Verket AI | Privacy Policy

Introduction

Verket Labs AB ("Verket", "we", "us", or "our"), a company incorporated in Sweden with its registered office in Stockholm, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you use our websites, platforms, and services (collectively, the "Services").

Verket is the data controller for the personal data we process as described in this policy. Where we process personal data on behalf of our clients, we act as a data processor and process such data in accordance with our client's instructions and our Data Processing Agreement.

For questions about this policy or to exercise your rights, contact us at privacy@verket.io.

1. Personal Data We Collect

1.1 Information You Provide

Account information. Name, email address, company name, job title, and other details you provide when creating an account or contacting us.
Communications. Messages, feedback, and other content you send to us.
Client data. Data provided by clients in connection with our data services, as governed by the applicable Client Agreement.
Expert information. If you join our expert network, we collect professional background, qualifications, portfolio samples, payment details, and other information necessary to manage the engagement.

1.1 Information You Provide

Usage data. Pages visited, features used, time spent on the Services, and interaction patterns.
Device and technical data. IP address, browser type, operating system, device identifiers, and referring URLs.
Cookies and similar technologies. See Section 7 below.

2. How We Use Your Personal Data

We process your personal data for the following purposes and on the following legal bases under the GDPR:

Purpose

Providing and operating the Services

Managing your account

Processing payments

Communicating with you about the Services

Improving and developing the Services

Ensuring security and preventing fraud

Sending marketing communications

Complying with legal obligations

Recruitment and expert network management

Legal Basis (GDPR Article 6)

Performance of a contract (Art. 6(1)(b))

Legitimate interest (Art. 6(1)(f))

Consent (Art. 6(1)(a)) or legitimate interest where permitted

Legal obligation (Art. 6(1)(c))

Performance of a contract or pre-contractual measures (Art. 6(1)(b))

Where we rely on legitimate interest, we have assessed that our interests do not override your fundamental rights and freedoms.

3. How We Share Your Personal Data

We do not sell your personal data. We may share personal data with:

Service providers. Third parties who perform services on our behalf, such as hosting, payment processing, analytics, and communication tools. These providers are bound by data processing agreements and may only process your data on our instructions.
Clients. Where you are an expert performing work through our platform, relevant information may be shared with the client as necessary for the engagement, subject to applicable agreements.
Professional advisors. Lawyers, accountants, and auditors where necessary for our business operations.
Legal requirements. Where required by applicable law, regulation, legal process, or governmental request.
Business transfers. In connection with a merger, acquisition, or sale of all or substantially all of our assets, your personal data may be transferred to the acquiring entity.

We do not share personal data with third parties for their own marketing purposes.

4. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including:

European Commission adequacy decisions
Standard Contractual Clauses (SCCs) approved by the European Commission
Other safeguards as permitted under Chapter V of the GDPR

You may request information about the specific safeguards applied to your data by contacting privacy@verket.io.

5. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by applicable law. Specific retention periods:

Account data. Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
Client engagement data. Retained in accordance with the applicable Client Agreement and our legal and regulatory obligations.
Expert data. Retained for the duration of your participation in our expert network and as required by tax and employment law.
Usage and technical data. Retained for up to 24 months for analytics and security purposes.
Marketing consent records. Retained for as long as consent is valid and for a reasonable period thereafter.

When personal data is no longer needed, we securely delete or anonymize it.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Access. Request a copy of the personal data we hold about you.
Rectification. Request correction of inaccurate or incomplete personal data.
Erasure. Request deletion of your personal data where there is no compelling reason for continued processing.
Restriction. Request that we restrict processing of your personal data in certain circumstances.
Data portability. Request to receive your personal data in a structured, commonly used, machine-readable format.
Objection. Object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@verket.io. We will respond within one month, as required by the GDPR. In complex cases, we may extend this period by up to two additional months, and will inform you of any such extension.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or the supervisory authority in your EU member state of residence.

7. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Services. Types of cookies we use:

Strictly necessary cookies. Required for the basic functionality of the Services. These cannot be disabled.
Analytics cookies. Help us understand how visitors use the Services so we can improve them. We use privacy-focused analytics where possible.
Functional cookies. Remember your preferences and settings.

We do not use advertising or tracking cookies.

You can manage your cookie preferences through your browser settings or through our cookie consent mechanism when you first visit our website. For more information, see our Cookie Policy.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and staff training.

No method of transmission or storage is completely secure. If you become aware of a security vulnerability, please contact us at security@verket.io.

9. Children

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Services prior to the changes taking effect. We encourage you to review this policy periodically.

11. Contact

For any questions about this Privacy Policy or to exercise your data protection rights:

Verket Labs AB

Stockholm, Sweden

privacy@verket.io

verket.io

For data protection complaints, you may also contact the Swedish Authority for Privacy Protection (IMY): www.imy.se