Privacy Notice
Version 2.0 | Last Updated: 5th February 2026
1. Personal data responsibility and basis for processing
This Privacy Notice applies to the processing of personal data carried out by FEA Security Services Group AB (“FSSG”, “we”, “us” or “our”), company registration number 556957–5805, with its registered office at Norrtullsgatan 63, 113 45 Stockholm, Sweden.
This Privacy Notice governs the processing of personal data relating to individuals who interact with or use the services provided by FSSG and any company within the FSSG group (“you” or “your”), including through their respective websites and digital platforms.
FSSG is a corporate group comprising several subsidiary and affiliated companies. This Privacy Notice applies collectively to all such entities within the group, unless expressly stated otherwise, and covers the processing of personal data carried out by those entities in their capacity as data controllers or data processors, as applicable.
All processing of personal data within the FSSG group is conducted in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), as well as applicable national data protection legislation.
FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG group, is committed to safeguarding the privacy of individuals and to processing personal data in accordance with applicable data protection legislation, including, without limitation, Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”).
This Privacy Notice sets out the categories of personal data we collect, the purposes and legal bases for such processing, how personal data is protected, and the rights available to data subjects in respect of their personal data.
The processing of personal data in connection with the use of services provided by the FSSG group is primarily based on a contractual relationship with the legal entity that you, as the data subject, represent. Personal data may also be processed where you submit an enquiry or contact request via any of the group’s websites, subscribe to newsletters or similar communications (where applicable), interact with the FSSG group through social media channels, or participate in webinars, events, or similar activities organized by any group entity.
In addition, personal data may be processed where the FSSG group has a legitimate interest in offering or promoting its services to the organization you represent, provided that such processing does not override your fundamental rights and freedoms. Personal data may further be processed where necessary to comply with legal obligations arising under applicable laws, regulations, or decisions issued by competent authorities.
2. Categories of Personal Data Collected
For the purposes of this Privacy Notice, personal data means any information relating to an identified or identifiable natural person. Within the scope of its operations, FEA Security Services Group AB, together with its subsidiaries and affiliated companies (the “FSSG Group”), collects and processes various categories of personal data in accordance with applicable data protection legislation.
Depending on the nature of the interaction, relationship, or service provided, the FSSG Group may collect and process the following categories of personal data:
Category | Description and Examples |
Personal Information | Name, professional contact details (such as email address and telephone number), billing and invoicing information |
Company Information | Company name, business sector, organizational size, geographic location, and corporate domains |
Operational and Business Data | Commercial and operational information such as budget-related data, financial objectives, profit and loss (P&L) information, and performance indicators, where relevant to the provision of services |
Sales and Marketing Data | Information relating to commercial engagement, including sales pipeline data, participation in marketing activities or events, funnel data, and campaign-related metrics |
Usage Data | Information relating to the use of the FSSG Group’s websites, digital platforms, or applications, including interaction data, IP addresses, browser type, device information, and similar technical data |
Tracking and Analytics Data | Data collected through cookies and comparable technologies, including analytics and usage tracking, subject to applicable consent and cookie preferences
|
Personal data is collected only to the extent necessary for defined, legitimate purposes and is processed in accordance with the principles of lawfulness, fairness, transparency, data minimisation, and security.
3. Purposes of Processing Personal Data
FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG Group, processes personal data for the following purposes:
- to perform, administer, and fulfil contractual obligations arising from agreements with clients, partners, or other counterparties;
- to deliver services, manage client relationships, and communicate with individuals in connection with the FSSG Group’s operations;
- to receive, manage, and respond to enquiries, requests, and complaints;
- to administer billing, invoicing, and payment processes;
- to comply with legal and regulatory obligations imposed by applicable laws, regulations, or decisions issued by competent authorities.
Further details regarding the specific purposes of processing and the corresponding legal bases under the General Data Protection Regulation (“GDPR”) is covered in this Privacy Notice.
4. Data Retention and Deletion
FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG Group, retains personal data only for as long as necessary to fulfil the purposes for which the data was collected and processed, in accordance with applicable data protection and record-keeping legislation.
