This policy explains how Emirates PD AB (Org.nr 556487-0193) collects, processes, and protects personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Swedish Data Protection Act (2018:218).
1. Data Controller
Emirates PD AB, Strandvägen 7, 114 56 Stockholm, Sweden, is the data controller for personal data collected through our website and during the course of our business. You can reach our Data Protection Officer at dpo@emiratespd.se.
2. What We Collect
We collect only the personal data necessary to operate our business and respond to your enquiries:
- Information you provide via the contact form: name, organisation, email, phone (optional), and the content of your message.
- Information you provide as part of an application: name, contact details, CV, written application, references.
- Limited technical data automatically collected when you visit the site: IP address (anonymised), browser type, pages visited, referrer.
- Optional analytics data via Plausible (no cookies, no cross-site tracking, hosted in the EU).
3. Lawful Basis
We process personal data on the following lawful bases under Article 6 GDPR:
- Consent (Art. 6(1)(a)) — for analytics cookies and marketing communications.
- Contract (Art. 6(1)(b)) — to respond to enquiries and fulfil services.
- Legitimate interest (Art. 6(1)(f)) — to maintain site security and prevent fraud.
- Legal obligation (Art. 6(1)(c)) — to retain records required by Swedish accounting and employment law.
4. Retention
We retain personal data only as long as necessary:
| Data type | Retention period |
|---|---|
| Contact form enquiries | 24 months from last contact |
| Job applications (unsuccessful) | 24 months (with your consent) |
| Job applications (successful) | Duration of employment + 10 years (Swedish law) |
| Client engagement records | 10 years from end of engagement (Bokföringslagen) |
| Site analytics | 14 months, aggregated thereafter |
5. Sharing
We do not sell personal data. We do not share personal data with third parties except:
- With service providers strictly required to operate the site (hosting in the EU, email delivery), under Data Processing Agreements compliant with Art. 28 GDPR.
- When required by Swedish law or in response to a legally valid order from a competent authority.
All data is stored on servers located within the European Union. We do not transfer personal data outside the EU/EEA.
6. Your Rights
Under GDPR you have the right to:
- Access the personal data we hold about you (Art. 15)
- Request rectification of inaccurate data (Art. 16)
- Request erasure ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time, where consent is the basis
To exercise any of these rights, write to dpo@emiratespd.se. We will respond within 30 days.
7. Complaints
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): www.imy.se.
8. Changes to This Policy
We review this policy annually. Material changes will be announced on this page and, where appropriate, communicated by email to those affected. The date at the top of this page reflects the most recent revision.