[ Privacy ]
Privacy policy
Last updated: 2026-07-14
Your data is yours. We collect as little as possible, are open about what we do with it, and make it easy for you to see it or ask us to delete it.
(001)
Who is responsible
This policy describes how Omnily processes your personal data when you visit our website, contact us or book a meeting. We are the data controller for the processing.
Omnily AB, reg. no. 559417-6439, Magnus Ladulåsgatan 51, 118 65 Stockholm, Sweden. Data protection contact: hej@omnily.se.
(002)
What data we collect
We only process the data we need, and collect it in three ways:
- When you contact us via the form: name, email address and the content of your message.
- When you book a meeting: name, email address and the time you choose, via the booking service TidyCal.
- When you visit the website: technical information such as IP address, device type, browser and how you use the pages, via analytics tools. This only happens if you have consented to analytics or marketing cookies (see the cookies section).
Providing data is voluntary, but without a name and email address we cannot answer an enquiry or complete a booking. We never ask for, and do not wish to receive, sensitive personal data via the website.
(003)
Purposes and legal basis
Every processing activity rests on a legal basis under Article 6 of the GDPR:
- Answering your enquiry and managing the contact: legitimate interest in communicating with those who contact us (art. 6(1)(f)), or steps prior to entering into a contract when the enquiry concerns an engagement (art. 6(1)(b)).
- Carrying out meetings you book: steps prior to a contract at your request (art. 6(1)(b)).
- Understanding and improving the website (analytics): your consent (art. 6(1)(a)), given via the cookie settings.
- Measuring and targeting advertising (marketing): your consent (art. 6(1)(a)), given via the cookie settings.
- Meeting legal obligations, for example the Swedish Accounting Act if an enquiry leads to business: legal obligation (art. 6(1)(c)).
We make no automated decisions about you and do not engage in profiling with legal effects.
(004)
How long we keep the data
- Enquiries and bookings that do not lead to an engagement are purged on a rolling basis, at the latest twelve months after the last contact.
- Your cookie choice is stored for six months, then we ask again.
- Analytics data is stored with Google Analytics for at most fourteen months and reported to us in aggregated form.
- Data in our bookkeeping is kept for seven years under the Swedish Accounting Act.
Once the retention period has passed, the data is deleted or anonymised.
(005)
Recipients and processors
We never sell your data. We use a small number of suppliers that process data on our behalf (data processors) or as independent controllers, always under data processing agreements or equivalent safeguards:
- Vercel Inc. (USA), hosting and operation of the website.
- Resend (Plus Five Five, Inc., USA), delivery of email from the contact form.
- TidyCal (AppSumo Group, Inc., USA), meeting booking.
- Google Ireland Ltd. (Ireland), Google Analytics 4, only with your consent.
- Meta Platforms Ireland Ltd. (Ireland), Meta Pixel, only with your consent.
Data may additionally be disclosed where required by law, or to establish, exercise or defend legal claims.
(006)
Transfers outside the EU/EEA
Some of our suppliers process data in the USA. Those transfers are protected by the supplier being certified under the EU–U.S. Data Privacy Framework, or by the European Commission's standard contractual clauses (art. 46 GDPR) with supplementary safeguards.
If you want to know more about the safeguards for a specific transfer, or obtain a copy of them, email hej@omnily.se.
(007)
How we protect the data
All traffic to the website is encrypted (TLS). Data from forms and bookings is handled in systems with access controls, and only those of us who need the data for their work can access it. Should a personal data breach occur that poses a risk to your rights, we report it to the Swedish Authority for Privacy Protection (IMY) within 72 hours and inform you where the law requires it.
(008)
Your rights
Under the GDPR you have the right to:
- Know what data we hold about you and receive a copy (subject access).
- Have inaccurate data corrected or completed.
- Have your data erased when it is no longer needed ("the right to be forgotten").
- Restrict our processing in certain cases.
- Object to processing based on legitimate interest, and always to direct marketing.
- Receive the data you have provided in a machine-readable format (data portability).
- Withdraw a consent at any time, as easily as you gave it. Withdrawal does not affect the lawfulness of processing already carried out.
Contact hej@omnily.se and we will help you, free of charge and within one month at the latest. If you are not satisfied with how we handle your data or your request, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), or with the supervisory authority in the EU country where you live or work.
(010)
Changes to this policy
We may update this policy as our business or legal requirements change. The latest version is always available here, dated at the top. For material changes that concern consent, we ask for your cookie choice again.
// Questions about this? Email hej@omnily.se.
We are not looking for more clients.
We are looking for the right one.
Tell us where you stand and where you want to go. You get an honest read on what can be moved, not a quote on autopilot.
Or reach Johannes directly
