1. Introduction
Exponatic ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Statement explains how we collect, use, and safeguard information when you visit our website exponatic.eu or use our platform and services.
We are based in Sweden and are subject to the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Swedish data protection law, including the Act with Supplementary Provisions to the EU General Data Protection Regulation (2018:218).
2. Data Controller
Exponatic AB
Industrigatan 18
243 32 Höör
Sweden
Org. nr: 559261-8440
Contact: info@exponatic.eu
If you have questions about how we handle your personal data, you are welcome to contact us at the address above.
3. What Personal Data We Collect
We may collect and process the following categories of personal data:
- Contact information: name, email address, phone number, and company name — provided when you contact us, book a demo, or register for our platform.
- Account data: login credentials, user preferences, and settings when you create an account on our platform.
- Usage data: information about how you interact with our website and platform, including pages visited, features used, and session duration.
- Technical data: IP address, browser type and version, device type, operating system, and referral source.
- Communications: messages and enquiries you send us via email or contact forms.
4. Purposes and Legal Basis for Processing
We process your personal data for the following purposes and on the following legal grounds under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| To provide and manage our platform and services | Performance of a contract (Art. 6(1)(b)) |
| To respond to enquiries and book demos | Legitimate interests (Art. 6(1)(f)) |
| To send marketing communications (where opted in) | Consent (Art. 6(1)(a)) |
| To analyse and improve our website and platform | Legitimate interests (Art. 6(1)(f)) |
| To comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
5. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site traffic. We use a GDPR compliance plugin to manage cookie consent on our website. You will be asked for your consent before any non-essential cookies are placed on your device.
Cookie categories we use may include:
- Strictly necessary cookies: Required for the website to function and cannot be switched off.
- Analytics cookies: Help us understand how visitors interact with our website (e.g. Google Analytics). Only placed with your consent.
- Marketing/preference cookies: Used to personalise content and track the effectiveness of our marketing. Only placed with your consent.
You can manage or withdraw your cookie consent at any time by clicking the cookie settings link on our website. You can also manage cookies through your browser settings.
6. How We Share Your Data
We do not sell your personal data. We may share your data with trusted third parties who assist us in operating our business, subject to appropriate data processing agreements:
- Hosting and infrastructure providers for operating our platform and website.
- Analytics providers (e.g. Google Analytics) for website performance analysis.
- Email and CRM services for managing communications and customer relationships.
- Payment processors for handling subscription payments securely.
- Legal and regulatory authorities where required by law.
Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
7. Data Retention
We retain your personal data only as long as necessary for the purposes described in this statement, or as required by law. Typical retention periods are:
- Customer account data: For the duration of your account plus up to 3 years after closure.
- Contact and enquiry data: Up to 2 years from last contact.
- Financial and contract records: 7 years in accordance with Swedish bookkeeping law (Bokföringslagen).
- Analytics data: As configured in analytics tools, typically 14–26 months.
8. Your Rights Under GDPR
As a data subject, you have the following rights regarding your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request correction of inaccurate or incomplete data.
- Right to erasure: You may request deletion of your data in certain circumstances (“right to be forgotten”).
- Right to restriction: You may ask us to restrict processing of your data.
- Right to data portability: You may request your data in a structured, machine-readable format.
- Right to object: You may object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at info@exponatic.eu. We will respond within 30 days of receiving your request.
9. Right to Lodge a Complaint
You have the right to lodge a complaint with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY), if you believe we have not handled your personal data in accordance with GDPR.
IMY contact details:
Website: www.imy.se
Email: imy@imy.se
Phone: +46 8 657 61 00
10. Data Security
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These include secure server infrastructure, encrypted data transmission (HTTPS/TLS), access controls, and regular security assessments.
11. Changes to This Privacy Statement
We may update this Privacy Statement from time to time to reflect changes in our practices, services, or applicable law. The date of the latest revision will always be indicated at the top of this page. We encourage you to review this statement periodically.
Last updated: May 2026