Privacy Policy
General information on our use of personal data
Last updated: July 2025
This Privacy Notice (“Notice”) explains how we collect, use, and share personal data when you use our website (compensara.io), our platform, or interact with our digital channels, such as our feeds on social media. It also applies if you contact us or participate in any events or activities we arrange.
Throughout this Notice, we refer to our benchmarking platform and related features as the “Service.”
“Personal data” means any information that can identify you, either directly or indirectly, for example, your name, email address, or IP address.
We are committed to protecting your privacy and handling your personal data responsibly. We take appropriate technical and organizational measures to ensure that our processing complies with applicable data protection laws.
1. WHO IS COVERED BY THIS NOTICE?
This Notice covers:
Users of our app, our website (compensara.io), and our digital channels, including our channels and feeds on social media platforms.
Contact persons of a customer, supplier, or partner to us.
External persons who contact or otherwise communicate with us and are not covered by the categories above.
2. WHO IS RESPONSIBLE FOR THE USE OF YOUR PERSONAL DATA?
Compensara AB (“Compensara”, “we”, “our”, or “us”) is responsible for the use of your personal data as described in this Notice. This means we are the data controller for the processing activities covered by this Notice. Please see section 11 below for contact information.
3. WHICH PERSONAL DATA DO WE COLLECT?
We only collect the personal data we need. The type of personal data we collect depends on how you interact with us. We may collect the following categories:
Identity information, such as your name and company affiliation.
Contact information, such as email address, phone number, and mailing address.
User-generated information, such as activity on our platform, including usage patterns, uploads, interactions, and user feedback.
Profile information, such as your job title and the name of your organization.
Communication, including contents of emails, contact form submissions, or responses to surveys.
Technical information, such as your IP address, browser type, device type, operating system, and usage logs.
Order and billing information, such as subscription tier, transaction history, and invoice details.
Marketing and preference data, such as your subscription to our newsletters or participation in webinars or campaigns.
Uploaded compensation data, if you are a customer, we may process salary or benchmarking data that you upload to the platform. You are responsible for ensuring that you have the right to share such data with us.
4. FROM WHERE DO WE COLLECT PERSONAL DATA?
We collect personal data from the following sources:
Directly from you. When you use our platform or website, request a demo, communicate with us, or otherwise interact with our services.
From your employer or organization. If you are a contact person for one of our customers, suppliers, or partners.
From uploaded content. If you or your organization upload compensation data or other user data to the platform.
From social media platforms. If you engage with our content or communicate with us via platforms like LinkedIn.
From cookies and similar technologies. When you browse our website or use our web app (see our cookie notice for details).
From publicly available sources. For example, if we research potential customer contacts or verify company details.
5. WHY DO WE USE YOUR PERSONAL DATA?
Below we describe the purposes for which we use personal data. Not all of the purposes listed below will apply to every individual, it depends on how you interact with us and which role you have.
Provide the Service
If you are a user of our platform, we use your personal data to provide the Service, for example, to set up and manage your user account, process compensation-related uploads, maintain secure logins, and deliver personalized content and features.
Communicate with you about the Service
We use your personal data to contact you about your use of the Service. This includes onboarding guidance, support messages, technical notices, reminders, and service-related notifications.
Manage the relationship with customers, partners, and suppliers
If you are a contact person at one of our customers, suppliers, or partners, we process your data to manage the relationship. This includes communication, contract administration, subscription and billing management, and handling of requests and agreements.
Share product updates, invites, and offers
We use your personal data to inform you about updates to the Service, relevant events, feature announcements, or offers that may interest you. You can unsubscribe from marketing communications at any time.
Analyze and improve the Service
We analyze how the Service is used in order to understand performance, identify bugs, and improve functionality. This is typically done on an aggregated or pseudonymized level.
Ensure technical functionality and security
We use personal data to ensure the technical operation and security of our platform, including detecting and preventing misuse, enforcing our Terms of Service, and managing incidents.
Fulfill legal obligations
We may process your data to comply with legal obligations, such as accounting requirements or responding to regulatory requests.
Evaluate and carry out business transactions
We may use personal data to evaluate or carry out mergers, restructurings, investments, or transfers of assets, including due diligence activities.
