Privacy Policy

Privacy Notice NestIT Group

This privacy notice is intended for users of the NestIT Group websites and its subsidiaries (listed below). We value your privacy, and it is important that you are able to access information about our processing of your personal data.

Provendo AS is the data controller for the processing of personal data described in this privacy policy.

In NestIT Group’s privacy notice, you can read about the processing of personal data carried out by NestIT Group as it applies to each company. Each company within NestIT Group is the data controller for the processing that takes place within its own company, unless otherwise expressly stated.

When we use terms such as “NestIT Group,” “we,” “the Company,” or “us” in this notice, we refer to the specific company within the NestIT Group that is specified as the data controller in this privacy notice. These terms are used solely for the purpose of simplifying the text and do not imply that there is joint responsibility for personal data between the companies, unless otherwise expressly stated.

When you browse our websites, we use cookies. You can read more about what personal data we collect and process through cookies in the NestIT Group
Cookie Policy – Nestit Group

This privacy notice provides information about why NestIT Group processes your personal data, how it is used, how it affects your privacy, and how you can exercise your rights.

Contents

·         The purposes of processing your personal data

•      Providing our products and services

•      Customer communication related to your purchase

•      Subscription to communications (newsletters and text messages)

•      Surveys

•      User account

•      Reviews of purchased products

•      Customer analyses

•      Handling of customer service issues

•      Personalized digital advertising and matching

      ·        How to access and control your personal data

      ·         How your personal data is stored

      ·         Where we store and process personal data

      ·         Compliance and security

      ·         Your individual rights

      ·         Contact

      ·         Change history

The purposes of processing your personal data

It is important to us that you feel secure about how we handle your personal data. We protect your privacy and comply with applicable legislation designed to protect you as an individual. We process your personal data in the manner described in this section, where we specify for each individual purpose:

• What personal data is processed for each purpose
• How the personal data is collected
• What legal basis apply to each purpose
• Whether we disclose your personal data to any other party and, if so, who the recipients of the personal data are

We process your personal data for the following purposes:

1. To provide our products and services
2. Customer communication related to your purchase
3. Communication subscriptions (newsletters and text messages)
4. Surveys
5. User account
6. Reviews of purchased products
7. Customer analyses
8. Handling of customer service cases
9. Personalized digital advertising and matching

See the purposes for personal data processing at the end of the document

How to access and control your personal data

How you access or control your personal data depends on which services you use. You can control cookie history and location information, for example, through settings in your browser or on your phone.

Customer service. You are always welcome to contact us via customer service with questions regarding the processing of your personal data. Contact details can be found under “Contact us”.

Account. If you log in to your account, you can change your password and email address.

Your communication settings. You can choose what communication you want to receive from us through your communication settings. If you want to change these, you can either go to your latest newsletter via email from NestIT Group or one of our subsidiaries, where you will find a link “Manage my communication settings”. This will take you directly to the page where you can make changes to the categories of communication based on your consent or NestIT Group’s legitimate interest.

Customize cookies. On NestIT Group’s web pages, you can customize your cookies via the “Customize Cookies” link in the footer.

How your personal data is stored

We store personal data for as long as necessary for the purposes described in this privacy notice. Since these periods may vary for different types of data and for different types of products, services, and contexts, actual storage periods may vary.

Criteria that determine how long we store data include:

• Purpose: The reason we use the data, i.e., if we use the data to comply with legal obligations or to conduct our business, it will be stored for longer than, for example, contact information for direct marketing.
• Personal data: The type of personal data involved, i.e., sensitive personal data is stored for a shorter period than, for example, contact information.
• Storage: How the data is stored, i.e. data that is not pseudonymised is often stored for a shorter period than if it is pseudonymised. (Pseudonymised data is data that cannot be attributed to a specific person without the use of additional information).
• Relationship: What relationship we have with you, i.e. whether you are an existing, former, or potential customer.

Exception linked to user accounts. If you have registered a user account and want to delete your account, you need to contact customer service at the subsidiary where you registered the account.

Other Your personal data will be deleted or anonymized when it is no longer relevant for the purposes for which it was collected. When analyzing customer insights, trends, etc., we use anonymized data that cannot be linked to an individual to the greatest extent possible.

In some cases, we may store your data for longer than stated above. Examples of such exceptions include when NestIT Group is required to do so by law (e.g., the Swedish Bookkeeping Act), in the event of a decision by a public authority, or to retain data that must be retained for the purpose of resolving a dispute.

Where we store and process personal data. Personal data collected by us is mainly stored and processed in Sweden, or in other countries in Europe where we, NestIT Group, our partners, subsidiaries, or suppliers operate.

