Policies & Cookies

Privacy policy

Personal information

The Key2Compliance AB privacy policy describes how we collect, manage, use, share, store and protect your personal information. This policy describes how we handle your personal information like:

1) Entered on a voluntary basis
2) Collected by us

A brief summary of our policy

  • We are clear and honest in how we handle your personal information
  • You should be able to easily change or delete data if you wish
  • We make sure your information is handled securely
  • It should always be easy to get in contact with us

Below is explained in more detail how we protect your information, your privacy rights and how the law protects you.

Our confidentiality statement

We commit ourselves to:

  • Handle your information safely and confidential
  • Do not sell your information and not forward it without your consent
  • Give you the opportunity to manage and review your data at any time

The new General Data Protection Regulation (GDPR) is in force from May 25, 2018

This policy describes most of your rights under the new laws. We regularly update our policy when changes take effect and when interpretations are available. To the extent that there are guidelines from appropriate industry organizations, we will follow these as far as possible. Privacy/Integrity processing matters are now a permanent item on the agenda during executive group meetings and board meetings.

How the law protects you

In addition to our confidentiality commitment, your privacy is protected by law. This section explains how it works.

According to the General Data Protection Regulation, we may only handle personal data if we have a legal reason to do so. This also includes processing outside of Key2Compliance AB. The law means we must meet one or more of these reasons:

  • Fulfill an agreement or a contract
  • Comply with legal obligations
  • When it is in our legitimate interest (balance of interest)
  • When you give your consent

Balance of interest means that we can process personal data without consent if our interests weigh heavier than the individual’s and whether the processing is necessary for the particular purpose.

Below we have listed the ways we can handle your personal information, and the reasons we rely on, to do so. We also describe our legal basis for processing the information.

What we use your personal information for:

Legal basis:

Our purpose:

• Manage our relationship with our contacts
• Develop new ways to meet customer needs and develop our business
• Develop and implement market activities
• Study how our services and products are used
• Give advice or guidance on our products and services

• Consent
• Comply with agreement or contract
• Balance of interest
• Legal obligations

• Keep our records up to date, determine which of our products and services may interest you and tell you about them
• Develop products and services, and what we charge for them
• Define customer segments for new products or services
• Seek your consent when we need it to contact you
• Be effective in how we meet our legal and contractual obligations

• Develop and manage our brands, products and services
• Test new products and services
• Control how we cooperate with other providers of services

• Comply with agreement or contract
• Balance of interest
• Legal obligations

• Develop our brands, products and services and what we charge for them
• Define customer segments for new products or services
• Be effective in how we meet our legal and contractual obligations

• Supply our products and services
• Invoice and manage customer payments
• Follow up and claim payments
• Manage and provide financial products and services

• Comply with agreement or contract
• Balance of interest
• Legal obligations

• Be effective in how we meet our legal and contractual obligations
• Meet our legal obligations

• Run our business in an efficient and correct manner

• Balance of interest
• Legal obligations

• Meet our legal obligations
• Be effective in how we meet our legal and contractual obligations

• Apply our rights as stipulated in agreements or contracts

• Comply with agreement or contract

• Be effective in how we meet our legal and contractual obligations

Grouping of personal data

We use many different types of personal data and group them as follows.

Type of personal data



Contact information we save and how we contact you

Payment information

Details of payments

Agreements / Contracts

Details about the products or services we provide to you


Data about where you are located, which may come from email or the address where you have your main employment


Details on how you use our products and services


Details about devices and technologies you use


What we learn about you from letters, email messages and conversations between us

Open data and public documentation

Information about you that is openly available on the internet

User data

Other information about using our products and services


All permissions, consents or preferences you provide, including how you would like us to contact you

How and where we collect personal data

We may collect personal information about you from these sources:

Personal information we receive from you:

  • When you buy our products and services
  • When you contact us by email, phone or letter
  • When you use our websites, portals or apps and other web services
  • From customer surveys
  • When you participate in competitions, polls or campaigns

Personal information we collect when you are using our services, including amount, frequency, type, location, origin and recipient:

  • Payment and transaction data. We use Swedbank Pay and PayPal as online payment and security providers. Card details included in the booking process are entered directly with Swedbank Pay or PayPal, and your card information is never entered or stored in any of our systems. Once a payment is approved, Swedbank Pay or PayPal sends us a validated payment confirmation, which we store on our system.
  • Profile and user data. This includes the profile you create to identify yourself when you connect to our websites, portals or apps and other web services. It also contains other information about how to use these services. We collect this data from devices you use to connect to these services, such as computers and mobile phones, using cookies and Google Analytics / AdWords.

Third party personal information we use:

  • When companies and colleagues present you or recommend you to us
  • Social networks such as industry organization meetings and networking meetings
  • Social media such as Facebook, Instagram, Twitter, LinkedIn and YouTube
  • Marketing Research

Who do we share your personal information with?

We may need to share your personal information with other organizations to provide the product or service you have chosen or to:

  • Respond to government agencies, accountants, and insurance companies
  • Answer requests from your employer
  • Present you to other companies and individuals, such as course leaders and conference facilities
  • Answer mandatory market surveys and surveys
  • Manage payment services such as card transactions

How we use your personal information for automated decision making

We sometimes use systems to make automatic decisions based on personal information we have – or may collect from others – about you. It helps us to ensure that our decisions are quick, fair, effective and accurate, based on what we know. These automated decisions may affect the products, services or features we can offer you now or in the future, or the price we charge you for them.

See below for the types of automated decisions that we can make:


  • We can decide what to charge for certain products and services based on the overall information (eg quantity discounts when multiple people from the same company sign up for a course)

Customize products and services

  • We can place you in groups with similar customer needs, so-called customer segments. We use these to study and learn about our customers’ needs and make decisions based on what we learn. It helps us to design products and services for different customer segments and manage our relationships with them.

Sending personal information outside the EEA area

We only send your personal data outside the EEA area to:

  • Follow your instructions
  • Meet legal obligations
  • Work with our partners, agents or employees

Om If we transfer information outside the EEA, we will ensure that it is protected in the same way as if used in the EEA.

We use one of the following security measures:

  • Transmission of data to third countries outside the EEA with the same personal data protection as in the EEA
  • Establishes an agreement with the recipient which means that they commit to comply with the EEA standard
  • Transfer data to organizations included in Privacy Shield. This is a framework that sets out privacy standards for data sent between US and EU countries. This ensures that these standards are similar to those used in the EEA

Read more about the above on https://ec.europa.eu/info/law/law-topic/data-protection_sv

If you choose not to share your personal information

We may need to collect personal data by law or under the terms of an agreement we have with your employer or you.

If you choose not to give us access to your personal information, it may delay or prevent us from fulfilling our commitments and obligations. It may also mean that we cannot perform our services. This may mean that we cancel or terminate a delivery of product or service you have with us.

It will be clear which data is mandatory and which is voluntary at the time of data collection.


We may use your personal information to tell you about relevant products, services and offers. This is what we mean when talking about “marketing.”

The personal information we have about you consists of what you tell us, the data we collect when you use our products and services, or from any third party we cooperate with.

We assess your information to understand what you may want or need, or what may be of interest to you. This is how we find out what products, services and offers may be relevant to you.

We can only use your personal data for marketing purposes if we have your consent or if our interest weighs heavier, so-called Balance of interest. In this way, we have a business or commercial reason to use your information, but it should not lead to unfair processing of your information and in no way infringe your rights.

You may at any time ask us to stop sending you promotional messages by contacting us.

We may ask you to confirm or update your information if you purchase products or services from us in the future. We will also ask you the same if there are changes in the law, regulations or structure of our business.

If you change your mind, you can at any time update your information by contacting us.

