Byggassistent AI Privacy Policy

Byggassistent AI (hereinafter referred to as the "Controller") has established this Privacy Policy (hereinafter referred to as the "Privacy Policy") to provide individuals (hereinafter referred to as the "Data Subject") with general information regarding the processing of personal data by the Controller, including the purposes, scope, and protection of such processing, as well as to inform the Data Subject about their rights.

When processing personal data, the Controller complies with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR"), as well as other applicable laws and regulations in the field of privacy and data processing.

The Privacy Policy applies to any individual whose personal data is processed by the Controller and is relevant to the processing of personal data regardless of the format in which the Data Subject or any other individual has provided such personal data.

1. Definitions

Service – The provision of the Controller's digital tool to facilitate and improve construction project management and processes, as well as to provide consultations on compliance with regulatory requirements.

System – The digital tool provided as part of the Service.

Other terms used in the Privacy Policy are interpreted in accordance with the General Data Protection Regulation (GDPR).

2. Controller

The Controller responsible for processing personal data is Byggassistent AI.

For any questions or concerns regarding personal data processing, the Data Subject can contact the Controller via email at info@byggassistent.se.

3. Collection and Processing of Personal Data

The Controller's System provides various functions to ensure compliance in the construction process, including AI analysis, compliance consultations, efficient document management, and decision-making recommendations.

The Controller obtains the Data Subject's information either directly from the Data Subject or from third parties, provided there is a legal basis for such collection. The personal data of the Data Subject is processed in electronic form, for example, when receiving an account registration request or processing information within the System.

The processing of personal data is carried out by authorized employees of the Controller and by data processors with whom the Controller has entered into a data processing agreement.

4. Processing of Personal Data by the Controller

To fulfill its functions and provide the Service in the most efficient manner, the Controller needs to collect, process, and use certain types of personal data about Data Subjects.

Below is a summary of the data processing activities carried out by the Controller, including the purpose, processed data, and legal basis.

5. Processing, Protection, and Storage of Personal Data

To protect your personal data, the Controller implements various technical and organizational security measures. Your personal data is stored securely and is accessible to a limited number of individuals, only to authorized persons.

The recipients of your personal data include the Controller and its authorized persons, yourself, data processors, law enforcement or supervisory authorities, as well as the court in cases and procedures specified by regulatory acts.

The period for which personal data will be stored, or if that is not possible, the criteria used to determine that period:

However, the Controller may not always be able to fulfill the Data Subject's request to delete data. If data processing is necessary to fulfill a legal obligation, the Controller is not entitled to delete the Data Subject’s personal data.

6. Data Subject Rights

Before collecting personal data or at the time of collection, the Controller will provide the Data Subject with information on why their data is needed. The Data Subject will be informed about the need to review the Terms of Service and this Privacy Policy before creating a user account.

The Data Subject has the right to exercise all rights granted under Chapter III of the General Data Protection Regulation (GDPR).

The Data Subject has the following rights:

  1. To request access to the processed personal data from the Controller, to request the correction of inaccurate personal data or its deletion by submitting a written justification for the request, to request the restriction of data processing in cases specified by law, as well as to object to processing.

  2. To file a complaint with the supervisory authority regarding unlawful processing of personal data.

7. Information Exchange

Personal data may be transferred to processors (a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the Controller) if necessary for the Controller's functions and the provision of the Service.

User account information is stored in the processor’s data center in Sweden (European Union), while data entered into the System is processed using OpenAI tools in the United States. Data transfers to the U.S. or other countries are carried out based on Standard Contractual Clauses (SCC), a legal mechanism ensuring data protection, in accordance with Article 46(2)(c) of the General Data Protection Regulation (GDPR).

The Controller may transfer the Data Subject’s personal data to third parties, but only when necessary to fulfill legal obligations or when permitted by data protection laws, such as in cases involving law enforcement authorities.

8. Other Information

In case of any questions or uncertainties regarding the processing of personal data by the Controller, Data Subjects should contact the Controller.

The latest version of the Privacy Policy will always be published on the Controller’s website at https://byggassistent.se/ under the Privacy Policy section. The Controller reserves the right to make changes to the Privacy Policy without prior notice to the Data Subject.