Last updated: 06 April 2026.
We review this Privacy Policy regularly. Any material changes will be notified on this page and, where appropriate, via our website or Cookie settings banner.
As a natural part of doing business, Zooma Agency AB (“Zooma”) collect and process personal data. This Privacy Policy ("policy") explains how we collect, use, disclose, and store your personal data in compliance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive.
For detailed information on cookies and similar technologies we use on our website, including the specific cookies, purposes, providers, and how to manage your consent, please see our Cookie Policy.
We may update this policy from time to time in order to reflect, for example, changes to our privacy practices or for other operational, legal, or regulatory reasons. We will give you notice of such changes by posting the revised policy on our site, and where appropriate, by other means. By continuing to use this site after such changes are posted, you agree to the revised policy.
We collect and process personal data when you visit our website, interact with our content, or otherwise engage with us. The main purposes are to market and sell our services, provide relevant content, improve our offering, perform statistics, and (for customers) fulfil contracts.
Legitimate interests (Art. 6(1)(f) GDPR): For core website functionality, fraud prevention, service improvement, and direct marketing (where not overridden by your rights).
Consent (Art. 6(1)(a) GDPR): For non-essential cookies (statistics/analytics and marketing), certain profiling, email analytics where tracking pixels are used, and optional features such as social media integrations or surveys. Consent is obtained via our Cookie Settings banner (granular by purpose: functional, statistical, marketing). You can withdraw consent at any time with the same ease as giving it.
Contract (Art. 6(1)(b) GDPR): When you become a customer or enter into an agreement with us.
Providing personal data is generally voluntary, but failure to provide certain data (e.g., for forms or consented cookies) may limit your access to content, events, or services.
When you visit our site we may collect technical data such as your IP address, device type, operating system, browser, screen resolution, language, country/region, referral source, pages visited, and duration of visit. We use this to provide and improve the website experience.
We use cookies and similar technologies as described in detail in our Cookie Policy. Strictly necessary cookies are always active (legitimate interest / essential for the service). Non-essential cookies (functional beyond basics, statistical, and marketing) are only placed after you give prior, specific consent via our Cookie settings tool. We technically block non-essential cookies until consent is obtained.
For the full list of cookies (including name, provider, exact purpose, expiry, and privacy links), open our Cookie settings via the link at the bottom. Examples of third-party services setting cookies include Google, Cloudflare, and HubSpot.
When you fill out forms, use our chatbot, or request content, we collect name, email, organisation details, and your request. We process this to respond to you (legitimate interest or freely given consent).
We may use artificial intelligence tools to process information (e.g., for content analysis or generation) and some website content may be AI-assisted (text, images, media). All AI-generated content undergoes human review where appropriate. We do not use AI for solely automated decisions with significant legal or similar effects on individuals without appropriate safeguards.
When you use social media you may give your consent allowing such platforms to share, for example, your profile information, connections, follower counts and clicks with third parties, in which case we may collect and process such data when available. You may also decide to follow our updates and otherwise give your consent to us contacting you, in which case we may reach out with for example invitations to events.
If you receive email from us, we may use certain analytics tools, to capture data such as when you open our email or click on any links or attachments that our email contains.
From time-to-time we request information via surveys. Participation in these surveys is completely voluntary and you may choose whether or not to participate and therefore disclose this information.
Based on your website interactions (e.g., content consumed) and expressed interests, we may assign persona types to improve the relevance of our marketing and content. This processing is based on legitimate interest and does not involve solely automated decisions producing legal or similarly significant effects. You have the right to object to such profiling (see Rights section below).
We share personal data with trusted service providers acting as processors for purposes such as website analytics, marketing automation, heatmaps, surveys, and event management. These include Google, HubSpot, Hotjar (or equivalent), Eventbrite, Cloudflare, and our Cookie Information CMP provider.
Transfers within the EU/EEA are adequately protected. For transfers to the United States, providers participate in the EU-U.S. Data Privacy Framework (DPF) or offer appropriate safeguards (e.g., Standard Contractual Clauses with supplementary measures where required). We ensure contracts with processors include GDPR-compliant data processing agreements.
We do not sell your personal data to third parties.
In case your personal data is stolen from us, or one of our service providers, for example as a result of a deliberate cyber attack, such capture is to be considered force majeure. Our liability for direct or indirect damages as a result of unauthorised disclosure of data due to such an attack is limited to one (1) Swedish price base amount.
We retain personal data only as long as necessary for the purposes for which it was collected:
Website usage and cookie-derived data: Up to the cookie expiry period or as long as your consent is valid (plus a short period for withdrawal handling).
Marketing/contact data: As long as you have not withdrawn consent or objected.
Contractual data: For the duration of the contract plus statutory limitation periods (e.g., accounting or dispute resolution).
You may request earlier erasure where applicable (see Rights section). We delete or anonymise data when retention is no longer justified.
You have the right to:
To exercise these rights, contact us at removedata@zooma.se or via the details below. We respond without undue delay and within one month (extendable in complex cases).
You have the right to file a complaint with a supervisory authority such as The Swedish Data Protection Authority (Datainspektionen). We do however sincerely welcome you to contact us first hand for any questions regarding our processing of your personal data.
For any questions about this Privacy Policy or our data practices, please contact us. Our full contact details are:
Zooma Agency AB
Erik Dahlbergsgatan 14
411 26 Göteborg
Sweden
031-385 49 00
info@zooma.agency