Privacy Policy
PIMS-018 – Website Privacy and Cookie Notice
This notice explains how Epical Group collects, uses and protects personal data and cookies when you visit our website. It is issued pursuant to GDPR (Regulation (EU) 2016/679) Articles 13–14 and applicable national data protection laws.
1. Data controller
The controller of personal data collected through this website is the Epical Group entity relevant to your country. Contact us for all privacy enquiries at privacy@epicalgroup.com.
| Legal entity | Registration number | Country |
| Epical Sweden AB | 556581-8613 | Sweden |
| Epical Finland Oy | 3363888-7 | Finland |
| Qivada Oy | 3269509-7 | Finland |
2. What personal data we collect and why
We collect personal data in two ways on this website:
Data you provide directly
For example when you fill out a contact form, register for an event or webinar, or download a guide or e-book. This typically includes your name, email address, company name and other information you choose to submit.
Data collected automatically
Through cookies and similar tracking technologies when you browse the site. This includes IP address, browser type, pages visited, time spent on the site and referral source.
3. Legal bases for processing
We process personal data about website visitors on the following legal bases:
| Purpose | Legal basis |
| Analytics — understanding how the site is used | Legitimate interests (GDPR Art. 6(1)(f)) |
| Marketing automation and personalisation | Consent (GDPR Art. 6(1)(a)) |
| Responding to contact forms and event registrations | Consent / Contract (GDPR Art. 6(1)(a) and (b)) |
| Sending newsletters, guides and marketing content | Consent (GDPR Art. 6(1)(a)) |
| Operating and improving the website | Legitimate interests (GDPR Art. 6(1)(f)) |
Where we rely on legitimate interests, we balance those interests against your rights and freedoms. You may object to such processing at any time (see section 7). Where we rely on consent, you may withdraw it at any time without affecting prior lawful processing.
4. Cookies
Strictly necessary cookies
Cookies are small files placed on your device when you visit a website. We use the following categories of cookies:
Required for the website to function. These do not require your consent.
Analytics and performance cookies
Help us understand how visitors interact with the site, such as which pages are visited most. We use Google Analytics for this purpose.
Marketing and personalisation cookies
Used to track visitors across the website and third-party platforms in order to display relevant advertising and content. We use HubSpot as our marketing automation platform.
Third-party cookies
Set by external services integrated into the website, including Google Analytics, Google Ads, LinkedIn and Meta (Facebook). These providers may collect information about your browsing behaviour across different websites. Please refer to each provider’s own privacy policy for details.
Managing cookies
You can manage or withdraw consent for non-essential cookies at any time by adjusting the cookie settings on this site or via your browser settings:
Google Chrome — support.google.com/chrome
Mozilla Firefox — support.mozilla.org
Microsoft Edge — support.microsoft.com
Safari — support.apple.com
You can also opt out of Google Analytics at tools.google.com/dlpage/gaoptout and manage personalised advertising at youronlinechoices.com.
5. Third-party services and international data transfers
We use third-party service providers to operate this website, including:
- HubSpot — marketing automation, forms and email
- Google Analytics / Google Ads — web analytics and advertising
- LinkedIn — social sharing and advertising
- Meta (Facebook) — social sharing and advertising
- Google Tag Manager — tag management
Some of these providers are located outside the European Economic Area (EEA) or transfer data to countries outside the EEA. Where this occurs, Epical ensures appropriate safeguards are in place in accordance with GDPR Chapter V, including Standard Contractual Clauses (EU Commission Decision 2021/914) and, where applicable, adequacy decisions. Transfer impact assessments are conducted where required.
6. How long we keep your data
We retain personal data only as long as necessary for the purposes described above and in accordance with applicable law and PIMS-016-1 Data Retention and Deletion Policy. As a general principle:
- Analytics data (Google Analytics): up to 26 months
- Contact and event registration data: while the relationship is active, plus a reasonable period thereafter
- Marketing consent and related data: until you withdraw consent or unsubscribe, after which data are deleted from our marketing systems
After the applicable retention period, data are securely deleted or anonymised.
7. Your rights
As a data subject under GDPR, you have the following rights:
| Right | What it means |
| Right to be informed | To receive clear and transparent information about how your data is processed (this notice fulfils that obligation). |
| Right of access | To obtain a copy of the personal data we hold about you. |
| Right to rectification | To have inaccurate or incomplete data corrected. |
| Right to erasure | To request deletion of your data where applicable, subject to any legal retention obligations. |
| Right to restriction | To request that we temporarily limit the processing of your data. |
| Right to object | To object to processing based on legitimate interests or direct marketing at any time. |
| Right to data portability | To receive your data in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means. |
| Right to withdraw consent | At any time, without affecting the lawfulness of prior processing. |
| Right not to be subject to automated decisions | Including profiling, where this produces legal or similarly significant effects. |
How to exercise your rights
Submit a data subject access request (DSAR) to privacy@epicalgroup.com. We will acknowledge your request promptly and respond within one calendar month. For complex or numerous requests, we may extend this by up to two further months; if so, we will notify you within the first month. Responses are provided free of charge. We may ask you to verify your identity before processing your request.
8. Right to lodge a complaint
If you have concerns about how we process your personal data, you have the right to lodge a complaint with the supervisory authority in your country:
| Country / Authority | Website |
| Sweden — Integritetsskyddsmyndigheten (IMY) | imy.se |
| Finland — Office of the Data Protection Ombudsman (TSV) | tietosuoja.fi |
We encourage you to contact us first at privacy@epicalgroup.com so we can address your concerns directly.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These measures include access controls, encryption in transit and at rest, continuous security monitoring, and contractual safeguards with all third-party processors.
10. Updates to this notice
We may update this notice from time to time to reflect changes in processing activities, applicable law, or our use of cookies and third-party services. The current version date is indicated at the top of this page. Material changes will be communicated through appropriate channels.
11. Related documents
| Document ID | Title |
| PIMS-016 | Privacy Policy |
| PIMS-016-1 | Data Retention and Deletion Policy |
| PIMS-017 | Privacy Notice (employees and contractors) |
12. Contact and oversight
For any questions about this notice or about how we handle your personal data, please contact us at privacy@epicalgroup.com. Oversight is provided by the CSO acting as Privacy Lead.
