Last update: 12 May 2025
Thank you for using ExiKit ("Company", "We", "Our", "Us"). Our Privacy Policy governs your visit to exikit.com, and explains how we collect, safeguard and disclose information that results from your use of our web pages and services located at exikit.com, any subdomains of exikit.com, or any web pages and services that embed our services (collectively, the "Service").
We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at support@exikit.com.
Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).
SERVICE means the website exikit.com, any subdomains of exikit.com, and any web pages and services that embed our services.
PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
COOKIES are small files stored on your device (computer or mobile device).
DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
Under the General Data Protection Regulation (GDPR), you have the right to control your own personal data and receive information directly from us about how we process your data. Below you can read about your rights. If you want to know what personal data ExiKit processes about you through a so-called data access request, have certain data deleted, or contact us to exercise your other rights, please contact us using the contact information in section 12.
Your rights:
Right to have your information deleted ("Right to be forgotten").
In certain cases, you have the right to have your personal data deleted. This applies, for example, to data that (i) is no longer necessary to process or retain for the purpose for which it was collected, or (ii) if you withdraw your consent for processing. In some cases, ExiKit may not be able to delete your personal data: This may be because the data is still necessary to process for the purpose for which it was collected, that ExiKit's interest in continuing to process the data outweighs your interest in having it deleted, or because we have legal requirements to retain it. You can read more about the legal requirements that apply to ExiKit regarding saving information even if you request to be forgotten in sections 4 and 9. The laws described there prevent us from immediately deleting certain information. You also have the right to object to our use of your personal data for certain purposes such as direct marketing, which you can read more about in this list.
Right to be informed.
You have the right to be informed about how we process your personal data. We do this through this privacy policy, through service-specific FAQs, and by answering questions from you.
Right to access your personal data ("data subject access").
You have the right to know if ExiKit processes your personal data and to receive a copy of your personal data, a so-called data subject access request. Through this request, you will know what information we have about you and how we process your personal data.
Right to access and transfer your personal data to another recipient ("Data portability").
This right means that you can request a copy of the data ExiKit has about you and that we process to fulfill an agreement with you, or based on your consent, in a machine-readable format. This is so that you can transfer your personal data to another recipient.
Right to rectification.
You have the right to request that we correct inaccurate or incomplete information about you, and that we supplement your information.
Right to restriction of processing.
If you believe that the information we have about you is not correct, that our processing violates the law, or that we do not need the information for a specific purpose, you have the right to request that we restrict our processing of that information. You can also request that we do not process your information while we check this, or while we check if you have the right to object to certain processing as described below.
Right to object to our processing of your personal data.
You can object to our processing that occurs based on legitimate interest (Article 6(1)(f) GDPR) with reference to your personal circumstances. You can also always object to our use of your personal data for direct marketing. When you notify us that you no longer want to receive direct marketing from us, we will turn off the marketing and thus stop sending you marketing.
Right to withdraw your consent.
As described in section 5 below, you have, in cases where we process your personal data based on your consent or explicit consent, the right to withdraw your consent at any time. When you withdraw your consent, we will stop the processing.
Right to lodge a complaint.
If you have complaints about ExiKit's processing of personal data, you can contact your national data protection authority. In Sweden, this is Integritetskyddsmyndigheten. You can also lodge a complaint to your own national data protection authority, which you can find here.
In this section, we describe the personal data we collect about you when you or create. In section 5, we describe what we use your personal data for.
Contact and identification - Name, email, phone number, billing details, photos, videos, electronic ID, qualified electronic signatures, etc.
Information about events - Details about events that your organization organize or your organization has registered interest in. For example, drafts and submissions to forms or other details.
Information about your use of Service - Details about how you use the Service, such as which features you have used and how you use them.
Technical information that is generated when you use Service - Technical data such as page response times, logs of how you navigate through our services, download or transaction errors, and the date and time when you used the Service.
Information about your contact with us - Recorded voice calls, chat logs, emails, and other correspondence.
Device information - Device identification, IP address, language settings, browser settings, time zone, operating system, platform, screen resolution, and similar information about your device and your device settings/usage.
