Skip to Content

Privacy Policy and GDPR

Last updated: March 2026

ARC Gruppen AB, reg. no. 559268-4723 (hereinafter "ARC Gruppen" or "we"), is the data controller for the personal data we collect and process. This policy describes how we handle your personal data, what rights you have and how to contact us.

1. What personal data do we collect?

We collect personal data that you provide to us, for example through contact forms, email, phone or when ordering a service. The data we may collect includes:

  • Name and contact details (email address, phone number, address)
  • Company or organisation, job title
  • Billing and payment information
  • Correspondence and notes related to assignments
  • Technical information when visiting our website (IP address, browser, pages visited)

We never collect sensitive personal data such as ethnicity, political opinions, religious beliefs, trade union membership, health data or data concerning sexual life unless there is explicit and specific consent.

2. Why do we process your data?

We process your personal data only for purposes that are necessary for our operations:

  • Fulfil agreements: We need your data to carry out assignments, deliver services and communicate with you during the project.
  • Invoicing and accounting: We retain billing data to comply with the Swedish Bookkeeping Act (7 years of archiving).
  • Customer support: We save correspondence to provide better assistance in future contact.
  • Improve our services: We analyse anonymous web statistics to understand how our website is used.
  • Send information: If you have consented, we may send relevant news or offers.

3. Legal basis

We process your data based on one or more of the following legal grounds:

  • Performance of contract (Art. 6.1 b GDPR): Processing is necessary for us to deliver the service you have ordered.
  • Legal obligation (Art. 6.1 c GDPR): We are required to retain certain information under the Bookkeeping Act and tax legislation.
  • Legitimate interest (Art. 6.1 f GDPR): We have a legitimate interest in improving our services and communicating with potential customers, provided it does not override your rights.
  • Consent (Art. 6.1 a GDPR): Where you have actively consented, for example to newsletters.

4. How long do we retain your data?

We retain your data for as long as it is needed for the purpose it was collected:

  • Customer data related to active assignments: during the assignment and 24 months thereafter.
  • Accounting materials (invoices, payment data): 7 years under the Bookkeeping Act.
  • Contact form submissions without a resulting agreement: 12 months.
  • Newsletter lists: until you unsubscribe.

When the retention period expires, we delete or anonymise the data. Backups may contain data for up to 30 days after deletion from the active system.

5. Who has access to your data?

We do not share your personal data with third parties for marketing purposes. We never sell your data.

We may share data with:

  • Subcontractors: For example hosting providers, email services or accounting firms. They are only permitted to process data on our behalf and according to our instructions.
  • Authorities: If we are required to disclose data under law, court order or regulatory decision.

We ensure that all subcontractors processing personal data on our behalf have adequate safeguards and that data processing agreements are in place.

6. Where is your data processed?

Our website and systems are hosted on servers in Sweden and within the EU/EEA. As a general rule, we do not transfer personal data to countries outside the EU/EEA. In cases where this occurs, we ensure that appropriate safeguards are in place, such as EU Standard Contractual Clauses.

7. Cookies

Our website uses cookies to ensure basic functionality and to collect anonymised visitor statistics.

  • Necessary cookies: Required for the website to function (session cookies, login). These cannot be disabled.
  • Statistics cookies: Help us understand how visitors use the website. The information is anonymised.

We do not use cookies for targeted marketing or advertising. You can change your cookie settings at any time through your browser.

8. Your rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: You can request to know what personal data we hold about you.
  • Right to rectification: You can request correction of inaccurate data.
  • Right to erasure: You can request that we delete your data, provided it does not conflict with legal requirements.
  • Right to restriction: You can request that we restrict the processing of your data under certain circumstances.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interest.
  • Right to withdraw consent: If processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact us using the details below. We respond to all requests within 30 days.

9. Data protection officer

Our data protection officer is Chrille Hedberg. You can contact the data protection officer via info@arcgruppen.se or phone +46 13-328 9400.

10. Complaints

If you believe that we process your personal data in violation of the GDPR, you have the right to file a complaint with the Swedish Authority for Privacy Protection (IMY), www.imy.se.

11. Changes

We reserve the right to update this privacy policy. Material changes will be communicated via our website. The latest version is always available on this page.

Contact

ARC Gruppen AB
Söderleden 22, 587 31 Linköping, Sweden
Reg. no: 559268-4723
Phone: +46 13-328 9400
Email: info@arcgruppen.se