Privacy by design. Compliance by default.
karo‑Solutions AB (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection laws. It also describes our approach to information security and resilience in line with the NIS2 Directive where applicable.
1. Data Controller
The data controller responsible for personal data processing is:
Karo‑Solutions AB
Registered in Sweden
Organisation number: 559235-3303
Email: ron@karo-solutions.se
2. Scope of This Policy
This Privacy Policy applies to:
- Visitors to our website
- Customers and potential customers
- Business partners and suppliers
- Users of our digital services, platforms, or communications
3. Personal Data We Collect
We may collect the following categories of personal data:
3.1 Identity & Contact Data
- Name
- Company name
- Email address
- Phone number
- Job title
3.2 Technical & Usage Data
- IP address
- Device and browser information
- Log files
- Usage statistics related to our website or services
3.3 Business & Contractual Data
- Agreements and contractual information
- Communication history
- Billing and invoicing data
4. Legal Basis for Processing (GDPR Article 6)
We process personal data only when legally permitted, based on one or more of the following grounds:
- Performance of a contract
- Legal obligation
- Legitimate interests (e.g. IT security, service improvement)
- Consent, where explicitly obtained
5. Purposes of Processing
We process personal data to:
- Provide and manage our services
- Communicate with customers and partners
- Fulfil contractual and legal obligations
- Maintain IT security and prevent incidents
- Improve our services and user experience
- Comply with regulatory requirements
6. Data Retention
Personal data is stored only as long as necessary for the purposes described or as required by law (e.g. accounting or regulatory obligations). Retention periods are regularly reviewed.
7. Data Sharing & Transfers
We may share personal data with:
- Trusted service providers (e.g. IT, hosting, accounting)
- Authorities where required by law
We do not sell personal data.
All processors are bound by data processing agreements ensuring GDPR compliance.
If data is transferred outside the EU/EEA, appropriate safeguards (such as Standard Contractual Clauses) are implemented.
8. Information Security & NIS2
Karo‑Solutions AB applies technical and organisational security measures to protect personal data and information systems, including:
- Access controls and authentication
- Encryption where appropriate
- Incident detection and response procedures
- Business continuity and backup measures
Where applicable under the NIS2 Directive, we work to:
- Reduce cybersecurity risks
- Prevent and manage incidents
- Ensure resilience of critical digital services
Security incidents involving personal data are managed in accordance with GDPR Articles 33–34, including notification to the Swedish Authority for Privacy Protection (IMY) where required.
9. Your Rights Under GDPR
You have the right to:
- Access your personal data
- Request correction or erasure
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with IMY (Integritetsskyddsmyndigheten)
10. Cookies
Our website may use cookies for functionality, analytics, and security. Cookie usage is described in a separate Cookie Policy where required.
11. Third‑Party Links
Our website may contain links to third‑party websites. We are not responsible for their privacy practices.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be published on our website with the updated date.
13. Contact
For questions regarding privacy, data protection, or security:
📧 ron@karo-solutions.se
📍 Karo‑Solutions AB, Sweden