6. WHO DO WE SHARE PERSONAL DATA WITH?
Which third parties we share your personal data with depends on how you interact with us. Below we describe the main categories of recipients:
Service providers
We engage trusted service providers to support the delivery of our platform and operations. These include providers of infrastructure (such as cloud hosting and email services), analytics tools, customer support systems, and communication platforms. When these service providers process personal data on our behalf, they act as data processors and are contractually bound to protect your information.
Social media and advertising platforms
If you interact with our content on platforms like LinkedIn, or if we conduct targeted marketing, we may share limited data (such as hashed email addresses) with advertising platforms. In these cases, we may act as joint controllers with the platform regarding the data shared via tracking technologies. You can read more in our cookie notice.
Other users (if applicable)
If you intentionally share content or personal data in a way that is visible to other users (e.g., via collaborative features or shared benchmarking workspaces), that information may be accessible to those users. This only applies if the feature is available and explicitly used by you.
External advisors and authorities
We may share personal data with legal advisors, accountants, or auditors when necessary. We may also disclose personal data to public authorities or courts when required by law or to respond to lawful requests.
Buyers or investors
In connection with a merger, acquisition, investment, or sale of our business, we may share personal data with potential or actual buyers, investors, or their advisors, as part of due diligence or transaction execution.
7. YOUR RIGHTS
You have several rights in relation to your personal data. The rights described below apply if you are located in the EU/EEA and are protected under the General Data Protection Regulation (GDPR). If you are located outside the EU/EEA, you may have similar rights under your local legislation.
We usually respond to requests within one (1) month of receiving them. If your request is complex or if you’ve submitted multiple requests, we may need more time. In such cases, we will notify you within one month and explain why we need more time. If we cannot fully respond to your request, we will inform you of the reason.
We may need to confirm your identity before we can process your request. This helps ensure we don’t share or delete personal data by mistake.
Right to access (Article 15 GDPR)
You have the right to know whether we process your personal data. If we do, you can request a copy of the data we hold about you, along with information about how we use it.
Right to rectification (Article 16 GDPR)
You have the right to request that we correct inaccurate or incomplete personal data about you.
Right to withdraw consent (Article 7 GDPR)
If we rely on your consent to process your personal data, you can withdraw that consent at any time. Once withdrawn, we will stop processing your data for that specific purpose.
Right to erasure (Article 17 GDPR)
You have the right to request the deletion of your personal data in certain situations, for example, if the data is no longer necessary or if you withdraw your consent. Note that there are exceptions (e.g., we may need to retain data to comply with legal obligations).
Right to object (Article 21 GDPR)
You can object to our use of your personal data if we rely on legitimate interest as the legal basis. If we cannot show compelling reasons to continue processing, we will stop. You always have the right to object to direct marketing.
Right to restriction (Article 18 GDPR)
You may request that we restrict the processing of your personal data under certain circumstances, for example, while we investigate a correction request or if you object to the processing.
Right to data portability (Article 20 GDPR)
If we process your data based on your consent or a contract and the processing is automated, you may request that we provide your data in a structured, commonly used format or transfer it to another provider, where technically feasible.
Right to lodge a complaint
You can file a complaint with your local supervisory authority if you believe we are processing your personal data in violation of the law. In Sweden, the authority is the Swedish Authority for Privacy Protection (IMY)
8. COOKIES AND OTHER TECHNOLOGIES
We use cookies and similar technologies on our website and platform to ensure basic functionality, improve performance, and enhance your user experience.
A cookie is a small text file stored on your device when you visit a website. Some cookies are essential for the website to function properly, while others help us analyze usage or remember your preferences.
We may use the following types of cookies:
Necessary cookies – for essential functions like login and session management.
Functional cookies – to remember choices you make (e.g. language or login state).
Analytics cookies – to help us understand how visitors use our website and platform.
Marketing cookies – if used, these help deliver relevant ads on third-party platforms.
You can manage or block cookies through your browser settings. Please note that disabling cookies may impact your experience on our website or limit certain features.
9. WHERE WE PROCESS PERSONAL DATA
We primarily process your personal data within the European Union (EU)/European Economic Area (EEA). However, we use service providers that may process personal data in countries outside the EU/EEA (so-called “third countries”).
When personal data is transferred to a third country that does not offer an adequate level of protection according to the European Commission, we ensure appropriate safeguards are in place. These safeguards include:
The use of the European Commission’s Standard Contractual Clauses (SCCs) for international transfers; and
Supplementary technical, contractual, or organizational measures, where necessary, to ensure that your personal data remains protected.