Privacy Policy

Last updated: 2025-12-10
Plint AB (org. no. 556630-3060)
Kaserntorget 6
411 18 Goteborg

Content (TOC)

Plint AB (“Plint”, “we”, “our”, “us”) is committed to protecting your personal data and ensuring transparency in how we process it. This Privacy Policy explains how we handle personal data about individuals we interact with outside of our internal HR context, including customers, suppliers, freelancers, website visitors, office visitors, and other external contacts.

Plint AB is the data controller for the processing activities described in this Policy, unless otherwise stated.

This Policy does not apply to Plint employees, trainees, or long-term consultants working under Plint’s direction. Those individuals are covered by our internal Staff Privacy Policy.

We aim to keep this Policy clear, relevant, and easy to navigate. To reduce repetition and improve readability, we have added a section describing the general categories of personal data we typically process across most activities. If you need more information than what is provided here, or want to understand exactly what personal data we process about you in a particular context, you are always welcome to contact us at gdpr@plint.com.

You also have several rights under data protection law, which are detailed later in this Policy.

To help you find the information most relevant to you, we structure this Policy according to the types of individuals we interact with and the primary purposes for which we process personal data. These include:

  1. Customer
  2. Potential Customer
  3. Supplier
  4. Freelancer
  5. Website visitor
  6. Offices visitor
  7. Processing activities that apply across categories

Before describing the specific purposes, we outline below the general categories of personal data we commonly process.

General Categories of Personal Data We Process

Across most of our interactions, we may process one or more of the following categories of personal data:

  • Basic contact information (e.g., name, work email, phone number).
  • Professional information (e.g., role, title, employer/company affiliation).
  • Contract-related information (e.g., signatures, signing history, audit logs, positions of authority).
  • Correspondence and communication data (e.g., email communications, instructions, inquiries).
  • System access data (e.g., user accounts, login events, access permissions).
  • Technical data (e.g., IP address, device information, activity logs, browser type).
  • Project or assignment-related information (e.g., quality indicators, deliverables, interaction history).

We do not intentionally collect or process special categories of personal data (such as health information, biometric data, or political opinions). We ask that you do not provide such information unless we explicitly request it for a specific purpose and inform you accordingly.

Categories of Data Subjects

This section applies to individuals who act as contact persons or representatives of companies that purchase localisation services from Plint.

Communicating and Receiving Orders From Customers

What personal data do we process and why?
To communicate with our customers and receive orders, we process basic business contact information such as your name, work email address, phone number, and job title. We also process information that confirms your authority to act on behalf of the customer, as well as any personal data contained in communication related to orders (for example, instructions, clarifications, or other relevant correspondence). This communication normally takes place via email.

Lawful basis and your rights
The processing is necessary to fulfil our legitimate interest in ensuring a valid point of contact and instructions between us and our customers (Legitimate interest, Article 6(1)(f) GDPR).

The lawful basis “legitimate interest” means that we have weighed our need to process your data against your right to privacy. We believe the benefits of the processing – such as clarity in communication and secure delivery of services – outweigh any potential risks or drawbacks to you. You have the right to object to this processing at any time, and we will assess your objection in line with Article 21 GDPR.

Where did we get your data?
We typically receive your personal data:

  • Directly from you
  • From your employer (e.g., when you are designated as a contact person)
  • From contracts or related documentation where your name, role, and contact details appear
  • From correspondence generated during order handling or project communication

Who do we share your personal data with?
We do not share your personal data with external parties for their own independent purposes.
We use certain service providers (data processors) for hosting, communication, and system support. These providers may have technical access to personal data, but only under our documented instructions and subject to data processing agreements.

Our main processors include:

  • Amazon Web Services (AWS) – hosting of internal systems (including Plint Core)
  • Microsoft 365 – email, communication, and collaboration tools

Plint Core is our internally developed localisation platform used to manage projects, resources, assignments, and certain customer-related data throughout the localisation workflow. The platform is fully controlled and maintained by Plint and is hosted in our private AWS environment within the EU/EEA.

Retention period
We retain customer-related personal data for as long as we provide, or are preparing to provide, services to the customer, and thereafter for the applicable statute of limitations related to the contract.

