Summer offerBuy a package before August 1 and get €50 off your first invoice.Book
Legal

Privacy policy

Last updated: 2026-05-24

This English version is provided for convenience. In case of any discrepancy, the Swedish version is the legally binding one.

This policy describes how Damberg & Friends AB (company reg. no. 559533-1934), hereinafter "Webbtoppen", "we" or "us", processes your personal data when you visit webbtoppen.se, contact us or buy our services. We comply with the EU General Data Protection Regulation (GDPR, 2016/679) and the Swedish Data Protection Act (2018:218).

1. Data controller

Damberg & Friends AB
Company reg. no. 559533-1934
Gothenburg, Sweden
Email: hej@webbtoppen.se

We are the data controller for all processing described here unless otherwise stated.

2. What data we process

We may process the following categories of personal data:

  • Contact details you provide yourself via email or our forms (name, email address, phone number, company, message text).
  • Invoicing details for clients (company registration number, billing address, orders).
  • Technical data logged automatically on a visit: anonymised IP address, browser, operating system, referring page.
  • Cookies and similar technologies — see our cookie policy for full information.

3. Purposes and legal basis

PurposeLegal basis
Respond to your inquiry and keep in touchLegitimate interest · Contract
Deliver services and fulfil contractsContract
Accounting and invoicingLegal obligation (the Swedish Bookkeeping Act)
Statistics and improvement of the siteConsent (cookies)
Defence against legal claimsLegitimate interest

4. Retention periods

  • Inquiries via email and forms: Up to 24 months after the last contact, then deleted or anonymised.
  • Client data and contracts: 7 years after the end of the contract in accordance with the Swedish Bookkeeping Act (1999:1078).
  • Marketing consent: Until you withdraw your consent.
  • Technical logs: At most 12 months.

5. Recipients and sub-processors

We only share your data with sub-processors that help us deliver the service. Current sub-processors are:

  • Vercel Inc. (US/EU) — hosting and CDN for the site.
  • Google Ireland Ltd. — Google Analytics 4 (if you consent), Search Console.
  • Fortnox or equivalent accounting system — for invoicing and accounting.
  • Email provider (e.g. Google Workspace) — to receive and send email.

All sub-processors are bound by data processing agreements. For transfers outside the EU/EEA we apply the European Commission's Standard Contractual Clauses (SCC) or equivalent safeguards.

6. Your rights

Under the GDPR you have the right to:

  • request access to your data (a copy of records),
  • request rectification of inaccurate data,
  • request erasure ("the right to be forgotten") where applicable,
  • request restriction of processing,
  • object to processing based on legitimate interest,
  • obtain your data in a structured format (data portability),
  • withdraw consent you previously gave, without affecting the lawfulness of prior processing.

To exercise any of these rights — email hej@webbtoppen.se. We normally respond within 30 days.

7. Complaints to the supervisory authority

If you believe we process your data in breach of the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), the Swedish supervisory authority.

8. Security

We use technical and organisational safeguards to protect your data — including TLS encryption, access control and regular backups.

9. Changes to the policy

We may update this policy when needed. The latest version is always available on this page, and the "last updated" date at the top indicates when the change was made.

10. Contact

Questions about our processing of personal data? Email hej@webbtoppen.se.