Byggassistent AI Privacy Policy

Byggassistent AI (hereinafter referred to as the "Controller") has established this Privacy Policy (hereinafter referred to as the "Privacy Policy") to provide individuals (hereinafter referred to as the "Data Subject") with general information regarding the processing of personal data by the Controller, including the purposes, scope, and protection of such processing, as well as to inform the Data Subject about their rights.

When processing personal data, the Controller complies with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR"), as well as other applicable laws and regulations in the field of privacy and data processing.

The Privacy Policy applies to any individual whose personal data is processed by the Controller and is relevant to the processing of personal data regardless of the format in which the Data Subject or any other individual has provided such personal data.

1. Definitions

Service – The provision of the Controller's digital tool to facilitate and improve construction project management and processes, as well as to provide consultations on compliance with regulatory requirements.

System – The digital tool provided as part of the Service.

Other terms used in the Privacy Policy are interpreted in accordance with the General Data Protection Regulation (GDPR).

2. Controller

The Controller responsible for processing personal data is Byggassistent AI.

For any questions or concerns regarding personal data processing, the Data Subject can contact the Controller via email at info@byggassistent.se.

3. Collection and Processing of Personal Data

The Controller's System provides various functions to ensure compliance in the construction process, including AI analysis, compliance consultations, efficient document management, and decision-making recommendations.

The Controller obtains the Data Subject's information either directly from the Data Subject or from third parties, provided there is a legal basis for such collection. The personal data of the Data Subject is processed in electronic form, for example, when receiving an account registration request or processing information within the System.

The processing of personal data is carried out by authorized employees of the Controller and by data processors with whom the Controller has entered into a data processing agreement.

4. Processing of Personal Data by the Controller

To fulfill its functions and provide the Service in the most efficient manner, the Controller needs to collect, process, and use certain types of personal data about Data Subjects.

Below is a summary of the data processing activities carried out by the Controller, including the purpose, processed data, and legal basis.

• The purpose is to ensure user registration and access to the platform. The processed data includes name, surname, and email address. The legal basis for this processing is the performance of a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation.

• The purpose is to provide the service, which includes AI analysis, document management, and compliance verification for user-uploaded data. The processed data includes information entered by users and uploaded documents, which may contain personal data such as contact details or financial information. The legal basis for this processing is the performance of a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation.

• The purpose is to provide user support. The processed data includes name, surname, email address, and the content of the request. The legal basis for this processing is the performance of a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation.

• The purpose is to maintain platform security, prevent malicious activities, and improve the service. The processed data includes IP address and user activity logs (log files). The legal basis for this processing is the legitimate interests of the Controller, in accordance with Article 6(1)(f) of the General Data Protection Regulation.

5. Processing, Protection, and Storage of Personal Data

To protect your personal data, the Controller implements various technical and organizational security measures. Your personal data is stored securely and is accessible to a limited number of individuals, only to authorized persons.

The recipients of your personal data include the Controller and its authorized persons, yourself, data processors, law enforcement or supervisory authorities, as well as the court in cases and procedures specified by regulatory acts.

The period for which personal data will be stored, or if that is not possible, the criteria used to determine that period:

• The created user account and the information entered into the System by the user will be stored for 12 months from the last login to the System or from the request to delete the account.

• Data obtained for user support and platform security purposes will be stored for 6 months.

• The following criteria are used to determine the retention period for personal data:

• The following criteria are used to determine the retention period:

  • As long as you or the Controller can exercise legitimate interests in accordance with external regulatory acts.

  • As long as either party has a legal obligation to retain the data.

• The Controller may also store the Data Subject’s personal data until a request for deletion is made.

However, the Controller may not always be able to fulfill the Data Subject's request to delete data. If data processing is necessary to fulfill a legal obligation, the Controller is not entitled to delete the Data Subject’s personal data.

6. Data Subject Rights

Before collecting personal data or at the time of collection, the Controller will provide the Data Subject with information on why their data is needed. The Data Subject will be informed about the need to review the Terms of Service and this Privacy Policy before creating a user account.

The Data Subject has the right to exercise all rights granted under Chapter III of the General Data Protection Regulation (GDPR).

The Data Subject has the following rights:

1. To request access to the processed personal data from the Controller, to request the correction of inaccurate personal data or its deletion by submitting a written justification for the request, to request the restriction of data processing in cases specified by law, as well as to object to processing.

2. To file a complaint with the supervisory authority regarding unlawful processing of personal data.

7. Information Exchange

Personal data may be transferred to processors (a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the Controller) if necessary for the Controller's functions and the provision of the Service.

User account information is stored in the processor’s data center in Sweden (European Union), while data entered into the System is processed using OpenAI tools in the United States. Data transfers to the U.S. or other countries are carried out based on Standard Contractual Clauses (SCC), a legal mechanism ensuring data protection, in accordance with Article 46(2)(c) of the General Data Protection Regulation (GDPR).

The Controller may transfer the Data Subject’s personal data to third parties, but only when necessary to fulfill legal obligations or when permitted by data protection laws, such as in cases involving law enforcement authorities.

8. Other Information

In case of any questions or uncertainties regarding the processing of personal data by the Controller, Data Subjects should contact the Controller.

The latest version of the Privacy Policy will always be published on the Controller’s website at https://byggassistent.se/ under the Privacy Policy section. The Controller reserves the right to make changes to the Privacy Policy without prior notice to the Data Subject.