Sekretess

Personuppgiftspolicy

Last updated: 28 April 2026

1. Data controller

Hjorton AB (Stockholm, Sweden — org.nr to be filed in public registry) is the data controller for personal data processed via this site. Hjorton AB is part of the BEEM operating group.

Hjorton AB · Stockholm, Sweden · contact: [email protected]

2. What data we collect

  • Contact data — name, business email, phone (when you submit a form or reply to outreach).
  • Company data — company name, role, sector, location.
  • Communication content — emails, replies, scheduling-tool bookings.
  • Technical data — IP address, browser type, page-view metadata via standard server logs and Cloudflare edge analytics.

3. Why we process it (lawful basis)

  • Legitimate interest (GDPR Art. 6(1)(f)) — B2B outreach to identifiable business roles for relevant recruitment / staffing services.
  • Contract performance (GDPR Art. 6(1)(b)) — service delivery to engaged clients.
  • Consent (GDPR Art. 6(1)(a)) — marketing communications beyond the initial outreach context.

4. Sub-processors

We use the following processors:

  • Cloudflare, Inc. (US) — DNS, CDN, edge security. Privacy
  • Proton AG (Switzerland) — email hosting. Privacy
  • Anthropic, PBC (US) — AI-assisted draft generation, no personal data shared by default. Privacy

5. Retention

B2B outreach contacts: 24 months from last meaningful interaction, then automatic deletion. Engaged-client data: duration of contract plus 6 years for accounting/audit obligations. Replies + sent-history logs: 12 months from send date.

6. Your rights (GDPR Art. 15-22)

  • Right of access (Art. 15) — request a copy of your data.
  • Right to rectification (Art. 16) — correct inaccurate data.
  • Right to erasure (Art. 17) — request deletion ("right to be forgotten").
  • Right to restriction (Art. 18) — limit how we process your data.
  • Right to data portability (Art. 20) — receive your data in a structured format.
  • Right to object (Art. 21) — object to processing based on legitimate interest.

Exercise any of these rights by emailing [email protected]. Response within 30 days per Art. 12.

7. Unsubscribe

All outreach emails include a List-Unsubscribe header (one-click) and a clear opt-out reply path. Replies containing "unsubscribe", "remove", "stop", or equivalent are treated as opt-out and the address is permanently suppressed.

8. Complaints

EU/EEA residents can lodge complaints with their national data protection authority. Spain: Agencia Española de Protección de Datos (AEPD). Norway: Datatilsynet. Sweden: Integritetsskyddsmyndigheten (IMY). Denmark: Datatilsynet. Ireland: Data Protection Commission (DPC).

9. Updates

This policy may be updated; the effective date above reflects the current version. Substantive changes are communicated to known data subjects in advance.