Digitala pulstavlor som hjälper dig att fånga avvikelser och fatta rätt beslut.
Fånga era avvikelser och förvandla dem till förbättringar.
Digitala förbättringstavlor och andra verktyg för ständiga förbättringar
Få full koll på allt som ska göras med hela teamets uppgifter i en tydlig veckovy.
Förbättra viktiga nyckeltal inom just era fokusområden med vår SQCDP-tavla.
Använd PDCA-cykeln som ett verktyg för att förbättra både kvalitet och processer.
Digitala verktyg för 5S-arbete, återkommande audits och en välorganiserad arbetsplats.
Visualisera nyckeltal och kommunicera effektivt i hela organisationen!
Enkel hantering av projekt och aktiviteter i Boards on Fire.
Kanban är en kraftfull metod för att visualisera, hantera och optimera arbetsflöden.
Digitala tavlor för taktat flöde med taktklocka och stopptid.
Digital besöksregistrering ger full koll på alla planerade och genomförda besök till verksamheten.
This Privacy Policy is effective as of October 23rd 2025.
We value your privacy and the purpose of this information is to describe to you how Boards on Fire AB (the “Company”), (“we”), (“us”) process your personal data in a legal, suitable and safe manner and what rights you have when you or the company or organisation you represent or work for requests or buys our services and/or products, when you or the company or organisation you represent provide your services and/or products to us, when you visit our website, when you apply for a job or when you are in contact with us.
In the following information, we describe how and why we collect, process, share and store your personal data in the abovementioned cases. You can also read more on the rights you have when we process your personal data. We process personal data both as a data controller and as a data processor, depending on the context.
If you have any questions or if you want to exercise any of your rights, you are most welcome to contact us at privacy@boardsonfire.com.
Boards on Fire AB, Reg. No. 559241-3735, having its registered address at Storgatan 82A, 352 46 Växjö, is data controller for the processing of personal data in accordance with this information.
If your organisation is a customer of the Company and uses our platform to manage data within your account, we act as a data processor on your behalf. In this role, we process personal data only in accordance with your documented instructions, in compliance with applicable law and our contractual terms set out in a dedicated data processing agreement (“DPA”). The DPA specifies the scope and purpose of processing, categories of data and data subjects, technical and organisational security measures, sub-processor management, breach notification procedures, and data transfer safeguards. You can request to review or sign our DPA by contacting us at privacy@boardsonfire.com.
As such, we act in different capacities depending on the nature of the data processing. When acting as a data processor, i.e. when customer organisations use the Company’s platform and they act as the data controller and we act as the data processor, we process data strictly in accordance with their instructions and our DPA. When acting as a data controller, we determine the purposes and means of processing personal data. This includes processing personal data pertaining to website visitors, newsletter subscribers, customer contacts, and other individuals who interact with us.
In the table below, you can find information about our processing of your personal data. We describe the purpose of the processing, i.e., why we process your personal data. For each purpose, we also specify which categories of personal data we may process to achieve the purpose, the legal basis for the processing, and for how long we will process the data.
| Purpose | Categories of personal data | Legal basis | Deletion period |
|---|---|---|---|
| To provide services and/or products that you as a customer have requested. |
Contact information, such as name, email address, and delivery address. Billing information. Information about your purchase. Login information to our website. |
Fulfilment of the agreement with you or the company/organisation you represent. | During the warranty period and the following 12 months. |
| To be able to administer our contractual relationship with you or the company/organisation you represent regarding services and/or products you provide us. |
Contact information, such as name, email address, and delivery address. Billing information. Information about your services and/or products we have bought or are considering buying. |
Fulfilment of the agreement with you or the company/organisation you represent. | During the time we have an active business relationship with you and 12 months after the last purchase. |
| To comply with applicable legislation, such as accounting legislation or the Act on the Protection of Persons Reporting Irregularities. |
Billing information. Information regarding your purchase. |
Legal obligation. | Seven years. |
| For handling any potential warranty or complaint issues. |
Contact information, such as name, email address, and delivery address. Information regarding your purchase. |
Fulfilment of the agreement with you or the company/organisation you represent.