In the tables below, we describe the following:
| Purpose of processing - what we do and why | Type of personal data that used for the purpose, and where we get the information from. See section 4 for the different information types | Legal basis for processing in accordance with GDPR | How long we will process your personal data for the purpose |
|---|---|---|---|
| [1] To administrate our customer relation to you according to our Terms. This includes creating and sending information to you in an electronic format (not advertising). |
| Processing is necessary for us to fulfill our contract with you (Article 6(1)(b) GDPR). | Personal data will be retained for as long as necessary to fulfill our contractual obligations to you. When the agreement between you and ExiKit ends or you withdraw your consent, we will stop processing your data for this purpose. |
| [2] To conduct customer satisfaction surveys and consumer research, and to request reviews from you via email, SMS, phone, or through other communication channels. |
| The processing is based on a legitimate interest (Article 6(1)(f) GDPR). In balancing these interests, we have determined that we have a legitimate interest in conducting these types of surveys, that the personal data processing is necessary to achieve this purpose, and that our interest outweighs your right not to have your data processed for this purpose. If you would like more information about how this assessment was made or if you wish to object to this processing, you can always contact us. See contact details in section 12. | When the agreement between you and ExiKit ends. |
| [3] To ensure network and information security in ExiKit's services. |
| The processing is based on a legitimate interest (Article 6(1)(f) GDPR). In balancing these interests, we have determined that we have a legitimate interest in ensuring network and information security, that the personal data processing is necessary to achieve this purpose, and that our interest outweighs your right not to have your data processed for this purpose. Ensuring good information security is also in your interest as a customer. If you would like more information about how this assessment was made or if you wish to object to this processing, you can always contact us. See contact details in section 12. | This processing continues for as long as you use a service. |
| [4] To conduct risk analysis, prevent fraud, and for risk management. This processing is done to confirm your identity and that the data you provide is correct, as well as to combat criminal activities. |
| The processing is necessary for ExiKit to enter into and fulfill the agreement with you (Article 6(1)(b) GDPR). | This processing continues for as long as you use any of ExiKit's services. If ExiKit has identified a potential risk in how you use our services, we will continue to use your information for this purpose and continuously update our risk assessment if there is a fraud risk. This processing continues as long as we are legally obligated to store your information. More information about our obligations and rights to store information according to law can be found in section 9. |
| [5] Anonymizing your personal data in order to improve our services and products by analyzing usage patterns and customer behaviors. |
| The processing is based on a legitimate interest (Article 6(1)(f) GDPR). In balancing these interests, we have determined that we have a legitimate interest in analyzing usage data to improve our services and enhance customer experience. We ensure that this processing is necessary to achieve this purpose, and that our interest outweighs your right not to have your data processed for this purpose. If you would like more information about how this assessment was made or if you wish to object to this processing, you can always contact us. See contact details in section 12. | This processing continues for as long as ExiKit must retain the data in its systems, for example to fulfill the agreement with you or to comply with applicable law. |
| [6] To conduct data analysis for product development and product testing for the design and development of our services (where possible, we first anonymize the data, which means that afterwards no personal data processing occurs). |
| The processing is based on a legitimate interest (Article 6(1)(f) GDPR). In balancing these interests, we have determined that we have a legitimate interest in conducting data analysis for product development and product testing. We ensure that this processing is necessary to achieve the purpose, and that our interest outweighs your right not to have your data processed for this purpose. Our customers also benefit from this processing as it helps us deliver accurate and sustainable services. If you would like more information about how this assessment was made or if you wish to object to this processing, you can always contact us. See contact details in section 12. | This processing continues for as long as ExiKit must retain the data in its systems, for example to fulfill the agreement with you or to comply with applicable law. More information about our obligations and rights to store information according to law can be found in section 9. |
| [7] To conduct data analysis to measure and improve our marketing and marketing channels (where possible, we first anonymize the data, which means that afterwards no personal data processing occurs). |
| The processing is based on a legitimate interest (Article 6(1)(f) GDPR). In balancing these interests, we have determined that we have a legitimate interest in conducting data analysis to measure and improve our marketing and marketing channels. We ensure that this processing is necessary to achieve this purpose, and that our interest outweighs your right not to have your data processed for this purpose. Our customers also benefit from this processing as it helps us deliver more relevant and sustainable services. If you would like more information about how this assessment was made or if you wish to object to this processing, you can always contact us. See contact details in section 12. | This processing continues for as long as ExiKit must retain the data in its systems, for example to fulfill the agreement with you or to comply with applicable law. More information about our obligations and rights to store information according to law can be found in section 9. |
