Privacy Policy
Document version: 1.5
Date: 2026-02-12
Issued by: Hoodin CEO
Contact: https://www.resources.hoodin.com/contact
This Privacy Policy describes how Hoodin AB (org. no. 556911-9778), Humlegatan 4, 211 27 Malmö, Sweden ("Hoodin", "we", "us") collects, uses, stores, and protects personal data in connection with:
-
Hoodin Compliance Studio
-
Related marketing, events, and communications
Hoodin processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Swedish data protection law.
1. Data Controller
Hoodin AB is the data controller for personal data processed in relation to website use, marketing, account administration, and customer relationship management.
For customer data processed within Hoodin Compliance Studio, Hoodin acts as data processor on behalf of the customer, unless otherwise agreed in writing in a Data Processing Agreement (DPA).
2. Categories of Personal Data Collected
We may collect and process the following categories of personal data:
Account and Contact Information
-
First name and last name
-
Work email address
-
Job title
-
Company name
-
Billing information
Customer Account Data
-
Login credentials
-
Organisational role within the platform
-
Subscription information
User-Generated Content
-
Messages submitted via forms or support
-
Content entered into product or company profiles
-
Uploaded documentation
Technical and Usage Data
-
IP address
-
Device type and operating system
-
Browser type
-
Log data and access timestamps
-
Navigation patterns within the website
Cookies and Tracking Technologies
-
Session cookies
-
Analytics identifiers
-
Marketing preference indicators
3. Legal Basis for Processing
We process personal data based on one or more of the following legal grounds:
Contractual necessity
-
To provide access to Hoodin Compliance Studio
-
To administer subscriptions
-
To deliver requested services
Legitimate interest
-
To improve the Service
-
To ensure platform security
-
To analyse usage patterns
-
To respond to enquiries
Consent
-
For marketing communications
-
For optional cookies and analytics tools
Legal obligation
-
To comply with accounting, tax, or regulatory requirements
4. Purpose of Processing
We process personal data to:
-
Provide and maintain Hoodin Compliance Studio
-
Authenticate users and manage access control
-
Deliver regulatory monitoring functionality
-
Provide customer support
-
Process payments and manage billing
-
Improve platform performance and security
-
Send newsletters or product updates where consent exists
We do not sell personal data.
5. AI and Automated Processing
AI functionality within Hoodin Compliance Studio is designed to analyse regulatory data and structured metadata related to products and regulatory frameworks.
AI is not used for automated decision-making producing legal or similarly significant effects on individuals.
Personal data entered into the platform may be processed by AI components strictly for the purpose of generating structured regulatory proposals.
Users retain full control over AI-generated outputs and remain responsible for all regulatory decisions.
For further details, refer to the AI Literacy Statement.
6. Payments and Merchant of Record
Hoodin may use a third-party Merchant of Record to process subscription payments, issue invoices, and manage tax collection.
In such cases:
-
The Merchant of Record acts as independent data controller for payment transaction data
-
Payment information is processed in accordance with the Merchant of Record’s privacy policy
-
Hoodin does not store full payment card details
7. Data Sharing and Subprocessors
We may share personal data with:
-
Hosting providers within the European Union
-
Cloud infrastructure providers
-
Analytics providers
-
Email and communication service providers
-
Payment processing providers
All subprocessors are bound by data processing agreements ensuring GDPR-compliant safeguards.
A current list of subprocessors is available upon request.
We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards such as Standard Contractual Clauses.
8. Data Retention
Personal data is retained only for as long as necessary to fulfil the purposes described in this Policy, including:
-
Duration of the subscription agreement
-
Applicable statutory retention periods
-
Legitimate business needs such as dispute resolution
Account data is deleted or anonymised following termination, subject to legal retention obligations.
9. Security Measures
Hoodin implements technical and organisational security measures designed to protect personal data against unauthorised access, loss, or alteration.
These measures include:
-
Encrypted data transmission (TLS)
-
Access control mechanisms
-
Role-based permissions
-
Secure hosting infrastructure
While no system is entirely risk-free, we continuously monitor and improve security practices.
In the event of a personal data breach, affected individuals and supervisory authorities will be notified where required by law.
10. Data Subject Rights
Under the GDPR, individuals have the right to:
-
Access their personal data
-
Rectify inaccurate data
-
Request erasure
-
Restrict processing
-
Object to processing based on legitimate interest
-
Data portability
-
Withdraw consent at any time
Requests may be submitted via www.resources.hoodin.com/contact.
Individuals also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
11. Cookies
We use cookies to:
-
Ensure website functionality
-
Improve user experience
-
Analyse traffic
Where required by law, non-essential cookies are activated only after user consent.
Cookie settings may be adjusted in the browser or via the website’s cookie management tool.
12. Changes to This Policy
We may update this Privacy Policy to reflect legal, operational, or technical changes.
Material changes will be communicated via the website or email where appropriate.