Privacy Policy

Pepicon AB, reg. no 559214-7408, with address Värmdövägen 84, 131 54 Nacka, Sweden (“PEPICON”, “we”, “us” or “our”) process personal as a personal data controller when we provide our Service (as defined in our Terms of Service) to you. This privacy policy (the “Privacy Policy”) aims to explain how PEPICON processes your personal data as a personal data controller. Our customers’ trust is of utmost importance to us, and PEPICON therefore takes responsibility for protecting your privacy. All processing of personal data is conducted in line with applicable data protection laws and regulations such as, if and to the extent applicable, the provisions of the EU General Data Protection Regulation(the “GDPR”) or the Swiss Federal Act on Data Protection and we do everything we can to protect your personal data from unauthorized use.

This Privacy Policy is incorporated in, and an integral part of our Terms of Service. Terms defined in our Terms of Service apply to this Privacy Policy unless otherwise stated herein.




Why do we process your personal data?

PEPICON processes your personal data for a variety of purposes. We mainly process your personal data for the purpose of providing and administering our Services, managing User relations, complying with legal obligations, for tax and accounting purposes, improving the Services, as well as for communicating with you by sending information, direct marketing or market research. PEPICON may also disclose personal data to our partners to fulfill our obligations towards you. Social security numbers are registered when registering an account at the PEPICON Platform in order for us to obtain a secure identification of you as a customer.

We process personal data when necessary to provide our Services and fulfill our obligations towards you, in accordance with the Terms of Service, applicable legislation, to send out newsletters and other communication and otherwise when there is a legitimate interest for us to process your personal data. If we process your personal data for any specific purpose which requires your consent under the GDPR, if applicable, or any other applicable data protection legislation, we will obtain your consent in advance. The processing of your personal data is necessary for example:

a) To execute an agreement to which you are a party or to take action at the request of you prior to conclusion of such an agreement;

b) To fulfill legal obligations, such as preventing fraud and similar crime in transactions;

c) For purposes relating to our legitimate interest. The legitimate interest of PEPICON is to conduct direct marketing of its Services and products; and

d) To fulfill obligations to the customer and to offer services that have been done by consent.


What kind of personal data do we collect?

Personal data refers to information which, directly or indirectly, may be associated with a living natural person. PEPICON processes such personal data as is necessary for us to offer you our Services, such as your name, email address, telephone number, home address, social security number, bank details. We have collected the personal data that PEPICON processes directly from you, the registered person, for example when you registered a user account on behalf of yourself or an entity on PEPICON Platform. We may also obtain information on how you use our website through cookies.

PEPICON always strives to process as little of your personal data as possible based on the purpose of the processing.


With whom is your personal data shared?

Personal data will always be processed confidentially and protected by appropriate security measures. Your personal data will only be disclosed to the extent that it is relevant to the purpose of the processing. PEPICON employs data processors to perform certain tasks, such as, for example, operating and supporting the IT environment, archiving, and for e-mailing. This means that the data processors also may receive access to certain information about you as a registered person. However, these parties may not process your personal data for any other purposes other than those the personal data initially was collected for. We ensure that companies that manage personal data on our behalf, use a high level of security measures in order to protect your personal data.

Your personal data may be processed in a country outside Switzerland or the EU/EEA (“third country”) in case a data processor has a part of its activities located in a third country. If PEPICON transfers your personal data to a data processor in a third country, PEPICON will take appropriate safeguards and ensure that the transferred data is handled in accordance with applicable law. PEPICON undersigned agreements with the data processor, containing clauses approved by the European Commission and/or the Swiss Federal Data Protection and Information Commissioner regarding data protection, in order to ensure that they meet the necessary level of data protection.

Personal data may also be disclosed if necessary, to comply with applicable law or regulatory requirements, to safeguard PEPICON’s legal interests, or to detect, prevent or alert fraud and other security or technical issues.

PEPICON will not share, sell, transfer or otherwise disclose personal data beyond what is stated in the privacy policy unless we have a legal obligation to do so.


How long do we store your personal data?

Your personal data will only be retained for as long as there is a need to preserve it in order to fulfill the purposes for which the data was collected, and in accordance with current legislation and relevant guidelines to which our business is subject. PEPICON may save the data longer if it is necessary to comply with legal requirements or to monitor legal interests, for example if a legal process is in progress.

By terminating your account with PEPICON, your personal data will be deleted or unidentified in accordance with our procedures, except such information PEPICON is required by law to preserve.

Personal data is thinned/pseudonymized/de-personalized when the data is no longer to be retained in accordance with current legislation. [PEPICON uses professional services in order to [destroy physical documents and] manage digital information. The professional service providers ensure integrity and confidentiality of information contained in any physical documents and digital information and are specialised in accommodating our needs for digital integrity and confidentiality.]



As a data subject, you have certain rights as regards your personal data. The rights are however not absolute, meaning that there are exceptions to some of the rights where we cannot proceed and fulfil your request.

As a data subject, you have the following rights:

a) Right to withdraw your consent – meaning that you have the right to withdraw your consent where PEPICON process your personal data based on consent;

b) Right to access – meaning that you have the right to request a confirmation of our processing of your personal data, to receive information about the processing, access to the personal data in question, and the right to obtain a copy of your personal data;

c) Right to rectification – meaning that you have the right to have any incorrect personal data about you as a data subject corrected by us;

d) Right to erasure – meaning that you have the right have your personal data erased under certain circumstances (such as if there no longer is a legitimate purpose for our processing of your personal data);

e) Right to object – meaning that you have the right to object to PEPICON’s processing of your personal data in certain specific cases;

f) Right to restricted processing – meaning that you have the right to have PEPICON restrict the processing of your personal data, but not delete it; and

g) Right to data portability – meaning that you may request PEPICON to transfer your personal data to another data controller.

If you believe that the processing of your personal data is contrary to applicable law like the GDPR or the Swiss Federal Act on Data Protection, then you have the right to file a complaint with the Swedish Data Protection Authority (Sw. Datainspektionen) or the Swiss Federal Data Protection and Information Commissioner, depending on the applicable data protection laws.



Our Services may contain links to third party sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by PEPICON and, therefore, we strongly advise you to review the privacy policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.



You have a right to information regarding the processing of your personal data by us. If you have any questions in this regard or about the content in this Privacy Policy or wish to adjust or change your personal information or exercise any of the rights as set out above, please contact us:

Pepicon AB
Värmdövägen 84,
131 54 Nacka

Stockholm, Sweden




This Privacy Policy may be amended by us from time to time. You will be notified of any Privacy Policy changes via e-mail and/or on our Privacy Policy page on PEPICON Platform, where the latest version of our Privacy Policy always will be available. We advise you to review the PEPICON Platform periodically for any changes. Our Privacy Policy was last edited on 12th July 2020.