Skip to main content

Privacy Policy & Data Protection

Last updated: February 24, 2026

This privacy policy provides information required under GDPR Articles 13 and 14, including: identity of the data controller, categories of personal data processed, purposes and legal basis for processing, data retention periods, your rights as a data subject, and how to lodge a complaint with a supervisory authority.

1. Data Controller

Your data controller is:

Tom Isgren / Bright Interaction

Org.nr: 199302152351

Nobelvägen 3c, 212 15 Malmö, Sweden

Email: Contact

We handle your personal data under the GDPR and Swedish data protection law.

2. Categories of Personal Data

We collect and process the following categories of personal data (personuppgifter):

Identity Data

  • Name (first name, last name)
  • Company name and title/role

Contact Data

  • Email address
  • Phone number
  • Business address (if provided)

Communication Data

  • Content of messages and inquiries you send us
  • Project descriptions and requirements

Technical Data

  • Browser type and version
  • Operating system
  • Pages visited and time spent (anonymized via privacy-focused analytics)
  • Referring website addresses

Note: We do not collect special categories of data (e.g., health, biometric, or political data).

3. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide requested services
  • Send you relevant information about our services
  • Improve our website and services
  • Comply with legal obligations

4. Analytics

Privacy-First Analytics (Umami)

We use Umami, a self-hosted analytics tool that does not use cookies or collect personal data. All data stays on our EU servers. No consent is needed.

Google Analytics 4 (Consent-Based)

We also use Google Analytics 4 (GA4) to see how people use our website. GA4 uses cookies and is only activated if you give your explicit consent via our cookie consent banner. You can withdraw your consent at any time by clicking the cookie settings icon at the bottom of the page.

When GA4 is active, the following data may be collected: pages visited, time on page, browser and device information, approximate geographic location (city-level, with IP anonymization enabled), and referral sources. This data is processed by Google LLC. We use Google Consent Mode V2, so no data goes to Google until you consent.

Legal basis: Your consent (GDPR Article 6(1)(a)). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Cookies

Our website uses cookies only when you have given your consent. Below is a summary of the cookies that may be set:

Cookie Provider Purpose Expiry
ce_consent Bright Interaction Stores your cookie consent preferences 1 year
_ga Google Distinguishes unique users (analytics) 2 years
_ga_* Google Maintains session state (analytics) 2 years
_gid Google Distinguishes unique users (analytics) 24 hours

5. Data Sharing

We never sell or share your personal information with third parties. We may share information only in the following circumstances:

  • With service providers who assist in our operations (under strict data processing agreements)
  • With Google LLC for website analytics processing (only when you have consented to analytics cookies). Google acts as a data processor under our instructions. See Google's Privacy Policy
  • When required by law or to protect our rights
  • With your explicit consent

6. Data Security

We protect your data with encryption, secure servers, and access controls. No internet transmission is 100% secure.

7. Your Rights (GDPR)

Under GDPR Articles 15-22, you have the following rights:

  • Right of access (Art. 15) - Access the personal data we hold about you
  • Right to rectification (Art. 16) - Request correction of inaccurate data
  • Right to erasure (Art. 17) - Request deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18) - Restrict processing of your data
  • Right to data portability (Art. 20) - Receive your data in a portable format
  • Right to object (Art. 21) - Object to processing of your data
  • Right to withdraw consent (Art. 7) - Withdraw consent at any time
  • Right to lodge a complaint (Art. 77) - Lodge a complaint with a supervisory authority (see Section 10)

To exercise any of these rights, please contact our Data Protection Officer (see Section 9).

8. Data Retention

We keep your data only as long as needed for the purposes in this policy, or as required by law.

9. Data Protection Officer / Dataskyddsombud

Contact our Data Protection Officer for any privacy questions or to exercise your rights:

Bright Interaction - Data Protection

Attn: Tom Smedberg (Data Protection Contact)

Nobelvägen 3c

212 15 Malmö, Sweden

Email: Contact

Phone: +46 76 297 80 35

We aim to respond to all data protection inquiries within 30 days.

10. Right to Lodge a Complaint with a Supervisory Authority

Under GDPR Article 77, you have the right to lodge a complaint with a supervisory authority if you think we handled your data incorrectly. The relevant supervisory authority for Bright Interaction is:

Integritetsskyddsmyndigheten (IMY)

Box 8114

104 20 Stockholm, Sweden

Website: www.imy.se

Email: Contact

Phone: +46 8 657 61 00

We encourage you to contact us first so we can address your concerns directly.

11. Changes to This Policy

We may update this Privacy Policy. Changes will be posted on this page with an updated date.

Back to Home