1. Privacy Policy Scope
1.1. This privacy policy describes how Oplane AB, Reg. No. 559398-8487, ("Oplane", "us", "we" or "our"), manage and process your personal data as part of our business, for example in relation to you as a user ("User" meaning former, current and potential user of our software or services), or as a visitor to our official website. What kind of processing (which is a generic term in the EU Data Protection Regulation ("GDPR") for operations which is performed on your personal data) that we carry out regarding your personal data depends on the context in which you come into contact with us, and in which capacity you act.
1.2. Oplane has developed and provides the Oplane.AI platform (the "Platform"). The Platform aims to facilitate organizations with their cyber security. With the help of the Platform the organizations will achieve an easier, smarter, and more efficient way to manage work with cyber security.
1.3. Privacy protection is a priority for us at Oplane. That is why it is important for us to protect your personal data and to make sure that the data is processed in correct and legal ways. We process personal data lawfully, fairly and transparently. We only process personal data for legitimate purposes, we limit the collection of personal data to what is necessary for accomplishing such specified purposes. We ensure personal data is accurate and keep it up to date. We apply storage limitations only storing personal data for as long as it is necessary for the purpose which the personal data are processed for. Where possible, we adapt integrity, confidentiality and availability with techniques such as pseudonymisation and encryption.
Legal basis of processing
1.4. In this privacy policy, we describe what different types of personal data we may process, for what purposes we process it and on what legal basis. We also describe our process practices, with whom we may share your personal data as well as what options and what rights you have in relation to our processing. We kindly ask you to thoroughly read through this privacy policy and to make sure that you fully understand its content.
Oplane as personal data controller
1.5. Kindly note that this privacy policy refers to such processing of personal data of which Oplane is considered the personal data controller. This implies that Oplane is responsible for the processing of your personal data that is conducted within our business, including our website. This also implies that you should contact us with any questions or concerns you might have, or if you wish to use any of the rights you have, in relation to our processing of your personal data.
1.6. To be able to use the Platform you need to register personally. Oplane is the personal data controller for the personal data processing necessary with the purpose of providing you access to the Platform.
2. Personal Data Processing
Personal data refers to data that can be attributed to you. You are not obliged to disclose any personal data to us. If you, on the other hand, decide to allow us to take part of your personal data we may process personal data that can be attributed to you in accordance to below:
2.1. Subject categories
2.1.1. User account on the platform
Why do we process your personal data?
We process your personal data to administrate your user account and to ensure that the Platform is safe and reliable, to ensure the quality of reported data and to monitor the data that you report in the Platform. We will process the personal data we obtained directly from you upon creation of your user account. We only process personal data that is necessary for providing you with your user account. If you decide to not disclose any personal data, this may result in you not being able to use the Platform to its full extent, or at all.
We may contact you to carry out surveys regarding e.g. your experience in interacting with our services.
We also use cookies on our platform. For more information about the cookies we use, please see our Cookie Policy.
Which personal data do we process?
We will process account information that you register for your account in the Platform, including your name, email address, usernames with other platforms, photo as well as possible personal settings. We will also process personal data about your activity on the Platform, e.g., that you as a User has registered on the Platform and what such registered data consist of.
What is the legal basis to process your personal data?
We process your personal data on the legal bases of legitimate interest and to be able to perform under a potential contract with you. It is in our legitimate interest to process your personal data as a part of your user account, to be able to administrate your user account, to ensure that the Platform is safe and reliable, to ensure the quality of the reported data, to perform surveys regarding the Platform and to be able to monitor the data that you report in the Platform.
You have the right to object to our processing based upon legitimate interest. More information about your right to object can be found in section 6.6.
For how long do we process your personal data?
In regard to you as a user of the Platform we process your personal data for as long as you are a registered user of the Platform. When you as a user of the Platform no longer are linked to a customer account we will remove your personal data after a maximum of 15 months, to be able to ensure the quality of reported data and traceability in the Platform.
2.1.2. Customer Relationships
Why do we process your personal data?
We process your personal data to administer our customer relationship with you and for marketing of our services to you. We process your personal data to ensure that you as a customer and/or User get as much value as possible from our services. We process your personal data when you contact us, e.g. via our contact form on the website or via LinkedIn, to be able to answer you.
Which personal data do we process?
When you contact us e.g. via our contact form on the website or via LinkedIn, we process contact details such as your name, email address, and phone number; as well as information about the employer, organization, its address and your title. If you include any other personal data when you contact us, we will also process such personal data.
We also collect and process information about your usage of our services and the feedback you give us. This information helps us to understand your needs and wishes and to be proactive in our offering to you e.g. training, or how to develop features to make the Platform more user friendly.