| [8] Sharing your personal data with the categories of recipients described in section 7.1. (suppliers and subcontractors, companies within the ExiKit group, event organizers on the Service or exhibitors on the Service). |
| Varies depending on the recipient (see section 7.1.). | This processing continues for as long as ExiKit must retain the data in its systems, for example to fulfill the agreement with you or to comply with applicable law. More information about our obligations and rights to store information according to law can be found in section 9. |
| [9] To protect ExiKit from legal claims and safeguard ExiKit's legal rights. |
| The processing is based on a legitimate interest (Article 6(1)(f) GDPR). In balancing these interests, we have determined that we have a legitimate interest in being able to protect ourselves from legal claims. We ensure that this processing is necessary to achieve the purpose, and that our interest outweighs your right not to have your data processed for this purpose. Sensitive personal data is processed, if necessary to establish, exercise, or defend legal claims, based on Article 9(2)(f) GDPR. If you would like more information about how this assessment was made or if you wish to object to this processing, you can always contact us. See contact details in section 12. | This processing continues for as long as ExiKit must retain the data in its systems, for example to fulfill the agreement with you or to comply with applicable law. More information about our obligations and rights to store information according to law can be found in section 9. |
In cases where ExiKit processes your personal data based on your consent, you can withdraw this consent at any time. You can do this through the contact information found in section 12.
You can also remove uploaded information yourself from the Service. We will then delete the data. If you withdraw your consent or remove the uploaded information, it may mean that the service cannot continue to be used in cases where ExiKit's processing of personal data is based on your consent.
Finally: As described in section 3, you have the right to object to certain uses of your personal data (for example, you can opt out of marketing). You also have the right to have certain data deleted, which is also described in section 3.
When we share your personal data, we ensure that the recipient processes them in accordance with this information, for example by entering into so-called data transfer agreements or data processor agreements with the recipients. These agreements include all reasonable contractual, legal, technical, and organizational measures to ensure that your data is processed with an adequate level of protection and in accordance with applicable law.
Suppliers and subcontractors are companies that only have the right to process the personal data they receive from ExiKit on ExiKit's behalf, so-called data processors. Examples of such suppliers and subcontractors are software and data storage providers, business consultants, providers of machine learning and artificial intelligence modules, and companies within the ExiKit group.
Purpose and legal basis: ExiKit needs access to services and functionality from other companies that ExiKit cannot offer itself. ExiKit has a legitimate interest in being able to access these services and functionality (Article 6(1)(f) GDPR). We ensure that the processing this involves is necessary to fulfill this interest, and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing due to circumstances in your individual case. More information about your rights can be found in section 3.
Description of recipient: ExiKit may provide necessary information to authorities such as the Police, Financial Supervisory Authority, Tax Agency, or other authorities and courts.
Purpose and legal basis: Sharing personal data with authorities is done when we are legally obligated to do so, or in some cases if you have instructed us to do so, if it is required to administer tax deductions or prevent crime. Depending on the authority and purpose, the legal bases are obligation to comply with the law (Article 6(1)(c) GDPR), fulfilling the agreement with you (Article 6(1)(b) GDPR), or that ExiKit has a legitimate interest in being able to protect itself from crime (Article 6(1)(f) GDPR).
Description of recipient: In the event that ExiKit sells business operations or assets, ExiKit may disclose your personal data to a potential buyer of such operations or assets. If ExiKit or a substantial part of ExiKit's assets is acquired by a third party, personal data about ExiKit's customers may also be shared.
Purpose and legal basis: ExiKit has a legitimate interest in being able to complete these transactions (Article 6(1)(f) GDPR). We ensure that the processing this involves is necessary to fulfill this interest, and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing due to circumstances in your individual case. More information about your rights can be found in section 3.
Description of recipient: ExiKit may share your personal data with event organizers on the Service or exhibitors on the Service.
Purpose and legal basis: ExiKit has a legitimate interest in being able to provide this information to event organizers and exhibitors (Article 6(1)(f) GDPR). We ensure that the processing this involves is necessary to fulfill this interest, and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing due to circumstances in your individual case. More information about your rights can be found in section 3.
