evroc – Privacy Notice
Last updated: 5 June, 2026
This Privacy Notice describes how evroc AB, reg. no. 559398-0930 ("evroc", "we", "our" or "us") collects, uses, shares or otherwise processes personal data and the rights associated with that processing.
This Privacy Notice applies to the processing of your personal data if you: (i) are a representative of a customer of our products and services where your information has been shared with us in our capacity as a controller; (ii) are a representative of a service provider or supplier to evroc where your information has been shared with us in our capacity as a controller; or (iii) visit our website ("you" or "your"). evroc is the controller under EU data protection laws regarding the processing of your personal data. This Privacy Notice does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers.
We care about your privacy and it is important to us that you feel comfortable with how we process your personal data. Therefore, please read the information in this Privacy Notice carefully.
1 Processing of your personal data
We collect and process the personal data you submit to us in connection with your interactions with us. In addition, personal data may be collected from other sources, e.g. from publicly available registers. The following table describes (i) the purposes for the processing of your personal data; (ii) which types of personal data we collect and process for each purpose; (iii) the legal basis under the GDPR for the processing of your personal data; and (iv) for how long we process your personal data for each purpose.
| Purposes of the processing of your personal data | Category of personal data collected and processed | Legal basis for the processing of your personal data | For how long we process your personal data |
|---|---|---|---|
| Providing our services and administrating customer, partner and supplier relationships We process your personal data to provide our services and to manage customer, partner and supplier relations generally, such as billing, customer/partner/supplier correspondence and customer/partner/supplier relationship management. | Name Contact details Job title Name of the company you represent Metadata related to API requests (such as timestamps, request/response sizes, and error codes) Any other personal data you submit to evroc in its role as a data controller | The processing is necessary for our legitimate interest in providing our services and the management of customer/partner/supplier relations. | For as long as it is necessary to initiate, maintain or manage a professional relationship with you and the company or organization that you represent |
| Enabling integrated or connected partner or supplier products or services We process your personal data and share it with selected partners and suppliers ("Selected Parties") to enable, provide, maintain, and manage integrations with Selected Parties services or products ("Integrated Services") that you request, activate or otherwise use within the evroc services. This includes facilitating technical connections, ensuring interoperability, administering and coordinating service delivery, and enabling access to relevant functionalities. Where necessary and proportionate, we also process and share personal data for: (i) related operational purposes, including subscription administration and reporting, license management and compliance verification, authentication and authorisation, usage monitoring for billing or compliance purposes, and technical support; and (ii) any other purposes set forth in the contract you have with a Selected Party for an Integrated Service. | Any data / Customer Content you submit through our systems and services in direct connection with deployment or usage of the Integrated Service Technical infrastructure metadata relating to the deployment and usage of the Integrated Service | The processing is necessary: • For the performance of a contract with you or the company you represent, where the integration of or connection to the Integrated Service forms part of the evroc service; and/or • For our legitimate interest in providing integrated, connected and commercially relevant products and services, and ensuring a seamless customer experience. | For as long as necessary to provide the integration and to manage the professional relationship with you and the company or organization that you represent. This processing forms an integral part of how the evroc services and the Integrated Service operate together. If you object to this processing, you may discontinue use of the relevant Integrated Service. |
| Bookkeeping and accounting We process your personal data to perform bookkeeping and accounting in accordance with applicable laws | Name Contact details Billing details | The processing is necessary for evroc to comply with its legal obligations. | During the period in which the bookkeeping is recorded and 7 years after the end of the year in which the information was registered |
| Marketing and communications We process your personal data to send you marketing information, product recommendations and other communications about us | Name Contact details | The processing is necessary for our legitimate interest in conducting direct marketing. | For as long as it is necessary to maintain or manage a professional relationship with you and the company or organization that you represent |
| Developing and analysing our services We process your personal data to develop, analyse and improve our products and services | Name Contact details System logs metadata related to API requests (such as timestamps, request/response sizes, and error codes) | The processing is necessary for our legitimate interest in analysing out business and to develop and improve our services. | For as long as there is a professional relationship with you and the company or organization that you represent. |
| Security We process your personal data for the purposes of maintaining a high-level of security, including investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect evroc or its services | Name Contact details System logs metadata related to API requests (such as timestamps, request/response sizes, and error codes) | The processing is necessary for our legitimate interest in promoting the safety and security of evroc's products and services and to protect our rights | For as long as there is a professional relationship with you and the company or organization that you represent or as long as necessary to establish, exercise or defend legal claims. |
| AI Chat Services We process your personal data for the purposes providing AI-powered chat and assistant services, including using third-party search and information retrieval providers to obtain information from publicly available sources and respond to user requests. | Information submitted through AI chat interactions, such as prompts, messages, uploaded content, and search queries generated from such interactions. | The processing is necessary for our legitimate interest in providing, maintaining, securing, and improving our services, and where applicable performance of a contract. | For as long as necessary to provide the service, maintain security, comply with legal obligations, and as otherwise set out in applicable customer agreements. |
As described above, we rely on our legitimate interest as the legal basis for certain purposes for which we process your personal data. For such processing, we rely on a legitimate interest assessment, through which we have determined that our legitimate interest to process your personal data for the relevant purpose overrides your interest and fundamental right to not have your personal data processed. Please contact us if you want to know more about how these assessments have been made. Our contact details can be found in Section 6 below.