The storage locations are chosen with the intention of being secure, functioning efficiently, improving performance, and creating redundancy in order to protect data in the event of power outages or other problems. We take measures to ensure that data we collect under this privacy policy is processed in accordance with the provisions of this privacy notice and applicable law where the data is located.

If we transfer your personal data to a third country, i.e. a country outside the EU/EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements.

Who we share your personal data with

Personal data may be shared between companies within the NestIT Group for internal purposes, such as administration and service development. You can see which companies are included in the NestIT Group at https://nestitgroup.com/our-companies/

In addition to internal sharing, personal data may also be shared with external partners and suppliers who assist NestIT Group with, for example, IT services, customer support, and marketing. Such sharing is based on our legitimate interest (Article 6.1 f GDPR). We may also share personal data with authorities, courts, and external advisors. Such sharing is carried out to ensure compliance with applicable laws, respond to requests from authorities, protect our rights, integrity, security, and property, and take necessary measures to limit damage. Such sharing is based on legal obligation or legitimate interest (Article 6.1 c or f GDPR).

If NestIT Group or any of its companies transfers all or part of its business or assets, personal data may be shared with a potential buyer as part of the transaction. In the event of an actual transfer, personal data may also be transferred to the new owner to the extent necessary to complete the transaction and ensure continued operation. Such processing is based on our legitimate interest in conducting business transactions (Article 6.1 f GDPR).

Compliance and security

We comply with our legal obligations that involve the processing and sharing of personal data to the extent required. An example of this is our obligations under bookkeeping legislation, which covers, for example, invoice details, name, address, and what you have purchased. When we use services and systems provided by our suppliers, NestIT Group enters into a data processing agreement with them in accordance with the rules of the GDPR.

We use a range of security techniques and security methods to protect your personal data from unwanted access, use, and disclosure. For example, personal data that you provide is stored in systems with limited access and located in secure premises. We place requirements on our suppliers to ensure that processing is carried out in accordance with this policy and our security procedures. We mainly use anonymized or pseudonymized data when analyzing customer insights, product development, personalization, trends, statistics, and similar purposes.

We may process and share data for the purpose of protecting our customers, users, visitors, assets, and companies against crime and other harmful activities. This processing is based on NestIT Group’s legitimate interest in assisting and cooperating in, for example, law enforcement matters and court decisions.

Your individual rights

Data protection legislation gives you a number of rights in relation to our processing of your Personal Data. If you wish to exercise your rights, please contact us by email at

info@nestitgroup.com

• Access to your Personal Data You have the right to request confirmation from us, free of charge, that we are processing your Personal Data, and to request access to the Personal Data we process about you, together with information about the processing and your rights in connection with it, called a register extract. Please contact the respective subsidiary to make this request.  
• Requesting correction If you believe that Personal Data we process about you is incorrect or incomplete, you have the right to request correction of the Personal Data. Please note that NestIT Group is not responsible for problems arising from your Personal Data being incorrect if you have failed to inform us of this.   
• Object to certain processing You have the right to object to processing based on our legitimate interest if you have personal reasons relating to your particular situation. However, we may continue to process your Personal Data, despite your objection to the processing, if we have legitimate reasons for doing so that outweigh your privacy interests.
• Erasure You have the right to request that your Personal Data be erased if the Personal Data is no longer necessary for the purposes for which it was collected. You can also have your Personal Data erased if you have withdrawn your consent.
• Restriction of processing You have the right to request that the processing of your Personal Data be restricted. Please note, however, that this may mean that in some cases we will not be able to provide you with all of our Services.
• Data portability You have the right to obtain the Personal Data we process about you in a commonly used, structured, and machine-readable format and have the right to transfer this data to another data controller. The right to data portability, unlike the right to a register extract, only covers the Personal Data that you yourself have provided to us and that we process automatically on the basis of consent or the performance of a contract.
• Submit a complaint to a supervisory authority If you are not satisfied with our processing or for other reasons believe that we have processed your Personal Data incorrectly, you have the right to submit a complaint to the supervisory authority for data protection, which in Sweden is the Swedish Authority for Privacy Protection (IMY).

Exercising your rights is free of charge. We will respond to your request for a register extract and deletion of your personal data within 30 days. If the action you have requested requires considerable effort, we reserve the right to carry it out within two months. We reserve the right to charge a reasonable fee for the action in the event of unreasonable or manifestly unfounded objections or requests.

In some cases, personal data is processed within the framework of a collaboration between several companies within the NestIT Group, particularly when personal data is shared or processed jointly in central systems for marketing and customer communication. This means that the companies within the NestIT Group jointly determine the purposes and means of this processing of personal data, whereby the companies within the NestIT Group have entered into an agreement on the division of responsibility for the processing of personal data resulting from this collaboration. This agreement ensures that you, as a data subject, receive clear information about the processing and can exercise your rights. You can always contact NestIT Group or the company you have been in contact with to exercise your rights.