As a general principle, personal data is deleted or anonymised once it is no longer required for the relevant processing purposes. In many cases, personal data is automatically deleted following the expiry of applicable statutory retention periods after the termination of a contractual relationship.
By way of example, pursuant to the Swedish Accounting Act (Bokföringslagen), the FSSG Group is legally required to retain certain categories of personal data, such as invoices and accounting records, for a period of seven (7) years. Such data is retained strictly for accounting and audit purposes and is not processed for any other use.
Personal data relating to customers is retained for the duration of the contractual relationship or for as long as the individual or organisation is considered an active customer within the FSSG Group. Following termination of a contract, most personal data will be deleted unless continued retention is required to comply with legal obligations, to establish, exercise, or defend legal claims, or for other legitimate purposes.
Certain categories of personal data, including limited personal and company information, may be retained for up to thirty-six (36) months following the end of the contractual relationship for marketing and business development purposes, subject to applicable data protection rules and any opt-out preferences exercised by the data subject.
Where personal data is anonymised, such anonymisation is carried out in a manner that is irreversible, ensuring that no individual can be identified from the remaining information.
5. Purposes, Legal Bases, and Retention Periods
The table below provides an overview of the purposes for which personal data is processed by FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG Group, including examples of processing activities, the applicable legal bases under the GDPR, relevant categories of personal data, and applicable retention periods.
For full details on data retention periods, see the table below.
Purpose | Example Activities | Legal Basis | Categories of Personal Data | Retention Period |
Communication | Service-related communications, operational updates, newsletters (where opt-in is required) | Consent (Article 6(1)(a) GDPR) | Personal information, company information | Until consent is withdrawn |
Marketing | Marketing and promotional communications via email, telephone, or postal mail | Legitimate interests (Article 6(1)(f) GDPR) | Personal information, company information, sales and marketing data | Duration of the customer relationship plus up to three (3) years thereafter |
Analytics and Research | Aggregated statistical analysis, service optimisation, internal analytics, and AI-assisted performance evaluation | Legitimate interests (Article 6(1)(f) GDPR) | Usage data, operational and business data | Up to twenty-four (24) months |
Legal Compliance | Accounting, tax reporting, regulatory compliance, and responses to lawful requests from authorities | Legal obligation (Article 6(1)(c) GDPR) | Financial records, transaction data, accounting documentation | Seven (7) years |
Fraud Prevention and Security | Security monitoring, incident detection, fraud prevention, and risk mitigation measures | Legitimate interests (Article 6(1)(f) GDPR) |
|
|
Where processing is based on legitimate interests, the FSSG Group has carried out an assessment to ensure that such interests are not overridden by the fundamental rights and freedoms of the data subjects. Additional safeguards and access restrictions apply, particularly in relation to security-sensitive operations.
6. Disclosure of Personal Data and International Transfers
FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG Group, does not sell or rent personal data to third parties. However, in the course of its operations, the FSSG Group may collaborate with external parties such as partners, suppliers, and service providers. Personal data may therefore be disclosed to third parties where such disclosure is necessary for legitimate and defined purposes.
The following categories of recipients may process personal data on behalf of, or in cooperation with, the FSSG Group:
- Service providers – third-party vendors engaged to enable the provision of the FSSG Group’s services, including but not limited to payment processors, IT infrastructure and hosting providers, and support or administrative tools. Such service providers are granted access to personal data strictly on a need-to-know basis and are subject to contractual obligations regarding confidentiality, data security, and data protection compliance.
- Notification and communication service providers – providers used for the distribution of communications such as service notifications, newsletters, or reminders. These providers process only the personal data necessary for such communications, typically limited to contact details, and are contractually bound by confidentiality and data protection obligations.
- Public authorities – where required by applicable law, regulation, court order, or decision of a competent authority, the FSSG Group may disclose personal data to public authorities. In certain circumstances, the FSSG Group may be legally restricted from notifying the data subject of such disclosure.
- Business transfers – in the event that the FSSG Group, or any part thereof, is involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of such transaction, subject to applicable data protection laws and appropriate safeguards.
