Privacy Notice
This notice explains how ART25 Consulting AB processes personal data when acting as a data controller, including for users of this website and contact persons at potential and existing customers, suppliers, and other business partners.
Information relating to an identified or identifiable natural person constitutes personal data. ART25 Consulting AB (org. nr 559498-3891) processes personal data in accordance with applicable data protection laws and may act as either a data controller or a data processor depending on the context of the processing.
The Data Protection Officer (DPO) for ART25 Consulting AB is Hummam Wasfi, reachable at info@art25consulting.com.
This Privacy Notice explains how ART25 Consulting AB processes personal data when acting as a data controller in relation to users of this website and contact persons at potential and existing customers, suppliers, and other business partners.
Given our focus on data protection and AI governance, we apply a risk-based and privacy-by-design approach to all personal data processing activities.
This Privacy Notice may be updated from time to time. The latest version will always be available on this website.
ART25 Consulting AB collects personal data primarily directly from you or from your employer or organization in connection with professional interactions.
Categories of personal data
- name
- professional contact details such as email address and phone number
- company or employer name and professional role
- information provided through communications or contact forms
We only process personal data that is necessary and relevant for the purposes described.
Purposes of processing
- responding to inquiries and communications
- establishing and maintaining professional relationships
- delivering advisory, training, and related services
- business development and client engagement
- complying with legal and regulatory obligations
Legal basis
- Article 6(1)(b) GDPR — performance of a contract or steps prior to entering into a contract
- Article 6(1)(f) GDPR — legitimate interest in communicating with clients and maintaining professional relationships
- Article 6(1)(a) GDPR — consent, where applicable
Where processing is based on legitimate interests, ART25 Consulting AB performs a balancing test to ensure that such interests are not overridden by your fundamental rights and freedoms.
Providing personal data is voluntary, but it may be necessary in order for us to respond to inquiries or provide services.
ART25 Consulting AB does not intentionally collect or process special categories of personal data unless required as part of a specific engagement and subject to appropriate safeguards.
Retention periods
- Contact inquiries: up to 2 years
- Client relationships: duration of engagement and up to 5 years thereafter
- Legal obligations: as required under applicable law
Where necessary to operate our website, communications, and services, ART25 Consulting AB may use trusted service providers that process personal data on our behalf. Such providers act as data processors and process personal data only in accordance with our instructions and applicable data protection laws.
ART25 Consulting AB does not sell personal data or disclose it to third parties for their own marketing purposes.
In limited circumstances, personal data may be processed by service providers located outside the European Economic Area (EEA).
Where such transfers occur, ART25 Consulting AB ensures that appropriate safeguards are in place in accordance with applicable data protection laws, including the use of standard contractual clauses approved by the European Commission or transfers to countries recognized as providing an adequate level of data protection.
ART25 Consulting AB may use cookies or similar technologies to ensure the proper functioning of the website, improve user experience, and analyze usage.
Where required, consent will be obtained before placing non-essential cookies.
ART25 Consulting AB implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, role-based access management, encryption, and the use of secure cloud infrastructure from trusted providers.
Under the EU General Data Protection Regulation (GDPR), you have certain rights regarding your personal data. These include the right to:
- request access to the personal data we process about you
- request correction of inaccurate or incomplete personal data
- request deletion of personal data where applicable
- request restriction of processing in certain circumstances
- receive the personal data you have provided in a structured, commonly used, and machine-readable format and transmit it to another controller
- object to processing based on legitimate interests
- withdraw consent at any time where processing is based on consent
ART25 Consulting AB does not carry out automated decision-making or profiling that produces legal or similarly significant effects.
Please note that some personal data may need to be retained where required by law or where necessary for the purposes described in this Privacy Notice.
You may exercise these rights, or contact our Data Protection Officer Hummam Wasfi with any additional questions, at: info@art25consulting.com
If you believe that ART25 Consulting AB has not complied with applicable data protection laws when processing your personal data, you have the right to lodge a complaint with the supervisory authority.
In Sweden, the relevant supervisory authority is: