Ensait legal

Privacy Policy

Current version: 2026-06-12

Company: Xile Software AB
Registration Number: 559101-3452
Registered Office: Malmö, Sweden
Contact Email: support@ensait.se

1. Introduction

  1. 1.1Xile Software AB ("Xile", "we", "us", "our") respects your privacy and is committed to protecting personal data in line with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.
  1. 1.2This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, contact us, buy or use our services, or otherwise interact with us in a business relationship.

2. Data Controller

2.1 Activities

  1. 2.1.1Sales inquiries.
  1. 2.1.2Customer relationships.
  1. 2.1.3Billing and administration.
  1. 2.1.4Use of our own website.
  1. 2.1.5Marketing communications.

2.2 Processor Role

  1. 2.2.1Where we process personal data on behalf of customers, such as personal data collected through websites or systems we host or manage for them, we act as a data processor.
  1. 2.2.2In those cases, processing is governed by a separate Data Processing Agreement (DPA), and the customer remains the data controller.

3. Categories of Data Subjects

  1. 3.1We may process personal data relating to the following categories of individuals.
  1. 3.1.1Business customers.
  1. 3.1.2Prospective customers.
  1. 3.1.3Website visitors.
  1. 3.1.4Representatives of client companies.
  1. 3.1.5Suppliers and partners.

4. Personal Data We Collect

4.1 Contact Information

  1. 4.1.1Name.
  1. 4.1.2Company name.
  1. 4.1.3Email address.
  1. 4.1.4Phone number.
  1. 4.1.5Billing address.

4.2 Account and Service Information

  1. 4.2.1Login credentials, where applicable.
  1. 4.2.2Service usage details.
  1. 4.2.3Support tickets and related communications.
  1. 4.2.4Subscription details.
  1. 4.2.5Payment-related information.
  1. 4.2.6Public customer reference information, such as company name, domain name, public website screenshots, and non-confidential descriptions of delivered work.

4.3 Billing Information

  1. 4.3.1Invoices.
  1. 4.3.2Payment status.
  1. 4.3.3Transaction references.
  1. 4.3.4Other accounting-related records.
  1. 4.3.5We do not store full card details where payments are handled by third-party payment providers.

4.4 Website Usage Data

  1. 4.4.1IP address.
  1. 4.4.2Browser type.
  1. 4.4.3Device information.
  1. 4.4.4Pages visited.
  1. 4.4.5Date and time of access.
  1. 4.4.6This information may be collected through cookies or similar technologies. See the Cookies & Tracking section for more details.

5. Legal Basis for Processing

5.1 Contractual Necessity

  1. 5.1.1Article 6(1)(b) GDPR applies to providing our services, managing subscriptions, delivering support, and processing payments.

5.2 Legal Obligation

  1. 5.2.1Article 6(1)(c) GDPR applies to complying with Swedish accounting laws, maintaining financial records, and responding to lawful requests from authorities.

5.3 Legitimate Interests

  1. 5.3.1Article 6(1)(f) GDPR applies to business communication, improving and developing our services, security, monitoring and fraud prevention, limited B2B marketing to existing or prospective corporate clients, and limited customer reference use based on public business information.
  1. 5.3.2Where we rely on legitimate interests, we make sure those interests do not override your fundamental rights and freedoms.

5.4 Consent

  1. 5.4.1Article 6(1)(a) GDPR applies to non-essential cookies where required and to newsletters or similar communications where consent is required.

6. Purposes of Processing

  1. 6.1We process personal data for the following purposes.
  1. 6.1.1To provide and manage subscriptions.
  1. 6.1.2To deliver hosting, website, and related digital services.
  1. 6.1.3To respond to inquiries and support requests.
  1. 6.1.4To send service-related communications.
  1. 6.1.5To issue invoices and manage payments.
  1. 6.1.6To improve, maintain, and secure our services.
  1. 6.1.7To comply with legal and regulatory obligations.
  1. 6.1.8To show customer references, portfolio examples, case studies, and non-confidential descriptions of delivered work, where permitted by our Terms of Service or separate agreement.
  1. 6.2We do not sell personal data to third parties.

7. Storage and Security

7.1 Storage Location

  1. 7.1.1Personal data is primarily stored within Sweden or the European Union (EU/EEA).

