Privacy policy and cookies


Processing of personal data

Gaia is committed to protecting your personal privacy and always strives for a high level of data protection. This privacy policy explains how we collect and use your personal data. It also describes your rights and how you can exercise them.

What is personal data and what is processing of personal data?

Personal data is any kind of information that can be directly or indirectly related to a natural person. For example, images and sound recordings that are processed in a computer can constitute personal data even if no names are mentioned. Encrypted data and different kinds of electronic identities (such as IP addresses) are personal data if they can be associated with natural persons.

Processing of personal data is any operation that is performed on personal data, regardless of whether or not the processing is automated. Examples of common processing operations include collection, recording, organisation, structuring, storage, alteration, transmission and erasure.

Who is responsible for the personal data we process?

The data controller is the person or entity that determines why and how personal data should be processed. A data controller can be a municipality, authority, organisation or a company.
Gaia System AB acts as data controller for the personal data we store.

Our VAT number is SE556477658001.

Address: Kungsgatan 56C, 601 86 Norrköping.

If you have any questions about your personal data, please contact us at:

Changes to our privacy policy

We may make changes to our privacy policy from time to time. The latest version of the policy is always available on our website

When we make material changes in how we process personal data (such as changes in the specified purpose or categories of personal data) or changes that may significantly affect you, you will be notified by email in good time before the updates take effect. We will also explain the meaning of the updates and how they can affect you.

What personal data do we collect about you, and for what purpose?

When you fill out a contact form on our website

When you fill out a contact form on our website, we need to be able to respond and interact with you. We need your email address to send you a booking confirmation and other information about your booking.

The personal data we store is:

  • Name
  • Contact information (such as email)

The contact information is stored for six months. When you contact us, you will also receive information on how we process your personal data.

When you apply for a job on our website

When you apply for a job opening on our website, we must be able to confirm your application. We need your email address and application documents in order to keep in contact with you and manage your application in the recruitment process.

The personal data we store is:

  • Name
  • Contact information (such as email, address)
  • Application documents

Contact information and application documents are saved as long as the recruitment process is ongoing. We may want to retain your data longer than that, for future recruitment purposes. You can contact us at any time if you want us to delete your information. When you contact us, you will also receive information on how we process your personal data.

When you register for a Gaia ID

To administrate your Gaia ID and My Pages, we store some of your personal data so that we can manage registration and identification during login. We also store some of your personal data when we collect email addresses so that we can mail newsletters and provide you with information about other services related to your Gaia ID.

The personal data we store is:

  • First name and last name
  • Contact information (such as email, address)
  • User name and password

Your personal data is processed when you register your Gaia ID account. At that time, you will also receive information on how we process your personal data. The data is saved for 23 months after your Gaia ID is cancelled. We need to retain your data for a certain amount of time in case you register again as a member, and so that we can view the history in our systems.

From what sources do we collect your personal data?

The data we hold about you is data that only you yourself provide to us or that we have collected from you based on your registrations. In some cases we have received information from third parties, for example through our partnership with Microsoft. In those cases, you will receive information from us about this.

Where do we process your personal data?

We always strive to process your personal data within Sweden. It this not possible, we choose similar solutions within the EU as far as possible.

How long do we save your personal data?

We never save your personal data longer than necessary. Learn more about specific storage periods under each heading above.

What are your rights as a data subject?

All information regarding your rights is available on the Swedish Data Protection Authority’s website:–regler/dataskyddsforordningen/de-registrerades-rattigheter/

Right of access (register extract)

We always act in an open and transparent manner regarding how we process your personal data. To learn more about which personal data of yours we process, please feel free to contact us to get access to your data. We disclose this information in a register extract containing a description of the purpose, personal data categories, storage periods, and information about where the data was collected. You have the right to obtain a register extract once each calendar year.

When you request access to your personal data, we may ask for additional information to ensure that your request is managed efficiently and that the information is provided to the right person.

Right to rectification

You are entitled to request that your personal data be corrected if the data is incorrect. In the context of the stated purpose, you also have the right to complete any incomplete personal data.

Right to erasure

You are entitled to request the erasure of the personal data we process about you in the following cases:

  • The data is no longer necessary for the purposes for which it was collected or processed.
  • You object to a balancing of interests we have made based on legitimate interest and your reasons for objection override our legitimate interest.
  • You object to your personal data being used for direct marketing purposes.
  • The personal data have been unlawfully processed.

Right to restriction

You have the right to request the restriction of our processing of your personal data. You can request a restriction for any of the following reasons.

  • If you dispute the accuracy of the personal data we process, you can request restricted processing during the time we are verifying the accuracy of the personal data.
  • If you oppose the erasure of your data. For example, this might be because you need your personal data in order to establish, exercise or defend a legal claim. In these cases, you can request restricted data processing by us.
  • If you object to a balancing of interest that we have done as a legal basis for a purpose. You can request restricted processing during the time we are verifying whether our legitimate interests override your interests in having the personal data erased.

If processing has been restricted under any of the above situations, we will, with the exception of storage, only process the data with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person.

The right to object to specific types of processing

You always have the right to opt out of direct marketing and to object to any processing of personal data based on a balancing of interests. An objection can be based on two grounds:

Balancing of interests: In the event we use a balancing of interests as the legal basis for a purpose, you are entitled to object to the processing. To be able to continue processing your personal data after such an objection, we must be able to demonstrate compelling legitimate grounds for the current processing that override your interests, rights or freedoms. Otherwise, we may only process the data in order to establish, exercise or defend a legal claim.

Direct marketing: You are entitled to object to your personal data being processed for direct marketing purposes. This objection also includes the analyses of personal data (profiling) performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing efforts, such as by regular post, email or SMS.

If you object to direct marketing, we will cease the processing of your personal data for that purpose and cease all types of direct marketing actions.

How do we protect your personal data?

We use IT systems to protect the confidentiality, integrity and accessibility of your personal data. We have taken special security measures to protect your personal data against unlawful or unauthorised processing (such as illegal access, loss, destruction or damage). Only the people who actually need to process your personal data in order for us to fulfil our stated purposes have access to that data.

What does it mean that the Data Protection Authority is a regulator?

The Data Protection Authority is responsible for monitoring the application of legislation. Anyone who believes that an organisation processes personal data incorrectly can lodge a complaint with the Data Protection Authority.

If a personal data breach occurs, we are obliged to notify the Data Protection Authority within 72 hours if the incident is deemed to pose a risk to you as a data subject. An incident is an event leading to the accidental or unlawful destruction, loss or alteration of your personal data.

A personal data breach incident can also be an incident that leads to unauthorised disclosure of or access to processed personal data. If the incident is considered serious, we will also inform you about it.


Cookies are small files that a website or service provider transfers to your computer’s hard drive through your web browser (if you allow this) and that enable the site or service provider’s systems to recognise your browser and collect and remember certain information. For example, we use cookies to understand your preferences based on previous or current site activity. This makes it possible for us to provide you with more relevant services. We also use cookies to compile data such as website traffic and website interactions so that we can improve your website experience and the tools we offer. We may also use trusted third-party providers to collect information on our behalf.

You can choose to receive an alert from your computer each time a cookie is sent, or you can choose to disable all cookies. You do this in your browser settings. Because different browsers work slightly differently, consult your browser’s Help menu to learn how to manage cookies on your particular browser.

If you disable cookies in your web browser during your visit

If you disable cookies, some of the features that help to enhance your website experience will not work.