Skip to content Skip to footer

Privacy Policy

Close

PRIVACY POLICY

Hisland Sweden AB

Effective Date: October 28, 2025

1. Introduction

Hisland Sweden AB (“Hisland”, “we”, “us”, or “our”), with organizational number 559494-3960, is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website hisland.com and use our services.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Swedish Data Protection Act (2018:218).

2. Controller and Contact Information

Data Controller:

Hisland Sweden AB
Trappgränd 17, 442 31 Kungälv, Sweden

Email: hello@hisland.com

Phone: +46 735 07 64 95

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

  • Contact information: name, email address, phone number, company name, job title
  • Professional information: CV/resume, work history, skills, certifications, references
  • Communication content: messages sent through contact forms, emails, or other communication channels
  • Account information: if you create an account, username, password, preferences

3.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, device information, operating system
  • Usage data: pages visited, time spent on pages, links clicked, referring websites
  • Cookies and tracking technologies: see our Cookie Policy for details

3.3 Information from Third Parties

We may receive information about you from third parties such as LinkedIn (when you apply for positions), business partners, or publicly available sources.

4. How We Use Your Personal Data

We process your personal data for the following purposes and on the following legal bases:

4.1 Providing Our Services (Legal Basis: Contract Performance)

  • Processing consulting service requests and delivering solutions
  • Managing client relationships and projects
  • Communicating about services, projects, and deliverables
  • Processing payments and invoicing

4.2 Recruitment (Legal Basis: Legitimate Interest & Consent)

  • Evaluating candidates for employment and consulting positions
  • Conducting interviews and assessments
  • Maintaining candidate database for future opportunities (with consent)
  • Background checks (with consent where required)

4.3 Marketing and Communications (Legal Basis: Legitimate Interest & Consent)

  • Sending newsletters and marketing communications (with consent)
  • Informing you about relevant services and solutions
  • Conducting market research and customer satisfaction surveys

4.4 Website Operation (Legal Basis: Legitimate Interest)

  • Operating and maintaining our website
  • Improving website functionality and user experience
  • Analyzing website traffic and usage patterns
  • Ensuring website security and preventing fraud

4.5 Legal Compliance (Legal Basis: Legal Obligation)

  • Complying with applicable laws and regulations
  • Responding to legal requests and preventing legal claims
  • Maintaining business records for accounting and tax purposes

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 Within Hisland Group

We may share information with our subsidiaries, affiliates, and group companies for business operations, project delivery, and administrative purposes.

5.2 Service Providers

We engage third-party service providers who process personal data on our behalf, including:

  • IT and cloud hosting providers
  • Customer relationship management (CRM) systems
  • Email and communication platforms
  • Analytics and website optimization tools
  • Payment processors
  • Professional advisors (lawyers, accountants, auditors)

These service providers are bound by data processing agreements and are only permitted to process your data for specified purposes.

5.3 Clients

When providing consulting services, we may share consultant information (name, professional background, contact details) with clients as necessary for project delivery.

5.4 Legal Requirements

We may disclose personal data if required by law, court order, or government authority, or to protect our legal rights and interests.

5.5 Business Transactions

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the acquiring entity.

6. International Data Transfers

We primarily process personal data within the European Economic Area (EEA). However, some of our service providers may be located outside the EEA, including in countries that may not provide the same level of data protection as Swedish or EU law.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules or certification schemes

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

Specific Retention Periods:

  • Client data: duration of business relationship plus 7 years (accounting requirements)
  • Recruitment data: 2 years after application (with consent) or immediately upon withdrawal of consent
  • Marketing data: until consent is withdrawn or legitimate interest no longer applies
  • Website analytics: typically 26 months
  • Legal claims: duration of legal limitation periods

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to obtain confirmation whether we process your personal data and, if so, request access to that data and information about the processing.

8.2 Right to Rectification

You have the right to request correction of inaccurate personal data and to have incomplete data completed.

8.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent.

8.4 Right to Restriction of Processing

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data or object to processing.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) if you believe we have violated your data protection rights:

Integritetsskyddsmyndigheten
Box 8114, SE-104 20 Stockholm, Sweden

Email: imy@imy.se
Phone: +46 8 657 61 00

Exercising Your Rights

To exercise any of these rights, please contact us at hello@hisland.com. We will respond to your request within one month, or inform you if we need additional time (maximum three months total).

9. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or disclosure, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children’s Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a new effective date. Significant changes will be communicated through prominent notice on our website or via email.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Email: hello@hisland.com

Phone: +46 735 07 64 95

Mail: Hisland Sweden AB, Trappgränd 17, 442 31 Kungälv, Sweden

***

Last updated: October 28, 2025