Production and delivery of services

What personal data do we process and why?
To coordinate and deliver localisation services, we use basic contact details of customer representatives, such as name, email address, and phone number.

This information is used for project planning, communication about assignments, and delivery confirmation.

Lawful basis and your rights
The processing is based on our legitimate interest in communicating effectively with customer representatives to deliver the agreed services (Legitimate interest, Article 6(1)(f) GDPR).

We consider this use of your data necessary to ensure quality and fulfil our contractual obligations to your employer. It is limited to what is required for project management and delivery.
You have the right to object to this processing at any time, and we will assess your objection in line with Article 21 GDPR.

Where do we get your personal data from?
We typically obtain your personal data:

  • Directly from you
  • From your employer (when you serve as the designated contact person)
  • From contracts or other documents where your information appears
  • From project-related communication and coordination

Who do we share your data with?
We do not share your personal data with third parties for their own purposes.
However, we use digital tools for project coordination. Some systems used for project coordination are operated directly by Plint, including Plint Core, our internally developed localisation platform used for project and resource management. We also use carefully selected external service providers acting as processors when needed.

Retention period
Personal data linked to a customer profile in Plint Core is retained for up to five years after your last recorded activity (such as login, support interaction, or project involvement), unless contractual or legal obligations require longer retention. The data may be deleted or anonymised earlier when it is no longer needed for the purposes for which it was collected.

System Customer Support

This subsection applies to individuals who use their organisation’s licensed instance of Plint Core, our internally developed localisation platform. System Customers manage their own user accounts within their Plint Core instance, and Plint does not administer or maintain user access on their behalf.

Plint processes personal data only when providing support or handling issues related to the service.

What personal data do we process and why?
To provide support to system customer users and manage communication related to the functionality and development of the service, we process:

  • Your name
  • Your work email address
  • Information you include when contacting us for support (for example in emails or ticket descriptions).

We use this information solely to provide you with access to our support platform in Jira (Atlassian) and to respond to support requests, communicate about updates, improvements and other development-related information connected to your organisation’s Plint Core instance.

Lawful basis and your rights
The processing is based on our legitimate interest in assisting authorised system customer users and ensuring the functionality of the service (Article 6(1)(f) GDPR).

You have the right to object to this processing at any time, and we will assess your objection in line with Article 21 GDPR.

Where did we get your data?
Your information is usually provided directly from you when you contact us or from your employer when they involve you in a support conversation.

Who do we share your data with?
We do not share your personal data with any third parties for their own independent purposes.
Support communication may be handled using email and issue-tracking tools operated by Plint or by trusted service providers acting as processors under our documented instructions.
Only authorised Plint staff have access to support-related information.

Retention period
We retain support-related personal data only for as long as it is needed to manage and follow up on the support matter and for a reasonable period thereafter, if necessary, to document the issue and its resolution.

This refers to individuals representing companies who may be interested in our services and whom we interact with in a sales or marketing context.

What personal data do we process and why?
To communicate with potential customers, provide information about our services, and discuss possible collaboration, we may process:

  • Your name
  • Your work email address
  • Your job role or title
  • Other business contact details you or your organisation provide
  • Publicly available business contact information (e.g., on your company’s website or LinkedIn)

We process this data to maintain contact, respond to enquiries, provide quotations, and share relevant information about our services.

Lawful basis and your rights
We process your personal data based on our legitimate interest in informing prospective customers about our services (Article 6(1)(f) GDPR).
We have assessed this interest to ensure that the processing is appropriate and conducted in a way that respects your privacy. Only limited business-related contact information is used, and solely for relevant business-to-business communication.

You have the absolute right to object to the use of your personal data for direct marketing purposes at any time. If you choose to do so, we will immediately stop all marketing-related processing and communication in accordance with Article 21(2) GDPR.

Where did we get your data?
We collect contact details primarily through existing professional relationships, ongoing business conversations, or direct enquiries from you or your organisation.
When identifying new potential customers, we may gather publicly available business contact information, typically from your company’s website or from LinkedIn, where you have chosen to make such details available.

Who do we share your data with?
We do not share your personal data with any third parties who use it for their own purposes. However, we do use trusted service providers, such as email platforms, to help us communicate with you. We may also use third party customer management tools. These providers process your data only on our behalf and according to our instructions (as processors).