|
During the warranty period and the following 12 months. |
| To safeguard and protect the legal interests of the Company. |
Contact information, such as name and email address. Correspondence. Information regarding your purchase. Material from camera surveillance. Name, social security number, address, contact details, photograph, professional title, current and former place of work, CV and other application documents, information on health status (if you provide such information) and certificates, grades, marks, testimonials and the like. |
The Company bases such processing of your personal data on the legitimate interest of the company to protect and assert its rights in the event of a dispute. | The personal data will be processed until the legal process is completed, if applicable. |
| To be able to market our services and/or products as well as our business through channels such as mailings, website, special offers, and via social media. |
Contact information such as name, email address, and delivery address. Information about your purchase. Information about your device, such as IP address, when you visit our website. Any social media usernames. |
For such processing of your personal data, we use the legal basis of legitimate interest, where our legitimate interest is to be able to market our services/products and our business. | 12 months after your latest purchase. |
| To be able to provide customer service. |
Contact information such as name, email address, and delivery address. Information about your purchase. |
Fulfilment of the agreement with you or the company/organisation you represent. | 24 months |
| To enable general customer and supplier care (quality work, statistics, market and customer/supplier analysis, as well as business, method, and product development). |
Information about your purchase. Postal address. |
For such processing of your personal data, we use the legal basis of legitimate interest, where our legitimate interest is to be able to develop our business. | Ten years from the date of completion of the assignment. |
| To be able to administer and implement an efficient recruitment process and to recruit new staff after recruitment has been completed. | Name, social security number, address, contact details, photograph, professional title, current and former place of work, CV and other application documents, information on health status (if you provide such information) and certificates, grades, marks, testimonials and the like. | The processing is based on a balance of interests as a legal basis, where the Company’s legitimate interest is to be able to evaluate your merits and personal qualities in connection with recruitment decisions. |
Until the recruitment process is finalised and the position is filled and for two years thereafter. If you agree, we may keep your application documents for future recruitments. |
We only process personal data that is necessary to achieve the purposes stated above and only for the time necessary to achieve those purposes. Exactly which personal data we process about you depends on how you as a customer or supplier have come into contact with us and which of our services and/or products we provide to you or the company you represent, or which of your services and/or products you provide to us.
To enable the Company to comply with the legal obligations arising from applicable legislation or to safeguard our legal interest, we may keep the personal data for a longer period than stated above. However, personal data is never processed longer than necessary or legally required for each purpose.
In addition to the personal data that you provide to us or that we collect from you, we may also collect personal data from third parties. These third parties may vary from time to time but may include providers of address information from public records.
When asked to provide personal data to us, you can choose not to do so. If you choose not to provide us with personal data that is necessary for us to fulfil our commitments to you, it may lead to us being unable to fulfil such commitments.
You are entitled to receive information regarding our processing of your personal data. Below is a summary of the rights that you can exercise by contacting us.
You have the right to request information about the processing of your personal data, free of charge. You also have the right to receive a copy of the personal data we process about you. This request should be made in writing to us, with a clarification of which information you wish to access. We will respond to your request as soon as we can. If we cannot meet your request for access to the information you are requesting, we will provide a justification for this. The copy of your personal data will be sent to your registered address, unless otherwise agreed with you in writing.
The main responsibility for ensuring that the personal data we process is correct lies with the Company as the data controller. If you inform us that the personal data you have provided is no longer correct, we will promptly correct, block, or delete such personal data.
