top of page


At Biolegal, we care about privacy and protecting personal data. All personal data collected will be processed in compliance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).


Below is a description of how and why we collect, process and share personal data that is either provided to us or obtained by us, including the legal grounds for doing so and the rights of the data subjects.


What personal data do we collect and process?

We primarily collect and process basic information e.g. name and professional contact information, mainly company name, e-mail and telephone number, obtained either (a) directly from the person involved, e.g. clients, business partners or counterparties to clients, when contacting us via telephone, e-mail or via our web site, or (b) indirectly via LinkedIn and other sources. In providing our services we also receive information about other individuals without the information being provided directly by them.


Also, as part of maintaining and developing our website, we may collect technical information via cookies regarding the use of our website A cookie is a small text files stored on your device. There are two different types of cookies: (1) a session cookie which is automatically erased when the web browser is closed, and (2) a permanent cookie which is stored on your device for an extended but predefined period of time. Our website uses both session cookies and permanent cookies. A cookie contains technical information e.g. your IP address, browser, operating system, time and location of visit, pages visited on, which enables us to remember your web browser so that we can adapt the functions of our website and our statistics system in order to keep improving your experience of The website is hosted on the platform, and there may be content and sharing tools embedded from various third party apps and social networks on the website. This means that your information may be sent from your browser to such networks/suppliers for processing, and that they may use and place cookies on which we do not have access to, and cannot control, including the personal data and information which they may collect. For further information about these networks/suppliers and how they manage cookies, what information their cookies collect and how they can be erased, please check the website of the individual network/supplier.You may refuse or withdraw your consent for the use of cookies and delete all cookies stored on your device at any time through your browser settings. Further information about how to manage and delete cookies can be found at Please note that if you choose to delete cookies or turn off the cookie function, certain functions on this website may not work properly.


Why do we collect and process personal data?

We process personal data in order to (a) communicate with the person involved when we perform our services, (b) fulfil our obligations towards our clients, (c) safeguard the interests of our clients, (d) administrate our professional relationships, (e) comply with our legal obligations, and (f) market and offer our services.


What are our legal grounds for processing personal data?

Generally, the underlying legal basis for processing personal data for our clients is execution of the agreement under which we perform the services, however, in relation to physical individuals e.g. clients' representatives, representatives and counsel of counterparties, etc., instead our processing is generally based on a balancing of interests where our assessment is that the legitimate interests to process certain personal data outweigh any opposing interests or fundamental rights and freedoms of the person whose personal data is being processed.


Any processing of personal data relating to suppliers or their representatives and other external parties is generally based on our legitimate interest of performing contractual obligations and administrating the business relationship.


Any processing of personal data for business development and marketing purposes is based on our legitimate interest of improving and marketing our business.


There may also be other grounds for the processing in connection with specific services that we perform.


Who has access to the personal data that we process?

As a main rule, we will not disclose personal data to anyone outside our company, except where (a) it has been agreed with the person involved, (b) it is required to protect the rights and interests of a client; (c) it is required in order to fulfil a statutory obligation or comply with a decision of a public authority or a court of law, or (d) we work with external service providers or business partners who support our business or perform services on our behalf, or (e) it is otherwise permitted by law. Specifically, we do not transfer personal data or make personal data available to third parties for their marketing or similar commercial purposes.


All personal data is protected by organizational and technical security measures in part provided by third-party IT-service providers that we use for handling our data which is generally stored and processed within the EU/EEA. Any transfers of personal data outside the EU/EEA are made in compliance with applicable data protection laws, either (a) to a third country, of which, the European Commission has decided that it ensures an adequate level of protection (transfer on the basis of an adequacy decision), or (b) to a third country that does not ensure an adequate level of protection according to the European Commission, in accordance with the Standard Contractual Clauses applicable from time to time.

In addition, in performing specific services, we may need to transfer personal data to third countries in which case we will ensure that we have consent from the person involved or that the transfer will be compliant with applicable data protection laws.


How long will we store personal data?

We retain personal data only as long as required given the context and purpose of the processing or as otherwise required or permitted by law.


What are the rights of data subjects?

According to applicable data protection laws, a data subject has the right (a) to know what personal data we process about them, (b) to request that we rectify or erase inaccurate or incomplete personal data about them, (c) to object to specific processing of personal data and to request that we restrict certain processing of their personal data, and (d) to receive the personal data that they have provided and have the data transferred to another party responsible for data processing.


If you have any questions or complaints about our processing of your personal data or wish to exercise any of your rights set out herein or according to law, please contact us by email at or by post to the address below.


If you are dissatisfied with how we process your personal data, you may also report this to the supervisory authority for processing of personal data, the Swedish Authority for Privacy Protection (Sw. Integritets-skyddsmyndigheten or IMY).


Who is responsible at Biolegal for the processing of personal data?

Biolegal AB, 559119-1175, Övre Slottsgatan 28A, 753 12 Uppsala, Sweden, ("Biolegal") is the personal data controller according to GDPR. This means that we are responsible for ensuring that all personal data is processed correctly and in accordance with applicable data protection laws.


Version and Updates

We reserve the right to modify this privacy policy from time to time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.


This privacy policy was last updated on 4 January, 2023.

bottom of page