Privacy Policy

Last updated: 15th January 2026

Introduction

Xentovaq AB ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you visit our website or use our corporate finance restructuring services.

This policy applies to all personal data processing activities carried out by Xentovaq AB, registration number 623149-5489, located at Ringvägen 83, 114 43 Stockholm, Sweden. We act as the data controller for the personal data we process.

Data Collection

We collect personal data that you provide to us directly and information that is collected automatically when you use our website. The data we collect includes:

  • Contact Information: Name, email address, telephone number, company name, and job title
  • Communication Data: Records of correspondence, enquiries, and feedback you provide
  • Technical Data: IP address, browser type, device information, and website usage patterns
  • Professional Information: Business requirements, financial circumstances relevant to our services
  • Cookie Data: Information collected through cookies and similar tracking technologies

We only collect personal data that is necessary for the purposes outlined in this policy and in accordance with applicable data protection laws.

How We Use Your Information

We use of your data is based on legitimate legal grounds under the General Data Protection Regulation (GDPR). We process your personal information for the following purposes:

  • Service Provision: To provide corporate finance restructuring services and respond to your enquiries
  • Communication: To communicate with you about our services, respond to requests, and provide customer support
  • Business Operations: To manage our business relationship, process payments, and maintain records
  • Legal Compliance: To comply with legal obligations, regulatory requirements, and professional standards
  • Website Improvement: To analyse website usage, improve user experience, and develop new features
  • Marketing: To send relevant information about our services (with your consent where required)

The legal basis for processing includes contract performance, legitimate business interests, legal compliance, and your consent where applicable.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

Our website uses the following types of cookies:

  • Necessary Cookies: Essential for website functionality and security
  • Analytics Cookies: Google Analytics to understand website usage and performance
  • Functional Cookies: To remember your preferences and settings
  • Marketing Cookies: Google Ads and remarketing to deliver relevant advertisements

For detailed information about our cookie usage, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

  • Service Providers: Trusted third-party providers who assist with our operations (cloud hosting, email services, analytics)
  • Professional Advisors: Lawyers, accountants, and other professional advisors when necessary for service delivery
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Transfers: In connection with mergers, acquisitions, or asset sales (with appropriate safeguards)

All third parties are required to maintain appropriate security measures and use personal data only for specified purposes.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our data retention periods include:

  • Client Data: Retained for the duration of the business relationship plus 7 years for regulatory compliance
  • Enquiry Data: Retained for 3 years from last contact unless you request deletion
  • Marketing Data: Retained until you withdraw consent or request deletion
  • Website Data: Analytics data retained for 26 months, cookie data as specified in our Cookie Policy

When personal data is no longer required, it is securely deleted or anonymised in accordance with our data retention procedures.

Your Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data and information about how it is processed
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of processing in specific situations
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us using the information provided in the Contact section below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Incident response and breach notification procedures

Whilst we strive to protect your personal data, no method of transmission or storage is completely secure. We continuously review and improve our security measures to maintain the highest standards of protection.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Certification schemes and codes of conduct
  • Binding corporate rules for multinational organisations

We regularly review the adequacy of protection provided by international data transfer mechanisms to ensure your data remains secure.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately using the information provided below.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Updating the "Last updated" date at the top of this policy
  • Posting a notice on our website
  • Sending email notification to registered users (where appropriate)

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding data protection matters, please reach out to us:

Data Protection Contact

Company: Xentovaq AB

Address: Ringvägen 83, 114 43 Stockholm, Sweden

Email: privacy@xentovaq.top

Phone: +46 81158948

Registration Number: 623149-5489

For general enquiries, you can contact us at contact@xentovaq.top. For specific privacy-related matters, please use the dedicated privacy email address above.

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) or your local data protection authority.

Governing Law

This Privacy Policy is governed by Swedish law and the General Data Protection Regulation (GDPR). Any disputes arising from this policy or our data processing activities shall be subject to the exclusive jurisdiction of Swedish courts.