2 Recipients of personal data
We have taken appropriate technical and organisational security measures to protect the personal data we process from unauthorised access. Only those who need to process personal data for the purposes for which they are processed have access to the personal data. In order to fulfil the purposes mentioned in Section 1 above, we sometimes may need to transfer your personal data to third parties. We always observe great caution when transferring your personal data and your personal data are only transferred in accordance with applicable law and this privacy notice. Your personal data may be transferred to the following categories of recipients:
-
Group companies: We may share your personal data with other group companies for group-wide administration, including for the administration and delivery of the services.
-
Service providers and business partners: We may share your personal data with:
- Data Processors: Companies that performs services on our behalf, e.g. for the provision of IT services, technology, AI, and information retrieval services or administrative services. These companies have access to your personal data to the extent that they need it to perform their tasks, but they may not use or share the data for other purposes. These companies process personal data only in accordance with our instructions and under data processing agreements.
- Independent controllers: Third-party providers or business partners that provide products, services or functionality requested by you and which integrate or connect to our services, where necessary to enable the requested integration or connected functionality. These providers act as independent data controllers and are responsible for their own processing of personal data in accordance with their respective privacy policies. Personal data is disclosed only to the extent necessary for the relevant product, service or connected functionality.
-
Authorities and recipients in legal disputes: We may be required by law to share personal data with certain authorities. Sharing of personal data may also take place if we have a legitimate interest in establishing, asserting, or defending legal claims.
3 Transfer of personal data to third countries
All processing of your personal data is carried out within EU/EEA and no personal data is transferred to third countries.
4 Your rights
You have the following rights in relation to our processing of your personal data.
Right of access and information: You can request a copy of all information about you, information about the purpose of the processing, where we have obtained the information from, any recipients of the information, retention period and information about your rights as a data subject.
Right to rectification: If you believe the data we have registered is inaccurate or incomplete, you can request that it be corrected or supplemented.
Right to be forgotten: In certain cases, you can request that information about you be deleted. This right applies in particular circumstances, especially if your personal data is no longer necessary for the purposes for which it was collected. This right is not absolute, and we may retain your personal data for legal or legitimate reasons e.g. if it is necessary for establishing, exercising or defending legal claims.
Right to restriction: You can request that the processing of your personal data should be restricted, for example if you do not think that the information we have about you is correct or if you believe that the processing is unlawful. Such request can also be made during the time we investigate whether our legitimate interests override your interest of privacy when you object to the processing (see more about this under right to object above).
Right to object: You can object to the processing of your data, if our processing of your personal data is based on our legitimate interest. If you object, we do not have the right to process the data anymore, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or if it is needed for the establishment, exercise or defense of legal claims. If we consider that we have such legitimate grounds, or if the data are needed for the establishment, exercise or defense of legal claims, we will notify you of this, and the reasons for such assessment. You can also object to your personal data being processed for marketing purposes. If you do so, we will cease the processing of your data for these purposes.
Right to data portability: You may request to receive (and to transmit to another data controller) your personal data collected on the basis of consent or for the fulfilment of an agreement in a machine-readable and commonly used file format.
Right to withdraw consent: If our processing of your personal data is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of the processing that has already taken place.
If you wish to exercise any of these rights, you can do this by contacting evroc using the contact details set out in section 6 below. In order to comply with your request, we may ask you to verify your identity. We may charge you a reasonable administrative fee when a request is manifestly unfounded or excessive, particularly if it is repetitive.
5 Changes to and updates of this Privacy Notice
We may amend this Privacy Notice from time to time as evroc's products and services continuously evolve and e.g., if there are changes in law, or to reflect other changes in our policies and procedures with respect to our processing of your personal data. We will inform you of any such changes in accordance with applicable data protection laws.
6 Contact information and complaints
If you have any questions or concerns regarding the processing of your personal data, you can contact us via the contact information below. You can also lodge a complaint to the Swedish Authority for Privacy Protection (or with another local data protection authority) if you believe that evroc's processing of your personal data is not in accordance with EU data protection laws.
evroc AB – Address: Katarinavägen 9, 116 45 Stockholm – E-mail: dpo@evroc.com
Mats Nordqvist, appointed and reported to Swedish IMY as DPO, dpo@evroc.com
