PRIVACY POLICY Effective date: January 1, 2026

This Privacy Policy applies to the website www.optionspartner.se and www.optionspartner.com and any subdomains or related applications (collectively, the “Service”) operated by Optionspartner AB, company registration number 559214-5089 (“we”, “us”, “our”, or “Optionspartner”).

Introduction

When you use our services, you trust us with your information. We are committed to safeguarding that trust through transparent, lawful, and secure processing of personal data.

This Privacy Policy explains what personal data we collect, how we use and share it, and the rights you have regarding your data. We prioritize data protection and process all personal data in accordance with applicable law, primarily the EU General Data Protection Regulation (GDPR) (EU) 2016/679, supplemented by Swedish national legislation (e.g., the Data Protection Act (2018:218)).

We have implemented technical and organisational measures to ensure GDPR compliance. This Policy is not exhaustive but outlines our key principles. We may update it periodically to reflect legal changes, service developments, or best practices. The current version is always available on our website.

We (and, where applicable, our subsidiaries) act as the data controller for personal data provided to us.

Definitions

  • Personal data: Any information relating to an identified or identifiable natural person (data subject).
  • Processing: Any operation performed on personal data (collection, recording, storage, use, disclosure, erasure, etc.).
  • Controller: The entity that determines the purposes and means of processing (Optionspartner AB).
  • Processor: A third party that processes data on our behalf.

Personal Data We Collect and Process

We collect and process personal data depending on how you interact with the Service. This may include:

  • Automatically collected technical data (when you visit our website, even without registration): IP address, date and time of request, time zone, content of the request, HTTP status code, data volume transferred, referrer URL, browser type and version, operating system, and language settings. Legal basis: Article 6(1)(f) GDPR (legitimate interest in ensuring website functionality, stability, and security).
  • Data you provide voluntarily: Name, address, email address, phone number, personal identity number, bank account details, or other information submitted via forms, registration, affiliate programs, or service use.
  • Other data: Usage data, analytics, or information necessary for affiliate payments, administration, or service delivery.

We only collect data that is adequate, relevant, and limited to what is necessary (data minimisation).

Purposes and Legal Basis for Processing

We process personal data for the following purposes:

  • Providing and maintaining the Service, including access to features and affiliate program administration.
  • Processing payments to affiliates and handling contractual obligations.
  • Internal administration, analytics, improvement of our services, and security.
  • Complying with legal obligations (e.g., accounting, tax, or regulatory requirements).
  • Defending legal claims or detecting/preventing fraud and criminal activity.
  • Marketing and communication, where permitted by law (with consent where required or based on legitimate interest with an opt-out option).

Where we rely on legitimate interests (Article 6(1)(f) GDPR), we conduct a balancing test to ensure your rights and freedoms do not override our interests. You can request details of such assessments.

We may process data for additional compatible purposes in line with GDPR Article 6(4).

International Transfers of Personal Data

If we transfer personal data outside the EU/EEA (e.g., to service providers in the United States), we ensure an adequate level of protection through:

  • Adequacy decisions (where applicable, including the EU-US Data Privacy Framework for certified entities).
  • Standard Contractual Clauses (SCCs) issued by the European Commission, supplemented by appropriate safeguards and transfer impact assessments.
  • Other approved mechanisms (e.g., Binding Corporate Rules).

We regularly review these safeguards, especially in light of evolving case law and guidance.

Sharing and Disclosure of Personal Data

We may share personal data with:

  • Subsidiaries or trusted processors (e.g., hosting providers, analytics services, payment processors) bound by data processing agreements.
  • Legal authorities when required by law or to protect our rights, safety, or property.

We do not sell, rent, or trade personal data to third parties for marketing purposes. Disclosure without your consent occurs only when legally required or necessary for the purposes above.

Where the Data Act applies to non-personal data generated by connected products/services, we handle sharing in compliance with its fairness, transparency, and access rules, while ensuring personal data remains protected under GDPR.

Your Rights (Data Subject Rights)

Under the GDPR, you have the following rights (subject to applicable conditions and exceptions):

  • Right of access — Obtain confirmation and a copy of your personal data.
  • Right to rectification — Correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — Request deletion when data is no longer necessary or processing is unlawful.
  • Right to restriction of processing.
  • Right to data portability — Receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to object to processing based on legitimate interest or for direct marketing.
  • Right to withdraw consent at any time (where processing is based on consent) — This does not affect the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decision-making, including profiling, where it produces legal or similarly significant effects (if applicable).
  • Right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) or your local supervisory authority.

To exercise these rights, contact us at the details below. We will respond without undue delay and within one month (extendable in complex cases).

We strive to keep your data accurate and delete or anonymise it when no longer needed for the original purposes or legal retention obligations.

Security

We implement appropriate technical and organisational measures (e.g., encryption, access controls, regular testing) to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Cookies and Similar Technologies

We use cookies and similar technologies to enhance functionality, analyse usage, and provide personalised experiences.

Our use of cookies complies with the GDPR and ePrivacy rules. We provide clear information about cookies via a consent banner that offers balanced, equally prominent options to accept or reject non-essential cookies (no dark patterns).

You can manage preferences through our cookie settings or your browser. Note that disabling certain cookies may affect website functionality.

We use services such as Google Analytics and Microsoft Clarity for web analytics. These providers process data on our behalf with IP anonymisation where possible. Data may be transferred to the US under appropriate safeguards (e.g., SCCs or Data Privacy Framework certification). You can opt out via browser settings or provider-specific tools.

Social Plugins

We may embed social plugins from providers such as Meta (Facebook), X (formerly Twitter), or Microsoft. These can set cookies and transmit data (including your IP address) to the respective providers when you interact with them or even load the page.

If you are logged into a social network, the provider may link your visit to your account. For details on how these providers process data and your rights, please refer to their privacy policies.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in social integration and marketing), unless consent is required for specific features.

To prevent data transmission, log out of social accounts before visiting our site or use appropriate browser extensions.

Web Analysis and Third-Party Services

For analytics, we use the providers mentioned above. Information generated by cookies about your website use is typically transmitted to servers in the US (with IP anonymisation applied where configured) and processed on our behalf to generate reports and improve the Service.

You can prevent cookie storage via browser settings or opt out using provider tools (e.g., browser add-ons).

Legal basis: Article 6(1)(f) GDPR.

Contact Information

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at: security@optionspartner.com

We may also appoint a Data Protection Officer (DPO) if required by law; contact details will be provided where applicable.