Privacy policy
Last updated: 19 February 2026
1. Data controller
VER&IT AB
Reg. no: 556985-1206
Nygatan 71, 462 32 Vanersborg, Sweden
Data protection contact: info@verit.se
2. Data controller and data processor
VER&IT acts in two different roles depending on the context:
- Data controller — for personal data collected via verit.se (contact forms, website visits) and in direct client relationships.
- Data processor — when clients use our platform Securapilot to manage personal data within their own organisation. This is regulated through a separate data processing agreement (DPA).
This policy describes our processing in the role of data controller.
3. What personal data do we collect?
Contact form
Name, email address, phone number, organisation and message that you provide when contacting us.
Client relationships
Contact persons, organisation details and contract information in connection with engagements and services.
Website visits
Visit statistics, page views and IP addresses. IP addresses are anonymised before storage.
Communication
Email content and support cases that arise in contact with us.
4. Purposes, legal basis and retention period
| Purpose | Legal basis | Retention period |
|---|---|---|
| Responding to enquiries | Legitimate interest | 12 months |
| Client relationships and engagements | Contract | Contract period + 12 months |
| Newsletters and marketing | Consent | Until consent is withdrawn |
| Accounting and invoicing | Legal obligation | 7 years |
| Web analytics and improvement | Legitimate interest | Ongoing anonymisation |
| Security and abuse prevention | Legitimate interest | 12 months |
5. Recipients of personal data
We may share personal data with the following categories of recipients:
- Hosting and service providers that process data on our behalf
- Authorities when we have a legal obligation to disclose information
- Auditors and legal advisors in connection with audits or disputes
We never sell personal data to third parties.
6. Data storage and transfer
Personal data is primarily stored in Sweden and within the EU/EEA. Where personal data is transferred to a country outside the EU/EEA, we ensure protection through the EU's standard contractual clauses or adequacy decisions in accordance with GDPR.
8. Your rights
Under GDPR you have the following rights:
- Access — the right to receive confirmation of whether we process your personal data and, if so, to obtain a copy
- Rectification — the right to have incorrect or incomplete data corrected
- Erasure — the right to have your data deleted under certain conditions ("the right to be forgotten")
- Restriction — the right to restrict processing in specific situations
- Data portability — the right to receive your data in a structured, machine-readable format
- Objection — the right to object to processing based on legitimate interest
- Withdraw consent — the right to withdraw consent at any time, without affecting the lawfulness of prior processing
Contact us at info@verit.se to exercise your rights. We will respond to your request within 30 days.
9. Security measures
We take appropriate technical and organisational measures to protect your personal data:
- TLS encryption for data in transit and at rest
- Role-based access control
- Continuous monitoring and logging
- Regular security reviews
10. Complaints
If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with the supervisory authority:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
Phone: +46 8-657 61 00
Email: imy@imy.se
Web: www.imy.se
11. Changes to this policy
We may update this privacy policy as needed. In the event of significant changes, we will announce this on the website. The current version is always available on this page with the stated update date.