Integrity Policy

Read more about GDPR & Personal Data

Wining, victory, and life goals concept.

We think your privacy is important and we handle your personal data in accordance with the GDPR regulations

We collect personal data in accordance with GDPR and PUL. The personal data is used to enter into the agreements with users and customers that are required and to be able to comply with the Accounting Act. This means that we must collect contact information from our users and customers. We follow the applicable law at all times and report below only how we treat personal data for customers intended if you work at one of our partners, is customer / consultant who holds F-tax and uses our billing service or if you as a private person want to hire us through a own employee. In order for Billfactory to process personal data, we must have support in the law, that is, a legal basis. In order for our processing of personal data to be lawful, it is necessary to enter into or fulfill an agreement, or to fulfill a legal obligation incumbent on Billfactory. Processing of personal data may also be carried out after balancing interest, where Billfactory’s interest in performing a processing of data is weighed against the data subject’s interest in privacy protection, or after the data subject has given consent to the processing. A consent is given separately and can always be revoked.

Compliance Agreement:
We process personal data in order to be able to conclude and fulfill the agreement we have with customer. We may, for example, need to treat the contact person at a partner’s personal information. Regardless of the customer who uses our billing service, we need to process personal data partly in order to be able to contact people and it may be required for invoice data. We may also need to process the consumer’s personal information if we need to contact them or for invoice data for the service they purchase from us. The purpose may be questions regarding the service to be delivered, in order for us to be able to administer the employment relationship for our self-employed and complete agreements with the customer. Contacts with a customer may be required, for example, in order to ensure that our own employees work under safe conditions and experience a satisfactory working environment during their assignments.

Legal obligation:

Billfactory processes personal data due to obligations arising from law or other statutes, government regulations, decisions, requests or guidelines. For example, we save personal data and the data required in Accounting Act 1999: 1078 (Bookkeeping Act). According to the Accounting Act, Billfactory must save accounting material for the seventh year after the end of the calendar year in which the financial year ended. Accounting material may consist of eg. agreements, correspondence and invoices. Processing of personal data is a requirement for, among other things, as an employer and that, for example, by law, we must provide personal information to the Tax Agency and Statistics Sweden and other authorities and government organizations.

Compliance with the agreement and the legitimate interest:

Billfactory processes your personal information by including handles history of cases in order to be able to offer customer service and be able to continuously train our employees and improve our way of working to be able to offer you the best possible support. If you contact us, that communication may be subject to analysis. We consider it necessary to be able to fulfill our part of the agreements, so we will be able to offer a good support to our customers. For future customers, we believe that the treatment needs to be done to be able to enter into agreements with the customer and that it is a legitimate interest for us and the customer.

If and when we need to take credit information to be able to provide our promised services, it is both for fulfilling the agreement and in our legitimate interest that we treat your personal data for this purpose.

Billfactory processes personal data, including by analyzing and processing statistics. For this treatment we can use both encrypted and other data. The purpose of this analysis is that we should be able to improve our business and be able to offer our employees and customers continued good service, functionality and services.

Billfactory can process personal data to ensure the security of our services so that we can detect or stop unauthorized use of the service and / or to detect and prevent, for example, fraud and virus attacks. Billfactory believes that it is a legitimate interest to maintain the security of our services, but also that it is something that is required for us to be able to fulfill our part of the agreement.

Legitimate interest:

Billfactory can target you with direct marketing, which is a legitimate interest when we are to inform about existing and / or new offers and / or services. We market existing and new services with the aim of being able to, for example, inform about news or to enable more combinations between customer and self-employed. Billfactory works actively to offer customers and self-employed people the best possible user-friendliness and to develop new services that can help everyday life for our customers and self-employed. For this purpose, Billfactory can use your personal data that we have saved and some user data. The legitimate interest in this treatment is to improve our services in order to offer the best services to our customers and self-employed in the long term. You always have the opportunity to request a written objection that we should send direct marketing to you.


To get the best out of our services, it may be good and valuable for you to get information that is of interest to you, why we want to use your personal data for profiling. For profiling, your consent is required. Profiling means that we process personal data by collecting, saving, processing and analyzing data to produce offers that match you and your needs. Based on your profile, you will receive information about services that may be of interest to you, or that in different ways facilitate you and your relationship with us. To give consent you must be 18 years of age. You do not need to give consent to use our services. You can always revoke your consent afterwards by contacting us by email.

The categories of personal data that Billfactory needs to process and save in order to enter into agreements are:


Personal identification code,

Log in information,


Contact information such as email address and mobile number,

History (if you have been in contact with customer support)

The personal data can be used for invoice data or because we need to get in touch with you or for support purposes.

We collect information in many ways, for example by you or your company creating an account and providing us with information or by our own employees collecting the information. However, your personal data can also be collected by contacting us, for example, through our customer support.

Time period

Billfactory saves and processes personal data contained in invoice data for more than seven years in accordance with law and these are deleted no later than ten years from the time their latest salary has been paid by us. What is saved is what is needed for statutory purposes such as the documentation required for accounting.

Company accounts are saved until they are deleted by the company. It is the company that is responsible for ensuring that the information entered by the company in the account is updated.

Personal data received by customer support is deleted after one year as a general rule and they are saved as long as they are for three years from the time they are received if they do not need to be saved for identified legal grounds for a longer period than that.

If you delete your account yourself, your data will be deleted promptly and always within 2 weeks from the time you deleted the account, provided that the data is not needed for legal purposes.

