SV

Privacy Policy

How Schedulyn collects, uses, and protects personal data under GDPR and EU law.

Last updated:February 24, 2026

Company details (placeholders)

  • Legal entity: [PLACEHOLDER: Full legal company name]
  • Organization number: [PLACEHOLDER: Swedish organization number]
  • VAT number: [PLACEHOLDER: VAT number]
  • Registered address: [PLACEHOLDER: Street, postal code, city, country]
  • Privacy contact: [PLACEHOLDER: privacy@company-domain.com]

This Privacy Policy explains how Schedulyn Software AB ("Schedulyn", "we", "us", "our") processes personal data when you visit our website, request a demo, create an account, or use our workforce scheduling platform. This policy is designed to meet GDPR and other applicable EU/EEA data protection requirements.

1. Scope

This policy covers personal data processing where Schedulyn acts as data controller, including website operations, marketing communications, support interactions, and account administration. For customer data we process only on customer instructions inside the platform, Schedulyn acts as processor and the signed Data Processing Addendum (DPA) applies.

2. Categories of personal data

  • Identity and contact data (name, business email, job title, company, phone number if provided).
  • Account and authentication data (username, login metadata, password hashes, role permissions).
  • Service usage data (logs, audit events, browser/device details, IP address, timestamps).
  • Commercial data (subscription plan, invoices, billing references, payment status metadata).
  • Support and communication data (messages, tickets, meeting notes, implementation requests).

3. Purposes and legal bases (GDPR Art. 6)

  • Service delivery and account management: contract performance (Art. 6(1)(b)).
  • Security monitoring, abuse prevention, and service reliability: legitimate interest (Art. 6(1)(f)).
  • Accounting, tax, and mandatory record-keeping: legal obligation (Art. 6(1)(c)).
  • Optional marketing or non-essential analytics (where required): consent (Art. 6(1)(a)).

Where legitimate interest is used, we apply a balancing test and implement safeguards appropriate to the nature of the processing.

4. Controller vs. processor roles

For customer workforce data, customers are typically controllers and Schedulyn is processor under GDPR Art. 28. For website, account, and commercial relationship data, Schedulyn is controller.

5. Recipients and subprocessors

We share personal data only where necessary to deliver and secure our services, for example with hosting, infrastructure, authentication, support, and payment providers. Recipients are contractually bound by confidentiality and data protection obligations.

6. International transfers

If personal data is transferred outside the EEA/UK, we apply lawful transfer mechanisms such as European Commission Standard Contractual Clauses (SCCs), together with supplementary technical and organizational safeguards where required.

7. Retention

We retain personal data only for as long as necessary for the purposes listed in this policy, to meet contractual commitments, and to satisfy legal obligations. Retention periods are determined by business need, legal requirements, and security obligations. Data is deleted or irreversibly anonymized when no longer required.

8. Security measures

We maintain appropriate technical and organizational measures, including role-based access control, encryption in transit, logging and monitoring, vulnerability management, and backup/recovery procedures, consistent with GDPR Art. 32 and the risk profile of the processing.

9. Your rights

Subject to applicable law, you may request access, rectification, erasure, restriction, objection, portability, and withdrawal of consent where consent is the legal basis.

  • Right of access (GDPR Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction (Art. 18)
  • Right to portability (Art. 20)
  • Right to object (Art. 21)

You can exercise rights by contacting us via the details in Section 13.

10. Cookies and analytics

We use strictly necessary cookies for website operation. Non-essential analytics or similar technologies are used only with a valid legal basis, including consent where required by applicable ePrivacy and data protection rules.

11. Children and sensitive data

Our services are not directed to children. Customers must not upload special category data unless explicitly agreed in writing and supported by a valid legal basis and safeguards under applicable law.

12. Supervisory authority

You have the right to lodge a complaint with your competent supervisory authority. In Sweden, the supervisory authority is Integritetsskyddsmyndigheten (IMY), www.imy.se.

13. Contact and policy updates

Contact: hello@schedulyn.com and [PLACEHOLDER: legal/privacy contact]. We may update this policy to reflect legal, operational, or security changes. Material updates are published on this page with a revised date.