Retention period
We retain your personal data only for as long as it is relevant for sales outreach and business communication. We periodically review our contact records and delete personal data that is no longer needed or when you request not to be contacted.

This section applies to individuals who act as contact persons for companies supplying products or services to Plint. This includes suppliers involved in administrative or operational services as well as subcontractors or production partners contributing to our localisation workflows.

General Supplier management

What personal data do we process and why?
To manage our relationship with suppliers and ensure effective cooperation, we may process:

  • Your name
  • Your work email address
  • Your job role or title (where relevant)
  • Information you provide in communication, questionnaires, or other type of documentation.

We use this information to maintain the supplier relationship, coordinate operational work, assess risks, and fulfil contractual obligations toward our suppliers, customers, and partners.

Lawful basis and your rights
The processing is based on our legitimate interest in managing supplier relationships and fulfilling requirements under contracts with both suppliers and customers (Legitimate interest, Article 6(1)(f) GDPR).

We believe this use of supplier personal data is necessary and limited to what is required for professional communication and compliance with customer expectations.

You have the right to object to this processing. If you do, we will assess your objection and either stop the processing or make adjustments accordingly if your interests override ours.

Where did we get your data?
Any personal data processed for this purpose is provided directly from you or from your employer through agreements, onboarding, questionnaires, or communication related to the engagement.

Who do we share your data with?
We do not share supplier personal data with third parties for their own independent purposes. We use digital systems to store and manage supplier-related information. These systems may be:

  • Operated directly by Plint (such as Plint Core, our internally developed localisation platform used in our operational workflow)
  • Provided by trusted service providers acting as processors under our documented instructions (e.g., Microsoft 365, Atlassian)

Access is restricted to authorised Plint staff who require the information to manage supplier collaboration.

Retention period
We review supplier contact information periodically to ensure it remains relevant. Personal data in a supplier user profile within Plint Core is retained for up to five years after the last recorded activity.
Supplier security questionnaires or related documents that include personal data are retained for as long as the supplier remains active and for up to two years after the collaboration ends.

IT system access for suppliers

What personal data do we process and why?
If you are a supplier and need access to our IT systems as part of your assignment and our collaboration, we typically process:

  • Your name
  • Your email address
  • User account details (if applicable)

This information is necessary to provide secure and controlled access to our systems and to ensure that authorised individuals can perform their tasks.

Lawful basis and your rights
The processing is based on our legitimate interest in enabling secure and controlled access to IT systems for external parties who work with us (Legitimate interest, Article 6(1)(f) GDPR).

We consider this necessary to fulfil contractual obligations and maintain effective collaboration with your company. The processing is limited to the information required for system access and monitored accordingly.

You have the right to object to this processing. If you do, we will assess your objection and stop the processing or make adjustments accordingly if your interests override ours.

Where did we get your data?
Your details are typically provided by you or your employer when IT access is required as part of the engagement. Personal data can be provided to us via agreements/contracts.

Who do we share your data with?
We do not share supplier access data with third parties for their own purposes.

Depending on the system in question, some services may be hosted by trusted providers who process your data on our behalf and under our instructions.

Retention period
Your personal data is only processed for as long as access to the system is needed. Once your assignment ends or access is no longer required, your user account and related data are deleted/anonymized. Any supplier personal data in Plint Core, will be kept for maximum 5 years since last activity.

Payment processing for Suppliers

What personal data do we process and why?
To manage payments to suppliers, subcontractors, and production partners, we process:

  • Your name
  • Your email address
  • Your address (where applicable)
  • Bank account or payment details included on invoices or agreements

This information is necessary to process payments, maintain financial records, and comply with accounting requirements.

Lawful basis and your rights
The processing is based on our legitimate interest in fulfilling our contractual and financial obligations and maintaining effective working relationships with our partners (Legitimate interest, Article 6(1)(f) GDPR).
We consider this a necessary and proportionate use of your personal data in a business context. You have the right to object to this processing. If you do, we will assess your objection and stop or adjust the processing if your interests override ours.

Where did we get your data?
Your information is usually provided by you or your employer in the course of our collaboration for example, through invoices, agreements, registration forms, or direct communication.

Who do we share your data with?
We share relevant data with our banking partners for the purposes of executing payments. Your information is also stored in our internal financial systems, which are accessible only to authorised staff.

