Version 4.0 – Last updated: April 25, 2026
Article 1: Identification of the Data Controller
This privacy policy defines the strict data processing protocols maintained by Svensk NexFlow ("the Platform", "we", "us"), with headquarters at Vasagatan 16, 111 20 Stockholm, Sweden. We act as the data controller in accordance with the EU General Data Protection Regulation (GDPR) and the Swedish Data Protection Act. To ensure absolute data integrity, we have appointed a Data Protection Officer (DPO) who can be contacted at: [email protected].
Article 2: Categories of Personal Data Processed
To provide institutional-level analytical and technical services, we collect the following data:
Identity data: Full name, date of birth, nationality, and official identification required for mandatory KYC (Know Your Customer) and AML (anti-money laundering measures).
Contact information: Verified email address, active mobile number, and official registered address.
Financial and technical telemetry: Information on asset origin, transaction history, investment experience, and risk profiles linked to our analytical interfaces.
Digital footprint: IP addresses, device specifications, geographical location data, and granular logs of interaction with our technical systems.
Article 3: Legal Basis for Processing
The processing of your data is based on the following legal grounds:
Performance of contract: Necessary for administering your account and delivering our technical services.
Legal obligation: Compliance with Swedish law, including the Money Laundering Act and tax reporting requirements.
Legitimate interest: Necessary for proactive cybersecurity, fraud prevention, and technical optimization of the platform.
Consent: For sending market analyses and using non-essential cookies.
Article 4: Data Security and Sovereignty
Svensk NexFlow uses enterprise-grade security architecture:
Encryption: All sensitive data is stored with AES-256 encryption and transmitted via TLS 1.3.
Hosting: Data is stored exclusively on highly secure servers within the EEA, guaranteeing full protection under European data sovereignty regulations.
Article 5: Your Rights
You have the right to access, rectification, erasure ("right to be forgotten"), restriction of processing, and data portability. Requests should be sent to [email protected]. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).