Privacy Policy

1. Who is responsible for your personal data?

In this policy, “we”, “us” and “our” refer to SvereSystems operated by Sveresa TMI.

2. What personal data we may collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

• Identity and contact data, such as your name, email address, company name, role, website, and any other contact details you choose to provide.
• Fit Review and enquiry data, such as the information you submit through forms, assessments, contact requests, or business enquiries.
• Communication data, such as emails, form messages, replies, follow-up communications, and related notes.
• Service and project data, such as information necessary to evaluate, prepare, deliver, or support a paid service.
• Transaction and billing data, such as payment status, invoice details, order references, and accounting-related records where applicable.
• Technical and usage data, such as IP address, browser type, device information, pages visited, timestamps, referring URLs, and consent-related records, where applicable.
• Email subscription or communication preference data, where you request updates, resources, or email communications from us.

Please do not send sensitive personal data unless it is genuinely necessary and appropriate in the context of your enquiry.

3. How we collect personal data

We may collect personal data:

• directly from you when you fill in a form, request a Fit Review, send us an email, make an enquiry, or otherwise contact us;
• automatically through your use of the website and its essential technical functions;
• through consent management and cookie-related mechanisms, where applicable;
• through payment or checkout-related workflows, where applicable.

4. Why we process personal data and the legal bases we rely on

We process personal data only where we have a valid legal basis to do so.

a) To respond to enquiries and Fit Review submissions

We process personal data to review your enquiry, assess Fit Review submissions, communicate with you, and decide whether there is a reasonable basis for further discussion or service delivery.

Legal basis: pre-contractual steps at your request, and where appropriate, our legitimate interests in operating and improving our business communications.

b) To deliver services and manage related communication

If we agree to work together, we process the data reasonably necessary to prepare, provide, manage, and support the agreed service.

Legal basis: performance of a contract, and where relevant, legitimate interests in administering our services and records.

c) To handle payments, invoicing, bookkeeping, and legal obligations

We may process personal data where necessary for invoicing, payment administration, accounting, tax compliance, fraud prevention, and the defence or establishment of legal claims.

Legal basis: legal obligation, contractual necessity, and legitimate interests where applicable.

d) To operate, protect, and improve the website

We may process limited technical data to keep the website working properly, maintain security, prevent abuse, manage consent choices, and understand basic site performance where applicable.

Legal basis: legitimate interests, and consent where required by law for non-essential cookies or similar technologies.

e) To send email updates or follow-up communications

If you request resources, join an email sequence, or otherwise ask to hear from us, we may process your contact details to send those communications.

Legal basis: consent where required, or legitimate interests where permitted by applicable law.

5. Who we may share personal data with

We do not sell personal data. We may share personal data with carefully selected service providers only where reasonably necessary for the purposes described in this policy.

Depending on how you interact with us, this may include providers such as:

• ClickSites AI for website page delivery or website-related infrastructure, where applicable.
• Namecheap / Private Email for domain, email, and related communication infrastructure, where applicable.
• Google (for example Gmail or related services) for email communication and message handling, where applicable.
• Make.com for workflow automation, form handling, and operational integrations, where applicable.
• Stripe for payment processing, where applicable.
• Payhip for checkout, digital sales, or order delivery workflows, where applicable.
• Acumbamail for email communications, automation, or subscription-related workflows, where applicable.
• Silktide Consent Manager for consent and cookie preference management, where applicable.

We may also disclose personal data where necessary to comply with law, enforce our rights, protect our business, prevent abuse, or respond to lawful requests from authorities.

6. International transfers

Some of the service providers we use may process personal data outside the European Economic Area (EEA), or may use infrastructure that involves international data transfers.

Where this happens, we aim to rely on appropriate safeguards under applicable data protection law, such as an adequacy decision, Standard Contractual Clauses, or other lawful transfer mechanisms, depending on the provider and the circumstances.

7. How long we keep personal data

We do not keep personal data longer than reasonably necessary for the purposes for which it was collected, unless a longer retention period is required or justified by law.

• General contact enquiries and Fit Review submissions: up to 12 months after the last meaningful contact, unless a longer period is reasonably necessary to continue a requested discussion, prepare a service, or deal with a legal issue.
• Client and service-related communications: for the duration of the engagement and, where reasonably necessary, for up to 12 months afterwards.
• Email subscription or automation records: until you unsubscribe, withdraw consent, or the communication purpose has ended, and in any case no longer than reasonably necessary.
• Consent records and cookie preference records: for as long as reasonably necessary to demonstrate and manage consent choices.
• Invoices, payment records, accounting material, and tax-related records: for the period required by applicable accounting and tax laws.

8. How we protect personal data

We take reasonable technical and organisational steps to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include access controls, limited role-based access, secure service providers, password protection, and the practical minimisation of data handling wherever possible.

No method of transmission or storage can be guaranteed to be completely secure, but we aim to handle personal data responsibly and proportionately.

9. Your rights

Subject to applicable law, you may have the right to:

• request access to the personal data we hold about you;
• request correction of inaccurate or incomplete personal data;
• request deletion of personal data in certain circumstances;
• request restriction of processing in certain circumstances;
• object to processing based on legitimate interests;
• withdraw consent where processing is based on consent;
• request data portability where applicable;
• lodge a complaint with the competent data protection authority, including the Office of the Data Protection Ombudsman in Finland.

If you would like to exercise any of these rights, please contact us using the email address shown in this policy. We may ask for reasonable information to verify your identity before responding to a request.

10. Cookies and similar technologies

This website may use cookies or similar technologies for essential site functionality, consent management, and other limited purposes described in our Cookie Policy.

For more information, please see our Cookie Policy.

11. Third-party links

This website may contain links to third-party websites or platforms. We are not responsible for the privacy practices, content, or security of external sites not controlled by us.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or business changes. The latest version will be published on this page with the updated revision date.

13. Contact

If you have questions about this Privacy Policy or how personal data is handled, please contact:

SvereSystems
Operated by Sveresa TMI
Business ID: 3592316-3
Sven Saksakulm
Finland
Email: