Conifer Vision – Privacy Policy

Last updated: 2024-02-23

1. Background and purpose 

It is important for us that you have confidence in our processing of your personal data. Therefore, we want to inform you how we process data, that we comply with laws and regulations, and that our processing has been adapted to meet the requirements stipulated in applicable data protection legislations, including the General Data Protection Regulation (GDPR).  

This privacy policy is intended to clarify what your personal data may be used for and how, as well as what rights you have and what our obligations are regarding the processing of personal data.  

2. Who is responsible for your personal data? 

Conifer Vision AB (corp. ID no. 559214-1211), KIVRA: 559214-1211, 106 31 Stockholm is the data controller for the processing of your personal data and responsible for ensuring that it is performed lawfully and correctly.  

3. What is personal data? 

Personal data is information that can be used to identify you or be linked to you, such as  

  • Name
  • Contact details
  • Personal identity number (if using electronic authentication services like bank-ID)
  • Images 

How to determine if a flight image contains personal data

A forest image can be considered as personal information if the image reveals a reasonable expectation of privacy regarding the occupants, structures, or activities occurring on the estate. 

To ensure secure data processing routines and storage all images are handled equally and protected as if they all contain personal information. 

For more information, see section 7.  

4. What processing of personal data means 

Processing is a broad term that covers everything that can be done with your personal data, such as collecting, registering, storing, working with, or modifying it.  

 All processing of personal data must have a legal basis, for example, to fulfil a service agreement with you or your company or to comply with a legal obligation.

We will only process your personal data if it is necessary and justified. This means that we always will limit the processing to what is necessary in relation to the purpose for which the data is processed.  

5. Why do we collect personal data about you? 

We collect data about you or company to be able to deliver, develop and support our services in a compliant and secure manner. For more information, see section 7.  

6. For how long do we store your personal data? 

We only store your personal data during the me necessary to fulfil the purpose of the processing, or for as long as we are required by law. Your data will then be deleted or anonymized in a secure manner, so that it no longer can be linked to you. For more information, see section 7.

7. What personal data do we process about you? 

We collect data about you or company to be able to deliver, develop and support our services in a compliant and secure manner.

Processing of personal data can occur in the following cases:  

  1. When you log in to or other connected services with username, password or electronic identification.
  2. When we process and present forest images, in case they contain personal information as defined in section 3.
  3. To provide you with support when you contact us by phone, chat, or e-mail.
  4. To provide you with training courses, webinars etc. on how to use our services.
  5. To offer you the possibility to subscribe to newsletters about our services and offers.
  6. To analyse, improve, assess and develop our services and our technical platforms, algorithms etc. 
  7. To develop our customer service skills and our service offering.
  8. To enable optional functionality when vising and to improve user experience.
  9. To train our employees in delivering our services.

We process your data based on the following legal basis:

  • Processes 1-8 are based on “legitimate interest” in order to fulfil our obligations to you as customer and to maintain our customer relationship with you.
  • Process 9 is based on “consent” to coach for developing employees to offer for instance high quality customer service.  

8. From what sources do we collect your personal data? 

The personal data that we process comes from you, your company or other stakeholders such as a drone operator that provides forest flight images that contain personal information according to section 7. 

9. Who do we share your personal data with? 

To provide our services, we may share and transfer personal data to external pares such as our technical partners for cloud computing solutions. When we share your personal data, we ensure that the recipient processes the data in accordance with our privacy policy, for example by entering a data processor agreement. The agreement covers the contractual, legal, technical, and organisational security measures that are employed to protect your personal data and ensures an adequate level of protection in accordance with applicable laws. In certain cases, you have the right to object to such processing. You can find more information about your rights in section 11. 