You have the right to request that the Company deletes your personal data without undue delay. Personal data shall be deleted in the following cases:
(i) If the personal data is no longer necessary for the purpose for which it was collected;
(ii) if you have withdrawn your consent and the processing is based solely on consent as a legal basis;
(iii) if the processing is for direct marketing purposes and you object to the processing of your personal data for this purpose;
(iv) if you object to the processing of your personal data based on a legitimate interest and your interest outweighs ours;
(v) if your personal data has not been processed in accordance with applicable data protection legislation; or
(vi) if deletion is required to comply with a legal obligation.
There may be obligations that prevent us from immediately deleting all of your personal data. These obligations are imposed by applicable legislation, such as accounting regulations. If certain personal data cannot be deleted due to legislation, we will inform you of this and ensure that the personal data can only be used for the purpose of fulfilling such obligations and not for any other purposes.
You have the right to request that the Company temporarily restrict the processing of your personal data. Such a restriction may be requested in the following cases:
(i) If you believe that the personal data we have about you is not correct and that you have requested correction in connection with that;
(ii) when the processing carried out regarding your personal data is not in compliance with applicable data protection legislation, but you still do not want your personal data to be deleted but instead restricted; and
(iii) when we no longer need your personal data for the purposes of our processing but we need it to establish, assert or defend a legal claim.
If you object to the processing of your personal data, the use of the personal data may be restricted while an investigation is being conducted. When restricting your personal data, the Company will only store your personal data and will seek your consent for any further processing.
You have the right to request that, in the event we process your personal data with your consent or to fulfil a contractual obligation with you, we provide all personal data that we process regarding you and that is processed in an automated manner, in a machine-readable format. This can, for example, be an Excel file or a CSV file. If technically possible, you also have the right to request that we transfer your personal data to another data controller.
You have the right to object to our processing of your personal data if the processing is based on our legitimate interest. In these cases, the Company will ask you to specify which processing you object to. If you object to any processing, we will only continue processing your personal data if we have legitimate interests that outweigh your interests. We will always inform you of this.
If we process your personal data based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, you can contact us using the contact information below.
If you have a complaint regarding the Company’s processing of personal data, you can contact us at privacy@boardsonfire.com or the supervisory authority in the member state where you have your place of residence or where the alleged breach has been conducted to file a complaint. The current supervisory authority in Sweden is the Swedish Authority for Privacy Protection. Their contact details are the following:
Webpage: https://www.imy.se/en/
Phone: 08-657 61 00
E-mail: imy@imy.se
Only those individuals at the Company who need access to your personal data in order to perform their job duties will have access to the personal data.
To provide certain services, we use selected third parties. The sharing of your personal data with third parties is based on the same purposes and legal bases as they were collected for. The Company takes technical and organisational measures to ensure that your personal data is handled in a safe and secure measure. Below are the categories of recipients with whom your personal data may be shared:
Suppliers and subcontractors: The Company use third-party suppliers to manage parts of its business, such as companies that deliver technical support, management of IT systems and marketing services. The Company may share personal data with these suppliers when they perform services on behalf of the Company. When the Company uses such suppliers, it enters into a data processing agreement and takes other appropriate measures to ensure that your personal data is processed securely. An updated list of processors and sub-processors engaged by the Company is available upon request at privacy@boardsonfire.com. Processors and sub-processors processing personal data inside the EU/EEA include:
Rapidmail GmbH: Processing of personal data for the purposes of sending transactional and system-generated emails. Processing of personal data takes place in Germany. You can read more about their processing of personal data here.
UpSales Nordic AB: Processing of personal data for the purposes of systematic customer relationship management and marketing automation. Processing of personal data takes place in the EU. You can read more about their processing of personal data here.
Fortnox Aktiebolag: Processing of personal data for the purposes of accounting and invoicing. Processing of personal data takes place in Sweden. You can read more about their processing of personal data here.
Usercentrics A/S: Processing of personal data for the purposes of managing cookies on the Company’s website through Cookiebot™. Processing of personal data takes place in Denmark. You can read more about their processing of personal data here.
Banks and other companies that the Company collaborates with: The Company also shares your personal data with other independent data controllers such as banks and partners. These recipients are independent data controllers for their processing of your personal data.
Social media: The Company uses social media. When using social media, your personal data is collected and processed by these companies. Kindly see each company’s privacy policy for more information.
Courts, authorities, and other public bodies: The Company will also disclose your personal data if required by law, government decision or court order, or if we, as a company, reasonably believe that the disclosure is necessary to protect the Company’s rights.
The Company will not sell your personal data to third parties without your prior approval. We may transfer your personal data to a buyer/investor or potential buyer/investor in connection with a restructuring, sale or other transfer of all or part of the Company’s shares, assets or our business. Before such transfer, we will take measures to ensure that the receiving party processes your personal data in a manner consistent with this information.
As a main rule, the Company only processes your personal data within the EU/EEA. Sometimes however, we may share your personal data with a party in a country outside the EU/EEA. In such a third country, the GDPR does not apply. This means that you do not automatically have the same rights and protection for your personal data as the GDPR guarantees. We protect your personal data by either basing the transfer on an adequacy decision by the European Commission or by taking on appropriate security measures, such as entering into the European Commission’s standard contractual clauses in combination with organisational and technical protective measures, to ensure that your personal data continue to be protected during and after the transfer. You can read more about which countries are considered to offer an adequate level of data protection on the European Commission’s website here. You can find more information regarding the standard contractual clauses here.
We conduct a risk assessment before any transfer takes place, and we implement technical and organisational protection measures to ensure an appropriate level of protection. We transfer as few personal data as possible and anonymise the personal data before the transfer, whenever possible. For more information on which protection measures we take on in individual cases, please contact us.
The following recipients outside the EU/EEA might receive your personal data:
Suppliers and subcontractors: We may share your personal data with suppliers and subcontractors located outside the EU/EEA. This may include providers of IT services, for example. Here, we list our suppliers and subcontractors outside the EU/EEA.
Microsoft Office 365: When using Microsoft Office 365, your personal data will be processed by Microsoft Corporation. When Microsoft receives your personal data, it may be transferred to the United States. You can read more about their processing of personal data here.
You can read more about Microsoft’s transfers to third countries and about the standard contractual clauses here.
Google Analytics: When using Google Analytics, your personal data will be processed by Google LLC. When Google receives your personal data, it may be transferred to the United States. You can read more about their processing of personal data here.
Social media: When you visit, appear on, or otherwise use the Company’s channels on social media, your personal data is also collected and processed by the company that owns the social media platform. In connection with these companies receiving personal data through the Company’s channels, the personal data may be transferred to, among other places, the United States.
Facebook and Instagram: By using the services, your personal data is processed by Meta Platforms Ireland Ltd. You can read more about the processing of personal data here.
You can read more about Meta’s transfers to third countries and the standard contractual clauses here.
LinkedIn: By using the services, your personal data is processed by Microsoft Corporation. You can read more about Microsoft’s processing of personal data here and more about their transfers to third countries here.
TikTok: By using the services, your personal data is processed by TikTok Technology Limited and TikTok Information Technologies UK Limited. You can read more about the processing of personal data and the transfers to third countries here.
Youtube: By using the services, your personal data is processed by Google LLC. You can read more about the processing of personal data and the transfers to third countries here.
To protect your privacy, detect, prevent, and mitigate the risk of attacks, etc., the Company takes a variety of technical and organisational information security measures. The Company also takes measures to protect your personal data from unauthorised access, misuse, disclosure, alteration, and destruction. The Company ensures that access to your personal data is only given to personnel who need it to perform their duties and that they observe confidentiality.
We may make updates or changes to this information from time to time due to changes in applicable laws or regulations, or due to changes in our personal data handling procedures. We will notify you of any material changes that affect your personal information.
For questions about this Privacy Policy, our DPA, or how Boards on Fire processes personal data, please contact:
Email: privacy@boardsonfire.com
Address: Storgatan 82A, 352 46 Växjö, Sweden