Privacy Notice

Privacy at a glance

  • Eurostep AB is the data controller. Contact details are at the end of this notice.

  • We collect contact, identification and communication data when you interact with us online or offline.

  • We use your data to communicate with you, deliver and improve our products and services, and for marketing and analytics on the basis of consent, contract, legal obligation and our legitimate interests (balanced against your rights).

  • With your consent, we may share limited identifiers with trusted advertising/analytics platforms to measure conversions and improve relevance. We do not sell or license data to data brokers.

  • You can withdraw consent or opt out of marketing at any time. Withdrawal does not affect prior lawful processing. You also have rights to access, rectify, erase, restrict, object and data portability.

  • We do not make solely automated decisions that produce legal or similarly significant effects on you.

  • We retain data only as long as necessary for stated purposes or legal requirements, then delete or anonymise it.

Introduction

This Privacy Notice describes the Principles of processing personal data at Eurostep, hereinafter also referred to as the Principles.

Our Principles comply with the requirements under the EU General Data Protection Regulation (GDPR).

Your privacy is important to us. This privacy statement explains what personal data Eurostep collects from you, through our interactions with you and through our agreements, services and products, and how we use that data.

Your personal data may be collected and/or processed by the Eurostep entity registered in your country of residence for purposes of managing your relationship with Eurostep and to better serve you by personalising your experience and interaction with us.

For this purpose, your personal data may be transferred to other subsidiaries within Eurostep, which may be located outside of your country of residence, and in particular to Sweden, where Eurostep AB is headquartered. These data transfers are done in compliance with Eurostep’s corporate rules and these Principles.

Contact details for Eurostep can be found at the end of this document.

Definitions

  • Personal data means any information directly or indirectly related to a natural person.
  • Processing means any operation carried out with Personal data (incl. collection, recording, storing, erasure, transfer, etc.).
  • Data Controller has personal data responsibility and has the sole responsibility or sole responsibility for the processing of personal data in accordance with applicable privacy laws.
  • Eurostep means Eurostep AB and its subsidiaries.
  • Employee means any person employed by Eurostep AB, its subsidiaries, or a person that has the same rights and responsibilities as an employee, e.g., a subcontractor.

Terms and Conditions

These Principles describe how Eurostep processes Personal data at a general level.

Specific details on the Processing of Personal data might also be described in employment contracts and other related documents.

Eurostep ensures, within the framework of applicable law, the confidentiality of personal data and has implemented appropriate technical and organisational measures to safeguard Personal data from unauthorised access, unlawful processing or disclosure, accidental loss, modification or destruction.

Eurostep may use authorised processors for processing Personal data or transferring personal data to other recipients. In such cases, Eurostep takes necessary steps to ensure that external data processors process Personal data under the instructions of Eurostep and in compliance with applicable law and requires adequate security measures.

We also use service providers that act on our instructions to host our websites and systems, provide customer relationship management (CRM), marketing automation, analytics, security and IT support. These processors are bound by contract to protect your data and may not use it for their own purposes.

Categories of Personal Data

Personal data may be collected from you, from your use of our services and from external sources such as public and private registers or third parties.

Personal data categories which Eurostep primarily, but not only, collects and processes are:

  • Identification data such as name, personal identification code, userIDs, date of birth, etc.
  • Contact data such as an address, telephone number, email address, role, the language of communication, country of residence, etc.
  • Communication data collected when you communicate with Eurostep via telephone, visual and/or audio recordings, e-mail, messages and other communication mechanisms such as social media, data related to your visit to Eurostep’s websites or communicating through other Eurostep channels or tools. Data about personal settings, survey responses, your satisfaction, applications, etc.

Retention Policies

Eurostep retains personal data for as long as necessary to provide the services or products and to fulfil the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different services or products and agreements, actual retention periods can vary significantly.

  • For prospective customers and their Identification data or Contact data, Communication data, the retention period is different, and it will change if they become active customers.
  • For marketing, a Leads register and for sales, a CRM Register are used, where Personal data is collected manually and/or via email, or via social media or digital advertisement channels. This is moved into Sales by Marketing via a qualification process, and this is stored as long as Sales needs to manage the sales pipeline and help prioritise and close business.
  • News and other subscriptions will be stored until unsubscribed.
  • Information in applications for events, forums and other activities, such as product trials, will be stored during the time of engagement.

Legal Bases and Purposes for Processing Personal Data

Eurostep processes Personal data primarily to:

Comply with legal obligations and applicable law. Sound corporate governance and risk management are required before entering into an agreement or complying with a legal obligation, or in Eurostep’s legitimate interest.

Deliver and improve our products and services. The information provided is used by Eurostep for marketing, product delivery, product development, recruitment and billing. It may also be used by our partners to customise content, ads, and offers to your company. The data can also be used as a basis for statistics or be analysed and grouped for selection, prioritisation and planning of personal information. Also, so-called profiling. This may also include information we receive through cookies and plugins on our website. See our cookie policy for more details.

