Privacy Policy

3buddy AB ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our AI voice receptionist services.

Data Controller: 3buddy AB Gustaf Dalénsgatan 30 417 24 Göteborg, Sweden Registration Number:

We operate in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Swedish Data Protection Act (2018:218), and other applicable data protection laws in Sweden and the EU.

Data Protection Officer: For questions regarding data protection, please contact our Data Protection Officer at contact us here.

We collect personal data that you provide to us directly, as well as data collected automatically when you use our services.

2.1 Data You Provide: • Contact Information: Name, email address, phone number, and business address • Account Information: Username, password, and account preferences • Payment Information: Credit card details and billing information (processed securely by our payment processors) • Business Information: Company name, industry, and business requirements • Communication Data: Messages, support tickets, and feedback you send to us

2.2 Data Collected Automatically: • Usage Data: Information about how you use our services, including call logs, call duration, call outcomes, and interaction patterns • Call Recordings: Voice recordings of calls processed through our service (only with explicit consent and where legally permitted) • Technical Data: IP address, browser type and version, device information, operating system, time zone settings, and device identifiers • Analytics Data: Aggregated and anonymized usage statistics for service improvement

2.3 Special Categories of Data: We do not intentionally collect special categories of personal data (sensitive data) such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. If such data is inadvertently collected through call interactions, it will be handled with additional safeguards.

We process your personal data based on the following legal grounds:

3.1 Contract Performance (Article 6(1)(b)): Processing necessary for the performance of our service agreement with you, including: • Providing and maintaining our AI voice receptionist services • Processing transactions and managing your account • Delivering customer support

3.2 Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including: • Improving our AI models and service quality (using anonymized data) • Fraud prevention and security • Business analytics and service optimization • Marketing communications (where you have not opted out)

3.3 Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, including: • Tax and accounting requirements • Regulatory compliance • Responding to legal requests

3.4 Consent (Article 6(1)(a)): Processing based on your explicit consent, including: • Call recordings (where applicable) • Marketing communications (where applicable) • Non-essential cookies

You may withdraw your consent at any time by contacting us at contact us here.

We use your personal data for the following purposes:

4.1 Service Provision: • To provide and maintain our AI voice receptionist services • To process transactions and manage your account • To handle customer inquiries and provide support • To deliver call routing and management features

4.2 Service Improvement: • To improve our AI models and service quality (using anonymized and aggregated data) • To analyze usage patterns and optimize performance • To develop new features and functionalities

4.3 Communication: • To send you service updates, security alerts, and important notices • To respond to your inquiries and support requests • To send marketing communications (with your consent or where permitted by law)

4.4 Legal Compliance: • To comply with legal obligations and regulatory requirements • To protect our rights and prevent fraud • To enforce our terms of service

4.5 Business Operations: • To manage our business operations and customer relationships • To conduct business analytics and reporting • To ensure system security and prevent abuse

We may share your personal data with trusted third-party service providers who assist us in operating our services. All processors are contractually bound to protect your data.

5.1 Service Providers: • Cloud Infrastructure: Hosting and data storage providers (within EEA or with adequate safeguards) • Payment Processors: Secure payment processing services • Analytics Providers: Service analytics and performance monitoring (anonymized data) • Communication Services: Email and messaging service providers • AI/ML Providers: Third-party AI services used to power our voice receptionist (with data processing agreements)

5.2 Legal Requirements: We may disclose your data if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

5.3 Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

5.4 No Sale of Data: We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

Your data is primarily stored and processed within the European Economic Area (EEA).

6.1 Transfers Outside EEA: If we transfer data outside the EEA, we ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs): Approved by the European Commission • Adequacy Decisions: Transfers to countries with adequacy decisions • Binding Corporate Rules: Where applicable • Certification Schemes: Such as EU-US Data Privacy Framework (where applicable)

6.2 Your Rights: You have the right to obtain information about the safeguards we have in place for international transfers. Contact us at contact us here for details.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods: • Account Data: Retained for the duration of your account plus 3 years after account closure (for legal and tax purposes) • Call Recordings: Retained for up to 12 months (or as specified in your service agreement), unless you request earlier deletion • Call Logs: Retained for 24 months for service quality and support purposes • Payment Information: Retained as required by accounting and tax laws (typically 7 years in Sweden) • Marketing Data: Retained until you withdraw consent or opt out • Support Communications: Retained for 3 years after the last interaction