7.2 Safeguards

  1. 7.2.1We apply appropriate technical and organizational safeguards.
  1. 7.2.2Secure hosting infrastructure.
  1. 7.2.3Access controls and authentication.
  1. 7.2.4Encrypted connections using SSL/TLS.
  1. 7.2.5Restricted internal access on a need-to-know basis.
  1. 7.2.6Regular security updates and maintenance.

8. Retention

  1. 8.1We retain customer data for the duration of the contract and for up to 24 months thereafter, unless a longer retention period is required by law or the data must be kept to establish, exercise, or defend legal claims.
  1. 8.2Where possible, data will be deleted earlier upon request if no legal obligation requires continued storage.
  1. 8.3Accounting and bookkeeping data is retained as required by Swedish law, currently for 7 years.
  1. 8.4Support communications are retained as long as reasonably necessary for service, troubleshooting, and documentation purposes.
  1. 8.5Marketing-related data is retained until you withdraw consent, unsubscribe, or object, as applicable.
  1. 8.6Customer reference material is retained for as long as it remains relevant for portfolio, case study, sales, or marketing purposes, unless the customer objects or requests removal and no legal reason requires continued retention.
  1. 8.7When personal data is no longer needed, it is securely deleted or anonymized.

9. Sharing and Subprocessors

9.1 Shared With

  1. 9.1.1Payment providers.
  1. 9.1.2Hosting and infrastructure providers.
  1. 9.1.3IT and software service providers.
  1. 9.1.4Accounting and financial service providers.

9.2 Safeguards for Providers

  1. 9.2.1Subprocessors are bound by data processing agreements where required.
  1. 9.2.2Subprocessors must meet GDPR and applicable security requirements.
  1. 9.2.3Processing is limited to what is necessary for the relevant service.

9.3 International Transfers

  1. 9.3.1We do not transfer personal data outside the EU/EEA unless appropriate safeguards are in place.
  1. 9.3.2Where such transfers occur, we rely on lawful transfer mechanisms, such as Standard Contractual Clauses (SCCs) adopted by the European Commission.

10. Processing on Behalf of Clients

  1. 10.1When we host or manage websites, systems, or services for customers, we may process personal data strictly on their documented instructions.
  1. 10.2In those cases, the customer is the data controller and Xile is the data processor.
  1. 10.3A separate Data Processing Agreement (DPA) applies.
  1. 10.4We do not determine the purpose of that processing.

11. Cookies and Tracking

  1. 11.1We use cookies and similar technologies for the following purposes.
  1. 11.1.1Necessary website functionality.
  1. 11.1.2Security.
  1. 11.1.3Analytics.
  1. 11.1.4Performance monitoring.
  1. 11.2Where required by law, we obtain consent before placing non-essential cookies or similar technologies.
  1. 11.3More detailed information is available in our Cookie Policy.

12. Your GDPR Rights

12.1 Available Rights

  1. 12.1.1Depending on the circumstances, you may have the following rights.
  1. 12.1.2Right of access.
  1. 12.1.3Right to rectification.
  1. 12.1.4Right to erasure.
  1. 12.1.5Right to restrict processing.
  1. 12.1.6Right to object.
  1. 12.1.7Right to data portability.
  1. 12.1.8Right to withdraw consent at any time.

12.2 Exercising Rights

  1. 12.2.1To exercise your rights, contact us at support@ensait.se.
  1. 12.2.2We will respond within one month where required by GDPR.

13. Data Security

  1. 13.1We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure.
  1. 13.2Access to personal data is limited to authorized personnel who need it for legitimate business purposes.

14. Personal Data Breaches

  1. 14.1If a personal data breach occurs, we will investigate the incident, take appropriate mitigation steps, notify affected customers where required, and report the breach to the Swedish Authority for Privacy Protection (IMY) where legally required.

15. Complaints

  1. 15.1If you believe your personal data has been handled unlawfully, you have the right to lodge a complaint with Integritetsskyddsmyndigheten (IMY).
  1. 15.2IMY's website is https://www.imy.se.
  1. 15.3We encourage you to contact us first so we have the chance to resolve the issue directly.

16. Children

  1. 16.1Our services are intended for businesses. We do not knowingly collect personal data from individuals under the age of 18.

17. Automated Decision-Making

  1. 17.1We do not carry out automated decision-making or profiling that produces legal effects or similarly significant effects for individuals.

18. Changes to this Policy

  1. 18.1We may update this Privacy Policy from time to time.
  1. 18.2The latest version will always be available on our website.
  1. 18.3If we make significant changes, we will communicate them where appropriate.