Policy for e-mail used in marketing

Key2Compliance AB will use e-mail as a tool to market its services to existing and potential clients. Our intentions are to use e-mails as complementary to other marketing activities and that you as receiver will not receive e-mail newsletters more than necessary. Our files with e-mail address information are only used for our own purposes and are treated as confidential information, and we do not sell, rent or provide such information to any other party. We are in compliance with laws, recommendations from trade organizations and our overall integrity policy, at all occasions of communication with our existing and potential clients. We are also in compliance with our Internet providers agreement and ethical rules.

At each e-mail marketing occasion to existing and potential clients it will be clear – who is the sender? – and – what can the receiver do to be excluded from such information in the future? The receivers request to not receive any further commercial information by e-mail will be respected and immediate actions will betaken.

How long do we keep your personal information

The time span for how long your personal data is stored is depending on usage, system and purpose, see below:

  • The basis for orders and invoicing are stored for 7 years according to the Swedish Accounting Act
  • Communication that forms the basis for agreements/contracts and complaints is stored as long as the case is still open and current
  • Inquiries and order documents that do not need to be archived as described above are deleted after 24 months
  • Customer database information is saved as follows:
    • Suspects, i.e. possible customers according to Balance of interest – until cancellation
    • Prospects, i.e. received inquiries – until cancellation
    • Customers, i.e. product and services orders – until cancellation
    • Data on unsubscribed or relocated individuals is stored separately if the information is the basis for course certification, however, max 5 years after last contact
    • Data on unsubscribed individuals is stored separately and blocked to avoid re-introduction
    • Other data that cannot be updated is deleted immediately
  • Signature lists and information for course administration are saved for 5 years and then deleted
  • Information in other portals for information and consent subscriptions as above
  • Information saved by suppliers with access to personal information as above and in accordance with a data processor agreement

We may handle your personal information for an indefinite period and if we do, we will ensure that your privacy is protected and secure and we commit to using the information for its specified purposes only.

How can I access my personal information

You can access your personal information by contacting us:

Key2Compliance AB
Skeppsbron 44
SE-111 30 Stockholm, Sweden

Phone: +46 8 621 05 02
Email:  info@key2compliance.com

Contact us

When you want to share your personal information with other companies or organizations

You also have the right to receive personal information from us as a digital file, where technically possible, so that you can retain and use them yourself and give them to other organizations if you choose. Please note that we will only disclose the information personally or at your personal request, not to agents or colleagues without your own consent.

If you wish, we can provide the information in an electronic format that can be reused or you can ask us to forward it to other companies or organizations for you. If you wish to do so, please contact us by email or write to us (see address above).

Let us know if your personal information is incorrect 

You are entitled at any time to question all information we have about you and which you think is incorrect or incomplete. Please contact us if that is the case and we will correct your information immediately.

What happens if you want us to stop using your personal information

You may at any time object to our use of your personal information or ask us to remove the information or stop using your personal information if there is no need for us to retain the information. This is called the “right to object”, “the right to be deleted” or “the right to be forgotten”.

There may be legal obligations or other official reasons why we need to keep or use your information, but please tell us if you think we should not use them.

We may sometimes restrict the use of your data. This means that the data can only be used for certain occasions, such as legal obligations. In such a situation, we shall not use or share your information in other ways while it is limited.

You may ask us to restrict the use of your personal information if:

  • The information is incorrect
  • The information has been used illegally, but you do not want us to delete it
  • The information is no longer relevant, but you want us to keep it for legal reasons
  • You have already asked us to stop using your information, but you are awaiting our answer regarding if we can continue to use it for legitimate reasons

If you want to object to how we use your information or ask us to delete it or restrict how we use it, contact us as above.

How to withdraw your consent

You can withdraw your consent at any time. Please contact us as above if you wish to do so.

How to complain

If you revoke your consent, we may not be able to provide specific products or services to you. If so, we will inform you.

Please let us know if you are dissatisfied with how we have used your personal information. You can contact us as above.

You are also entitled to complain at the Swedish Data Inspectorate. On their website you can find instructions on how to make a complaint:


We are committed to protect your personal information (anonymously or otherwise) that we collect about you online. The following describes how we use cookies and why and how this will help us improve our service. It also describes how you can handle which cookies are stored on your device.

