Privacy Policy

Confidentiality policy

Thank you for using our services and web pages. This confidentiality policy is relevant to anyone who shares their personal data directly or indirectly with SBcert by using our webpages or services, like

Confidentiality policy’s  scope

This confidentiality policy pertains to the handling of personal data where SBcert is responsible for that personal data, ie in those cases SBcert collects, stores or handles personal data via our website,, or our internal systems.

Legal grounds and personal data

Through your use of our website you hereby approve our use of Cookies and handle your personal data in accordance with this information.  Sbcert saves your search history with the aim of improving and analysing the use of our website.  By personal data we mean personal data which can be seen as linked to you as a physical person.  It may occur that we handle the following type of personal data linkable to you (depending on which services you choose to use):

  • IP-address (if permission given)
  • Name (on quotations and reports)
  • E-mail (on quotations and reports)
  • Telephone number (on quotations and reports)
  • Organisational number (on quotations and reports)

User information eg cookies, search history, information on the site you use, and information on how you integrate with our services eg which functions you use and pages you visit.

Other information which we receive from you through your contact with us via our website.

The information you provide at quotation stage is used to create your quote and is kept for 6 years if no other agreement is reached. When preparing your quote some data is collected from public domains and is kept as part of providing our service. This data includes address details for your sites, description of your activities.

Recording Personal data within audit reports is part of our service and will be stored so they are accessible by you as a customer.  The information will be kept as long as you remain certified.  In the event of cancellation/ transfer the information will be deleted following termination/ handover.


On we use cookies to see how our users use our website, so that it functions correctly, is developed and made more relevant.  A cookie is a small text file which is saved on the user’s computer.  A cookie can be either a session-cookie or a cookie which is stored for longer periods.  A session-cookie disappears as soon as the web browser is closed, whilst a storage-cookie remains.  The purpose of storage-cookies is to give the user better functionality and experience on a website.  It can for example be a matter of choice of language or other preferences which are stored to make it easier for the user during the next visit.

Cookies are linked to your IP address and aren’t related to any other personal data. The data which is stored via cookies when it comes to behaviour on does not store IP address on our databases.  As a website visitor the information about you can   therefore never be linked to your identity. also have cookies for calculating and reporting user numbers and traffic.  We may also use so called third-party cookies from other companies for market research and traffic measurement. In these cookies information on IP-addresses, sites, browsers and similar may be stored.

If you do not wish this information to be registered when you visit you can remove them in your browser’s settings.  Via your browser you can both delete cookies and turn off the function for storing cookies on your computer.  This choice however may result in some functions on our website not working.

We use cookies from third parties too, in order to give you more relevant information. Furthermore we collect statistics on how our pages are used to improve the user experience, and we use cookies to track how users navigate our website.  The information in our cookies is made anonymous before being sent to a third party, which means we cant identify you as a person through the information.

Storage periods

Sbcert does not keep your personal details longer than is necessary for the purpose it was kept.  In normal cases this is 6 years but in some instances we are required to keep specific information for legal purposes, or for monitoring our legal interests, and if there is suspicion of illegal misuse of our services, and then we reserve the right to keep data as long as is necessary for the breach to be investigated.

Sharing of personal data

Sbcert is restrictive when sharing your personal data to parties outside Sbcert, and only do it when a necessary part of providing our services to you.  We will not share personal data with a third party in a way which makes it possible for such third parties to use personal data for the  purposes of direct marketing to you as a private person, but only to you in your role as a customer of Sbcert.  Data may also be shared with government departments, local councils or other parties in those cases it is required by law, regulations or local authority  decisions.

Personal data isn’t normally shared with countries outside the EU/EES but in those exceptional  cases  does so in line with contracts with suppliers to assure  the sharing is secure.  Sbcert uses Microsoft as a storage platform. Our judgement is that the risk of Microsoft sharing data with a third party is very low based on the nature of our business and extent of  information collected.  We monitor Mirosoft in this respect and the decision to store data on Microsoft Azure may change.

Your rights

Sbcert works actively to ensure we have the correct personal data.  As a registered customer with Sbcert you have the right to have personal data corrected if it is wrong. You can contact us on to get help with updating, or in some cases delete, your personal data.  You have the right to object to certain uses of your personal data and request that it be restricted.  You can at any time change your preferences and turn off the use of cookies. For more information on how to block or remove cookies, see above under “cookies.”

You also have the right to request your personal data, if technically possible, if you wish to transfer these to another person with responsibility.  As a registered customer you may also request a printout once a year at no cost which sets out what personal data is registered on our systems; contact for requests for print-outs or changes to personal data.

Technical and organisational security measures

Sbcert strives to have a high level of protection when it comes to your personal data. This means amongst other things that Sbcert’s suppliers only have access to your personal data if it is needed for fulfilling their commitments. It also means we actively work to protect your data from wrongful access and protect those systems we use.  All of Sbcert’s staff have gone through training in the handling of personal data.

Contact details

Scandinavian Business Certification AB, 556955-7985, is personal data responsible for handling your personal data. Contact us at:

If you feel we haven’t handled your personal data in line with relevant data protection law, you have the right to contact the Data Protection Authority.

Updated 2021-11-11