Privacy Policy

We believe in profound partnerships and professionalism beyond anything else. This means that the data you provide us with through our site is only used during your relationship with us and it is protected by industry standard security measures. You can delete your account on your own at any time. Feel free to reach out to

1 General

1.1 Company

This privacy policy (the “Policy”) applies when you submit information to Lorensbergs Organisationskonsulter AB, reg. no. 556523-8820, Drottninggatan 10, 411 14 Göteborg, Sweden, e-mail:

By creating an account by submitting your email address and password, you agree to and accept that Lorensbergs collects and processes your personal data in accordance with this Policy. This privacy policy explains what personal data Lorensbergs collects from you through our product and how we use that data.

1.3 Summary

Full details are set out in the relevant sections of this policy. In brief:

  • We use your personal data to deliver our services, conduct our business, keep appropriate records and meet our legal obligations;
  • You have legal rights in relation to your personal data which you can exercise on request;
  • We store personal data for specified periods (1 year);
  • Our website uses cookies and we collect analytics information from the use of our products; and
  • You can contact us to enquire about any of the contents of this Policy.

2 Data Protection Principles

We are committed to complying with data protection law and principles, which means that your data will be:

  1. Processed lawfully, fairly and in a transparent way;
  2. Collected for specific, explicit and legitimate purposes stated in this policy and not used in any way that is incompatible with those purposes;
  3. Adequate, relevant and limited to what is necessary for those purposes;
  4. Accurate and, where necessary, kept up to date;
  5. Kept for no longer than is necessary for those purposes; and
  6. Processed securely.

3 Collection of Personal Information

Lorensbergs acts as the data controller for the information you provide or that is collected by Lorensbergs. Lorensbergs collects data to operate effectively as a business and to provide you, the user, with tailored services and products.

In some cases, you may have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary in order for us to provide services, you may not be able to use that product.
We provide further information below, on the types of personal data we obtain and how we use them, which apply when you use our products and services.

Our Data Protection Officer (DPO) is Christina Hogan,
3.1 Data provided during account registration
At the registration process on the Lorensbergs platform, you are asked to provide the following information:

  1. Your first and last name
  2. Your email address

This basic information is necessary to complete your user registration and for you to use our services (for more information on what we use your data for, see section 3). If you decline to provide this information during the registration process, you cannot create an account on the platform and use our services.

3.2 Service engagement data

When you begin to use our services, we monitor engagement and feature usage on our platform by recording your self-assessment and interactions you have with the product.

3.3 Emails

Lorensbergs store email addresses and sends emails on your behalf to colleagues you want feedback from. Your colleagues accept these terms by clicking on the link they are sent.

3.4 Cookies and other data collection technologies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date, a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user (except for IP addresses in some cases), but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use these kinds of cookies:

Strictly Necessary Cookies: These cookies are essential to provide you with services from our website and to enable you to use its features. For example, they allow you to log in to secure areas of our site and quickly load the content of the pages you request. Without these cookies, the services that you ask for cannot be provided. We only use these cookies to provide you with those services.

Functionality Cookies: These cookies allow our site to remember the choices you make, such as remembering your login details and remembering the changes you make to other parts of our site which you can customise (your preferences). The purpose of these cookies is to provide you with convenience and a more personal experience on our site.
Analytical/Performance Cookies: These cookies are used to collect information about traffic to our site and how users use our site. We may use traffic log cookies to track the pages you view. The purpose of these cookies is to analyse web page traffic to further optimise how users access relevant content.

Google Analytics: The site uses Google Analytics (an analytical/performance cookie) to analyse how it is used. The cookie collects standard internet log information and visitor behaviour information in an anonymised form, from which individual users are unidentifiable. This information is transmitted to Google and processed to compile statistical reports on activity on the Site. These reports allow us to optimise our user experience. Google provides a browser add-on for users who wish to prevent their data from being used by Google Analytics. Further information is available at

Third Parties: Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. Lorensbergs do not use any third-party cookies except for Google Analytics.

Most browsers allow you to refuse to accept cookies or delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies via the support pages of your browser operator. However, disabling cookies may lead to limited access to our online services.

In addition to cookies, we may log information about your device, including the existence of cookies, your IP address and information about your browser. The purpose of this information is to diagnose service issues and to administer and track your usage of our platforms.

3.4.1 Third party aggregate data

Some of our service providers may gather non-personal digital properties to enrich aggregate analytics, including Google Analytics.

3.4.2 Correspondence

We may process personal information contained in or relating to any enquiry or communication that you send to us or that we send to you. This could include customer support queries from our users. The correspondence data may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us, such as your name, email address, phone number, job title, address or social media username.

3.4.3 Commercial information

If we have some commercial relationship with you or with your employer (for example, a supply, purchase, sponsorship or referral relationship) then we may receive personal information, such as your contact details, any related communications, and any related documents (such as contracts, POs, invoices, proposals and so on). We process these for the purposes of administering our commercial relationship with you or your employer.

3.4.4 Personal data we obtain from others

Your email address may be provided to us by someone other than you. In order to send out assessment requests, users of our product may provide us with a list of email addresses of their colleagues which will be processed automatically by our system. If you do not wish to provide feedback you can ignore these emails. If you do provide feedback your responses will be stored on our system together with your email address.

