Skip to content
GigförmedlingenEarly Access

Privacy Policy

Privacy Policy

Effective from: 2026-04-30

Gigförmedlingen • gigformedlingen.se • Contact us via the contact page

1. Who is responsible for your personal data

The Gigförmedlingen platform ("the Platform") is the controller of personal data processed in connection with use of the Platform. Specific controller information will be published before public launch.

Until controller information is published, you can submit data-protection requests via the contact page. We respond within the timeframe required by the EU General Data Protection Regulation (GDPR) regardless of whether controller information is yet finalized.

2. When this policy applies

This policy applies to personal data we process when you:

  • visit the Platform website
  • create or use an account on the Platform
  • post a service request, publish a listing, or contact another user
  • send us a message through the contact form or another support channel
  • receive notifications or other communications from the Platform

It does not apply to data processed by other organizations whose websites or services we link to.

3. What data we collect

We collect personal data in the following categories:

Account and profile data: name, email address, phone number where provided, password (stored hashed, never in plain text), language preference, account type (Customer, Provider, or both), and profile information you choose to add.

Provider profile data (where applicable): service categories, service area, F-skatt status, optional credentials and qualifications you upload, and pricing or pricing indication.

Listing and request data: the content of listings you publish or service requests you post, including titles, descriptions, location, images, and any attachments.

Communication data: messages you send through the Platform's messaging features, contact form submissions, and any correspondence with our support.

Transaction data (when platform payments activate): order records, payment status, fee calculation records, payout records, and tax-relevant data including F-skatt status. In Early Access, the Platform does not process payments between users; transaction-data collection in this category is limited to records of agreed activity, not actual payment processing.

Technical data: IP address, browser type and version, device type, operating system, referring URL, and timestamps of activity. Some technical data is processed only as part of security and abuse-prevention.

Consent records: your choices about cookies and other consent decisions, including timestamp and version of the policy you consented to.

4. Why we process personal data

We process personal data to:

  • provide and operate the Platform
  • create and manage your account and profile
  • enable Customers and Providers to find and communicate with each other
  • handle service requests, listings, and proposals
  • provide customer support and respond to your inquiries
  • ensure security, prevent abuse, and detect fraud
  • comply with legal obligations, including tax-reporting obligations under the EU DAC7 directive when those become applicable
  • process payments and payouts, when platform payments activate in a later version
  • improve the Platform, with appropriate aggregation and where applicable, your consent
  • send service-related communications, such as account confirmations and transaction notifications
  • send marketing communications only where you have opted in, and you can withdraw consent at any time

5. Legal basis

We rely on the following legal bases under GDPR Article 6:

  • Performance of a contract (Article 6(1)(b)) for processing necessary to deliver the Platform, manage your account, handle communications between users, and process payments when those activate.
  • Legal obligation (Article 6(1)(c)) for processing required by Swedish or EU law, including tax reporting, accounting record retention, and law-enforcement requests with valid legal basis.
  • Legitimate interest (Article 6(1)(f)) for processing related to security, abuse-prevention, fraud detection, and Platform improvement, where our interest is not overridden by your rights.
  • Consent (Article 6(1)(a)) for processing that requires consent under applicable law, including non-essential cookies, analytics, and marketing communications. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

6. Who we share data with

We share personal data with the following categories of recipients:

Other users of the Platform: parts of your profile, listings, and contact information are visible to other users to the extent necessary for the Platform to function. In Early Access, contact details made available on listings or proposals can be used by users to contact each other directly.

Service providers we engage to operate the Platform: including hosting and infrastructure providers, email-delivery providers, security and fraud-prevention providers, and customer-support tooling providers. These providers process data on our behalf and are bound by data-processing agreements.

Payment service providers (when platform payments activate): the Platform Account Provider that processes Platform Payments and Payouts. The specific provider will be identified before platform payments activate.

Tax authorities: information required by Swedish and EU tax law, including transaction information reportable under DAC7 when those reporting requirements apply.

Authorities with valid legal basis: law enforcement and other public authorities where we are legally required to disclose data.

We do not sell personal data, and we do not share personal data for the marketing purposes of unrelated third parties.

7. Cookies and analytics

The Platform uses cookies and similar technologies. Strictly necessary cookies are used for security, session management, login, language selection, and consent state. Optional cookies (preferences, analytics) are used only after you have given consent through our cookie consent function.

The Cookie Policy describes cookie categories, purposes, retention periods, and how you can control or withdraw consent.

8. Retention

We retain personal data only as long as necessary for the purposes listed in section 4 or as required by law. Specific retention periods depend on the category of data:

  • Account and profile data: while your account is active, plus a period after closure to handle disputes, fulfill legal obligations, and complete any pending matters
  • Listings and requests: while published or pending, plus a period for record-keeping
  • Communication data: while needed to handle the underlying inquiry or matter, plus a reasonable record-keeping period
  • Transaction data (when platform payments activate): for the period required by Swedish accounting and tax law (typically seven years after the end of the relevant accounting year)
  • Technical data: for the shortest period needed for the relevant security or abuse-prevention purpose
  • Consent records: for the period required to demonstrate the lawfulness of consent-based processing

When the retention period expires, we delete or anonymize the data.

9. Your rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your personal data, subject to exceptions in GDPR Article 17(3) (such as data we are legally required to retain)
  • Restriction: restrict processing in certain circumstances
  • Portability: receive personal data you have provided in a structured, commonly used format
  • Objection: object to processing based on legitimate interest, including direct marketing
  • Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of prior processing
  • Complaint: lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another competent supervisory authority in the EU

To exercise these rights, contact us via the contact page. We respond within one month of receipt of a valid request, with possible extension under GDPR Article 12(3) where requests are complex or numerous.

10. Security and international transfers

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include access controls, encryption in transit and at rest where applicable, audit logging, and security review of service providers we engage.

Personal data is primarily processed within the European Economic Area. Where data is transferred outside the EEA, we use safeguards consistent with GDPR Chapter V, including European Commission adequacy decisions and Standard Contractual Clauses, supplemented by additional measures where required.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we give reasonable notice through the Platform, by email to the address associated with your account, or both. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

12. Contact

To exercise your rights or for any question about this policy, contact us via the contact page.

Specific controller information will be published before public launch.

© 2026 Gigförmedlingen. All rights reserved.