The FSSG Group primarily processes personal data within the European Union and the European Economic Area (“EU/EEA”). Where personal data is transferred to countries outside the EU/EEA, the FSSG Group ensures that appropriate safeguards are in place to protect the personal data, including, where applicable:
- adequacy decisions adopted by the European Commission;
- Standard Contractual Clauses (“SCCs”) approved by the European Commission; and
- participation in recognised international data transfer frameworks, such as the EU–U.S. Data Privacy Framework (“DPF”), where applicable.
All international transfers are conducted in compliance with Chapter V of the GDPR, with due regard to data security, confidentiality, and the protection of data subjects’ rights.
7. Information Security
FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG Group, implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the General Data Protection Regulation (“GDPR”).
The FSSG Group maintains internal policies, procedures, and controls designed to identify, assess, and mitigate information security risks, and to prevent unauthorised access to, disclosure of, alteration of, or loss of personal data. Access to personal data is restricted to authorised personnel on a need-to-know basis and subject to confidentiality obligations.
Without limiting the generality of the foregoing, the FSSG Group applies, where appropriate, the following technical and organisational security measures:
- use of encrypted communication channels, including Transport Layer Security (TLS) version 1.2 or higher;
- hosting and infrastructure environments designed in accordance with recognised security and compliance standards;
- continuous monitoring, prevention, detection, and reporting of actual or suspected security incidents, including established incident response and escalation procedures.
These measures are reviewed and updated on a regular basis to ensure ongoing effectiveness, considering technological developments, the nature of the processing, and evolving security threats.
8. Your Rights
Under the General Data Protection Regulation (“GDPR”), you have the following rights in relation to the processing of your personal data by FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG Group:
- Right to withdraw consent
Where processing is based on your consent, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. Requests may be submitted by contacting us at info@freys.se .
- Right to restriction of processing
You have the right to request that the processing of your personal data be restricted, for example by limiting processing to storage only, or to object to certain processing activities. You may also opt out of newsletters or similar communications by using the unsubscribe link included in such communications or by contacting us at info@freys.se .
- Right to object
You have the right to object, on grounds relating to your particular situation, to the processing of personal data based on legitimate interests. You also have an unconditional right to object to processing for direct marketing purposes. Objections may be submitted to info@freys.se .
- Right of access
You have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, to obtain access to such data and information regarding the processing. Such requests will be responded to within one (1) month, in accordance with the GDPR. Requests may be submitted to info@freys.se.
- Right to rectification
You have the right to request the correction of inaccurate personal data concerning you and to have incomplete personal data completed. Requests may be submitted to info@freys.se .
- Right to data portability
Where applicable, you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to request that such data be transmitted to another controller, except where the data must be retained pursuant to legal obligations. Requests may be submitted to info@freys.se .
- Right to erasure
You have the right to request the deletion of personal data where such data is no longer necessary for the purposes for which it was collected, where consent has been withdrawn and no other legal basis applies, or where processing is otherwise unlawful. This right does not apply where continued processing is required to comply with legal obligations or to establish, exercise, or defend legal claims. Requests may be submitted to info@freys.se .
If you believe that the FSSG Group is processing your personal data in a manner that does not comply with this Privacy Notice or applicable data protection legislation, you are encouraged to contact us in the first instance at info@freys.se .
You also have the right to lodge a complaint with the competent data protection supervisory authority. Within the European Union, contact details for national supervisory authorities are available via the European Data Protection Board or you can find contact details here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
9. Updates to This Privacy Notice
FEA Security Services Group AB, together with its subsidiaries and affiliated companies within the FSSG Group, may update or amend this Privacy Notice from time to time to reflect changes in applicable laws, regulatory requirements, operational practices, or the way personal data is processed.
Where material changes are made to this Privacy Notice, the FSSG Group will take reasonable steps to inform affected individuals, for example by notification via email (where appropriate) or by providing a prominent notice on the relevant website(s). The date of the most recent update will be indicated by the “Last Updated” date set out in this Privacy Notice.