4 How Lorensbergs uses Personal Information

We have set out below, a description of all the ways we may use your personal data. We are also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (GDPR). When we process personal data on the lawful basis of our legitimate interests, then we also need to identify those legitimate interests and have done so below.

Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data (see GDPR Art 6.1 sections a, b, and f). Please contact us if you require further information.

4.1 Account registration data, app and service engagement data

Lorensbergs need to store and access your personal data in order to operate our platform and services, ensuring their security, verifying logins, and communicating with you via email.

4.2 Behavioral data

Lorensbergs stores your personal behavior data for two purposes.

  1. The main purpose of the service is to collect and curate a snapshot of your behaviours prior to a learning programme where the data is reviewed by yourself and your peers to find patterns and areas that you would like to focus on.
  2. The second reason is to create a starting measurement. After 3-6 months, you will collect and curate the behavioural snapshot again and compare the two snapshots. The data itself is only useful to the user that owns it.

Behavioral data is collected by yourself as self-assessment and from colleagues using a list of email addresses provided by yourself.

4.4 Email communication

Lorensbergs store email addresses and sends automatic emails with the purpose to collect data on personal behaviours.

4.5 Commercial information

Lorensbergs store personal data in order to administer our commercial relationship with those with whom we do business.

5 Providing your personal data to others

5.1 Your employer

In some circumstances, we may disclose personal data to your employer or their collaborators, for example, if we are tracking and reporting your behaviors. This includes self-assessment data and feedback left by colleagues invited by you to the platform.

5.2 Advisors

We may disclose personal data to our legal and professional advisors and/or insurers to receive legal or professional advice and to manage legal disputes or potential legal disputes. We may also disclose your personal data as necessary in court proceedings or in an administrative or out-of-court procedure.

5.3 Our service providers

We may disclose personal data to our service providers in connection with the uses described above. For example, we may disclose:

  1. Any personal data in our possession to suppliers which host the servers on which our data is stored (Oderland Webbhotell AB), or to freelance staff or contractors whose duties involve handling the relevant personal data when providing development services or support.
  2. Correspondence data to providers of messaging or email services. For example, we use SparkPost to automate and deliver correspondence and notifications to our users, which means providing them with certain account information, such as user ID and email address;
  3. Commercial information to our accountants or payment processing service providers; and
    Usage and engagement data to providers of analytic services, such as those listed above.

5.4 Disclosures designated by you

We may disclose your personal information to third parties designated by you, such as other users of our products to whom you have elected to show user-submitted content or anyone to whom you have asked us to forward correspondence. For example when invited to provide feedback to a colleague.

5.5 Compliance

We may disclose your personal data where such disclosure is necessary for compliance with legal obligations to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

6 Choices and Transparency

In this section, we have summarised the rights that you have under data protection law. You should read the relevant materials from the regulatory authorities for the full details of these rights.

Your principal rights under data protection law are:

  1. The right to be informed;
  2. The right of access;
  3. The right to rectification;
  4. The right to erasure;
  5. The right to restrict processing;
  6. The right to data portability
  7. The right to object; and
  8. The right not to be subject to automated decision-making and profiling.

Right to be informed / right of access: You have the right to confirm whether or not we hold or process your personal data and, where we do, access the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, or do one of the following:

  1. We may ask you to verify your identity, or ask for more information about your request; or
  2. Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.

Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

Right to erasure: In some circumstances, you have the right to erase your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data is unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions are where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

In order to request your data to be erased, please use the feedback button available in the web application or send an email to

The right to restrict processing: You have the right to request that your personal data is no longer processed, for example, due to data inaccuracy or the purpose for which the data is processed.

The right to data portability: You have the right to request that your personal data be transferred to another party if the legal basis for our processing is the performance of a contract with you, and such processing is carried out by automated means.

The right to object: If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

The right not to be subject to automated decision-making: Lastly, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

You may exercise any of your personal data rights by written notice to us. To contact us in relation to any of these requests, please use the email address

7. Duration of Data Retention

Lorensbergs retains personal data for as long as necessary to provide our products and fulfill the transactions you have requested, or for other essential purposes, such as complying with our legal obligations and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes the period of data retention is that data is stored and analysed only for the length of time required to fulfill the purposes for which they were collected (as described in section 4 and 5).

As exceptions to that general rule:

  1. Data which is aggregated and anonymized (and which therefore no longer constitutes personal data) may be kept by us indefinitely;
  2. We maintain system backups for disaster recovery purposes. That means that information which is deleted from our live systems may still remain in backup until the backup is overwritten (although we would make no use of it while in backup); and
  3. We may retain your personal data longer than the usual retention period where necessary in connection with any legal claim, or where necessary to comply with law. For example , we are required to maintain appropriate business records, including records of surgeon assessments used for compliance.

8. Information Security and International Transfers

Lorensbergs is committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We utilise, for all data storage and processing purposes, Oderland Webbhotell AB (“Oderland”). Specifically, all our storage containers and databases are located in Sweden (EU).
Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA. These third parties may transfer your personal data to their own service providers located outside the EEA. If so, we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an “adequacy decision”, or with appropriate safeguards, such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield). You may contact us if you would like further information about these safeguards.

9. Changes to this Privacy Policy and Further Information

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at

If we make a change to this policy, we will notify you via website notifications or email to the email address associated with your account. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Our website, and content provided through our products and services, may contain links to third party websites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party referred to on the Sites, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.

If you would like further information about privacy at Lorensbergs, do not hesitate to contact us at