Privacy Policy
How wiki.holmdigital.se collects and processes personal data, your GDPR rights, and our sub-processors.
This policy explains what personal data wiki.holmdigital.se collects, why, where it is processed, and what rights you have under the EU General Data Protection Regulation (GDPR).
1. Who we are
The controller of personal data processed via this site is:
Holm Digital AB
Fagerlidsvägen 15D
56692 Habo, Sweden
Org. nr: 559265-0898
Contact: karin@holmdigital.se
2. Data we process
Lead capture form
The "Order a complimentary status report" form on the wiki collects: name, email, phone, organization, the URL to scan, and an optional free-text needs description. Submissions go to our primary endpoint at scan.holmdigital.se (Hetzner, EU). If that endpoint is unreachable, the notification is routed through Brevo (Sendinblue SAS, France — EU) via a server-side relay. No form data leaves the EU.
Contact form
The contact form collects: first name, last name, email, organization (optional), subject, and message. Submissions go to holmdigital.se/api/contact (Hetzner, EU).
Analytics
- Umami — self-hosted at
analytics.holmdigital.se. Cookie-free, no personal identifiers, no consent required. - Google Analytics 4 (ID
G-2RQ0G3WKE8) — loaded only if you accept the analytics category in the cookie banner. Sets_gaand_ga_*cookies (2 years).
Cookie consent
A single necessary cookie, cc_cookie, stores your consent choices for 6 months.
3. Legal basis (Art. 6 GDPR)
| Processing activity | Legal basis | Provision |
|---|---|---|
| Lead capture form | Legitimate interest — responding to an enquiry | Art. 6(1)(f) |
| Contact form | Legitimate interest — responding to an enquiry | Art. 6(1)(f) |
| Google Analytics 4 | Consent — you can withdraw at any time via the cookie preferences | Art. 6(1)(a) |
| Umami (cookie-free) | Legitimate interest — anonymous traffic analysis without personal data | Art. 6(1)(f) |
4. Sub-processors and EU transfers
| Processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Hosting (scan.holmdigital.se, holmdigital.se, this wiki) | Germany / Finland (EU) | None needed |
| Brevo (Sendinblue SAS) | Transactional email relay for lead form notifications | France (EU) | None needed — DPA in place |
| Google LLC (GA4) | Analytics (only with consent) | United States | EU-US Data Privacy Framework + Standard Contractual Clauses |
5. Retention
| Data | Retention period | Reason |
|---|---|---|
| Lead form submissions | 24 months from last contact | Typical B2B sales cycle |
| Contact form messages | 12 months | Follow-up and potential complaints |
| Google Analytics 4 | 14 months (or until consent withdrawn) | Year-on-year comparison (13 months + margin) |
| Umami analytics | 14 months | Same principle — anonymous data |
Cookie consent record (cc_cookie) | 6 months | Stores your preference to avoid repeated prompts |
Retention periods comply with the storage-limitation principle (GDPR Art. 5(1)(e)).
6. Security measures
We protect your data with the following technical and organisational measures:
- All communication is encrypted in transit (HTTPS/TLS).
- Access to personal data is restricted to those who need it.
- We apply regular security updates to our infrastructure.
- In the event of a personal data breach, we will notify the Swedish data protection authority (IMY) within 72 hours if there is a risk to your rights and freedoms (GDPR Art. 33).
7. Your rights under GDPR
You have the right to:
- Access your data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Request erasure (Art. 17)
- Request restriction of processing (Art. 18)
- Receive your data in a portable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time (Art. 7(3)) — for analytics, use the cookie preferences
To exercise any of these rights, email karin@holmdigital.se. We will respond within one month per Art. 12(3) GDPR.
If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY).
8. No automated decision-making
We do not perform automated decision-making or profiling that produces legal or similarly significant effects on you (GDPR Art. 22).
9. AI assistance and editorial responsibility
Content on this wiki is created with AI assistance and reviewed by humans before publication. Holm Digital AB takes editorial responsibility for all published content under the editorial-control exception in EU AI Act Art. 50(4). Technical documentation does not constitute "matter of public interest" under that article, but the disclosure is provided here for transparency.
10. Updates
Last updated: 2026-04-20. Material changes will be noted at the top of this page and, where appropriate, communicated via the cookie banner.
11. Contact
For any privacy-related question or request, email karin@holmdigital.se.