This English version is provided for convenience. In case of any discrepancy, the Swedish version is the legally binding one.
This policy describes how Damberg & Friends AB (company reg. no. 559533-1934), hereinafter "Webbtoppen", "we" or "us", processes your personal data when you visit webbtoppen.se, contact us or buy our services. We comply with the EU General Data Protection Regulation (GDPR, 2016/679) and the Swedish Data Protection Act (2018:218).
1. Data controller
Damberg & Friends AB
Company reg. no. 559533-1934
Gothenburg, Sweden
Email: hej@webbtoppen.se
We are the data controller for all processing described here unless otherwise stated.
2. What data we process
We may process the following categories of personal data:
- Contact details you provide yourself via email or our forms (name, email address, phone number, company, message text).
- Invoicing details for clients (company registration number, billing address, orders).
- Technical data logged automatically on a visit: anonymised IP address, browser, operating system, referring page.
- Cookies and similar technologies — see our cookie policy for full information.
3. Purposes and legal basis
| Purpose | Legal basis |
|---|---|
| Respond to your inquiry and keep in touch | Legitimate interest · Contract |
| Deliver services and fulfil contracts | Contract |
| Accounting and invoicing | Legal obligation (the Swedish Bookkeeping Act) |
| Statistics and improvement of the site | Consent (cookies) |
| Defence against legal claims | Legitimate interest |
4. Retention periods
- Inquiries via email and forms: Up to 24 months after the last contact, then deleted or anonymised.
- Client data and contracts: 7 years after the end of the contract in accordance with the Swedish Bookkeeping Act (1999:1078).
- Marketing consent: Until you withdraw your consent.
- Technical logs: At most 12 months.
5. Recipients and sub-processors
We only share your data with sub-processors that help us deliver the service. Current sub-processors are:
- Vercel Inc. (US/EU) — hosting and CDN for the site.
- Google Ireland Ltd. — Google Analytics 4 (if you consent), Search Console.
- Fortnox or equivalent accounting system — for invoicing and accounting.
- Email provider (e.g. Google Workspace) — to receive and send email.
All sub-processors are bound by data processing agreements. For transfers outside the EU/EEA we apply the European Commission's Standard Contractual Clauses (SCC) or equivalent safeguards.
6. Your rights
Under the GDPR you have the right to:
- request access to your data (a copy of records),
- request rectification of inaccurate data,
- request erasure ("the right to be forgotten") where applicable,
- request restriction of processing,
- object to processing based on legitimate interest,
- obtain your data in a structured format (data portability),
- withdraw consent you previously gave, without affecting the lawfulness of prior processing.
To exercise any of these rights — email hej@webbtoppen.se. We normally respond within 30 days.
7. Complaints to the supervisory authority
If you believe we process your data in breach of the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), the Swedish supervisory authority.
8. Security
We use technical and organisational safeguards to protect your data — including TLS encryption, access control and regular backups.
9. Changes to the policy
We may update this policy when needed. The latest version is always available on this page, and the "last updated" date at the top indicates when the change was made.
10. Contact
Questions about our processing of personal data? Email hej@webbtoppen.se.