Retention period
We retain personal data related to payments for seven years in accordance with the Swedish Accounting Act (bokföringslagen).

Freelancers are individuals who apply to work with Plint or who perform assignments for us as independent resources. This section explains how we process personal data throughout the freelancer lifecycle, from application to collaboration and performance evaluation.

Recruitement and Onboarding of freelancers

What personal data do we process and why?
When you apply to collaborate with Plint as a freelancer, we process the information you provide in your application and throughout onboarding. This may include:

  • Your Name
  • Your Contact details (email address, phone number)
  • Your Address
  • Experience, education, language skills, and other information relevant to your professional profile
  • Account information, such as username and password, which you use to access Plint Platforms.
  • Payment details (where applicable)
  • Your signature and contact details in agreements you sign with us

In some cases, as part of our identity verification during onboarding, we may ask you to provide a copy of your ID card. This is done to ensure the accuracy of your personal information and to confirm your identity:

  • You may provide the ID copy either by email or by uploading it to Plint Core.
  • We review the ID to verify your identity.
  • We delete the copy immediately after the review, regardless of whether it was sent by email or uploaded to Plint Core.

We do not retain ID documents after verification.

We process this data to assess your qualifications, verify your identity when needed, match your profile to available work, and complete onboarding if you are selected as a freelancer.

Lawful basis and your rights
Processing during recruitment is based on our legitimate interest in identifying, evaluating, and verifying qualified freelancers (Article 6(1)(f) GDPR).

Once you enter into a collaboration with Plint, certain processing becomes necessary for the performance of the contract or general terms you sign with us (Article 6(1)(b) GDPR). This includes, for example, creating your Plint Platform account and sharing your name and work email address with a customer when system access or collaboration is required for you to perform the assignment.

You have the right to object to processing based on our legitimate interests. If you do, we will assess your objection and take appropriate steps.

Where did we get your data?
All onboarding and application data, including any ID copy provided for verification, is obtained directly from you.

Who do we share your data with?
We do not share your personal data with any third parties for their own independent purposes.
We do use digital platforms to store and process freelancer-related information. These systems may be:

  • Operated directly by Plint (such as Plint Core, our internally developed localisation platform)
  • Operated by trusted service providers acting as processors under our documented instructions

In some assignments, we may share your name and work email address with a customer when direct access or collaboration is required for you to perform the work. In these cases, the customer becomes an independent data controller for the personal data they receive and processes it according to their own purposes and privacy information.

Retention period

  • If you are not onboarded, your application data is retained for up to three years.
  • If you are onboarded, your data is retained for up to five years after your last recorded activity in Plint Core.
  • Freelancer agreements and related signing information are retained for as long as required by applicable legal or contractual obligations, typically seven to ten years.
  • ID copies used for verification are deleted immediately after the identity review and are not stored.

Background Screening of Freelancers

What personal data do we process and why?
As part of our onboarding process for freelancers, we may conduct basic background checks to verify professional information and ensure a reliable collaboration. This typically includes:

  • Your name
  • Publicly available professional information (e.g., LinkedIn profile, website, portfolio)
  • Other information you provide during onboarding

These checks help us confirm your identity, assess your professional background, and ensure that the information provided during onboarding is accurate.

In rare cases, if we identify a specific need (for example, risk indicators or information required for a particular project), we may also conduct a sanctions-related check by comparing your name with publicly available sanctions lists. This is not part of our routine onboarding workflow.

Lawful basis and your rights
Processing is based on our legitimate interest in ensuring a trustworthy and secure collaboration with freelancers (Article 6(1)(f) GDPR).

You have the right to object to processing based on legitimate interests. If you do, we will assess your objection according to Article 21 GDPR.

Where did we get your data?
We collect information:

  • Directly from you during onboarding
  • From publicly available sources (such as LinkedIn or professional websites)
  • From sanctions lists only if a specific need for such a check arises

Retention period
Background screening is generally based on publicly available information and is not separately stored.

If a sanctions-related check is carried out, we do not store any results, unless legally required to document a match.