When we share and transfer your personal data to external recipients, these categories of recipients may include:  

  • Suppliers and subcontractors: Sharing of data may take place, for example, with suppliers who provide IT services (such as software and data storage suppliers). They may process your personal data only when necessary and, on our behalf, so called data processors. The purpose is that we need access to services and functionalities from other companies that we cannot offer ourselves. The legal basis is that we have a legitimate interest in being able to access these services and functionalities.
  • Third parties: We may share your personal data in the event of restructuring of the business, transfer, handover, merger, or acquisition. The legal basis is legitimate interest to establish, exercise and defend our rights. We may also share your personal data in accordance with a statutory obligation. The legal basis in this case is legal obligation.
  • Authorities: We may provide required information to authorities such as the Police, the Swedish Financial Supervisory Authority, the Swedish Tax Agency or other authorities and courts. We may share your personal data with authorities in the event we are bound to by law (legal obligation), or in certain cases if you have requested us to do so.  

10. Third country transfer and how we protect your personal data 

We care about your privacy and we focus on the security of your personal data. We protect your personal data with a suitable level of security in accordance with the GDPR and information security regulations. This means that we protect your personal data in several ways, depending on the nature of the processing and the level of privacy sensitivity, through various technical and organisational measures.   

Countries outside the EU/EEA may have laws whereby public authorities may access your personal data that has been stored in the country with the aim of combating crime or defending national security. We always strive to process your personal data within the EU/EEA. If your personal data is transferred to a country outside the EU/EEA, it will only occur in accordance with the GDPR as well as with further protective measures.  

These protective measures include:  

  • Contractual provisions via standard contractual clauses.
  • Protection of data at rest and during transfer via encryption.
  • User access control and authorized access management.

Internal routines:

  • Ensuring that the same elevated level of protection, according to the GDPR, applies to your personal data when the data is transferred outside of the EU/EEA.
  • That your rights to the personal data are respected.
  • Internal user access control and authorized access management.

 We always seek to have the best, most secure technology to ensure that your personal data is managed in a safe and secure manner. Reviews and updates of security measures are continuously conducted.  

 If you would like more information about our security measures, you are always welcome to contact us at 

You can also find more information on the European Commission’s website of the countries that are considered to have an “adequate level of security”. If you would like more information about standard clauses, you can access the Swedish Authority for Privacy Protection’s (IMY´s) website.  

Transfer may occur to USA or India (for instance, for technical support). The legal transfer mechanism for this is The European Commission’s standardised data protection provisions:  

  • USA
  • India

11. Your rights 

According to the GDPR, you may always exercise your rights concerning the personal data we hold about you. We will always ensure that your rights are fulfilled as far as legally possible. Below is a description of each of your rights regarding your personal data. If you wish to exercise your rights, you may contact us at 

You can find more information about your rights on the Swedish Authority for Privacy Protection’s (IMY´s) website.  

        11.1.        Right to information 

You have the right to information on how we process your personal data. We provide information through this privacy policy, through our website at and by replying to questions we receive from you.  

        11.2.        Right of access 

You are entitled, free of charge, to request a copy of the information we have collected regarding the processing of your personal data. We must respond to your request without undue delay and within one month. If we are unable to fulfil your request, we will provide you with a reason. In the event of repeated requests from the same data subject, we may charge an administrative fee. In such cases, we will notify you before a copy of the information is compiled.  

        11.3.        Right to rectification 

We have a responsibility to ensure that the personal data we process is correct and up to date. If you consider that the personal data we hold about you is incorrect, you can request a correction. We will correct all personal data that proves to be incorrect without undue delay, except for such personal data that is processed for archiving purposes. The right to rectification means that you, as a data subject, have the right to:  

  • without undue delay, to have inaccurate personal data corrected.
  • supplement with relevant, missing personal data.

        11.4.        Right to erasure 

Under certain circumstances, you have the right to, without undue delay, have your personal data deleted (right to be forgotten). However, this does not apply if, for example, we are bound by law to retain the information or if the purpose for which we received your personal data has not yet been fulfilled. We will not retain your personal data for longer than that specified in this policy, and we will otherwise delete personal data according to applicable law. As a data subject, you have the right to have your personal data deleted in the following situations:  

  • If the personal data is no longer necessary for the purposes for which it was collected.
  • If the processing of personal data is based on your consent, we must delete the data if you withdraw the consent, as there is no longer a legal basis for processing the data.
  • If you object to processing that is based on legitimate interest, and there are no grounds that outweigh your interest in having your personal data deleted.

