Privacy Policy

Hups AB cares about your personal privacy and strives for a high level of data protection. In our privacy policy, we explain how we, as data controllers, process personal data about individuals who come into contact with us in various ways and whose personal data we register.

For more information about GDPR terminology, you can visit the Swedish Authority for Privacy Protection. We also recommend their Glossary | IMY, where you can look up commonly used terms in the field.

Data Controller:
Hups AB
Organisation number: 556936-2717
Luntmakargatan 26
111 37 Stockholm
Sweden

This Privacy Policy applies to Hups AB’s websites and services, including www.hups.com and www.niklasmodig.com.

We process personal data under the following legal bases defined in the General Data Protection Regulation (GDPR):

Processing PurposePersonal Data ExamplesLegal Basis (GDPR Article)
Account creation and loginName, email, contact informationPerformance of a contract (Art. 6(1)(b))
Customer supportMessages, contact details, usage logsLegitimate interest (Art. 6(1)(f))
Marketing communicationsName, email address, marketing preferencesConsent (Art. 6(1)(a))
RecruitmentCVs, job history, references, interview notesLegitimate interest / Consent (Art. 6(1)(f) / Art. 6(1)(a))
Payment and invoicingBilling details, transaction historyLegal obligation (Art. 6(1)(c)) and contract (Art. 6(1)(b))
Platform analytics & usageIP address, browser type, clickstream dataConsent (Art. 6(1)(a)) via cookies
Internal HR processesStaff name, contact info, sick leave dataContract / Legal obligation / Legitimate interest

Changes to Our Privacy Policy

We may make updates to the privacy policy over time. The most recent version will always be available on our website: https://hups.com. If the changes are significant, we will try to inform you directly. Please feel free to contact us if you have questions or if any GDPR-related information is missing.

Your Rights

  • Right of access: You have the right to know how we process your personal data (called the right of access or sometimes a subject access request). Such a request should include a description of the purposes and legal bases of the processing, as well as the categories of personal data involved. We have already compiled this information at a general level under the section “How we process personal data” below, which gives you a simple overview of our handling practices. A subject access request helps you understand whether, and for what purpose, we process your data. See also: Right of access | IMY.
  • Right to rectification: If you believe we hold incorrect or incomplete personal data about you, you have the right to request correction or completion. See also: Right to have incorrect data corrected | IMY.
  • Right to object: You may object to our processing of your data for purposes such as marketing or profiling (as described in the section “How we process personal data”). You may also object on personal grounds. If your objection is valid, we will evaluate whether the data should also be erased. Of course, we will always delete your data if you no longer wish to receive newsletters, marketing materials, or similar communications from us.
  • Right to erasure: If you no longer want us to process your data, you have the right to request deletion. We will erase your personal data if: they are no longer necessary for the purposes for which they were collected; you have objected, and the objection is accepted (see previous point); the processing was unlawful; or if we are legally obligated to delete them.
  • Right to withdraw consent: If processing is based on your consent, you may withdraw that consent at any time. In that case, we will delete the data covered by the consent. However, any processing that occurred before the withdrawal remains lawful. See also: Right to erasure | IMY

Contact Us

It is important to us that you feel confident in how we handle your personal data. If you wish to exercise your rights or have other questions or comments, you can contact us at info@hups.com. The same applies if you want to exercise your rights (see above).

Contact the Swedish Authority for Privacy Protection

You always have the right to contact the Swedish Authority for Privacy Protection (IMY) if you have concerns about how we handle your data. You are, of course, welcome to do this without contacting us first, but we appreciate it if you also let us know what you think so that we can correct any mistakes and take your feedback into account in our ongoing improvement efforts.

How We Process Personal Data in Our Operations

Below, we describe how we process personal data in different areas of our operations:

  • HUPS Platform
  • The “Customer Journey” (from start to finish)
  • Education
  • Marketing
  • Sales
  • Communication
  • Cookies
  • Finance
  • Software Development
  • Handling of GDPR-related matters
  • Other Administration
  • Recruitment of Staff

Cookies and Tracking Technologies

We use cookies and similar technologies to distinguish you from other users, enhance your experience on our website, and improve our services. Cookies are small text files stored on your device. Some are necessary for site functionality, while others support performance, analytics, and personalization.