Freelancer Quality Assessment and Data Insights

What personal data do we process and why?
To evaluate performance levels, identify training needs, support operational planning, and perform general business analytics related to our freelancer network, we may process:

  • Your name and user ID,
  • Your email address and where relevant, your address
  • Localisation skills
  • Performance indicators or quality metrics generated as part of your work
  • Capacity or delivery-related data
  • Internal notes for quality and operational purposes
  • Other non-sensitive information needed for aggregated reporting, statistical analysis, or understanding geographic distribution (for example, country of residence)

This helps us understand quality levels, identify training needs, ensure freelancers are appropriately matched to assignments and produce aggregated insights to support business decisions.
Some performance information may be shown to you in your freelancer portal.

Our analytics may be used to support planning, training needs and quality assessments, but they do not determine outcomes automatically and are always supported by human judgement. They are not used for automated decision-making

Lawful basis and your rights
The processing is based on our legitimate interest in monitoring assignment quality and managing our network of freelancers (Article 6(1)(f) GDPR).

We do not use this data for automated decision-making. All evaluations involve human review and judgement.

You have the right to object to this processing at any time, and we will assess your objection in line with Article 21 GDPR.

Where did we get your data?
Performance-related information is generated through your assignments and through internal workflows. Additional analytics data may come from contact information or operational systems that you interact with.

Who do we share your data with?
We use tools such as Microsoft Office365 and Power BI to visualise and analyse performance metrics (accessed only by authorized internal staff). These tools are operated by service providers that act on our behalf and under our instructions. Your data is not shared with anyone for their own purposes.

Retention period
We retain analytics-related personal data only while your freelancer profile remains active in Plint Core. When your personal data is anonymised or removed in Plint Core, the corresponding data in our analytics tools is also anonymised or removed. Analytics datasets may be retained in aggregated or non-identifiable form for reporting and statistical purposes.

System usage monitoring for troubleshooting and support

What personal data do we process and why?
To maintain and improve the stability and user experience of Plint’s applications and tools used in our localization services, we may collect information about user interactions and system events through an analytics and monitoring service. This includes data about how users navigate and interact with the system, as well as technical logs and performance information. The purpose is to detect and resolve technical issues, understand usage patterns, and provide efficient support.

The personal data processed may include:

  • Unique identifiers, such as a session ID, browser ID, or other pseudonymous identifiers.
  • Interaction and usage data, including how you navigate and interact with our tools and interfaces (for example: clicks, scrolls, mouse movements, page views, search actions, form interactions, timestamps, and user flow patterns).
  • Technical and device information, such as browser type and version, operating system, device type, screen resolution, language settings, loading times, and error or diagnostic logs.
  • Session-replay or interface-rendering data, such as information about how pages or interface elements were displayed, structured, or updated during your session. Content fields that may contain personal data are masked or excluded by default to avoid capturing text you enter into input fields (e.g., names, email addresses, passwords).

If we use a third-party behavioural analytics tool that requires consent we will obtain your consent first and provide tool-specific information at that time, including details about the tool’s data collection, retention, and storage locations.

Lawful basis and your rights
As a general rule, the processing is based on our legitimate interest in ensuring the security, functionality, and performance of our systems, and in providing technical support to our users (Article 6(1)(f) GDPR).
In certain cases, we may use third-party tools or service providers who act as independent Data Controllers for specific types of monitoring or analytics. In those cases, the processing may rely on your consent (Article 6(1)(a) GDPR), which will be explicitly requested before any such data collection takes place.
We have assessed that our legitimate interest is necessary and proportionate. The data is used exclusively for support, troubleshooting, and improvement purposes and not for performance evaluation.
You have the right to object to processing based on legitimate interest, or withdraw your consent at any time if consent is the applicable lawful basis.

Where did we get your data?
The data is generated automatically through your interactions with the Plint’s applications and tools.

Who do we share your data with?
The data may be processed using monitoring or analytics services operated by trusted providers. These providers may act either as Processors on our behalf and under our documented instructions, or in certain cases as independent Controllers responsible for their own processing activities.
Where a provider acts as a Controller, you will be informed and asked to give your consent before any processing takes place.
The information may be stored within the EU/EEA or transferred to countries with appropriate safeguards in place (such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses).
Data is only accessible to authorised Plint staff and is not shared with any third parties for their own purposes without your consent.

