Xolaris Privacy Policy

At Xolaris (“Xolaris”, “we”, “our”, “us”), we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect personal information in connection with our website, communications, recruitment, and services.

Who We Are

Xolaris Civil Security AB
Sundsbacken 6 972 42 Luleå, Sweden



We are the controller responsible for the processing of personal data described in this policy.

When We Collect Personal Data

We collect personal data when you: 

  • Contact us through forms, email, or other communication channels 
  • Sign up for newsletters, events, or marketing materials 
  • Interact with us as a customer, partner, or supplier 
  • Apply for a job or express interest in working with us 
  • Visit our website (where cookies and analytics may be used) 

We may also collect data from publicly available sources such as LinkedIn for business and recruitment purposes.

What Personal Data We Collect

We only collect the personal data necessary for each specific purpose. This may include: 

  • Contact and communication data: name, email address, phone number, company, and the content of your messages. 
  • Customer and partner data: business contact details, organization information, project communication, and contractual information. 
  • Recruitment data: CVs, cover letters, contact details, work experience, education, and references. 
  • Marketing and newsletter data: name, email address, company affiliation, and preferences. 
  • Website and analytics data: IP address, browser type, device information, pages visited, and usage patterns (if cookies or analytics tools are used). 

We do not intentionally collect sensitive personal data such as information about health, political opinions, or religion.

Why We Process Personal Data (Purpose and Legal Basis)

We process personal data for the following purposes and based on the following legal grounds:

Purpose

  • Responding to inquiries and communication
  • Managing customer and partner relationships 
  • Recruitment and evaluating candidates 
  • Sending newsletters and marketing 
  • Operating and improving our website and services 
  • Fulfilling legal obligations 

Legal basis

  • Legitimate interest 
  • Contractual necessity or legitimate interest 
  • Consent or legitimate interest 
  • Consent 
  • Legitimate interest or consent (for cookies/analytics) 
  • Legal obligation 

Data Sharing and Transfers

We share personal data only when necessary and always under GDPR-compliant agreements.

We may share data with: 

  • Service providers that help us operate our business and IT systems, including:
    • Microsoft 365 (email, document storage, communication) 
    • Jira (project management and support) 
    • LinkedIn (recruitment and marketing) 
    • Google Analytics (website analytics, if activated) 
  • Our IT provider, which operates within data centres in Sweden 

Some of these providers (e.g., Microsoft, Google, LinkedIn) may process data outside the EU/EEA. In such cases, we ensure appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses or equivalent protection. We do not sell or share personal data with third parties for their own marketing purposes. 

Data Retention

We keep personal data only as long as necessary for the purposes for which it was collected or as required by law.

In practice:

  • Customer and business contact data are kept while our relationship is active and for a reasonable period thereafter. 
  • Recruitment data are normally kept for up to 12 months after the process unless consent for longer storage is given. 
  • Website and analytics data are kept according to the settings of the respective tools. 

We review retention periods periodically and delete or anonymize data that are no longer needed.

Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data: 

  • Access your personal data 
  • Request correction or deletion 
  • Request restriction of processing 
  • Object to certain processing 
  • Withdraw consent (where applicable) 
  • Data portability (when technically feasible) 

To exercise your rights, please contact us at hello@xolaris.se. We will respond within one month in accordance with GDPR. 
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or another supervisory authority within the EU. 

Security

We use appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

These include secure infrastructure, access control, encryption, and use of trusted hosting providers.

Cookies and Tracking

Our website may use cookies and similar technologies to improve functionality and analyse usage. You can control or disable cookies in your browser settings. If analytics or marketing cookies are used, we will request your consent where required.

Updates to This Policy

We may update this policy from time to time. The latest version will always be available on our website and will include the date of the most recent revision.

Contact

If you have any questions about this Privacy Policy or our processing of personal data, please contact:

Xolaris Civil Security AB
Sundsbacken 6
972 42 Luleå
Sweden