Effective Date: [Insert Date]
Data Controller: [Company Legal Name]
Registration No: [Insert] | Address: [Insert] | Email: [Insert]
1. Introduction and Scope
This Privacy Policy describes how [Your Platform Name] (“we”, “us”, or “our”) collects, uses, and discloses your personal data.
- Commitment: We process data in accordance with the General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (Dataskyddslagen).
- Definitions: For the purposes of this policy, “User” refers to those seeking services, and “Expert” refers to independent service providers. Both are collectively referred to as “Platform Users.”
2. Information We Collect
We collect information through three primary channels:
- Account Data: Email address, name, and hashed password. For Experts, we may collect business names, registration numbers, and professional profiles.
- Service Request & Offer Data: We collect the content of “Service Requests” posted by Users (including project descriptions, categories, and general locations) and the “Offers” or quotes submitted by Experts.
- Communication Data: Metadata and content of all messages exchanged via our internal messaging tool between Users and Experts.
- Technical Data: IP addresses, browser types, device identifiers, and interaction data collected via cookies.
3. Purposes and Legal Bases for Processing
We process your data under the following legal frameworks:
- Contractual Necessity (Art. 6(1)(b) GDPR): To facilitate the posting of Service Requests, allow Experts to submit Offers, and enable communication between parties.
- Legal Obligation (Art. 6(1)(c) GDPR): To comply with the EU Digital Services Act (DSA) regarding illegal content reporting and Swedish tax/accounting laws.
- Legitimate Interests (Art. 6(1)(f) GDPR): To prevent fraud, ensure platform security, monitor for compliance with our Terms, and improve the user experience.
- Consent: For non-essential cookies or direct marketing communications.
4. How Data is Shared Between Users
The Platform is designed to connect parties. Therefore, data sharing is central to our service:
- User to Expert: When a User posts a Service Request, the details of that request (excluding private contact information unless provided) are visible to Experts to allow them to evaluate and respond with an Offer.
- Expert to User: When an Expert submits an Offer, their professional profile and quote details are shared with the requesting User.
- Contact Disclosure: Private contact details are only disclosed between a User and an Expert when a User explicitly accepts an Offer or shares such details within the messaging tool.
5. Third-Party Sharing
We do not sell personal data. We share data only with:
- Sub-processors: Trusted vendors for cloud hosting, database management, and email delivery, governed by Data Processing Agreements (DPAs).
- Authorities: Law enforcement or regulatory bodies when required by a valid legal order or under DSA mandatory reporting obligations.
6. Data Retention
- Active Accounts: Data is retained for the duration of your account’s existence.
- Service Requests & Listings: These remain active for 30 days and are moved to an administrative buffer for 7 days before permanent deletion or anonymization, unless renewed by the Expert.
- Messages: Archived for the duration of the account lifecycle to ensure safety, fraud prevention, and compliance with the DSA.
7. Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access & Portability: Request a copy of your personal data.
- Rectification & Erasure: Correct inaccurate data or request deletion of your information.
- Restriction & Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdrawal of Consent: Revoke consent for cookies or newsletters at any time.
- Complaints: You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY).
8. International Transfers
We prioritize storing data within the European Economic Area (EEA). If any data is transferred outside the EEA, we implement Standard Contractual Clauses (SCCs) to ensure a level of protection equivalent to that of the GDPR.
9. Contact Information
For questions regarding your privacy or to exercise your rights, contact: Email: [Insert Specific Privacy Email]
