GDPR Compliance

Effective Date: April 13, 2025

Globy AB (“Globy AI”, “we”, “our”, or “us”) is committed to full compliance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679). This page outlines how we comply with GDPR and protect the personal data of individuals within the European Economic Area (EEA).

Lawful Basis for Processing Data

We only process personal data where we have a lawful basis, including:

• Consent (e.g., newsletter sign-up)
• Contractual necessity (e.g., account registration and service delivery)
• Legal obligations (e.g., accounting and regulatory compliance)
• Legitimate interests (e.g., improving services, preventing fraud)

Your Rights Under GDPR

As an individual located in the EU or EEA, you have the right to:

• Access – Request access to your personal data
• Rectification – Request correction of inaccurate or incomplete data
• Erasure – Request deletion of your data (“Right to be forgotten”)
• Restrict Processing – Ask us to limit how we use your data
• Data Portability – Request a copy of your data in a usable format
• Object – Object to data processing in certain circumstances
• Withdraw Consent – Where we rely on consent, you can withdraw it at any time

To exercise any of these rights, please email us at hello@globy.ai.

Data Transfers Outside the EU

Globy AI operates globally. If we transfer your data outside the EEA (e.g., to cloud providers or service tools), we ensure adequate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)
• Providers certified under EU-U.S. Data Privacy Framework (if applicable)

Security Measures

We implement robust technical and organizational measures to safeguard your personal data, including:

• SSL encryption on all data transmissions
• Secure cloud infrastructure
• Role-based access control
• Regular audits and security reviews

Data Processor Relationships

We ensure that all third-party processors:

• Adhere to GDPR standards
• Enter into binding Data Processing Agreements
• Process data only on our instructions

Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in our Privacy Policy and comply with legal requirements.

Supervisory Authority Contact

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority.

In Sweden, the relevant authority is:

Integritetsskyddsmyndigheten (IMY)

Website: https://www.imy.se

Contact Us

If you have any questions about our GDPR practices, or would like to exercise your rights:

Email: hello@globy.ai

Address: Grönviken 172, 865 92 Alnö

Effective Date: April 13, 2025