Roxen/Privacy Policy

Privacy Policy

Roxen processes very limited personal data, primarily contact information provided voluntarily by customers. We do not use cookies, analytics, tracking, or marketing profiling on our public website. In our SaaS platform, we use strictly necessary cookies for user authentication and essential functionality. Our privacy practices are supported by formal information security policies and standards.

1. Purpose
This Privacy Policy describes how Roxen processes personal data in connection with its business operations, website, and communications.

Roxen is the data controller for the processing described in this policy. We are committed to protecting personal data and handling it responsibly, transparently, and in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).

This Privacy Policy is aligned with Roxen’s Information Security Policy and supports security standards.

2. Scope
This policy applies to:

  • Business contacts, customers, and other professional contacts
  • Individuals who contact Roxen via our website or other communication channels

It does not apply to recruitment-related processing. Job applications and candidate data submitted through Roxen’s careers page and are governed by the privacy policy of the recruitment platform used (https://career.roxen.com/en/data-privacy).

 3. Governance & responsibilities
Management is responsible for establishing and maintaining effective privacy governance aligned with applicable data protection laws and Roxen’s business objectives. This policy document is formally owned by the CEO.

Privacy and data protection is a shared responsibility across management, operations, and other relevant functions, with designated ownership for privacy oversight and policy maintenance.

All employees, contractors, and other authorized parties are required to comply with this Privacy Policy and any applicable supporting policies and standards.

4. Personal data we collect
4.1 Information you provide voluntarily
We only collect personal data that you choose to provide to us, for example when you:

  • Contact us via a form on our website
  • Communicate with us by email or other direct correspondence
  • Engage with us in meetings or business discussions

Depending on the context, this may include:

  • Name
  • Company or organization
  • Job title
  • Contact details (such as email address or telephone number)
  • Information you choose to include in your message or enquiry

We do not collect more personal data than is necessary for the stated purposes.

4.2 Website usage
Roxen does not use cookies, analytics tools, tracking technologies, or similar mechanisms on its public website. We do not track visitors, build profiles, or monitor browsing behavior.

4.3 SaaS platform functionality
Roxen provides a Saas platform to customers. Within the platform, we use strictly necessary cookies and similar technical mechanisms to:

  • Authenticate users
  • Maintain secure user sessions
  • Store user preferences and settings
  • Ensure platform security and functionality

These cookies are essential for the operation of the service and do not involve tracking, analytics, advertising, or behavioral profiling.
The platform does not use third-party marketing or tracking cookies.

5. How we use personal data
We process personal data only for clear and limited purposes:

  • To respond to enquiries or requests you submit to us
  • To communicate with you in relation to an existing or potential business relationship
  • To manage and maintain professional contacts
  • To comply with applicable legal or regulatory obligations

Personal data is not used for advertising, behavioral tracking, or unsolicited marketing.

6. Legal basis for processing
We process personal data based on one or more of the following legal grounds, as applicable:

  • Legitimate interests: to respond to enquiries and manage professional relationships
  • Contractual necessity: where processing is required to perform or prepare a contract
  • Consent: where you explicitly request or approve specific processing
  • Legal obligation: where processing is required by law

Where processing is based on consent, you may withdraw your consent at any time.

7. Sharing of personal data
Roxen does not sell, trade, or use personal data for marketing purposes. We may share personal data only in limited circumstances, such as:

  • Internally, with colleagues, including those located outside the EU/EEA, only when necessary to handle your request and only where appropriate safeguards are in place
  • With a business partner, only if you ask us to do so or provide your explicit consent
  • With trusted service providers who process data on our behalf under contractual confidentiality and security obligations
  • Where required to comply with legal obligations or to establish, exercise, or defend legal claims

Roxen uses Amazon Web Services (AWS) as its cloud infrastructure provider. AWS processes data solely for the purpose of operating and securing the underlying infrastructure, in accordance with contractual and security obligations.

All data sharing is carried out in accordance with applicable data protection laws and Roxen’s internal security policies.

8. International data transfers
Roxen operates its services using cloud infrastructure provided by Amazon Web Services (AWS). Services may be deployed in AWS regions aligned with customer contractual and regulatory requirements.

Where personal data is transferred outside the EU/EEA, Roxen ensures that appropriate safeguards are in place in accordance with applicable data protection laws, including contractual protections and other lawful transfer mechanisms where required.

9. Data retention
Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, unless a longer retention period is required by law.

When personal data is no longer needed, it is securely deleted or anonymized in accordance with Roxen’s information security practices.

10. Information security
Roxen implements appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or loss.

These measures are aligned with Roxen’s Information Security Policy and supporting standards covering access control, cloud security, secure development, vulnerability management, and incident response.

In the event of a personal data breach that poses a risk to individuals’ rights or freedoms, Roxen will notify relevant supervisory authorities and affected individuals in accordance with applicable data protection laws.

11. Your rights
Under applicable data protection laws, you have the right to:

  • Request access to your personal data
  • Request rectification of inaccurate or incomplete data
  • Request erasure of your personal data
  • Request restriction of processing
  • Object to certain processing activities
  • Request data portability, where applicable
  • Lodge a complaint with a supervisory authority

Requests may be submitted using the contact details below. We will respond without undue delay and in accordance with legal requirements.

12. Questions, concerns, and disputes
If you have questions or concerns about how we handle personal data, we will address them properly, transparently, and in good faith.

Any formal disputes relating to this Privacy Policy or the processing of personal data shall be finally settled under the rules of the Stockholm Chamber of Commerce.

13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. The latest version will always be published on our website.

14. Contact
If you have questions, requests, or concerns related to this Privacy Policy or the processing of personal data, please refer to the contact details published on Roxen’s website.

 

 

Valid: Feb, 2026