Skip to main content
AI ACT GOV EUROPE
Legal

Privacy Policy

Last updated: 2026-05-29

1. Who we are

AI Gov Europe AB (Swedish corporate identity number to follow once published) is the data controller for personal data collected through this website. Contact: privacy@aiactgov.eu.

2. What we collect

Through our forms (Compliance Snapshot request, contact, and partner enquiry) we collect: organisation, name, title, email, and phone number. The partner form also collects type of business and your message. We do not run analytics, advertising trackers, or social media pixels on this site.

3. Why we collect it

To respond to your enquiry and follow up about a Compliance Snapshot or partnership. Legal basis: legitimate interest (GDPR Article 6(1)(f)) for B2B prospect follow-up, contractual necessity (Article 6(1)(b)) once a Compliance Snapshot or partnership engagement is agreed.

4. How we store and handle it

Form submissions are processed by AI Gov Europe AB and routed through a transactional email provider (currently Resend) hosted in the EU. Active prospect and customer records live in our internal CRM hosted on EU infrastructure. We do not sell your data and we do not share it with advertising or analytics platforms. The current list of sub-processors can be requested from privacy@aiactgov.eu.

5. How long we keep it

Prospect enquiries: 24 months from the last contact, after which the record is deleted or anonymised. Records tied to a signed engagement: kept for the duration of the engagement, then 7 fiscal years from the end of the contract year as required by the Swedish Accounting Act (Bokföringslagen 1999:1078). You can request earlier deletion at any time, subject to the legal retention obligations.

6. Your rights

Under the GDPR you have the right to access, correct, delete, port, and object to processing of your personal data, and to lodge a complaint with a supervisory authority. In Sweden the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

7. International transfers

Our hosting and processors are based in the EU/EEA. Where a sub-processor stores data outside the EEA, we rely on the European Commission Standard Contractual Clauses (SCCs) and assess the transfer per Schrems II. We do not currently transfer personal data to the US.

8. Global Privacy Control

We honour the Sec-GPC ("Global Privacy Control") signal sent by your browser. The signal is recorded but, since we do not sell or share personal data with advertising platforms, it does not change how your enquiry is handled.

9. Contact

privacy@aiactgov.eu · Postal address available on request.