Privacy Statement

Last updated: 2025-05-16

1. Introduction

Goget AB (“Goget”) values your privacy. This Privacy Policy explains how Goget collects, uses, stores, and shares your personal data in connection with our products, services, and websites (collectively, the “Services”).

We aim to provide transparency and control to individuals whose data we process, ensuring compliance with applicable laws such as the General Data Protection Regulation (GDPR). If you have any questions or concerns about how we handle your personal data, please contact our privacy team at privacy@gogetcorp.com.

2. What Information Do We Collect and Why?

We collect information to provide you with the best possible experience when using our Services and to fulfill our commitments to you. The following types of personal data may be collected:

• Account Data: Collected when you create an account or purchase our Services, including billing information, name, address, email, and phone number.
• Support Data: Collected when you request assistance from our support team, including name, email, address, and phone number.
• Form Data: Collected when you complete contact forms, request newsletters, or seek other information from us.
• Interaction Data: Collected when you participate in surveys, events, apply for a job, or interact with our websites, including cookies and device data.
• System Data: Collected during setup, customization, or troubleshooting, including IP address, language settings, software versions, and debug logs.

Unless otherwise stated, we collect only the minimum personal data necessary for functionality, security, and compliance.

3. Minimization of Personal Data Collection

We are committed to data minimization and privacy by design. You can engage with our Services while limiting the amount of personal data shared:

• Pseudonymized Login Credentials: Clients may use generic or pseudonymized email addresses for administrative access.
• Optional Data Sharing: Clients may choose to enter only the minimum information needed for setup or operation.
• Calendar Processing Configuration: Clients using calendar integration features may configure their calendar provider to restrict personal data from being transmitted. When properly configured, calendar event details can be stripped of personal information, ensuring that no personal data is relayed to Goget.

These measures enable Clients to manage privacy preferences while maintaining compliance with GDPR. For more information, contact us at privacy@gogetcorp.com.

4. How We Use Information

We limit our use of personal data to the following purposes:

• Delivering and Supporting the Services: Operate, maintain, and improve the Services; diagnose issues; manage accounts.
• Communicating with You: Send transactional emails, service announcements, and critical updates.
• Marketing and Advertising: With consent or where lawful, send newsletters or offers; display interest-based ads.
• Legal and Compliance Obligations: Comply with regulations and prevent misuse or fraud.

5. Sharing with Trusted Third Parties

We may share personal data with trusted Sub-Processors within the EU/EEA or in jurisdictions recognized by the European Commission as providing adequate protection. These third parties support us in:

• Processing payments
• Logistics and shipping
• CRM and communication services (e.g., email delivery)

We only share personal data when strictly necessary and ensure that all third parties are contractually bound by data protection obligations. We do not sell personal data.

6. Customer Support and Website Analytics

To help us support and improve your experience, we collect certain usage-related data when you interact with our Services.

• Customer Support: Data is used to respond to inquiries and provide assistance.
• Analytics: We use tools such as Google Analytics to collect aggregated, non-personal usage data to optimize performance.

You may control cookies and similar technologies via your browser settings or third-party tools.

7. Google API Services

Goget’s use and transfer of information received from Google APIs to any other application will comply with the Google API Services User Data Policy, including the Limited Use requirements.

8. Security, Storage, and Retention

We take the protection of your personal data seriously and apply industry-standard safeguards to ensure it remains secure, is appropriately stored, and is not retained longer than necessary.

• Security: We use encryption (TLS), hashing, MFA, and access control measures.
• Storage: All data is hosted in the EU/EEA.
• Retention: We retain personal data only as long as necessary for service delivery, legal compliance, and legitimate interests.

You may request deletion of your data; however, some data may need to be retained for legal or contractual reasons.

9. How You Can Access, Update, or Delete Your Data

You can access or update your data by signing in to your account at admin.gogetcorp.com. Requests to delete your data may take up to 30 days. Once deleted, data is permanently unrecoverable.

If you cannot opt out via the interface, please email privacy@gogetcorp.com.

10. Your Rights Under the GDPR

If you are an EEA resident, you have the right to:

• Access your personal data
• Correct inaccuracies
• Request deletion
• Restrict or object to processing
• Data portability
• Lodge a complaint with the relevant supervisory authority, the Swedish Data Protection Authority (Integritetsskyddsmyndigheten)

To exercise your rights, contact privacy@gogetcorp.com.

11. Is Goget a Data Controller or Data Processor under the GDPR?

Goget AB typically acts as a Data Processor under the General Data Protection Regulation (GDPR), processing personal data solely on behalf of the Client and in accordance with the Client’s documented instructions. However, the role of Goget may vary depending on how the Services are configured and used.

Specifically, Goget does not require access to personal data to operate the Services. Where the Client has applied appropriate calendar processing rules—for example, settings that prevent personal data from being transmitted from the calendar provider—and uses pseudonymized, non-personal administrator accounts during setup and login, it is fully possible to use the Services without transmitting any personal data to Goget. In such cases, no personal data is processed, and the GDPR does not apply.

However, unless the Client has explicitly configured the system to operate in this data-minimizing way, and in the absence of such adjustments, Goget will, under normal circumstances, act as a Data Processor. This role is governed by Goget’s Data Processing Agreement (DPA), which forms the legal basis for processing carried out on behalf of the Client.

12. Cookie Statement

We use cookies to personalize your experience, remember preferences, and improve site performance. By using our websites, you consent to the use of cookies as described in this statement. You may disable cookies in your browser settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our Services or legal obligations. All updates are effective upon publication. Please check this page regularly for the latest version.

For questions or concerns, contact us at privacy@gogetcorp.com.