Privacy policy

In this Privacy Policy, we describe how we collect and process personal data (“data”).

For the purposes of applicable data protection legislation, ExoDox Factory AB (“Exodox”) is the controller of your personal data and determines how and why your personal data will be processed. Should you have any questions regarding Exodox’s processing of personal data, please do not hesitate to contact us at

How we collect data

We collect your personal data:

When we engage in a business relationship.

Through our website or app.

Through email correspondence.

When you provide us with data through meetings, social media or events.

What data we collect

Personal data we process:

Basic information such as your name, workplace and title.

Contact details such as address, email address and telephone number.

Financial and payment information.

Information you provide in connection with meetings or events, such as requirements in respect of availability of premises or food and beverage preferences.

Information about how you use our website.

Technical data, which may include your URL, IP address, unique device ID, network and computer performance, browser type, language and identifying information, general geographical location and operating system.

Email correspondence.

Why we process your data

Please find below a chart describing the purpose, legal basis and storage period of the processing of your data.


Legal basis

Storage period

To market our products and services through, for example, newsletters, publications and events.

Legitimate interest
Exodox’s legitimate interest in marketing its products and services.

As long as we have a business relationship or until you opt out.

To manage our business relationship with you.

Performance of a contract

If there’s a contract between you and Exodox.

Legitimate interest

Exodox’s legitimate interest in maintaining and managing its business relationships.

As long as we have a business relationship with you or the company you represent.

To comply with legal obligations.

Comply with a legal obligation

For example, Exodox’s legal obligations due to applicable accounting and taxation legislation.


As long as prescribed by law.

For the establishment, exercise or defence of legal claims.

Legitimate interest

Exodox’s legitimate interest in establishing, exercising or defending any legal claims.

Information that is relevant for any legal claim is kept for as long as such claim can be made in accordance with applicable legislation.

In order to ensure the technical functioning of our website and app; and to analyse your use of the website in order for us to develop and improve the website.

Legitimate interest

Exodox’s legitimate interest in ensuring the technical functioning of the website and application.

Exodox’s legitimate interest in developing and improving the website and improving your experience of the website.

Cookies are stored until they are deleted. See your web browser’s help section for information on how you can avoid and delete cookies.

How we share your data

We do not sell your data to any third party for marketing purposes. However, we may share information with our suppliers when they perform services on our behalf to maintain and support our IT systems. Such suppliers may only process the data in accordance with our instructions, i.e. in accordance with this privacy policy.

We may also disclose or share your data with:

Auditors and other professional advisors.

Service providers and suppliers.

A third party when it is necessary in order to provide services to you or comply with a legal obligation.

Social media such as Instagram, Facebook, LinkedIn or Twitter when you contact us through such services. If you use these services, we refer to the respective service’s privacy policy for information on how they process personal data.

We strive to process all your data inside EU/EEA. However, some of Exodox’s IT providers operate in the United States. When personal data is shared with these providers, Exodox has ensured that the level of protection is equivalent to that applicable in the EU/EEA, through the providers’ accession to the EU-US framework, Privacy Shield, in accordance with Article 45 of the General Data Protection Regulation. You can read more about the framework here

If we transfer your personal data outside the EU/EEA, such transfer will be subject to appropriate safeguards in accordance with applicable data protection legislation.

How we protect your data

We use a range of technical and organizational measures to protect your data from unauthorized access, use, loss, change or deletion in accordance with applicable data protection legislation. Such actions include, but are not limited to, physical controls, encryption, eligibility restrictions, policies, etc.

Your rights

In accordance with applicable data protection legislation, you have a right to request access to, rectification or erasure of your personal data or restriction of the processing. You also have a right to object to processing as well as the right to data portability.

You have a right to lodge a complaint regarding our processing of your data with the Swedish Data Protection Authority, Box 8114, SE-104 20 Stockholm, Sweden or your local national data protection authority, and the contact details for local national data protection authorities can be found at the European Commission’s web page

Changes to this privacy policy

Exodox reserves the right to make changes to this Privacy Policy from time to time. If substantial changes to the Privacy Policy are made, Exodox will inform you about such changes by email, provided that Exodox has your email address, or if possible in some other manner.

How to contact us

Do not hesitate to contact us if you have any questions about this Privacy Policy or the processing of your data or if you would like to exercise any of your rights under applicable data protection legislation.

You can contact us at:

Back to top!