Version 4.0 – Last updated: April 25, 2026
Article 1: Identification of the Data Controller
This privacy policy defines the strict data processing protocols maintained by Handel Avkastö ("the Platform", "we", "us"), with headquarters at Kungsgatan 8, 111 43 Stockholm, Sweden. We act as the data controller in accordance with the EU General Data Protection Regulation (GDPR) and the Swedish Data Protection Act. To ensure absolute data integrity, we have appointed a Data Protection Officer (DPO) who can be contacted at: [email protected].
Article 2: Categories of Personal Data Processed
To provide technical and analytical services at an institutional level, we collect the following data in accordance with the principle of data minimization:
Identity data: Full name, date of birth, nationality, and official identification required for mandatory KYC (Know Your Customer) and AML (anti-money laundering measures).
Contact information: Verified email address, active mobile number, and official registered address.
Financial telemetry: Information about asset origin, transaction history, and risk profiles linked to our technical interfaces.
Digital footprint: IP addresses, device specifications, geographical location data, and granular logs of interaction with our systems.
Article 3: Legal Basis for Processing
The processing of your data is based on the following legal grounds:
Performance of contract: Necessary to administer your account and deliver our technical services.
Legal obligation: Compliance with Swedish law, including the Anti-Money Laundering Act and tax reporting requirements.
Legitimate interest: Necessary for proactive cybersecurity, fraud prevention, and continuous technical optimization.
Consent: For sending market analyses and using non-essential cookies.
Article 4: Data Security and Sovereignty
Handel Avkastö uses enterprise-grade security architecture:
Encryption: All sensitive data is stored with AES-256 encryption and transferred via TLS 1.3.
Hosting: Data is stored exclusively on highly secure servers within the EEA, guaranteeing full protection under European data sovereignty regulations.
Article 5: Your Rights
You have the right to access, rectification, erasure ("the right to be forgotten"), restriction of processing, and data portability. Requests should be sent to [email protected]. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).