Policy on Privacy (GDPR)

Since 2018, it is the General Data Protection Regulation – GDPR – that governs all types of data processing that either directly or indirectly relates to an individual.

The data that must be protected includes all information that can be linked to an individual person. This applies not only to structured data in a database or other registry but also to unstructured data, for example, e-mails, individual documents, etc. The data does not have to be stored in an IT system, as physical registries and archives are also included.

The regulation governs the processing of personal data. This means the collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, or dissemination of personal data. That is everything that you may want to do with the data.

At Hilfa, we work 100% with B2B and mainly handle company data and personal data relating to e.g. employees, client contact persons, and suppliers linked to these companies. The data is used for the purpose of fulfilling both written and unwritten agreements with clients or potential clients/contracting partners. Our aim is to handle as little personal data as possible. Generally, we store the following information about you and your company: corporate identity number and/or VAT number, company name, address linked to the company, freight and invoice details, as well as the name, work e-mail, and telephone number of relevant contact persons. 

We mainly use this information internally within the company. No one outside the company has access to this data. If you do not wish us to keep this information about you and your company, please let us know, and we will erase your data. 

The objective is that Hilfa’s processing of personal data is carried out on legal grounds and in accordance with the principles of GDPR in order to reassure our customers, employees, and suppliers that we are handling their personal data in a secure and transparent manner.

When we process personal data, we do so with your consent and/or on a need-to-know basis, for the purpose of running our operations, fulfilling our contractual and legal obligations, protecting our systems, or meeting other legitimate interests, mainly related to sales and marketing activities.

The following services related to Hilfa and partners who carry out tasks on behalf of us, with whom we set up Personal Data Processing Agreements.  


The following registries are held within Hilfa AB:

Monitor ERP
Our business system where orders are recorded together with contact, delivery, and invoice information relating to our ordering companies.


For marketing purposes, including newsletter and similar services.

Agreements archive
Hilfa holds a physical archive of current agreements. The archive includes contact, delivery, and invoice information relating to our contracting partners.

Accounting information must be kept for 7 years following the end of the calendar year in which the financial year ended.

All employees at Hilfa use Outlook, and the program contains names, e-mails, etc. relating to people with whom our employees are in contact as part of their work. Outlook programs are cleared regularly. Information in Outlook is not sorted.