Retention period
We retain analytics and monitoring data only for as long as necessary to fulfil the purposes described above. Interaction-level data is normally kept for a short period (e.g., weeks), while aggregated usage insights may be stored for a longer period (up to approximately one year).
If third-party providers have their own retention timelines, these will apply when they act as independent Controllers and will be communicated to you when consent is requested.

This refers to individuals who visit our website and whose data may be processed through cookies, forms, or other online interactions.

Website visits and cookies

What personal data do we process and why?
When you visit our website (plint.com), we use cookies and similar technologies to collect data. Some cookies are strictly necessary for the website to function properly, while others are used for analytics and marketing purposes.
This may involve collecting:

  • Your IP address
  • Device and browser information
  • Information about how you interact with our website

Lawful basis and your rights
For cookies that are not strictly necessary, we rely on your consent (Consent, Article 6(1)(a) GDPR). You decide whether we may use these cookies, and your choice can be changed at any time via the cookie banner.

You have the right to withdraw your consent at any time without affecting the lawfulness of processing before the withdrawal. You can manage your preferences through the banner that appears the first time you visit the site – and which is always accessible in the lower left-hand corner of the page.

Cookies that are essential for the website to work are placed without consent. These are used solely to ensure basic functionality and do not track your behaviour for other purposes. If any of these cookies involve the processing of personal data, we rely on our legitimate interest in providing a secure and functional website (Article 6(1)(f) GDPR).

Where did we get your data?
The data is collected directly from your device when you access our website.

Who do we share your data with?
We may use trusted service providers for cookie management and analytics. These providers process data on our behalf and only according to our documented instructions.
We use Cookiebot to manage your cookie preferences and log your consent.
Full details about the specific cookies used on our website are available through the Cookiebot banner, where you can also view cookie durations and purposes.

Retention period
Cookies are stored on your device for a limited time, depending on their type and purpose. You can see exactly which cookies we use, how long they last, and what they do by clicking “Change your consent” in the cookie banner.

This refers to individuals who physically visit any of our office locations, including clients, suppliers, partners, or other external guests.

Camera surveillance

What personal data do we process and why?
When you visit our offices, you may be recorded by our camera surveillance system. The footage is silent (no sound) and limited to video images from designated areas. The purpose of the surveillance is to prevent and investigate crime, vandalism or other security-related incidents, and to help us follow up on suspicious activity if needed.

Lawful basis and your rights
We rely on our legitimate interest in ensuring the safety and security of our premises, equipment, staff and visitors (Legitimate interest, Article 6(1)(f) GDPR).

We have assessed that this processing is proportionate and limited to designated areas where surveillance is necessary. The full camera surveillance privacy information is available at: https://plint.com/kamerabevakning-se/

Please note that our detailed balancing of interests assessment (LIA) for camera surveillance is performed internally and is not published.

You have the right to object to processing based on legitimate interests. If you do, we will assess your objection according to Article 21 GDPR.

Where did we get your data?
The video footage is collected automatically by our camera system when you enter the monitored areas of our premises. We have signs at every entrance and exit doors. For more information, see https://plint.com/kamerabevakning-se/

Who do we share your data with?
We do not share the footage with any third parties unless required to do so by law. In cases of suspected or confirmed criminal activity, footage may be shared with the police or other competent authorities upon request.

Retention period
The footage is stored for a maximum of 30 days and then automatically deleted, unless it is needed for an ongoing investigation.

Additional information
Signs are clearly displayed at all entrances to the monitored areas, including a QR code that links to our full Camera Surveillance Privacy Policy. Only a limited number of authorised staff members have access to recorded material or live monitoring. Strict internal rules apply, and access is regulated and documented based on roles and responsibilities.

Visitor registration

What personal data do we process and why?
When you visit our office, you may be asked to register your visit by providing your name, signature and host for the visit. This helps us keep track of who is in our facilities at any given time, for safety, security and contractual reasons.

Lawful basis and your rights
The processing is based on our legitimate interest in ensuring office security and fulfilling our obligations of compliance to security standards (Legitimate interest, Article 6(1)(f) GDPR).

We consider this a limited and proportionate use of your data. It helps us protect both our staff and our customers’ interests by being able to verify who accessed our premises.

You have the right to object to processing based on legitimate interests. If you do, we will assess your objection according to Article 21 GDPR.

Where did we get your data?
Visitor provides the details directly in the visitor registration system at arrival.

Who do we share your data with?
We do not share your data with anyone outside of Plint. Only a small number of authorised administrators have access to the visitor logs.

Retention period
We keep a secure log of visitor names for 365 days, after which the data is automatically deleted or anonymised.

Data security
The visitor system is protected by technical and organisational security measures. Both the system and the supplier have been risk-assessed according to our internal routines for system and supplier security.

Processing activities that apply across categories

Some processing activities apply to multiple types of individuals, including customers, system customers, freelancers, suppliers, and office visitors. This section explains those cross-category activities.

Contracts and agreements

What personal data do we process and why?
When signing contracts or other agreements with us, we collect certain personal data to enable and verify the digital signature process.
This includes:

  • Your name, role and contact details (e.g., email address or phone number)
  • In some cases, national identification number or similar (e.g. for HR contracts)
  • Audit data such as IP address, timestamp and digital proof of consent
  • Any other personal data that may be included in the signed document
    We use this data to ensure that the agreement is valid and legally binding, and to meet legal, administrative or operational requirements.

Lawful basis and your rights
The processing is necessary for the performance of a contract (Article 6(1)(b) GDPR), or to take steps at your request prior to entering a contract.

If your role in the signing process is not contractual but representative (e.g., signing on behalf of your company), we base the processing on our legitimate interest in managing binding agreements and keeping appropriate records (Article 6(1)(f) GDPR).
You have the right to object to this processing if we rely on legitimate interest. We will assess your objection and take appropriate action.

Where did we get your data?
Your data is provided by you when reviewing or signing the document, or by the party that added you as a signatory or reviewer.

Who do we share your data with?
We use a trusted electronic signature service provider. In some cases, your data may be viewed by other parties involved in the agreement – including parties located outside the EU – but the signed document is stored within the EU.

Retention period
We retain agreements and related signing information for as long as the agreement is valid and for the period required by applicable law or contractual obligations. This typically ranges from seven to ten years.

Access to Plint Premises (building access control)

What personal data do we process and why?
If you are granted personal access to Plint’s premises we process certain personal data to manage and monitor your access rights. This includes:

  • Your name,
  • Your email address
  • Your company affiliation
  • Access logs (date and time of entry and exit)

The purpose is to ensure the security of our premises, equipment, and information by maintaining controlled access and traceability of who enters our facilities.

Lawful basis and your rights
The processing is based on our legitimate interest in protecting our premises and ensuring secure access control (Article 6(1)(f) GDPR).
You have the right to object to this processing. If you do, we will assess your objection according to Article 21 GDPR.

Where did we get your data?
Your data is provided either directly by you or by the organisation you represent (such as your employer). Organisations that supply staff with access rights are responsible for informing us immediately when an individual is replaced or no longer requires access, so that credentials can be revoked and data removed.

Who do we share your data with?
We do not share your access data with any external parties for their own purposes. Access control information is stored in our secure access management system, which is hosted by trusted service providers acting as data processors. These providers only process the data according to our documented instructions.

Retention period
Access rights are removed as soon as they are no longer needed.
Access logs are stored for a limited time (normally 30–90 days) for security and incident-tracking purposes unless a longer retention period is required in connection with an investigation.

Newsletters and Informational Emails

What personal data do we process and why?
We occasionally send newsletters and informational emails to individuals in our professional network. This may include freelancers, supplier contacts, customer representatives, and other business contacts — including individuals at companies we have not yet worked with. We may process your name, email address, company name, and role/title to keep you informed about updates, tools, procedures, opportunities, and other information relevant to your professional relationship or potential collaboration with Plint.
We only send newsletters related to our services and professional activities, and you can opt out at any time by following the unsubscribe link in each email.

Lawful basis and your rights
The legal basis for sending these communications is our legitimate interest in maintaining effective and relevant communication with our professional network, including active freelancers, suppliers, and customers (Article 6(1)(f) GDPR).

If you have not worked with us recently, or if we contact you without a prior business relationship, we will rely on your consent instead (Article 6(1)(a) GDPR).

You can unsubscribe or object at any time, and we will stop sending newsletters or informational emails without delay. This is your right under Article 21(2) of the GDPR, and each message contains a clear unsubscribe option.

Please note that for active freelancers, these communications may include important information required for ongoing assignments and collaboration. Therefore, remaining subscribed is part of maintaining an active freelancer profile with Plint. If you choose to unsubscribe, we may interpret this as an indication that you no longer wish to remain active and may contact you to confirm or deactivate your profile accordingly.

Where did we get your data?
Your contact details are usually provided by you or your employer during onboarding, collaboration, or communication with us. In some cases, your details may have been registered based on your role at a customer, supplier or partner company.
Freelancer email address is provided to us via application form.

Who do we share your data with?
We do not share your personal data with any third parties for their own independent purposes.
To send newsletters and manage mailing lists, we use a combination of internal tools and external service providers that help us deliver email communication. These providers act solely as data processors, meaning they only process your personal data on our behalf and according to our documented instructions.
The specific tools used for this purpose may change over time, but all providers are carefully assessed and covered by appropriate data processing agreements.

Retention period
We only keep your data for newsletter purposes while you are an active contact or until you unsubscribe. If you opt out, your details will be promptly removed from the mailing list. In the case of freelancers, we may also deactivate your profile if you have not worked with us for a long time.

Your Rights

You have several rights under data protection law. These include the right to:

  • access your personal data,
  • correct inaccurate or outdated data,
  • request deletion of data under certain circumstances,
  • object to processing based on legitimate interests or direct marketing,
  •  request restriction of processing, and
  • receive your data in a structured, commonly used format (data portability) where the legal basis is consent or contract.

If you wish to exercise any of your rights, or just ask a question, please contact us at gdpr@plint.com. We promise to respond without unnecessary delay.

Supervisory authority

You also have the right to lodge a complaint with a supervisory authority, in the country where you live or work, or where you think your data has been processed in violation of the law. In Sweden, this authority is:

Integritetsskyddsmyndigheten (IMY)
Website: www.imy.se
Email: imy@imy.se
Phone: +46 (0)8 657 61 00

How we protect your data

We apply a combination of technical, organisational, and administrative safeguards to protect personal data against loss, misuse, unauthorised access, disclosure, or alteration. These safeguards include:

  • Access controls and role-based permissions
  • Encryption and secure data transfer
  • Activity logging and audit trails
  • Staff training and access routines
  • ISO/IEC 27001 certified Information Security Management system

Security measures are adapted to the nature and sensitivity of the personal data processed.

Where your data is processed and who we share it with

We use several digital systems to manage communication, recruitment, project coordination, and financial operations. These systems are either operated directly by us or by carefully selected service providers acting as data processors on our behalf.

These service providers may supply:

  • cloud-based infrastructure and hosting services
  • communication and collaboration tools
  • analytics and reporting platforms
  • support and issue-tracking systems
  • financial and administrative systems

We do not share your personal data with any third parties for their own independent purposes, unless this is necessary for the performance of a contract or required by law. In such cases, the third party acts as an independent data controller and processes your personal data according to their own purposes and privacy information.

The only common examples of this are:

  • Public authorities, when required by law or to protect legal rights.
  • Independent recipients involved in contract signing (e.g. counterparties), who receive a copy of the agreement.

All sharing is limited to what is necessary and protected by appropriate safeguards.

International data transfers

Most of our processing takes place within the EU/EEA. However, some of our external service providers or their sub-processors may process personal data outside the EU/EEA.

If any provider processes personal data outside the EU/EEA, we ensure an adequate level of protection through mechanisms such as:

  • Standard Contractual Clauses approved by the European Commission
  • The EU–U.S. Data Privacy Framework (where applicable)
  • Additional contractual or technical safeguards

Before engaging service providers located outside the EU/EEA, we assess the transfer risks and ensure that appropriate safeguards are in place. Where necessary, we implement additional technical or organisational measures to ensure a level of protection essentially equivalent to that guaranteed within the EU/EEA.

You may contact us if you would like more information about international transfers.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business practices. When we make significant changes, we will publish the updated version on this page and indicate the date of the latest revision.
This Privacy Policy was last updated on 2025-12-10

Contact

If you have any questions about this Privacy Policy or how we process personal data, you can contact us at:

gdpr@plint.com

Plint AB
Kaserntorget 6
411 18 Göteborg, Sweden