Privacy Policy

Last updated: 2026-05-13·Version: 1.0

Bemalong AB ("Bemlo", "we", "us") respects your privacy. This privacy policy describes how we process personal data when you visit bemlo.com, contact us, apply for a job with us, or become a customer.

1. Data controller

Bemalong AB (reg. no. 559260-6718)
Norrsken House, Birger Jarlsgatan 57 C, 113 56 Stockholm, Sweden
Email: info@bemlo.com
Data protection: dpo@bemlo.com

2. What personal data we process and why

2.1 Visitors to bemlo.com

What

Page views, clicks, conversions (PostHog, Google Analytics)

Why

Understand how the website is used and improve it

Legal basis

Consent (cookies)

Retention

13 months

What

Identification of visiting organizations (Upsales)

Why

Identify potential customers

Legal basis

Consent (cookies)

Retention

13 months

What

Why

See separate cookie policy

Legal basis

Consent / necessary

Retention

See cookie policy

What	Why	Legal basis	Retention
Page views, clicks, conversions (PostHog, Google Analytics)	Understand how the website is used and improve it	Consent (cookies)	13 months
Identification of visiting organizations (Upsales)	Identify potential customers	Consent (cookies)	13 months
Cookies	See separate cookie policy	Consent / necessary	See cookie policy

2.2 If you contact us or book a demo

What

Name, email, phone number, company, role, message content

Why

Respond to your request, book a demo, follow up as a potential customer

Legal basis

Legitimate interest (B2B sales)

Retention

Up to 5 years after the most recent contact, or until you object

What	Why	Legal basis	Retention
Name, email, phone number, company, role, message content	Respond to your request, book a demo, follow up as a potential customer	Legitimate interest (B2B sales)	Up to 5 years after the most recent contact, or until you object

2.3 If you are employed by a customer (end user of Bemlo's scheduling platform)

If you are a healthcare worker using Bemlo's platform through your employer, Bemlo acts as a data processor on behalf of your employer. This means your employer is the data controller and determines the purpose and legal basis for the processing. Please contact your employer for information about the processing, or contact us at dpo@bemlo.com and we will refer you onward.

2.4 If you are a contact person at a customer organization

What

Name, email, phone, role, billing details, contract history

Why

Manage customer agreements, billing, support

Legal basis

Contract (art. 6.1.b) and legal obligation (accounting)

Retention

7 years after end of contract (Swedish Bookkeeping Act)

What	Why	Legal basis	Retention
Name, email, phone, role, billing details, contract history	Manage customer agreements, billing, support	Contract (art. 6.1.b) and legal obligation (accounting)	7 years after end of contract (Swedish Bookkeeping Act)

2.5 If you apply for a job with us

What

Application, CV, cover letter, references, communication during recruitment

Why

Assess your application and communicate with you

Legal basis

Consent

Retention

The entire recruitment process, and up to 2 years for future positions if you consent. You may withdraw your consent at any time.

What	Why	Legal basis	Retention
Application, CV, cover letter, references, communication during recruitment	Assess your application and communicate with you	Consent	The entire recruitment process, and up to 2 years for future positions if you consent. You may withdraw your consent at any time.

3. Who can access your personal data

We share personal data only with:

Data processors that help us deliver the service — such as hosting providers, email and communication, support, analytics, billing and accounting. A current list of our sub-processors is available at bemlo.com/security (or on request via dpo@bemlo.com).
Authorities, if we are required by law (e.g. the Swedish Tax Agency).
Auditors and advisors under confidentiality.

We never sell your personal data.

4. Transfers to third countries

Most of our providers process personal data within the EU/EEA. When personal data is transferred to countries outside the EU/EEA (primarily the USA), this is done on the basis of:

The EU–US Data Privacy Framework (where the provider is certified), or
The European Commission's Standard Contractual Clauses (SCCs) supplemented by technical and organizational safeguards.

You can request a copy of these safeguards by contacting dpo@bemlo.com.

5. Your rights

Under the General Data Protection Regulation (GDPR), you have the right to:

Access the personal data we process about you
Rectify inaccurate or incomplete data
Erase your data ("the right to be forgotten") where there is no legal basis to continue processing
Restrict processing under certain circumstances
Object to processing based on legitimate interest
Data portability — receive your data in a machine-readable format
Withdraw consent at any time, if processing is based on consent

We respond to your request within one month. Contact us at dpo@bemlo.com.

6. Complaints to a supervisory authority

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY):

imy.se
imy@imy.se
+46 8-657 61 00

7. Security

Bemlo is ISO/IEC 27001 certified (issued by RISE). We have appropriate technical and organizational security measures in place to protect your personal data against unauthorized access, loss, alteration and disclosure.

8. Changes

We may update this policy from time to time. The latest version is always available at bemlo.com/privacy. We will notify you of any material changes by email (if we have such a relationship) or through a clear notice on the website.

Ready to Transform Your Staffing?

See how your organization can reduce costs and enhance employee satisfaction today.

Book a Demo

Alexander Björkenstam

Co-Founder & CEO of Bemlo