Phone:
(701)814-6992
Physical address:
6296 Donnelly Plaza
Ratkeville, Bahamas.
Privacy Policy – IValMar
Last updated: October 11, 2025
IValMar AB (hereinafter “IValMar”, “we”, “our”, or “us”) values your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR, EU 2016/679), Swedish data protection laws, and other applicable legislation. This Privacy Policy explains in detail how we collect, process, store, protect, and share your personal data when you use our services in construction, renovation, remodelling, architecture, and legal services. It also provides information about cookies, marketing, incident handling, your rights, and our internal procedures.
1. Responsible Data Processing
IValMar processes personal data only when necessary for the stated purposes and seeks to minimise data collection. All processing is documented in our internal Record of Processing Activities (RoPA) and complies with GDPR principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
Internal procedures include regular reviews of recorded data, staff training on data protection, and periodic evaluation of technical and organisational security measures.
2. Personal Data We Process
2.1 General Information
- Name, personal identification number, date of birth
- Contact details: address, email, phone number
- Communication history: emails, phone calls, chat logs
- Company information: company name, registration number, contact persons
2.2 Construction, Renovation, and Remodelling
- Project details: type of work, plans, material choices
- Project site: address, floor, elevator access, safety requirements
- Scheduling and project follow-up
- Photographs of the work site for documentation, quality assurance, and claims
- Risk and safety data
Example: For a kitchen renovation, we store measurements, drawings, material choices, start and end dates, and photos of the work site.
Internal procedures: Each project has a project folder with restricted access, regular backup, and logged changes.
2.3 Architecture Services
- Drawings, CAD files, sketches
- Design preferences and project requirements
- Project budget, schedule, and supplier lists
- Correspondence with authorities and subcontractors
Example: For a building extension, we store CAD files, communication logs with the municipality, and selected materials.
Internal procedures: All files are encrypted and stored on a central server with role-based access; revision logs are saved for 10 years.
2.4 Legal Services
- Contracts and agreements
- Company documentation
- Sensitive personal data related to legal matters
- Correspondence with authorities, lawyers, and parties
Example: For a construction contract, we store company information, contract drafts, and revision history.
Internal procedures: All documents are marked with security classification, access is logged, and backups are encrypted and stored off-site.
2.5 Website and Technical Information
- IP address
- Browser type and version
- Site usage data
- Cookies and technical identifiers
Internal procedures: Analytics data is anonymised after 12 months; cookies are managed via a consent solution.
3. Purposes of Processing
We process personal data to:
- Provide and manage our services
- Communicate, provide quotations, and advisory services
- Plan and manage construction, renovation, architecture, and legal projects
- Handle invoicing, payments, and accounting
- Comply with legal obligations
- Market services with user consent
- Evaluate and improve service quality
- Ensure security and prevent fraud
Internal procedures: Each processing purpose is documented in the RoPA, and new processing activities require approval from the Data Protection Officer (DPO).
4. Legal Basis for Processing
- Contract: Processing necessary for the performance of a contract or pre-contractual steps
- Consent: Marketing, newsletters, or specific project processing
- Legal obligation: Accounting, taxation, building permits
- Legitimate interests: Security, quality assurance, service development, and fraud prevention
Internal procedures: Consent is logged and can be revoked digitally; contractual data is reviewed annually.
5. Data Retention and Archiving
| Type of Data | Retention Period | Comments |
|---|---|---|
| Bookings | 5 years | For warranty and follow-up purposes |
| Invoices | 7 years | Compliance with accounting laws |
| Project files | 10 years | Drawings, CAD, attachments |
| Attachments | 7 years | Related to project completion |
| Communication | 5 years | Emails, chats, meeting notes |
| Website data | 2 years | Analysis and functionality |
| Project photos | 10 years | Quality assurance and claims |
Internal procedures: Automated reminders for deletion, off-site backup, and periodic review.
6. Technical and Organisational Security Measures
- Encryption: SSL/TLS in transit and AES-256 at rest
- Access controls: Role-based permissions, two-factor authentication
- Logging: All access and changes are logged
- Firewalls and antivirus: Continuously updated
- Physical security: Locked offices and server rooms
- Incident management: Procedures for breaches, reporting, and remediation
- Training: Regular GDPR and information security training
7. Sharing Data with Third Parties
Data is shared only when necessary:
- Subcontractors: Construction, architecture, legal
- Authorities: Swedish Tax Agency, Companies Registration Office, municipalities
- Payment processors and banks
- IT service providers: Hosting, backup, software
All third parties are GDPR-compliant and contractually bound to process data only for specified purposes.
8. Your Rights
- Access to personal data
- Rectification of inaccurate data
- Erasure (“Right to be forgotten”)
- Restriction of processing
- Data portability
- Objection to processing
- Withdrawal of consent
Contact: dataskydd@ivalmar.eu
9. Marketing and Cookies
- Marketing only with explicit consent
- Cookies for analytics and website functionality
- Users can manage cookie preferences in their browser
10. Incidents and Data Breaches
- Identification, investigation, and mitigation procedures
- Reporting to the supervisory authority (IMY) in case of serious breaches
- Continuous documentation and evaluation
11. Complaints
If you believe your rights have been violated, you may contact the Swedish Data Protection Authority (IMY):
- https://www.imy.se
- Phone: +46 8 657 61 00
12. Changes to Privacy Policy
This policy may be updated as needed. The latest version is always available at https://ivalmar.eu.