Regulatory Alignment & Compliance
Effective Date: 1 January 2026 · Last Updated: 1 January 2026
Privacy Policy
This Privacy Policy describes how CedarVectorLabs ("Controller," "we," "us," or "our"), registered at 416 64, Danska Vägen 76, Göteborg, Sweden, collects, processes, stores, and protects personal data in accordance with the European Union General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Swedish Data Protection Act (Datastskydsförordningen).
1. Data Controller Identity
The Data Controller responsible for processing your personal data is:
Entity: CedarVectorLabs
Address: 416 64, Danska Vägen 76, Göteborg, Sweden
Email: [email protected]
Phone: +46 79 263 81 90
2. Categories of Personal Data Processed
We process the following categories of personal data:
- Identity Data: Full name, email address, and any information voluntarily provided through contact forms or direct correspondence.
- Technical Data: IP address, browser type and version, operating system, device identifiers, and access timestamps collected automatically through our web infrastructure.
- Usage Data: Page interaction patterns, navigation paths, and feature engagement metrics collected via analytics instrumentation.
- Communication Data: Contents of messages, inquiries, and correspondence transmitted through our contact channels.
3. Legal Bases for Processing
We process personal data under the following legal bases as defined in Article 6(1) GDPR:
- Consent (Art. 6(1)(a)): Where you have given explicit, informed, and freely given consent for specific processing purposes, such as marketing communications or analytics cookie deployment.
- Contractual Necessity (Art. 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request.
- Legitimate Interest (Art. 6(1)(f)): Where processing is necessary for our legitimate interests in operating, securing, and improving our digital services, provided such interests are not overridden by your fundamental rights.
- Legal Obligation (Art. 6(1)(c)): Where processing is required to comply with applicable legal obligations under EU or Swedish law.
4. Data Retention Periods
Personal data is retained only for the duration necessary to fulfil the purposes for which it was collected:
- Contact form submissions: Retained for 24 months from the date of submission, after which they are permanently deleted from all systems.
- Contractual and transactional data: Retained for the duration of the contractual relationship plus 7 years, in accordance with Swedish bookkeeping legislation (Bokföringslagen 1999:1078).
- Analytics and technical data: Anonymised after 13 months of collection.
- Marketing consent records: Retained for the duration of consent plus 3 years for audit purposes.
5. Data Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including but not limited to:
- Encryption of personal data in transit (TLS 1.3) and at rest (AES-256).
- Access controls with principle of least privilege enforcement.
- Regular security assessments and penetration testing.
- Incident response procedures with 72-hour breach notification capability in accordance with Article 33 GDPR.
- Regular backups with tested recovery procedures.
6. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) approved by the European Commission, or verification that the destination country provides an adequate level of data protection as determined by the European Commission under Article 45 GDPR.
7. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15): You may request confirmation of whether we process your personal data and obtain a copy of such data.
- Right to Rectification (Art. 16): You may request correction of inaccurate personal data.
- Right to Erasure (Art. 17): You may request deletion of your personal data where processing is no longer necessary or consent is withdrawn.
- Right to Restriction (Art. 18): You may request restriction of processing in specific circumstances.
- Right to Data Portability (Art. 20): You may request receipt of your personal data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21): You may object to processing based on legitimate interests, including direct marketing.
- Right to Withdraw Consent (Art. 7(3)): You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond to all requests within 30 days.
8. Right to Lodge a Complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten), BOX 3075, 351 34 VÄXJÖ, Sweden, or with the supervisory authority of your EU Member State of residence.
Refund Policy
This Refund Policy governs the terms under which CedarVectorLabs, registered at 416 64, Danska Vägen 76, Göteborg, Sweden, issues refunds for services rendered. This policy complies with the EU Consumer Rights Directive (2011/83/EU) and Swedish consumer protection legislation (Konsumentköpslagen 1990:932).
1. Scope
This policy applies to all digital services, consulting engagements, and development projects contracted through CedarVectorLabs. As our services are predominantly bespoke digital deliverables, standard withdrawal rights under EU consumer law may be limited once project execution has commenced with your explicit authorisation.
2. Milestone-Based Refund Structure
All project engagements are structured around defined delivery milestones. Refund eligibility is assessed based on the completion status of each milestone:
- Pre-Execution Cancellation: If cancellation is requested before any project work has commenced, a full refund of all advance payments will be issued within 14 business days.
- Partial Milestone Completion: Where a milestone has been partially completed, the refund amount will be calculated proportionally based on the percentage of deliverables completed against the milestone specification.
- Post-Completion: Once a milestone has been delivered and accepted (or 10 business days have elapsed since delivery without written objection), that milestone is considered finalised and non-refundable.
3. Defective Delivery
If delivered work materially fails to meet the specifications agreed in the project scope document, you are entitled to one round of complimentary remediation. If remediation does not bring the deliverable within specification, a proportional refund will be issued for the affected milestone.
