Privacy Policy

Last Updated: October 22, 2025

Ferroman Engineering AB ("we," "us," or "our") operates the Spot Optimizer service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Service.

Please read this Privacy Policy carefully. By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

Fill out our contact form
Register for an account
Use our Service
Contact us directly

The personal information we may collect includes:

Contact Information: Full name, company name, email address, phone number
Account Information: Username, password (encrypted), company details
Usage Data: Information about how you use our Service, including energy consumption data you input or connect to our system

1.2 Information Automatically Collected

When you access our Service, we may automatically collect certain information, including:

Log Data: IP address, browser type, operating system, pages visited, time spent on pages, and other diagnostic data
Device Information: Device type, unique device identifiers

1.3 Cookies and Tracking Technologies

We use essential cookies to maintain your session and ensure the Service functions properly. For more information, please see our Cookie Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Maintain Our Service: Process your requests, create and manage your account, deliver the energy cost simulation services
To Communicate With You: Respond to your inquiries, provide customer support, send service-related notifications
To Improve Our Service: Analyze usage patterns, troubleshoot technical issues, develop new features
To Ensure Security: Detect and prevent fraud, unauthorized access, and other illegal activities
To Comply With Legal Obligations: Meet legal and regulatory requirements

3. Legal Basis for Processing (GDPR)

If you are a resident of the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and context:

Contract Performance: Processing necessary to perform our contract with you (providing the Service)
Legitimate Interests: Processing necessary for our legitimate business interests (improving our Service, security)
Legal Compliance: Processing necessary to comply with legal obligations
Consent: Where you have given explicit consent (we will ask for consent separately when required)

4. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

4.1 Service Providers

Currently, we do not share your data with third-party service providers. In the future, we may engage service providers to help us operate our Service (such as hosting providers, email services, or analytics tools). Any such providers will be contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. You may request deletion of your account and associated data at any time by contacting us. Once you request deletion, we will remove your personal information from our systems, except where we are required to retain it for legal or regulatory purposes.

6. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA) or Sweden, you have the following data protection rights:

Right to Access: You can request copies of your personal data
Right to Rectification: You can request correction of inaccurate or incomplete data
Right to Erasure: You can request deletion of your personal data
Right to Restrict Processing: You can request that we limit how we use your data
Right to Data Portability: You can request transfer of your data to another service
Right to Object: You can object to our processing of your personal data
Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time

To exercise any of these rights, please contact us using the information below.

7. International Data Transfers

Your information is processed and stored in Sweden. If we transfer data outside the EEA in the future, we will ensure appropriate safeguards are in place to protect your personal information in accordance with GDPR requirements.

8. Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments
Access controls and authentication
Secure password storage

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

9. Children's Privacy

Our Service is intended for businesses and commercial use. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.

11. Marketing Communications

We do not currently send marketing emails. In the future, if we introduce marketing communications, you will have the option to opt out of receiving such emails. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact our Data Protection Officer, please reach out to us:

Ferroman Engineering AB
Analysvägen 5
435 33 Mölnlycke
Sweden

Organization Number: 556720-6494

Email: benjamin.vanleeuwen@ferroman.com

14. Supervisory Authority

If you are located in the EEA or Sweden and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority:

Swedish Authority for Privacy Protection (IMY)
Website: www.imy.se