Privacy policy for Smör Marketing

For us at Smör Marketing, data is a sharp tool used to create business value – not something we stockpile unnecessarily. We respect your privacy and handle your personal data with the same seriousness as we handle our own business. This policy explains how we collect, use, and protect your information, as well as the rights you have under the General Data Protection Regulation (GDPR).

Data controller
Smör Marketing AB is the data controller for the processing of your personal data.
Company name: Smör Marketing AB
Corporate registration number: 559336-3855
Address: Nordhaga 105, 47291 Stillingsön, Sweden
Email for data protection inquiries: hei@smormarketing.com

Which personal data we process and why
We only collect data that serves a clear purpose. Here is an overview of what we collect, why, and the legal basis we rely on:

Managing client relationships and delivering our services
When you hire us, or apply for initiatives like Kustlyftet, we need to know who we are working with.
Data: Name, email address, telephone number, job title, company details, and billing information.
Purpose: To communicate with you, deliver our services (e.g., development, AI infrastructure, strategic work), and manage payments.
Legal basis: Performance of a contract.
Marketing and business development (B2B)
To offer our services to relevant decision-makers.
Data: Name, job title, email address, telephone number, and interaction data (e.g., how you engage with our newsletters).
Purpose: To send relevant information, invitations, or business proposals.
Legal basis: Legitimate interest (B2B) or consent (if you have explicitly signed up for a newsletter). You can opt out at any time.

Website analysis and improvement (Cookies)
As a data-driven agency, we analyse traffic to understand how our website performs.
Data: IP address (anonymised where possible), device information, browser type, and behavioural data on our site.
Purpose: To optimize the user experience and build meaningful insights for business decisions.
Legal basis: Consent (obtained via our cookie banner).
How long we keep your data
We never retain personal data longer than is necessary for the purpose for which it was collected.
Client data: Kept for the duration of our active business relationship. Certain information (e.g., invoices and accounting records) must be stored for 7 years in accordance with the Swedish Accounting Act (Bokföringslagen).
Marketing and leads: Kept for as long as we assess that you hold a relevant professional role for our services, or until you object to the processing (opt-out).
Analytics data: Deleted or anonymised regularly according to the timeframes specified in our Cookie policy.
Who we share your data with
We never sell your data. However, we do share it with carefully selected system vendors (data processors) required to run our technical infrastructure (such as CRM systems, email providers, and hosting services).

Transfers outside the EU/EEA
We always strive to store data within the EU/EEA. In cases where a system vendor (e.g., specific AI tools or cloud services) transfers data outside the EU/EEA, we ensure they meet GDPR requirements, typically through the European Commission’s Standard Contractual Clauses (SCCs) or other approved safeguard mechanisms.

Your rights (It’s your data)
Under the GDPR, you have control over your own data. You have the right to:
Access (Subject access request): Request a copy of the personal data we hold about you.
Rectification: Have inaccurate or incomplete data corrected.
Erasure (“The right to be forgotten”): Demand that we delete your data, provided we are not legally required to retain it (e.g., by accounting laws).
Object to processing: Particularly regarding direct marketing.
Data portability: Receive your data in a structured, machine-readable format.
To exercise your rights, please send an email to hej@smormarketing.se. We handle your request promptly and without unnecessary bureaucracy.
Complaints to the supervisory authority
If you believe we are handling your personal data incorrectly, we would appreciate it if you contacted us first so we can resolve the issue. However, you always have the right to lodge a complaint with the Swedish supervisory authority:
Swedish Privacy Protection Authority (IMY)
Website: imy.se
Email: imy@imy.se
Changes to this policy
As we update our systems or services, we may need to adjust this policy. The latest version will always be published on our website.