Privacy Policy

Last updated on February 20th, 2025

This privacy policy describes how Cytely AB processes personal data when providing its services, such as the Cytely smart microscopy solution for researchers ("Service").

The controller for the processing described in this privacy policy is Cytely AB, 559395-5593 ("Cytely"). We can be reached at hello@cytely.io.

Please note that this privacy policy covers the processing that Cytely carries out as a controller for the purposes described below. Cytely also processes personal data on behalf of its customers, and such processing is not covered by this privacy policy.

1. Personal Data Processed and Sources of Data

The personal data processed when providing the Service can generally be divided into two categories: user data and analytics data. These categories are described below. The specifics of what kind of data is processed depends on how you use the Service and what group you belong to (for example a user of our Service or a contact person of our customer).

User data includes data you provide when using the Service, such as:

• Name and contact information
• Information on your organisation
• User account and license data
• Account settings, such as communication preferences
• Other data provided by you through the Service

User data is primarily received from you during the registration process, through your use of the Service, or through your interactions with us.

Analytics data includes data such as:

• IP address of your device
• Device and browser type, version, and operating system
• Data on the use of and interactions with the Service

Analytics data is collected automatically when you use the Service. Analytics data does not usually include direct identifiers (such as a name), but sometimes can lead to identification, either alone or when combined or linked with other data. This is why we handle it as personal data.

2. Purposes and Legal Basis of Processing

Provision of the Service (legal basis: legitimate interest)

We process personal data in order to provide the Service in accordance with the Cytely Terms of Service and to run and maintain our business. Personal data is processed based on our legitimate interests to provide the Service in accordance with our contractual obligations towards our customers and to ensure the functionality, security, and reliability of the Service.

For customer relationship management, marketing and communication (legal basis: legitimate interest)

We process personal data to manage relationships with our users and to communicate about the Service.

For service development and analytics (legal basis: legitimate interest, consent)

We process analytics data regarding the use of the Service to improve the quality of our Service and to develop new features and functionalities, for example by analysing trends in how the Service is used. Where possible, we will do this using only aggregate data from groups of users. In some instances, individual users may be identifiable, which is why we handle any such data as personal data.

For our legal obligations (legal basis: compliance with a legal obligation)

We process personal data to enable us to fulfil our legal obligations. This includes data processed for example for complying with our bookkeeping obligations.

3. International Transfers

We process personal data primarily within the European Economic Area ("EEA"). However, some of our service providers also operate and process personal data outside the EEA. Transfers to countries outside the EEA are based on the European Commission's decisions on the adequate level of data protection in such countries or on the use of transfer mechanisms recognized by the EU General Data Protection Regulation, such as Standard Contractual Clauses approved by the European Commission and additional safeguards implemented by our service providers.

4. Recipients of Personal Data

We use third-party service providers to run the Service, and these companies process personal data on our behalf. In addition, your personal data may also be shared with relevant authorities in case we have a legal obligation to do so.

5. Storage Period

We process your personal data generally for as long as you have an account for the Service or your employer is using the Service. Some data may also be stored after you no longer have an account (such as data required to fulfil our legal obligations).

6. Your Rights

You have the right to access your data and the right to have any inaccurate or false data corrected. You also have the right to ask that your data is deleted, that the processing of your data is restricted, and to object to the processing. For any processing that is based on your consent, you have the option to withdraw your consent at any time. Please note that the withdrawal of consent does not affect the legality of processing prior to the consent being withdrawn.

You can manage your own data and exercise your rights through contacting us at hello@cytely.io. Please note that some of the rights are subject to additional requirements and may not be applicable in each case.

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the supervisory authority for data protection. Cytely is supervised by the Swedish Authority for Privacy Protection (https://www.imy.se/en/).

Providing personal data is required in order to use the Service. Your personal data is not used for profiling or for making automated decisions with significant effects as referred to in Article 22 of the GDPR.