← Back to site
Legal

Privacy Policy

Last updated: 11 May 2026 · Effective date: 11 May 2026

1. Who we are

This Privacy Policy describes how Olai Business Consulting AB ("Olai", "we", "us", or "our") collects, uses, stores, and shares personal data when you visit our website at olaibusiness.se, contact us, or engage us for consulting, performance media, analytics, or platform services (including our product Quiver).

Olai Business Consulting AB is a Swedish limited company based in Sundsvall, Sweden. We act as a data controller for the personal data we process about our website visitors, prospects, and direct clients. When we process personal data on behalf of a client (for example, when operating advertising or analytics on their behalf), we act as a data processor under that client's instructions.

For any questions about this policy or your personal data, contact us at hello@olaibusiness.se.

2. What data we collect

We collect the following categories of personal data:

  • Contact data you provide when you reach out — name, email address, company, phone number, and the content of your message.
  • Client and engagement data — account details, billing information, and information shared during the course of an engagement.
  • Usage and device data — IP address, browser type, device type, pages viewed, referring URL, and timestamps, collected via standard server logs and privacy-respecting analytics.
  • Marketing platform data — when authorised, we access advertising and analytics data from third-party platforms (such as Google Ads, Google Analytics, Meta, LinkedIn, TikTok) on behalf of our clients in order to operate, measure, and report on campaigns.
  • Cookies and similar technologies — see Section 7.

3. How we use your data

We use personal data to:

  • Respond to inquiries and provide requested information.
  • Deliver our consulting, media, analytics, and platform services.
  • Operate, secure, maintain, and improve our website and Quiver.
  • Manage advertising and measurement on behalf of our clients, including connecting to and reading from APIs such as the Google Ads API, Google Analytics Data API, and similar platforms.
  • Send service-related communications and, where permitted, relevant updates.
  • Comply with legal, accounting, and regulatory obligations.

4. Legal bases (GDPR)

We process personal data on the following legal bases under the EU General Data Protection Regulation (GDPR):

  • Contract — to enter into or perform an agreement with you or your organisation.
  • Legitimate interest — to operate our business, secure our systems, and communicate with prospects and clients in a proportionate way.
  • Consent — where required, for example for non-essential cookies or marketing communications.
  • Legal obligation — to comply with applicable laws, including bookkeeping and tax requirements.

5. Google API Services and Google user data

When a client authorises Olai to access their Google accounts (for example, Google Ads or Google Analytics), we access that data exclusively to deliver the services the client has engaged us for — such as campaign management, reporting, measurement, and platform integration via Quiver.

Olai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide or improve the user-facing features the client has authorised.
  • We do not sell Google user data.
  • We do not use Google user data for advertising, including retargeting or personalised or interest-based advertising.
  • We do not allow humans to read Google user data unless we have the client's affirmative agreement for specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for our internal operations where the data has been aggregated and anonymised.
  • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets, in each case with notice to affected clients.

Clients can revoke our access to their Google accounts at any time through their Google account settings at myaccount.google.com/permissions or by contacting us.

6. Sharing and sub-processors

We share personal data only with parties that help us run our business and deliver our services. These currently include:

  • Cloud and hosting providers for hosting, storage, and infrastructure (e.g. Vercel, AWS, Google Cloud).
  • Advertising and analytics platforms such as Google, Meta, LinkedIn, and TikTok, when operated on behalf of a client.
  • Business tools for email, CRM, billing, and productivity.
  • Professional advisors such as accountants and legal counsel.
  • Authorities where we are legally required to disclose data.

We do not sell personal data. Where sub-processors are located outside the European Economic Area, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

7. Cookies

Our website uses a minimal set of cookies and similar technologies for core functionality and aggregated, privacy-respecting analytics. Where required, we ask for your consent before setting non-essential cookies. You can control cookies through your browser settings.

8. Data retention

We retain personal data only as long as needed for the purposes described in this policy or as required by law. Contact and inquiry data is typically retained for up to 24 months from last contact. Client engagement and billing records are retained for the period required by applicable Swedish accounting law (currently seven years).

9. Security

We apply technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or disclosure. These include access controls, encryption in transit, least-privilege principles, and audit logging for systems that handle client and platform data.

10. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing based on our legitimate interests. Where processing is based on consent, you may withdraw consent at any time. To exercise these rights, contact us at hello@olaibusiness.se.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or your local supervisory authority.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated through the website or by direct notice where appropriate.

12. Contact

Olai Business Consulting AB
Sundsvall, Sweden
Email: hello@olaibusiness.se