This privacy policy comes into effect from 2025-06-17.
This privacy policy is between Ventara Sweden AB (org. no 559435-5165) called the vendor below and the customer that is using products and services from the vendor.
The vendor is sometimes personal data controller and somtimes personal data processor. This privacy policy is for the cases when the vendor is personal data controller. For the personal data that the customer stores in the system about its own customers the vendor is personal data processor. In that case the personal data processor agreement is used from appendix 1 in the general terms.
Personal data controller is Ventara Sweden AB (org. no 559435-5165). The company can be reached the following way:
E-mail: gdpr@ventara.se
Below is a list of personal data that is processed and how it is being used.
| Area | Personal data | Purpose with processing | Receiver | Legal basis | Storage time * | Place |
|---|---|---|---|---|---|---|
| User account | Name | The name on the account is used to see who is doing changes in the ERP system and the accounting. It will be visible for all users in the company where the user is connected. The audit trail where you can see who made what is fundamental in accounting. | Suppliers of data centers, other users in the same companies, the vendor's support department | Agreement, balance of interest and legal requirement. | As long as there are companies connected to the user. Inactive accounts without company connection will be removed after 2 years. | Sweden |
| User account | The e-mail address is used to send the user important information about the account. It will be visible for all the users in the connected companies. It is also used when a company want to invite a new user. | Suppliers of data centers, other users in the same companies, the vendor's support department | Balance of interest | As long as there are companies connected to the user. Inactive accounts without company connection will be removed after 2 years. | Sweden | |
| Company account | Company name, government ID, company type, address | Company name, government ID and address is used to create customer invoices. Company type is used to adjust the system based on company type. It is currently used to adjust which reports can be created and how the reports looks like. This data will be visible for all users of a company. | Suppliers of data centers, customers, other users in the same companies, the vendor's support department | Agreement, balance of interest and legal requirement. | As long as the company has saved accounting, customers, vendors or employees the company will be saved. Inactive accounts without data will be removed after 2 years. | Sweden |
| Logins | Reference to the user account and IP address | We save successful and failed logins to ensure that the service is not abused. | Suppliers of data centers, the vendor's support department | Balance of interest | 1 year | Sweden |
| Invitation to new customers | Company name, address | In order to invite new customers we will store company name and address for newly registered companies to send them invitation letters. The source for this is Bolagsverket and other companies that provide data from Bolagsverket. | New customers, the vendor's marketing department | Balance of interest | Personal data for invitations will be removed after 1 year. | Sweden |
| E-mail to us | Name, e-mail and other data you send to us | In the case where you contact us via e-mail personal data apart from e-mail and name could be shared with us. | Suppliers of e-mail, the department of the vendor that you sent the e-mail to. | Balance of interest | E-mail will be removed after 10 years | EU / USA |
| Customer invoices | Name, address, what was bought | In the case where something was bought from us an invoice is generated which must be saved. | Suppliers of data centers, the vendor's accounting department | Balance of interest and legal requirement. | 10 years | Sweden |
| Vendor invoices | Name, address, what was sold | In the case we buy something from our suppliers and invoice will be booked and it must be saved. | Suppliers of data centers, the vendor's accounting department | Balance of interest and legal requirement. | 10 years | Sweden |
| Employees - salaries | Name, government ID, address | We save information about our employee's name, government ID and address to be able to do payroll and have a register of employees. | Suppliers of data centers, the vendor's HR department, the vendor's accounting department | Agreement and legal requirement. | 10 years | Sweden |
| Employees - internal education | Name | We save the name of employees that have done internal education. | Suppliers of data centers, the vendor's HR department | Balance of interest | 10 years | EU / USA |
| Recruitment | Name, CV | We will save job applications to be able to recruit. | Suppliers of data centers, LinkedIn | Balance of interest | 2 years | EU / USA |
*) We use backups which may result in an additional 90 days of storage after the data has been removed until all old backups have been purged. It could happen that we in rare cases need to save data for a longer period of time to investigate some issue. In these rare cases the data could be saved for upp to 2 years.
Personal data will primarily be stored in Sweden. E-mails will be stored in EU / USA.
Production data will be stored in AWS data centers in Sweden.
Backup data will be stored in Azure data centers in Sweden.
The customer approves that personal data could be transferred to countries outside of EU / EES. During such transfers encryption will be used to ensure a high security.
Send a message to gdpr@ventara.se if you wish to receive an export of the personal data that we have stored about you.
You have the right to be forgotten. Regarding your user account you could remove it yourself. Contact us on gdpr@ventara.se if you would like help with that of if you want us to remove you from other databases.
In some cases we need to retain your personal data by law. That can for example be if we sent you an invoice. Then we need to save the personal data on the invoice.
It can also take up to 90 days before your personal data is removed from our backups if you have been removed from the production system. It could happen that we in rare cases need to save data for a longer period of time to investigate some issue. In these rare cases the data could be saved for upp to 2 years.
As a customer you can close your account any time.
If a company is removed its data will be removed from the production system. However the data is saved in backups as long as 90 days after removal from the production system. It could happen that we in rare cases need to save data for a longer period of time to investigate some issue. In these rare cases the data could be saved for upp to 2 years.
If a user is removed its data will be removed from the production system. However the data is saved in backups as long as 90 days after removal from the production system. It could happen that we in rare cases need to save data for a longer period of time to investigate some issue. In these rare cases the data could be saved for upp to 2 years.
In the case when a user has made booking entries in a company that still exists the name of the user will be saved until the booking entries are removed from the company. This is because there is an audit trail requirement within accounting where the company needs to know who made changes to their accounting.
If the personal data is wrong, the user can correct the errors by logging into the application and then open their user account by clicking on the icon in the upper left corner.
If you need help with this, contact gdpr@ventara.se.
There is support in the application to export the data. This function could be used to import the accounting data in a competing product.
During some circumstances the user can request limited processing of personal data. Contact us on gdpr@ventara.se if you want this kind of limited processing and we will investigate it.
The vendor is using the following sub processors:
| Name | Area | Description | Data saved |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Data center | The production data is stored in a data center at AWS. | Sweden |
| Microsoft Azure | Data center | The backup data is stored in a data center at Azure. | Sweden |
| Google Cloud EMEA Limited | E-mail is stored at Google. | EU / USA | |
| LinkedIn Ireland Unlimited | Recruitment | Job applications are stored at LinkedIn. | EU / USA |
The vendor could share records from our system if a government agency or court contact us and require us to share specific records.
If you are not satisfied with the processing of personal data we ask you to first contact us at gdpr@ventara.se and we will investigate how we can improve our processing. Our goal is to have as good handling of personal data as possible for our customers. You could also send in complaints to the responsible government agency which is Integritetsskyddsmyndigheten.
This policy could update in the future. An update will come into effect earliest 30 days after publication for existing customers. If the customer does not accept the new update the customer has the right to close its account with us. The customer can close the account in the application or contact us to get help to close the account by writing to gdpr@ventara.se.