Kontakta oss

How we handle personal data

Effective date: March 31, 2026

1. Who we are

This Privacy Policy explains how ComplyNordic (Fiive AB) ("ComplyNordic", "we", "us", or "our") collects and processes personal data through our website and related services.

We operate a platform focused on compliance-related enquiries and lead generation, including areas such as NIS2, ISO 27001, GDPR, cybersecurity, and related advisory or implementation services.

Data controller

Fiive AB
Organisation number: 559426-0769
Registered address: Järntorget 8, 413 04 Göteborg
Email: info@complynordic.com

If you have any questions about this Privacy Policy or our processing of personal data, please contact us using the details above.


2. What personal data we collect

Information you submit directly

When you contact us, fill in a form, request a consultation, or ask to be matched with a service provider, we may collect:

  • Name
  • Company name
  • Job title
  • Work email address
  • Work phone number
  • Country or region
  • The services you are interested in
  • The content of your message or enquiry
  • Any other information you choose to provide

Information collected automatically

When you visit our website, we may automatically collect certain technical information, such as:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Pages visited
  • Date and time of access
  • Referring website
  • Cookie identifiers and similar online identifiers

Marketing and analytics data

Where applicable and permitted, we may collect information about how users interact with our website, ads, forms, and campaigns.


3. Why we process your personal data

We process personal data for the following purposes:

  • To respond to enquiries and requests
  • To assess what type of compliance-related help you are looking for
  • To connect you with one or more suitable partners or providers where requested or authorised
  • To communicate with you about your enquiry
  • To operate, secure, maintain, and improve our website and business
  • To analyse website traffic and campaign performance
  • To prevent fraud, misuse, and security incidents
  • To comply with legal obligations
  • To establish, exercise, or defend legal claims

4. Sharing enquiries with selected partners

A core part of our business model is helping companies find suitable providers for compliance-related services.

If you submit an enquiry asking for practical support, advisory services, implementation help, or to be matched with a provider, we may share your submitted information with one or more selected partners that offer relevant services, for example in:

  • NIS2
  • ISO 27001
  • GDPR
  • Cybersecurity
  • Internal audit
  • Governance, risk, and compliance
  • Related advisory or implementation services

The information we may share includes:

  • Your name
  • Company name
  • Job title
  • Work email address
  • Work phone number
  • Location
  • The content of your enquiry
  • The services or areas you are interested in

We only share information that is reasonably necessary for the relevant partner to assess and follow up on your request.

In most cases, these partners will process your personal data as independent data controllers for their own follow-up, communications, and service offering. This means their own privacy policies and practices will apply to their further processing of your personal data.

Where required by applicable law, or where we choose to rely on consent for partner matching, we will only share your enquiry with partners where you have clearly agreed to that sharing.


5. Legal bases for processing

We process personal data under the following legal bases, depending on the purpose:

Legitimate interests

We process personal data where necessary for our legitimate interests, including:

  • Receiving and managing business enquiries
  • Assessing relevant service needs
  • Operating and improving our website and services
  • Ensuring IT security and preventing misuse
  • Measuring and improving campaign and website performance
  • Maintaining business records
  • Sharing a business enquiry with a relevant partner where this is within the reasonable expectations of the user and permitted under applicable law

When relying on legitimate interests, we consider and balance our interests against the rights and freedoms of the individual.

Consent

We rely on consent where required, including for:

  • Non-essential cookies and similar technologies
  • Certain analytics or advertising technologies
  • Partner matching or marketing communications where consent is the appropriate legal basis

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Legal obligation

We may process personal data where necessary to comply with legal obligations, such as accounting, tax, regulatory, or law enforcement requirements.

Legal claims

We may process personal data where necessary to establish, exercise, or defend legal claims.


6. Who we share personal data with

We may share personal data with the following categories of recipients:

  • Selected compliance, legal, audit, cybersecurity, or implementation partners
  • IT hosting and infrastructure providers
  • CRM, form handling, and customer communication providers
  • Analytics and advertising providers
  • Website, security, and support providers
  • Professional advisers such as lawyers, auditors, and insurers
  • Public authorities, courts, regulators, or law enforcement where required by law or where necessary to protect our rights

We do not sell personal data in the consumer-data-broker sense. However, because our platform is designed to connect business enquiries with suitable service providers, we may share submitted lead information with selected partners as described in this Policy.


7. International transfers

We primarily aim to process personal data within the EU/EEA.

However, some of our service providers or partners may process personal data outside the EU/EEA. Where that happens, we will ensure that appropriate safeguards are in place as required under applicable data protection law, such as:

  • An adequacy decision by the European Commission, or
  • The European Commission's Standard Contractual Clauses, together with supplementary measures where required

You may contact us for more information about relevant international transfer safeguards.


8. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

As a general rule:

  • Enquiry and lead data is kept for up to 12 months after our last meaningful contact, unless a longer period is needed for follow-up, documentation, dispute handling, or legal compliance
  • Records of consent may be kept for as long as necessary to demonstrate compliance
  • Technical logs and security-related records are kept for limited periods appropriate to their purpose
  • Accounting and legally required records are kept for the period required under applicable law

We may retain data for longer where necessary to establish, exercise, or defend legal claims.


9. Cookies and similar technologies

We use cookies and similar technologies to operate our website, improve performance, understand usage, and where applicable support marketing and advertising activities.

Cookies may be:

  • Strictly necessary, which are required for the website to function
  • Analytics cookies, which help us understand how visitors use the website
  • Marketing cookies, which may be used to measure ad performance or personalise advertising

Where required by law, we will only place non-essential cookies after you have given your consent through our cookie banner or consent tool.


10. Your rights

Under applicable data protection law, you may have the right to:

  • Request access to your personal data
  • Request correction of inaccurate or incomplete personal data
  • Request deletion of your personal data
  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Object at any time to processing for direct marketing purposes
  • Request data portability, where applicable
  • Withdraw consent at any time, where processing is based on consent

If you want to exercise any of these rights, please contact us at info@complynordic.com.

You also have the right to lodge a complaint with the relevant supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY).


11. Data security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

However, no website or transmission method is completely secure, and we cannot guarantee absolute security.


12. Third-party websites and services

Our website may contain links to third-party websites, services, or partner pages. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal data to them.

Where we pass your enquiry to a selected partner and that partner follows up with you directly, that partner is typically responsible for its own further processing of your personal data.


13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, legal requirements, or data processing practices.

The latest version will always be published on this page with the updated effective date.


14. Contact us

If you have questions about this Privacy Policy or our processing of personal data, please contact:

Fiive AB
Järntorget 8, 413 04 Göteborg
Organisation number: 559426-0769
Email: info@complynordic.com