You can see which companies are part of the NestIT Group here: https://nestitgroup.com/our-companies/

Contact

Below you will find our contact details if you would like a register extract, to request deletion, to request that we cease direct marketing, to make a complaint, to ask a question about our data protection, or if you would like to exercise any of your other rights (you can read more under “Your individual rights”).

NestIT Group AB 559471-7547

Postal address: NestIT Group AB, Anders Petersson, Karlavägen 41,
114 34 Stockholm, Sweden

Email address: info@nestitgroup.com

Change history

We will update our privacy notice when necessary to reflect customer feedback and changes to our services. When a privacy notice is updated, the date of the last update at the bottom of the privacy notice will be changed. If there are major changes to the privacy notice or how we use your personal data, you will be notified via a notice on the website or by email before the changes take effect, where required by law. Please read this privacy notice from time to time to stay informed about how we at NestIT Group protect your personal data.

The privacy notice was last updated on: 2025-07-09

Providing our products and services

When you make a purchase from us, we use your personal data to process your order for the product or service you have purchased and to deliver it to you.

Customer communication related to your purchase

When you order something from NestIT Group, we need to be able to communicate with you about your orders and purchases. You may also receive communications relating to the NestIT Group brand or one of NestIT’s subsidiaries.

Communication subscription (newsletters and text messages)

If you have given us your consent to subscribe to our communications, we will process your personal data for the purpose of providing you with offers that are as relevant and inspiring as possible via our communication channels. This is based on your preferences, which are collected through your previous purchases and how you navigate our websites. We will analyze, at an aggregate level, how our customers respond to our communications by, for example, looking at the percentage of people who open and click through from an email.

You can always withdraw your consent via the “Manage your communication settings” link in your latest email newsletter from us. If you cannot find it, you can also go to the section “How to access and control your personal data” and follow the instructions.

Surveys

We continuously conduct a number of different surveys in order to learn more about our various customer groups and how we perform in different areas so that we can optimize the customer experience and our business. The purpose of these customer surveys is to a) learn more about individual customer groups b) deepen our understanding of our performance and potential for improvement in various areas c) conduct ongoing measurements to gauge customer experience after purchasing or using a service from NestIT Group. We send these surveys to customers via email.

User account

When you create a user account when registering or making a purchase from us, we request certain personal data for the purpose of providing, maintaining, managing, and administering your user account.

Customer analyses

NestIT Group wants to offer you, our customer, the most relevant and positive customer experience possible. By analyzing customer data, NestIT Group can gain customer insights that help us understand what customers want from their experience on the NestIT Group and subsidiary websites and in their communication with us. By better understanding how our customers search for, purchase, or use our services, NestIT Group can improve the customer experience.

Handling of customer service matters

By customer service matters, we mean questions from customers to our customer service department. These may include, for example, general questions about orders, complaints, delivery times, service or product questions, and invoice questions.

NestIT Group will process your personal data for the purpose of responding to, assisting with, following up on, or handling your customer service case. This includes the processing necessary to respond to any questions you have asked us through any of our channels.

Customized digital advertising and matching

If you have created an account with NestIT Group, you may receive customized advertising on various external advertising networks and/or social media platforms. NestIT Group can segment and personalize ads via channels such as Google, Facebook, and Instagram by matching the email address you provided when creating your account with the email addresses of the advertising networks. Before email addresses are shared with the advertising networks, a hashing process is carried out, which means that it is not possible to read the email address that NestIT Group shares with these various advertising networks. You can read more here.

The purpose of this is to target ads and customized marketing to specific segments outside NestIT Group’s own channels. The segmentation is done by NestIT Group, and what is shared with the ad networks are the hashed email addresses. A specific segment could be, for example, a group of customers who have shown interest in a particular product or author. Another example of a segment could be based on previous purchases, visits, and clicks on our websites.  

If you have consented to cookies, we share a hashed version of your email address (the email address you provide in connection with the purchase) with Google Ireland Ltd. Before the email address is shared, a hashing process is performed, which means that it is not possible to read the email address that NestIT Group shares with the various advertising networks. You can read more here.

The email address cannot be used to identify you without additional information, and no personally identifiable information is shared without your consent. We do this to improve our advertising activities and measure conversions more effectively. By increasing the accuracy of conversion tracking through our ads, we can optimize and adjust our marketing campaigns more effectively. You can read more about how Google handles your data in their privacy policy here.

Protect our rights and defend ourselves against claims

We may process your personal data to protect NestIT Group’s legal rights, handle legal claims, and defend ourselves against claims, for example in disputes, government inquiries, or internal investigations.