        11.5.        Right to object 

As a data subject, you have the right to object to the processing of personal data in the following cases:  

  • If the processing is based on the legal basis of “public interest” or “legitimate interest.” We may no longer process the personal data if it can´t be shown that there are legitimate grounds for the processing that outweigh the data subject’s interests and privacy.
  • If the processing is performed for marketing purposes. In such cases, the personal data may no longer be processed for such purposes.

        11.6.        Right to restriction 

In the event you consider that the personal data we hold about you is incorrect, that our processing is in violation of the law or that we do not need the data for a specific purpose, you have the right to request that we restrict our processing of your personal data. You can also request that we should stop processing your data while the matter is being reviewed.  

A restriction of the processing of personal data means that the personal data continues to be stored but will not be processed any further without your consent. You have the right to request the restriction of personal data processing if:  

  • The processing is unlawful, and the data subject requests the restriction of the personal data rather than deletion.
  • The processing of data is no longer necessary for the purposes for which it was collected.
  • The correctness of the personal data is questioned, and correction has therefore been requested.
  • During the period this is investigated, the processing of the personal data may therefore be restricted.
  • The personal data is no longer needed for the purposes for which it has previously been processed, although it is needed to determine, submit, or defend legal claims.
  • The processing is based on legitimate interest and the data subject has objected to the processing. In this case, we may continue to store the personal data while the review is ongoing.

        11.7.        Right to data portability 

You have the right to request a copy of your personal data that we process to fulfil an agreement with you or based on your consent. This is to enable you to move your personal data to another recipient. The personal data must be provided in a structured, commonly used, and machine-readable format, and the right is applicable if technically possible.  

        11.8.        Right to withdraw consent 

If you have given your consent, you have the right to withdraw it at any me. When you withdraw your consent, any processing will cease and personal data that has been collected will be deleted. Deleon takes place with the condition that the personal data is not required for any other purpose for which we have the right to process it.  

        11.9.        Right to complain 

You have always the right to submit complaints about the way we process your personal data. You can submit any complaints to us via 

        11.10.             How we manage your request 

If you want to exercise one of your rights as set out above, you are welcome to contact us according to the designated communication channels. We will confirm receipt of your request as soon as possible. We will then process your request and get back to you without undue delay, at the latest within 30 days. If we cannot grant your request or are unable to grant it completely, you will receive a notification with the reasons for the decision. We will also notify you about how you can proceed in the event you are not satisfied. If we cannot get back to you within one month after receiving your request, we will send a written justification for the delay. In such cases, the me may be extended by another two months if the processing of the request is deemed to be complicated.  

When the request has been received, we will verify your identity electronically or with manual routines for national ID or passport. Once verified, your request will be examined based on its plausibility, accuracy and whether there are any legal obstacles. For example, a request for deletion may in certain circumstances not be accommodated due to legal requirements.  

 If your request concerns right of access, we will ensure that a copy of the processed information is sent to your address in paper format by registered mail. If your identity is protected, the information will be sent by mail to the Swedish Tax Agency (“Skatteverket”), according to our routine for protected identities.  

With regards to all other rights, we will inform you on the decision after receipt and review of your request. 

12. Cookies 

We currently use only necessary session cookies when logged into using our services. These cookies do not require consent. Session cookies are temporary files that are deleted once the user closes their browser and are essential for functions like remembering login details or maintaining user sessions during a single browsing session.

13. How to unsubscribe from newsletters 

Conifer may use your name and e-mail address to send newsletters in the event you already are a customer. Each newsletter contains an unsubscribe link that you can use to unsubscribe from further mailings.  

14. Contact details 

Contact us if you have any questions regarding the processing of your personal data. You can receive information free of charge about your processed personal data, and you can also request your personal data to be corrected, blocked or deleted.  

You are welcome to contact us by e-mail or by mail to: Conifer Vision AB, KIVRA: 559214-1211, 106 31 Stockholm. 

15. Conclusion and entry into force 

This privacy policy was concluded on the 23rd of February 2024 and entered into force the same date.   

 Roger Öhlund, CEO