4. Refund Request Process
To request a refund, contact us at [email protected] with:
- Your project reference number
- A description of the refund grounds
- Supporting documentation (e.g., correspondence, deliverable screenshots)
All refund requests will be acknowledged within 3 business days and resolved within 30 calendar days of submission.
5. Refund Method
Approved refunds will be issued via the original payment method. Processing times depend on the payment provider and typically range from 5–14 business days. Bank transfer refunds may require additional verification steps.
6. Dispute Resolution
In the event of a refund dispute, both parties agree to attempt resolution through good-faith negotiation before pursuing alternative dispute resolution. EU consumers may also use the European Commission's Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr.
Terms of Service
These Terms of Service ("Terms") govern your access to and use of services provided by CedarVectorLabs, registered at 416 64, Danska Vägen 76, Göteborg, Sweden ("Provider," "we," "us," or "our"). By engaging our services, you ("Client" or "you") agree to be bound by these Terms.
1. Scope of Services
Services are defined in the applicable Statement of Work ("SOW") or Service Agreement executed between the parties. The SOW specifies the scope, deliverables, timeline, and pricing for each engagement. These Terms supplement and form an integral part of every SOW.
2. Project Execution & Acceptance
Work proceeds in defined milestones as specified in the SOW. Upon delivery of each milestone:
- The Client has 10 business days to review and provide written acceptance or detailed rejection with specific deviation notes.
- Failure to respond within the review period constitutes automatic acceptance of the delivered milestone.
- Accepted milestones are invoiced according to the payment schedule defined in the SOW.
3. Payment Terms
- Invoices are issued upon milestone acceptance and are payable within 14 calendar days of invoice date.
- Late payments incur interest at the statutory rate under the Swedish Räntelagen (1975:635), currently 8 percentage points above the Riksbank reference rate.
- All prices are quoted in Euros (€) exclusive of applicable Value Added Tax (VAT), which will be added at the prevailing rate where required by law.
- Expenses incurred on behalf of the Client (e.g., third-party software licences, API fees) are invoiced separately with prior written approval.
4. Intellectual Property
Upon full payment of all applicable invoices:
- All custom code, designs, and documentation created specifically for the Client under the SOW are assigned to the Client.
- The Provider retains ownership of all pre-existing frameworks, libraries, methodologies, and general-purpose tools used in the delivery of services.
- The Provider grants the Client a perpetual, non-exclusive, royalty-free licence to use any Provider-owned components embedded in the deliverables.
- The Provider may reference the engagement in marketing materials unless the Client objects in writing.
5. Confidentiality
Both parties agree to maintain the confidentiality of all non-public information disclosed during the engagement. This obligation survives termination of the agreement for a period of 3 years. Exclusions apply to information that: (a) is publicly available through no fault of the receiving party, (b) was already known to the receiving party prior to disclosure, or (c) is required to be disclosed by law or court order.
6. Limitation of Liability
To the maximum extent permitted by applicable law:
- The Provider's total aggregate liability under any SOW shall not exceed the total fees paid by the Client under that SOW in the 12 months preceding the claim.
- Neither party shall be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunity.
- These limitations do not apply to liability arising from gross negligence, wilful misconduct, or breach of confidentiality obligations.
7. Data Processing Agreement
Where the Provider processes personal data on behalf of the Client in the course of delivering services, the parties shall execute a separate Data Processing Agreement ("DPA") in compliance with Article 28 GDPR. The DPA shall specify the subject matter, duration, nature, and purpose of processing, the types of personal data, and the categories of data subjects.
8. Force Majeure
Neither party shall be liable for failure or delay in performance caused by circumstances beyond reasonable control, including but not limited to natural disasters, pandemics, war, government actions, telecommunications failures, or cyberattacks. The affected party shall notify the other party within 48 hours and use reasonable efforts to mitigate the impact.
9. Termination
Either party may terminate a SOW with 30 days' written notice. In the event of termination:
- The Client is obligated to pay for all milestones completed and accepted prior to the termination date.
- The Provider shall deliver all work-in-progress and associated documentation within 10 business days of termination notice.
- Termination for material breach requires 14 days' written notice with specific breach details and an opportunity to cure.
10. Governing Law & Dispute Resolution
These Terms are governed by the laws of Sweden. Any dispute arising from or relating to these Terms or the services provided shall first be submitted to mediation administered by the Stockholm Chamber of Commerce. If mediation is unsuccessful within 60 days, the dispute shall be finally settled by arbitration under the SCC Arbitration Rules, with the seat of arbitration in Gothenburg, Sweden.
11. Amendments
These Terms may be amended by the Provider with 30 days' written notice. Continued engagement after the amendment effective date constitutes acceptance. Material changes to existing SOWs require mutual written agreement.
Contact for Legal Inquiries:
CedarVectorLabs
416 64, Danska Vägen 76, Göteborg, Sweden
Email: [email protected]
Phone: +46 79 263 81 90