If you request that your information be deleted, we will do this within 2 weeks from the time you received the request, provided that we do not have to save the data due to legal obligations incumbent upon us.

Recipients and suppliers

Billfactory shares personal information with different recipients. This can, for example, be about different suppliers of IT systems.

Billfactory also discloses your personal information to other recipients such as authorities if we are required by law or authority to disclose your personal information.

Billfactory has a Facebook page and an account on Instagram where we communicate with the visitors who choose to comment. It is completely optional to comment, follow and communicate with us there. We use these functions in order to spread information, inform about news that we intend to be interesting for our visitors and that is also part of our customer support.

The personal information collected on our Facebook page and our Instagram account is the visitor’s username if it chooses to comment (username constitutes a personal information if it consists of the visitor’s name) and if personal information is provided in the comment. However, we advise our visitors not to provide personal information in comments on these social media. We refer personal issues to our customer support.

Facebook and Instagram save and process the personal data provided in accordance with what is stated in the respective service’s privacy policy. Suppliers can also collect personal information about the visitors for their own use, through cookies, and to know what these suppliers collect, we refer to their privacy policy and the information they have on their pages about what they are processing. For more information about cookies, please read our separate section on cookies, which also shows that you can set your browser so that your computer does not receive cookies.

Transfer to third party countries

Recipients and suppliers can be established both within the EU / EEA and in third countries. Third country is not bound by GDPR. If Billfactory transfers your personal data to a third country, we verify that there is an adequate level of protection in that country or that there are sufficient guarantees that the data and your rights are protected. Sufficient guarantees may be that the transfer is governed by specific contractual clauses that protect your rights or internal rules. The contractual clauses mentioned have a content that aims to ensure that the supplier lives up to the standards that GDPR requires and ensure that the data subject’s integrity is protected.

The countries that the European Commission has decided to have an adequate level of protection can be found at:

The standard contract clauses approved by the European Commission, which we use, can be found at:

Billfactory, in its treatment, takes appropriate technical and organizational measures to increase the protection of your personal data. Examples of actions may include:- encryption, policies, routines, internal personal data records, impact assessments, data minimization, limitation of access to personal data within the company. We value the access to your personal data and do not allow unauthorized persons to access them. (Billfactory has confidential relations with sub-consultants or employees working for the company).

You have as registered with us according to law rights that you can avail. In most cases, you can use your rights for free. We will respond to a request from you without undue delay, usually this occurs within one month.

– Your rights mean you can:

– obtain a verification of whether we process your personal data (and if so, your personal data will be processed in accordance with what is mentioned on our website),

– get a copy of the information we deal with

– object to treatment or request so-called data portability,

– request to limit processing of your personal data,

– get your personal data corrected,

– get your personal data deleted, or

– request revocation of consent (this does not affect the legality of treatment on the basis of consent before it was revoked)

Consent is withdrawn by contacting customer support. If you want to use any of your other rights, you can send an e-mail to

Should the purposes of treatment be extended, Billfactory informs you before further processing is performed. You always have the right to lodge a complaint with the supervisory authority if you think our processing of your personal data is incorrect.

You may request your rights to us to the extent that it does not restrict Billfactory’s ability to fulfill its legal obligations, or to be performed only when the information is not required for other legal purposes. (This means that if you requested action such as deletion, then Billfactory must still save and process the personal information deemed necessary for as long as applicable law or legal basis so requires. However, unless all registered information is considered necessary, Billfactory may perform the desired action for the personal data not needed).

Personal data correction

If you change your name, address or contact information, or alert you to incorrect information, it is your responsibility to change your details in your account so that they are up-to-date and accurate. Billfactory always wants to have accurate information about you and will do what we can for your information to be updated. If your personal data is subject to correction or deletion, Billfactory notifies the recipients of your personal data, provided that Billfactory finds it possible and not unreasonably burdensome.

Attention Integrity Policy Responsible, Billfactory AB Org. nr. 559141-8131, Kriebsensgatan 1 632 20 Eskilstuna, Telephone 08-77777 311 E-mail:

Contact with Data Protection Officer

If you need to get in touch with our data protection officer, you can always call customer support or email

Archiving of consent

As Billfactory has the burden of proof that consent has been taken in, any consents are archived.


We use so-called cookies on our websites (all markets). A cookie is a text file that is saved to your device so that our website can recognize your device. If you want to know when your device receives a cookie, you can set your browser to notify you. In this way, you yourself have the opportunity to accept or reject a cookie.

You who visit one of our websites get information that the website contains cookies. You agree to the use of cookies by continuing to browse our websites (if you do not wish to accept cookies, you do so yourself by blocking cookies in your browser).

We use cookies for mainly two different purposes: optimization of customer experience and web analytics. When you browse our open site we cannot see any personal information, it is only when you log in that the personal information becomes visible to us. For example, cookies can be used to track your way into our site or a functionality of the page such as that page should remember your login details. For web analytics, we mainly use Google Analytics. Google Analytics helps us get information on how our visitors interact with the site. Data from the cookie is used for internal web analytics and for marketing (eg retargeting), but is also included in Google’s demographic and interest reports.

We believe that the use of cookies for both of us is about being able to fulfill our part of the agreement and that it is a legitimate interest for us and you. Examples of things you can adjust yourself in your browser are blocking all cookies, only accepting first-party cookies or deleting cookies when you shut down your browser. Keep in mind that some of our services may not work if you block or delete cookies.
Integrity is what we do, what we say, and what we say we do
Robert Kamienski


FacebookLinkedIn Epost