When we rely on legitimate interests as a lawful basis, our interests include improving our products and services, personalising content and advertising, and maintaining secure and efficient operations. We balance these interests against your rights, and will not use legitimate interests where the impact on you would override your rights or expectations.

If we engage in profiling or automated decision-making, we will ensure that you have meaningful information about how and why your data is used in this way, and you have the right to object, request human intervention or ask for the processing not to be automated, where required by law.

For sending you marketing communications. We may use the personal data you provide to us, as well as the personal data we collect about you from your interactions with our websites, products and services, and from third party sources, for marketing purposes, i.e, to keep you informed about events, new product releases and service developments, alerts, updates, terms, special offers and associated campaigns and promotions or prices. For example, when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you in our marketing information campaigns. Before we do so, however, we will, in accordance with the applicable privacy laws in your country, offer you the opportunity to choose whether or not to have your personal data used in this way. We may also contact you regarding products or services similar to those you have already used/purchased or are in the process of using/purchasing.

Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Our sales representatives may also use your phone number or email address to contact you directly by phone, in connection with our products and services, upcoming events or other promotions, in accordance with the laws applicable in your country.

Eurostep will request and use personal data only as reasonably necessary for the limited purpose stated at the point of collection and in accordance with this Privacy Notice. We will not sell, license or disclose personal data to data brokers, nor misuse personal data in calls, emails or communications beyond lawful and consented activities.

Where we need certain personal data to enter into or perform a contract (for example, to respond to a request or provide products or services), not providing that data may mean we cannot fulfil your request or deliver the service.

We may also share limited personal data (such as email address or other identifiers you have provided) with marketing, advertising and analytics platforms and service providers (for example, Google Ads, Microsoft Advertising, LinkedIn Ads, X (formerly Twitter), HubSpot) for the purposes of conversion tracking, analytics and optimisation of our marketing campaigns. Such sharing occurs only where you have provided consent, and in accordance with applicable data protection law. We will not sell or license your personal data, and it is used solely for analytics, advertising optimisation, and communications relevant to your expressed interests.

In all cases, and irrespective of your country, you may at any time choose not to receive marketing communications from us by clicking on the unsubscribe link included in each e-mail you may receive, by indicating so when we call you, by unsubscribing or by contacting us directly at info@eurostep.com

We do our best to tailor your website visit, marketing experience and communications to your expressed interests, and we conduct our marketing in accordance with applicable law. Please note that if you opt out of our marketing communications, we may still contact you regarding your use of our products and services and to respond to your questions or requests.

Personal data used for direct marketing and sales activities will be retained for as long as we have an active relationship with you. We treat you as an inactive contact if (i) you have made a deletion request, and (ii) you have not interacted with us or updated your preferences and contact information in the past 24 months.

Geographical Area Processing

As a general rule, Personal data is processed within the European Union, but in some cases, transferred and processed to countries outside the EU/EEA.

Transfer and processing of Personal Data outside the EU/EEA can take place provided there is a legal ground, i.e. due to legal requirements or your consent, and appropriate safeguards are in place. Appropriate safeguards, such as:

  • There is an agreement in place, including the EU Standard Contractual Clauses or other approved clauses, code of conduct, certifications, etc., approved in accordance with the General Data Protection Regulation.
  • The country outside of the EU/EEA where the recipient is located has an adequate level of data protection as decided by the EU Commission.
  • The recipient participates in the EU-US Data Privacy Framework (DPF) and is certified where applicable.

Upon request, you can receive further details on Personal data transfers to countries outside the EU/EEA.

Your Rights as a Data Subject

Your Data Protection Rights

You have the right to request access to your personal data. You also have the right to request Eurostep to rectify or erase your personal data or restrict the processing of the same. You may also object to Eurostep’s processing of your personal data or request data portability. However, please note that Eurostep may not always be obliged to comply with a request for deletion, restriction, objection or data portability. Assessment will be made on a case-by-case basis of Eurostep’s legal obligations and the exceptions to such rights.

To exercise one of your rights, please see the Contact details. You also have the right to lodge a complaint with a supervisory authority. In Sweden this is Integritetsskyddsmyndigheten (IMY). See imy.se for contact options.

Contact Details

You may contact Eurostep with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Personal data.

You may change certain information, approvals and choices by calling a Eurostep office.

Contact details of Eurostep offices are available on Eurostep’s website www.eurostep.com/contact-us.

Eurostep AB is the Controller for Eurostep and for the handling of your personal data. For further information about how your personal information is handled or for exercising data subject rights, contact us preferably through a written, self-signed request sent to:

Eurostep AB
Gustavslundsvägen 137,
SE-167 51 Bromma, Sweden
Phone: +46 8 200 440, Fax: +46 8 200 399
E-mail: info@eurostep.com

v1.3, 23 September 2025