We always strive to process your personal data within the EU/EEA. However, in certain situations, such as when we share your information within the ExiKit group or with a supplier or subcontractor operating outside the EU/EEA, your personal data may be transferred outside the EU/EEA. ExiKit always ensures that the same high level of protection applies to your personal data in accordance with GDPR, even when the data is transferred outside the EU/EEA. Your rights to the data (which you can read more about in section 3) are also not affected by the transfer of data outside the EU/EEA. More information about which recipients we share information with can be found in section 7.
Some of ExiKit's suppliers apply Binding Corporate Rules ("BCR") when transferring personal data outside the EU/EEA area within their corporate group. Such BCRs have been approved by an EU data protection authority and ensure that your personal data is protected with the same level of data security when transferred.
If you would like more information about our safeguards, you can always contact us. Contact details can be found in section 12. You can find more information about which countries are considered to have an "adequate level of protection" on the European Commission's website, and you can read more about standard contractual clauses on the Swedish Authority for Privacy Protection's website.
Countries outside the EU/EEA may have laws that give public authorities the right to access personal data stored in the country for the purpose of combating crime or defending national security. Regardless of whether it is we or any of our suppliers who process your personal data, we will ensure a high level of protection when transferring it and that appropriate safeguards have been implemented in accordance with applicable data protection requirements (such as GDPR). Such appropriate safeguards include, among other things, ensuring:
Notwithstanding the above, if you choose to use services from a service provider located outside the EU/EEA, our data sharing with that service provider (and with the ExiKit entity to which that service provider is connected) means that your personal data will be transferred to and processed in a country outside the EU/EEA. Contact us for access to privacy and data protection policies for other ExiKit entities within the ExiKit group. Otherwise, it would not be possible to administer your service usage. In this transfer, the data is primarily protected by ExiKit through the European Commission's Standard Contractual Clauses entered into between ExiKit and the service provider you are using (and the service provider's local ExiKit company). As described above, however, the country where the service provider or the local ExiKit company is based may have legislation that means that the European Commission's Standard Contractual Clauses do not provide effective protection for your personal data. For example, national authorities in the country in question where the service provider is located may be able to access your data in accordance with local legislation. Despite this, ExiKit will need to transfer your data to the service provider you have chosen to use and its local ExiKit company, as long as this is required to provide the service to you.
How long ExiKit stores your data depends on the purpose for which the data is used:
Personal data used for the contractual relationship between you and ExiKit is normally stored for as long as the agreement is in effect and thereafter for a maximum of 10 years due to statutes of limitations.
Personal data that ExiKit must store according to applicable law, such as anti-money laundering and accounting legislation, is normally stored for 5 and 7 years respectively.
If no agreement is entered into between you and ExiKit, or if the data is not needed to fulfill a legal requirement, the data is only stored for as long as necessary to fulfill the respective purpose of our processing (usually 3 months) (more information can be found in the table in section 5).
In some limited cases, the data may need to be stored longer due to capital adequacy legislation that ExiKit must comply with.
The legal requirements described above mean that ExiKit cannot delete your personal data even if you request to have it deleted as described in section 3. If we have no legal requirement to retain the data, we must instead make an assessment of whether we need the data to protect ourselves from legal claims.
Please note that even though we must retain your data due to legal requirements, for example, this does not mean that your data may also be used by us for purposes other than fulfilling legal requirements. ExiKit makes an assessment of each individual purpose regarding how long we may use your data, which you can read more about in section 5.
To provide a tailored experience, ExiKit uses cookies and similar tracking technologies in our various interfaces, such as our website and widgets. You can find information about the tracking technologies that ExiKit uses, and information about how to accept or decline tracking technologies, in the respective interfaces.
We are constantly working to improve our services so that you get an even smoother user experience. This may involve changes to existing and future services. If such an improvement requires notification or consent according to applicable legislation, you will be notified or given the opportunity to provide your consent. It is also important that you read this privacy policy each time you use any of our services, as the processing of your personal data may differ from your previous use of the service in question.
If you have any questions or concerns about this privacy policy or how we process your personal data, please contact us at support@exikit.com.