GDPR & Data Protection

Last updated: 2025-08-31

Version 2.0 - Simplified

GDPR in Brief for WF SecurityCloud

✅ Full GDPR Compliance

WF SecurityCloud is designed to NOT collect personal data. We only register attacking IP addresses and domains - information that is publicly available and not linked to identifiable individuals.

GDPR (General Data Protection Regulation) is the EU's data protection regulation that protects individuals' personal data. Since WF SecurityCloud does not collect personal data from your users, your GDPR compliance is not affected by using our service.

Our GDPR Compliance

As Data Controller

Webbfabriken AB is data controller only for:

  • Contact information for buyers (company details)
  • Billing information for customers
  • Support cases from customers

Legal Basis

We process customer data based on:

  • Contract: To provide the service you purchased
  • Legal obligation: For accounting according to Swedish law
  • Legitimate interest: For technical support and security

Data We DO NOT Process

🚫 No personal data from your users

  • No usernames or passwords
  • No email addresses from visitors
  • No tracking cookies
  • No browsing history
  • No behavioral analysis
  • No personal IP addresses from legitimate users
  • No profiling or marketing

Technical and Organizational Measures

🔒 Security Measures

  • Encryption: All data is encrypted both in transit and at rest
  • Access control: Strictly limited access with two-factor authentication
  • Logging: All access to customer data is logged
  • Backup: Backup 3 times daily
  • Physical security: Servers in locked spaces with alarms

🏢 Organizational Measures

  • Training: All staff trained in GDPR and data protection
  • Confidentiality agreements: All staff have signed confidentiality agreements
  • Minimization: We only collect absolutely necessary data
  • Deletion: Automatic deletion according to established routines

Where is Data Stored?

🇸🇪 100% Swedish data storage

All data is stored on our own servers in our premises in Stockholm, Sweden. We use NO cloud services or third-party providers outside the EU.

No Data Transfer Outside EU

We never transfer personal data to countries outside the EU/EEA. All our systems and backup solutions are physically located in Sweden.

Retention Periods

Type of data Retention period Reason
Customer data During contract period + 7 years Accounting law
Invoices 7 years Accounting law
Support cases 2 years Quality monitoring
Attack data (IP/domains) Max 90 days Security analysis
System logs 30 days Troubleshooting

Your Rights under GDPR

📋 Right to Information

You have the right to know what information we have about you and how it is processed.

✏️ Right to Rectification

You can request that we correct incorrect or incomplete information.

🗑️ Right to Erasure

You can request deletion when data is no longer needed (subject to legal requirements).

⏸️ Right to Restriction

You can request that we restrict the processing of your data in certain situations.

📦 Right to Data Portability

You can receive your data in a machine-readable format for transfer to another service.

🚫 Right to Object

You can object to processing based on legitimate interest.

To exercise your rights, contact us at gdpr@webbfabriken.com. We respond within 30 days.

Data Breaches

Our Process for Incidents

  1. Discovery: Continuous monitoring of all systems
  2. Assessment: Immediate analysis of scope and risk
  3. Action: Stop the leak and secure systems
  4. Reporting: To IMY within 72 hours if risk exists
  5. Information: To affected persons if high risk
  6. Documentation: Complete incident report

History: We have never had a data breach since launch 2002.

Data Processors

We use the following trusted providers as data processors:

Stripe

Purpose: Card payments

Location: EU (Ireland)

Security: PCI-DSS Level 1

Fortnox

Purpose: Invoicing

Location: Sweden

Security: ISO 27001

Both services meet GDPR requirements and their terms include data processing agreements according to Article 28.

Contact for GDPR Questions

Data Protection Officer

Email: gdpr@webbfabriken.com
Phone: +46 8 446 00 88
Mail: Webbfabriken AB
Attn: Data Protection Officer
Stockholm, Sweden

Supervisory Authority

Swedish Authority for Privacy Protection (IMY)
Box 8114
104 20 Stockholm
Web: www.imy.se
Email: imy@imy.se

Right to Lodge a Complaint

If you believe that our processing of personal data violates GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection.

Updates to This Policy

We may update this GDPR information when legislation changes or our processes improve. For significant changes, we inform affected customers via email.

The latest version is always available on this page.