Types of cookies we use include:

  • Strictly necessary cookies – Enable core site functionality and security features.
  • Performance/analytics cookies – Help us understand how visitors use our site (e.g., via Google Analytics or HubSpot).
  • Functionality cookies – Remember your preferences (such as language or region) to enhance your experience.
  • Web beacons (pixels) – May be used by us or partners to measure engagement with content, including in emails.

Most browsers accept cookies automatically, but you can adjust your settings to refuse or delete them. Disabling cookies may affect the functionality of certain parts of our website.

Our Employees' Personal Data

In all processes within our operations, our employees' personal data (such as name, address details, email addresses, phone numbers, job title, and position) are processed when they carry out their work duties—for example, when responding to a question or contacting someone. The different purposes for processing are described in each process and also apply to employees’ personal data. The legal basis for processing is:

  • Contract (the employment contract or another agreement the employee has entered with the employer),
  • Legitimate interest (the employer’s interest in managing and distributing work constitutes a legitimate interest),
  • and sometimes a legal obligation may apply (this is then described in the relevant process).

Handling of Documents and Emails

The handling of documents and emails is included in the description of the organization’s processes. To present a complete picture, we also outline the principles we follow for the processing of personal data in documents and emails:

  1. Guidelines for document management and retention govern how documents are handled.
  2. For documents that are not finalized or otherwise not covered by point 1, we apply a clear document management structure to avoid having multiple versions of documents.
  3. If emails need to be retained, they must be moved to the appropriate system or folder where the matter is handled and not stored within the email system.
  4. When necessary, we may forward an incoming email to the correct recipient within HUPS AB.
  5. Sensitive personal data may only be sent by email if it is encrypted.
  6. When a document or saved message is no longer needed for the purpose it was retained for, it must be deleted.
  7. If a document needs to be saved as a template, all personal data must be removed before the template is stored.
  8. There must be clear access control in systems where personal data is processed, ensuring that only individuals who need access to personal data have authorization.

When There Is a Risk of Data Transfer to Third Countries

We primarily choose U.S. providers that are part of the Data Privacy Framework, an adequacy decision in which the EU Commission has declared that the U.S. can be considered a safe third country.

In other cases, HUPS AB uses standard contractual clauses, which include appropriate safeguards.

Storage of Personal Data

Personal data is stored in accordance with HUPS AB’s rules on document management and archiving. We also describe our principles for data storage within each process above (see How We Process Personal Data in Our Operations). The same personal data (for example, your name) may be stored in several different locations for different purposes. This may mean that a piece of data deleted from one system because it is no longer necessary may remain in another system or register where it is stored for another purpose for which the personal data is still needed.

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or to comply with legal, regulatory, or contractual requirements. Specific retention periods may vary depending on the nature of the processing activity and applicable obligations.

If you want to know how your personal data is being used, you can request a record extract (register extract).

Sensitive personal data refers to data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

Automated Decisions and Profiling

Automated decisions refer to situations where personal data forms the basis for certain automatic decisions with no human involvement in the decision-making process. This type of decision-making is not used within HUPS AB's operations.

Profiling is an automated processing of personal data where the data is used to assess certain characteristics of a natural person—for example, to predict the person’s work performance, economic situation, health, personal preferences, interests, reliability, etc. Profiling may be used within HUPS AB’s operations, for instance in recruitment (see the section How We Process Personal Data in Our Operations).

Profiling at Hups AB is used exclusively in specific cases such as recruitment or user interest segmentation (e.g. to tailor relevant content or roles). For example, a candidate's qualifications may be matched against a job profile using keyword scanning or ranking systems to assist human decision-makers.

No fully automated decisions with legal or similarly significant effects are made without human involvement.

You have the right to object to profiling at any time, and to request human review of any automated assessments that affect you.

Data Processors and Sub-Processors

Hups AB uses carefully selected third-party service providers (data processors) to help deliver our services and operate our business. These processors may access and process personal data only on our behalf and in accordance with our instructions and are contractually bound to comply with GDPR through data processing agreements.

Examples include:

  • Cloud hosting and storage providers
  • Marketing and communication platforms
  • Recruitment and HR management tools
  • Analytics and performance tracking services

We ensure that all processors provide adequate guarantees of technical and organizational measures to protect your data.

Internal Processes (Published Internally Only)

  • Introduction of new employees
  • Salaries and compensation
  • Sick leave and rehabilitation
  • Development discussions
  • Salary reviews
  • Termination of employment