What is the legal basis to process your personal data?
We process your personal data on the legal bases of legitimate interest and to be able to perform under a potential contract with you. It is in our legitimate interest to provide as much value as possible from our services and to be able to assist you if you have any questions or give us any feedback.
You have the right to object to our processing based upon legitimate interest. More information about your right to object can be found in section 6.6.
For how long do we process your personal data?
We will process your data for as long as we have an ongoing customer relationship with you. If we have not had any ongoing customer relationships with you in one year, we will remove your personal data.
2.1.3. Website visitors
Why do we process your personal data?
We process your personal data to administrate your usage of our website and to provide website functionality. We also process your personal data to be able to troubleshoot if a possible problem would occur with the website. Further, we process your personal data in order to manage marketing efforts and to get insight in user behaviour on our website, to be able to provide you with relevant information and marketing.
Which personal data do we process?
Data regarding website usage (cookies), such as IP-address, type of browser and what version, operating system, referring website address, the pages you view on our site, and the date and time of your visit.
What is the legal basis to process your personal data?
We process your personal data on the legal basis of legitimate interest to be able to administrate your usage of our website, troubleshoot problems and to manage marketing efforts.
For how long do we process your personal data?
We will process your data for as long as it is necessary to fulfill the purposes described above. For more information about cookies, please see our Cookie Policy.
2.2. Assessment of legitimate interest
When we process personal data based on legitimate interest, we have made a so-called balancing of interests test. This means that we have weighed our interest in processing the personal data against your interest in having the data protected. If you have any questions about our assessment, you are welcome to contact us.
3. Recipients of Personal Data
In certain cases, we share your personal data with other parties. In such cases, we ensure that the recipient processes the personal data in accordance with applicable data protection legislation. We may share your personal data with the following categories of recipients:
- Service providers: Companies that provide services to us, such as IT services, hosting, analytics, and customer support.
- Business partners: Companies with which we cooperate to provide our services.
- Authorities: In certain cases, we may be obliged to disclose personal data to authorities, for example in response to a court order or legal process.
- Other parties in connection with corporate transactions: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the relevant party.
We do not sell your personal data to third parties.
4. Security
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms
- Regular security assessments and penetration testing
- Employee training on data protection practices
- Incident response procedures
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
5. Transfer to Third Countries
In certain cases, we transfer your personal data to countries outside the EU/EEA. When we do so, we ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection legislation.
| Safeguard | Countries |
|---|---|
| Adequate level of protection according to art. 45 GDPR. The European Commission has decided that certain countries outside the EU/EEA have a sufficiently high level of security. | N/A |
| Standard contractual clauses according to art 46.2 GDPR. The most common measure to ensure sufficient protection in the event of a transfer outside the EU/EEA. We also assess whether there are laws in the recipient country that affect the protection of your personal data. | The USA |
Right to obtain a copy – If you would like to receive further information about transfers to countries outside the EU/EEA, or if you would like to receive a copy of the safeguard we have used, you can contact us using the contact details set out in section 8 below.
6. Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right to be informed
You have the right to be informed about how we process your personal data.
Right to access
We can provide you with a copy (register extract) of the personal data processed by us.
Right to rectification
You have the right to have inaccurate data corrected and incomplete data completed.
Right to erasure
You have the right to request the erasure of your personal data ("right to be forgotten").
Right to restriction
You can request that the processing of your personal data should be restricted.
Right to object
You have the right to object to processing based on legitimate interest.
Right to portability
You have the right to receive your personal data in a structured, machine-readable format.
Right to withdraw consent
You can withdraw consent at any time, with effect from the withdrawal.
Right to lodge a complaint
You can lodge a complaint to the Swedish Authority for Privacy Protection if you believe our processing is not in accordance with applicable legislation.
6.10. Requirements for exercising your rights
You can lodge a complaint to the Swedish Authority for Privacy Protection (or with another supervisory authority) if you believe that our processing of your personal data is not in accordance with applicable legislation.
6.10. Requirements for exercising your rights
To protect your privacy, we may (if necessary) require you to prove your identity when you contact us to exercise your rights. We handle your request to exercise your rights promptly. Your request will normally be answered within one month from the date the request was received by us. Only in the case of an unusually complicated request, or if we have received a large number of requests, the response time may be extended by up to two months.
7. Amendments and Changes
7.1. We may make amendments or changes to this privacy policy. If we do so we will publish the updated policy on our website. Therefore, we advise you to regularly read through the privacy policy.
8. How do you exercise your rights?
8.1. If you want to apply any of the rights or if you have questions regarding privacy, you are welcome to contact us at privacy@oplane.io.
Published: 2025-08-05 16:13