7.2 Deletion: Upon expiration of the retention period, or upon your request (where applicable), we will securely delete or anonymize your personal data in accordance with our data retention policies.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

8.1 Technical Measures: • Encryption of data in transit (TLS/SSL) and at rest • Secure authentication and access controls • Regular security assessments and penetration testing • Network security and firewalls • Secure backup and disaster recovery procedures

8.2 Organizational Measures: • Staff training on data protection • Access controls and role-based permissions • Regular security audits • Incident response procedures • Data protection impact assessments

8.3 Data Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33-34.

Under the GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Article 15): You have the right to obtain confirmation as to whether we process your personal data and to access that data, including copies of your data.

9.2 Right to Rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete data completed.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request deletion of your personal data in certain circumstances, such as when: • The data is no longer necessary for the original purpose • You withdraw consent • The data has been unlawfully processed • Erasure is required for legal compliance

9.4 Right to Restrict Processing (Article 18): You have the right to restrict our processing of your data in certain circumstances.

9.5 Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

9.6 Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.

9.7 Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. Our AI voice receptionist may involve automated processing, but decisions are not made solely by automated means without human oversight.

9.8 Exercising Your Rights: To exercise any of these rights, please contact us at contact us here. We will respond to your request within one month (may be extended by two months for complex requests). We may require proof of identity before processing your request.

Our AI voice receptionist service uses automated processing and machine learning to: • Route calls appropriately • Understand caller intent • Provide relevant responses • Improve service quality

10.1 Human Oversight: All automated decisions are subject to human oversight and review. We do not make decisions that produce legal effects or similarly significantly affect you based solely on automated processing without human intervention.

10.2 Profiling: We may use your usage data to create profiles for service personalization and improvement. This profiling does not produce legal effects or significantly affect you. You have the right to object to such profiling.

10.3 Your Rights: You have the right to: • Request human intervention • Express your point of view • Contest automated decisions

Contact us at contact us here to exercise these rights.

We use cookies and similar tracking technologies to enhance your experience and analyze service usage.

11.1 Types of Cookies: • Essential Cookies: Required for the website to function (cannot be disabled) • Analytics Cookies: Help us understand how visitors use our website (anonymized) • Functional Cookies: Remember your preferences and settings • Marketing Cookies: Used for targeted advertising (with your consent)

11.2 Cookie Management: You can manage your cookie preferences through your browser settings or our cookie consent banner. For detailed information, please refer to our Cookie Policy.

11.3 Third-Party Cookies: Some cookies are set by third-party services we use (e.g., analytics providers). These are subject to the third party's privacy policies.

Our services are not directed to individuals under the age of 16 (or 13 in some jurisdictions). We do not knowingly collect personal data from children without parental consent.

12.1 Age Verification: If you are under the required age, please do not use our services or provide us with personal data.

12.2 Parental Rights: If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information. Parents or guardians who believe we may have collected their child's data should contact us at contact us here.

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State where you reside, work, or where the alleged violation occurred.

13.1 Swedish Supervisory Authority: Integritetsskyddsmyndigheten (IMY) Box 8114 104 20 Stockholm, Sweden Phone: +46 8 657 61 00 Email: contact us here Website: www.imy.se

13.2 Other Supervisory Authorities: You may also contact the supervisory authority in your country of residence. A list of EU supervisory authorities is available on the European Data Protection Board website.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notification of Changes: We will notify you of material changes by: • Posting the updated policy on our website with a new "Last updated" date • Sending an email notification (for significant changes) • Displaying a notice on our website

14.2 Continued Use: Your continued use of our services after changes become effective constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account and stop using our services.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Data Controller: 3buddy AB Gustaf Dalénsgatan 30 417 24 Göteborg, Sweden

Data Protection Officer: Email: contact us here

General Inquiries: Email: contact us here

We are committed to responding to your inquiries promptly and addressing any concerns you may have about your privacy and data protection.