TERMS AND CONDITIONS

Debricked's Privacy Policy

Effective date: 2023-07-12

  1. About this Policy
  2. Data Controller and Data Processor
  3. What personal data do we process, for what purpose, and why is it lawful for us to do so?
  4. Retention of Your Personal Data
  5. Your Data Protection Rights under GDPR
  6. Transfer of Personal Data
  7. Disclosure of Personal Data
  8. Security of Personal Data
  9. Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA)
  10. Service Providers
  11. Children's Privacy
  12. Tracking & Cookies Data
  13. Changes to this Privacy Policy
  14. Contact Us

1. About this Policy

When you use Debricked, you trust us with your personal data. We always respect your privacy and take its protection very seriously. Debricked is committed to keeping your trust. That starts with helping you understand our privacy policies. We are committed to complying with the EU General Data Protection Regulation (GDPR) and other privacy laws we are subject to. Debricked Data Protection policy gives you, as the data subject, an overview of the personal data obtained by Debricked, why we obtain the data, how we use the data and how you can exercise your rights with respect to your personal data.

Debricked AB (“us”, “we”, or “our”) operates the service, debricked.com (hereinafter referred to as the “Service”) with full transparency. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://debricked.com/terms-and-conditions/.

2. Data Controller and Data Processor

2.1 Data Controller

Debricked AB
Address: Anckargripsgatan 3 2TR 211 19 Malmö
Email: legal@debricked.com
Company registration N: 559159-5730
A Data Controller is a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and how any personal information is, or is to be, processed. Debricked acts as the Data Controller of your data.

2.2 Data Processors (or Service Providers)

Data Processor (or Service Provider) refers to any natural or legal person who processes the data on behalf of the Data Controller. We at Debricked may process your data, however we may also use the services of various Service Providers (see section 9) in order to process your data more efficiently.

3. What personal data do we process, for what purpose, and why is it lawful for us to do so?

Purpose of Processing Your Personal DataCategories of Personal Data We Process (see description below the table)Legal Basis for Processing Your Personal Data
Administer the customer relationship with you in different ways, for example, to process your payment or carry out our obligationsPersonal dataFulfil contractual obligations
Perform data analysis for Service improvement and monitor the data usageUsage dataDebricked has a legitimate interest in performing data analysis for product improvement
To detect, prevent and address technical issues as part of our efforts to keep our Services safe and secureUsage dataDebricked has a legitimate interest in maintaining our Services safe and secure
Comply with applicable laws, such as taxation and bookkeepingPersonal dataComply with laws
Protect Debricked from legal claims, and enforce our legal rightsPersonal dataDebricked has a legitimate interest in protecting itself from legal claims, and in enforcing its legal rights
To provide marketing, news, general information and offers regarding our Services and events to you.

You may always reject by following the unsubscribe link or instructions provided in any email or contacting us, see Section 14		Personal and Usage dataDebricked has a legitimate interest in providing marketing and offers to you

Debricked AB ensures that the processing performed for the outlined purposes is necessary for fulfilling our legitimate interests.

Description of categories of personal data:

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information include:

  • First name and last name
  • Email address
  • Address, State, Province, ZIP/Postal code, City, in case you want to become a customer and start paying for the Service

Usage Data

We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, actions taken in the user interface and other diagnostic data.

4. Retention of Your Personal Data

Debricked AB will retain your personal data only for as long as is necessary to provide you with the Service and for the purposes set out in this Privacy Policy. For instance, we will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Debricked AB will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or if we are legally obligated to retain this data for longer periods.

If you request, we will delete or anonymise your personal data so that it no longer identifies you, unless we are legally allowed or required to maintain certain personal data, including situations such as the following:

  • If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary personal data until the issue is resolved;
  • Where we need to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law; and/or,
  • Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.

5. Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Debricked AB enables you to correct, amend, delete or limit the use of your Personal Data.

  • Right to be informed. You have the right to be informed about how we process your information. You can do so by using this Privacy Policy, our published information or by contacting us.
  • Right to access your data. You can request a copy of your personal data processed by us. Such copy shall be transferred to you in a machine-readable format (“data portability”).
  • Right to rectification. You have the right to correct inaccurate or incomplete information about yourself.
  • Right to erasure. You have the right to request your personal data to be deleted. That can happen for instance when it is no longer necessary for us to process the data for the purpose it was collected, or when you have withdrawn your consent. However, as outlined in sections 2 and 3, Debricked has to comply with specific legal obligations which does not allow us to immediately erase some of your data.
  • Right to withdraw consent. You also have the right to withdraw your consent at any time where Debricked relied on your consent to process your personal information as described in section 2.
  • Right to lodge a complaint. You have the right to lodge a complaint with your national supervisory data protection authority (the Information Commissioner).
  • Right to restrict our processing. If you believe your information is incorrect or where you believe there are circumstances that would make such processing unlawful, you have the right to ask us to stop the processing.
  • Right to object processing of your data. You can object to our processing of your data where you believe it is used in an unlawful manner. Moreover, you can always object to us using your data for direct marketing.

6. Transfer of Personal Data

Your personal data may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the EU and choose to provide information to us, please note that we transfer the data, including Personal Data, to the EU and process it there.

Debricked AB will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

7. Disclosure of Personal Data

7.1 Business Transaction

If Debricked AB is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

7.2 Disclosure for Law Enforcement

Under certain circumstances, Debricked AB may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

7.3 Legal Requirements

Debricked AB may disclose your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of Debricked AB
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

8. Security of Personal Data

We are committed to protecting your personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems. We heavily invest in our security which continuously monitors our systems to report any suspicious activity. We continuously assess any potential risks that could exist and design the necessary countermeasures to make sure you stay safe. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA)

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in some web browsers to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. The California Consumer Privacy Act (“CCPA”) requires businesses to disclose if they sell personal information. Debricked does not sell any personal information. However certain information is shared with third-parties, as detailed in Section 10.

10. Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

10.1 Analytics and user experience

We may use third-party Service Providers to monitor and analyse the use of our Service.

  • Segment – Segment is a customer data platform. You may access its privacy policy here.
  • Mixpanel – Mixpanel is a product analytics tool used to analyze users’ behaviour on our website and in our service. You may access their privacy policy here.
  • Hubspot – Hubspot is a customer relationship management system and also our provider for live chat throughout our website and tool to provide you with easy-to-access support. You may access its opt-out information here.
  • Fathom – Fathom is a website analysis tool which helps us understand how visitors interact with our website. You may access their privacy policy here.
  • Smartlook – Smartlook is a website analysis tool which helps us understand how our pages are working, how users are experiencing different elements and content, and so forth. We do not record or store any sensitive data with Smartlook. You may access their privacy policy here.
  • Hightouch – Hightouch is used for syncing data from data warehouses to different tools, such as CRM tools like Hubspot or product analytics tools like Mixpanel. You may access their privacy policy here.
  • Userflow – This service is used for onboarding, NPS, and showcasing new features. It is accessed within the tool. You can access their Privacy Policy here.

10.2 Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:


  • Stripe
    You may access their privacy policy here.
  • Chargebee
    You may access their privacy policy here.

11. Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers

12. Tracking & Cookies Data

We are determined to deliver the smoothest experience to our customers, therefore we use cookies in our online interface. You can read about our tracking technologies and adjust your cookie options in the cookie interface on our website by accessing the Tracking Technology Notice.

13. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “effective date” at the top of this Privacy Policy. Therefore we advise you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

Debricked AB is the responsible entity (Data Controller) for the processing of your personal data as described above. It is subject to Swedish data protection legislation.

If you have any questions about this Privacy Policy, you can always reach us