By using our websites (via a device) you agree that this Cookie Policy applies to that use in addition to any other terms that may apply.

We reserve the right to change our Cookie Policy. Any changes will be described here and come into effect immediately. Your ongoing and continued use of our websites means you agree to these changes.

Cookies are files that contain small amounts of information downloaded to the device you use when you visit a website. Cookies are then sent back to the original website at each subsequent visit or to another website that recognizes that cookie. Cookies make many different and useful jobs, such as managing information in forms, remembering your preferences and improving your online experience. There are different types of cookies, but they all work the same way, with marginal differences.

Our site uses session cookies that are stored temporarily in the computer’s memory while a visitor is on a web page. Session cookies disappear when you close your browser. The Google Analytics and Google AdWords services use different types of cookies to measure user interaction on the site. These are saved for different time periods, but no longer than 2 years.

If you wish to restrict or block cookies set on a site – including our sites – you should do so through the browser settings in all browsers you use, on any device you use to access the Internet. Please note that some of our services will not work if your browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted sites” in your browser.

Alternatively, visit www.allaboutcookies.org which contains comprehensive information on how to do it on a larger number of browsers.

Data security

Local storage, protection, and backup

The local storage on our devices is encrypted with BitLocker or Filevault. All Windows devices are protected with ESET Endpoint Antivirus. Monitoring of virus protection and updating of software is done externally by an IT consultant.

No files residing outside of Box will be backed up. Box has 90 days retention time for files and folders. Key2Compliance relies on the retention in Box. This is self-service. If a file needs to be restored the user can right click the file and choose history and restore to a specific version.

If a file or folder is deleted it can be restored via the Box client or via Box.com within 90 days.


Our LAN and Wi-Fi network is encrypted and protected by a firewall.

The wireless network is distributed as one for K2C employees and one separately for K2C guests. The guest network is isolated from the employee net.


We use a hosted email service in Microsoft 365. Information stored on client computers and mobile phones must be password protected (login) and protected with Antispam and Antivirus.

Cloud based storage

For data security on our Cloud based storage of information, we refer to our data processor agreements.

November 2021
Key2Compliance AB

Terms of use for the web site

All use of the web site www.key2compliance.com is on the following terms:
Copyright © 1997-2021 Key2Compliance AB.

All written and graphical content, software, scripts, video, audio and all other material on the above web sites are the property of Key2Compliance AB. The content is provided for our customers, suppliers, employees and the public only for legal purposes. The site contents may be subjected to changes at anytime, without further notice.

It is permitted to copy, print and distribute material from Key2Compliance AB on the following terms:

  1. The material may only be used for informative purposes.
  2. Layout, written information or images may not be modified in any way.
  3. The material may be used for commercial purposes without permission.
  4. Copyright Key2Compliance AB must be stated on all copies or prints.

Key2Compliance AB do not guarantee the accessibility of the web site.

Our quality policy

Our business is based on collaboration between employees, customers, partners and suppliersto always have patient safety in focus.

We are committed to:

  • Always provide services that meet or exceed the requirements and expectations by listening to our customers
  • Ensuring our employees have the appropriate training, skills and experience and give the organisation tools to thrive and develop competences
  • Following and continuously improve our Quality Management System
  • Following applicable laws and regulations
  • Managing our business based on clear and measurable objectives and timelines

Our commitment to quality is the responsibility of all employees by knowledge, trust and internal support. Our processes shall enable our employees to do their assignments right first time and assisting customers to place safe products on the market in an efficient way.

Environmental policy

For us, it is obvious with an activity that is characterized by environmental considerations. We must manage resources and, as far as possible, use renewable natural resources in our operations. We must protect the environment by preventing or minimizing the business’ impact on the environment. Key2Compliance’s environmental work is based on a gradual environmental adaptation of the business. In order to achieve positive changes, the small everyday environmental measures are at least as important as large changes. The sum of all measures must lead Key2Compliance’s environmental work forward and mean that continuous improvements are achieved.

Read our full Environmental policy here (Swedish) →