Integrity & Privacy Policy
Blue Eye AB – Org. nr 556985-5520
Effective date: 28 April 2025
1 . Introduction
Blue Eye AB (“Blue Eye”, “we”, “our”, “us”) respects your privacy and is committed to protecting personal data that we process when you visit blueeyeab.com, contact us, apply for a job, or do business with us. This policy explains what data we collect, why, how long we keep it, and the rights you have under the EU General Data Protection Regulation 2016/679 (“GDPR”).
2 . Data Controller
- Blue Eye AB
- Teknikvägen 3, 144 95 Göteborg, Sweden
- Phone +46 76 311 31 42
- E-mail info@blueeyeab.com
3 . Categories of Personal Data We Process
| Context | Typical data items | Source |
|---|---|---|
| Website visitors | IP-address, browser type, device identifiers, pages viewed, cookie IDs | Collected automatically via cookies & server logs |
| Contact enquiries | Name, e-mail, phone, organisation, message content | Directly from you via contact e-mail or formblueeyeab.com |
| Job applicants | Name, contact details, CV, cover letter, education & work history, interview notes | Directly from you via “Register your CV” workflowblueeyeab.com |
| Client / supplier representatives | Name, business contact info, contract details, invoicing data | From you or your employer |
| Newsletter / marketing recipients | E-mail address, communication preferences | Directly from you (opt-in) |
We do not knowingly collect data about children under 16.
4 . Purposes & Legal Bases
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Provide and secure our website | Legitimate interest (art. 6 f) – to operate a safe, functional site |
| Respond to contact enquiries | Legitimate interest (art. 6 f) or pre-contractual steps (art. 6 b) |
| Recruitment & candidate evaluation | Pre-contractual steps (art. 6 b); retained CV pool only with consent (art. 6 a) |
| Fulfilling customer & supplier contracts | Contract performance (art. 6 b) |
| Direct B2B marketing (e.g. event invites) | Legitimate interest (art. 6 f); opt-out any time |
| Compliance with Swedish/EU law (tax, accounting, sanctions screening) | Legal obligation (art. 6 c) |
We do not use automated decision-making or profiling that produces legal effects about you.
5 . Cookies & Similar Technologies
Our site uses first-party cookies for essential functionality and third-party analytics cookies (e.g. Google Analytics) to understand traffic patterns. Non-essential cookies are only set after you give consent via our cookie banner. You can withdraw consent at any time by adjusting banner settings or clearing cookies in your browser.
| Cookie type | Examples | Retention |
|---|---|---|
| Essential / functional | site_language, sessionID | up to 12 months |
| Analytics | _ga, _gid | 14 months |
| Marketing (only if you opt in) | _fbp | 3 months |
6 . Sharing & Processors
We limit access to personal data to staff who need it and the service providers below, all bound by data-processing agreements:
- Website hosting & content platform (One.com)
- Cloud e-mail & productivity suite (Microsoft 365)
- Recruitment management system (Varbi Recruit)
- Web analytics provider (Google Analytics – IP-anonymised)
- Professional advisers (accountants, legal counsel)
Personal data may be disclosed to public authorities if required by law or to establish, exercise or defend legal claims.
7 . International Transfers
Some processors (e.g. Microsoft, Google) may host data outside the EU/EEA. Where this occurs, we rely on:
- Adequacy decisions (if the country is recognised by the European Commission); or
- Standard Contractual Clauses (SCCs) plus supplementary safeguards.
Copies of relevant transfer mechanisms can be requested via the contact details above.
8 . Retention Periods
| Data set | Standard retention |
|---|---|
| Web server logs | 12 months |
| Contact enquiries | 24 months after last communication |
| Candidate data | 24 months after recruitment decision (or longer with explicit consent) |
| Contract & invoice records | 7 years (per Swedish Accounting Act) |
| Marketing lists | Until you unsubscribe or we learn the address is invalid |
We may keep data longer if necessary to defend legal claims.
9 . Security Measures
Blue Eye implements appropriate technical and organisational measures, including encryption in transit (TLS), access control, multi-factor authentication for cloud services, pseudonymisation of analytics data, and regular security training for staff.
10 . Your Rights
Under GDPR you may, at no cost and subject to verification of your identity:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase data (“right to be forgotten”) in certain cases
- Restrict processing while a complaint is investigated
- Object to processing based on legitimate interests or direct marketing
- Port data you have provided to us in a structured, machine-readable format
- Withdraw consent at any time (does not affect past processing)
To exercise these rights, e-mail privacy@blueeyeab.com or write to the address in section 2. We will respond within one month. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
11 . Changes to This Policy
We may update this policy to reflect legal or operational changes. The latest version is always available at blueeyeab.com. Material changes will be highlighted on the site or sent by e-mail where legally required.
12 . Contact
Questions or concerns?
Blue Eye AB
Teknikvägen 3, 144 95 Göteborg, Sweden
+46 76 311 31 42
info@blueeyeab.com
Disclaimer: This template is provided for information purposes and does not constitute legal advice. Consult qualified counsel to ensure full compliance with GDPR and any sector-specific regulations.