
• Marketing communications: Until you unsubscribe or withdraw consent
• Website analytics data: 26 months (Google Analytics default)

After the retention period expires, we securely delete or anonymise your personal data.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data we hold
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data under certain circumstances
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for marketing communications

To exercise these rights, please contact us using the information provided below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure hosting and backup procedures

While we strive to protect your data, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard contractual clauses approved by the European Commission
• Certification schemes and codes of conduct

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy regularly.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please reach out to us: