Skip to content 
Privacy policy
Personal representatives of private and corporate customers
24 Center Sverige AB, 2025-10-01
This is a statement on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).
Registry Manager
24 Center Sverige AB
Org. no: 559262-4919
Address: Forsbyvägen 6, 741 40 KNIVSTA
Contact details for data protection issues
Tommy Ekhorn (Head of Scandinavia)
Tel. +46 73 42 25 398
e-mail: [email protected]
Data subjects are advised to contact the above-mentioned contact person in all matters relating to the processing of personal data and in situations concerning the exercise of their personal rights.
Grounds and purposes for processing personal data
The legal basis for processing personal data is:
- Contractual relationship between the data subject and the controller
- The legitimate interest of the controller based on a customer relationship between the data subject and the controller
- Consent of the data subject to the processing of personal data
The purposes of the processing of personal data include the provision of services, the maintenance of customer relations and partnerships, and marketing (with the consent of the data subject).
Personal data processed
The controller only collects from data subjects the personal data that are relevant and necessary for the purposes described in this privacy statement.
The following data are processed about data subjects:
Customer contact details
Name, telephone number, e-mail address, address, coordinates if any, business name and business ID, contact details of business customers' representatives (name, position, e-mail, telephone number)
Identification and billing data
Personal identity number, date of birth, billing addresses (postal address, email address and e-invoice address), account number, tax-related data (e.g. ROT deduction), invoice references, property and housing data for the ROT deduction
Data related to customer orders
Description and instructions about the item (e.g. location, staircase code, registration number, recipient's details), content of the order, type of service and price, status of the order, timestamps and processing steps
Communication tasks
Phone recordings, chat messages, emails, message logs, customer and partner feedback, complaints, customer satisfaction data, data related to loyalty programs, marketing sources (e.g. promotions, website, search engines)
Technical and system-related tasks
Usernames, identifiers, timestamps for integrations and data transfers (e.g. HubSpot, Tracklution), publishing and brokering data, log data, identifiers used in customer and partner systems, attachments (e.g. contracts, reports, invoices, order confirmations)
Disclosure of personal data
As a rule, personal data are not disclosed to third parties. However, data may be disclosed to the following recipient groups:
- Service providers and subcontractors providing IT services, customer communication, financial management, marketing and other support services for 24 Center Sverige AB (e.g. accounting and invoicing services, maintenance of websites and data systems, communication and SMS services).
- Partners to whom the customer's order is transmitted in order to produce the service (e.g. installers and contractors). The partners only receive the information necessary to perform the task.
- Authorities and other actors to whom 24 Center Sverige AB is legally obliged to disclose information (e.g. tax authorities, police or courts).
With all partners and service providers who process personal data, a data processing agreement has been entered into, which ensures that personal data is processed only in accordance with 24 Center Sverige AB's instructions and in accordance with the requirements of the Data Protection Regulation.
Personal data is not regularly transferred outside the EU or EEA. If a transfer is necessary (e.g. via a technical service provider), the controller ensures appropriate safeguards (such as EU standard contractual clauses).
Protection of personal data
The controller processes personal data in a manner designed to ensure appropriate security of the personal data, including protection against unauthorized processing and accidental loss, destruction or damage.
The controller uses appropriate technical and organizational safeguards to ensure this purpose, including the use of firewalls, encryption techniques and secure areas for equipment, appropriate access controls, careful management of user names for information systems, and guidance for staff involved in the processing of personal data.
All staff members processing personal data are subject to confidentiality under employment contracts and specific confidentiality agreements that complement them.
Data retention period
The controller processes personal data for the time necessary to fulfill the agreed service assignment and for the duration of the customer relationship. The customer relationship begins for one-time customers when the customer orders a service from 24 Center Sverige AB and ends when the customer or 24 Center Sverige AB so requires. For contract customers, the customer relationship applies throughout the validity of the agreement.
Once the customer relationship has ended, the personal data will be deleted or anonymized in accordance with the controller's deletion processes within 1 month at the latest, unless there is another legal basis for continued storage.
Legislation (e.g. the Accounting Act (1999:1078) and tax rules) requires certain personal data to be stored for up to 7 years.
If the data subject has consented to the use of the data for marketing purposes, the data may be stored for a maximum of 10 years from the date of receipt, unless the data subject withdraws his or her consent before then.
The controller may also archive data to fulfill customer service and legal obligations. Archiving is carried out in a way that ensures that access to the data is limited and adequately protected.
The controller annually reviews the existence of a valid legal basis for the storage of personal data and deletes data that is no longer needed. The data subject has the right to request the erasure of their data if there is no other legal basis for the processing.
Profiling
The processing of personal data includes profiling. Profiling refers to the automated processing of personal data, whereby certain personal characteristics of the data subject are assessed on the basis of the data. Data subjects are profiled to facilitate the targeting of direct marketing and other communications that correspond to their interests.
Rights of the data subject
Right of access to personal data
The data subject has the right to obtain confirmation as to whether or not his or her personal data are being processed and, if they are, the right to obtain a copy of his or her personal data.
Right to rectify data
The data subject has the right to request the rectification of incomplete and inaccurate personal data concerning them. The data subject also has the right to complete incomplete personal data by submitting the necessary additional information.
Right to erase data
The data subject has the right to request the erasure of their personal data if
a. personal data are no longer necessary for the purposes for which they were collected
b. the data subject withdraws the consent on which the processing of personal data is based and there is no other legal basis for the processing; or
c. personal data have been processed unlawfully.
Right to restriction of processing
The data subject has the right to restrict the processing of their personal data if
a. the data subject contests the accuracy of their personal data,
b. the processing is unlawful and the data subject opposes the erasure of his or her personal data and requests instead that their use be restricted; or
c. the controller no longer needs the personal data for the original purposes of the processing, but the data subject needs them for the establishment, exercise or defense of legal claims.
Right to object
The data subject has the right to object at any time to the processing of personal data on grounds relating to his or her particular situation.
The controller shall no longer process the data subject's personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or where it is necessary for the establishment, exercise or defense of legal claims.
Where the personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his or her personal data for such marketing, including profiling if it relates to such direct marketing.
Right not to be subject to automated decisions
The data subject has the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects or similarly significant effects on the data subject.
The above does not apply if the decision is necessary for entering into, or performance of, a contract between the data subject and the controller or if it is based on the data subject's explicit consent.
Right to withdraw consent
The data subject has the right to withdraw his or her consent to the processing at any time without affecting the lawfulness of the processing previously carried out on the basis of that consent.
Right to transfer data from one system to another
The data subject has the right to receive his or her personal data and the personal data provided by the data subject in a structured, commonly used and machine-readable format and the right to transmit those data to another controller.
Right to lodge a complaint with the supervisory authority
The national supervisory authority for matters relating to personal data in Sweden is the Swedish Authority for Privacy Protection (IMY). You have the right to refer your case to the supervisory authority if you consider that the processing of your personal data is in breach of the applicable legislation.
Amendment of the privacy policy
The controller is continuously developing its business and may therefore need to amend and update its privacy policies as necessary. These changes may also be based on changes in data protection legislation.
If the changes include new purposes for the processing of personal data or otherwise significantly alter the policy, the controller will notify them in advance and, if necessary, seek the consent of the data subjects.