Legal

Privacy Policy

This Privacy Policy explains how SvereSystems handles personal data when you visit this website, contact us, submit a Fit Check, complete a service intake form, purchase a service, communicate with us by email, or otherwise interact with SvereSystems.

Last updated: 7 June 2026 SvereSystems · Sveresa TMI · Finland

Related pages

Privacy Policy Cookie Policy Terms & Conditions Data Processing Agreement

1. Who is responsible for your personal data?

Brand: SvereSystems

Operated by: Sveresa TMI

Business ID: 3592316-3

Country: Finland

Website: www.sveresystems.com

Data protection requests: Please use the contact details shown in the footer of this page.

In this policy, “we”, “us” and “our” refer to SvereSystems operated by Sveresa TMI. SvereSystems acts as the controller for personal data it collects and uses for its own website, communication, sales, and service delivery purposes.

2. What personal data we may collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Identity and contact data, such as your name, email address, company name, role, website or business page, and any other contact details you choose to provide.
  • Fit Check and enquiry data, such as information you submit through Fit Check forms, contact forms, assessments, or business enquiries.
  • Client Acquisition Review intake data, such as your service or offer description, target client, acquisition methods, outreach examples, follow-up examples, reply-handling context, constraints, requested outcome, and other business context you submit for the review.
  • First Contact Fix intake data, such as your current first outreach message, follow-up message, offer summary, target buyer, qualification criteria, current results, reply examples, constraints, supporting links, order email, and payment reference where provided.
  • Communication data, such as emails, form messages, replies, follow-up communications, and related internal notes.
  • Service and project data, such as information necessary to evaluate, prepare, deliver, or support a requested or purchased service.
  • Internal working material, such as internal review notes, quality-control notes, AI-assisted internal drafts, and working documents used to prepare a client-facing response or written review.
  • Delivery documents, such as final PDF reviews, delivery emails, and related service records.
  • Transaction and billing data, such as payment status, invoice details, order references, VAT or tax information, and accounting-related records where applicable.
  • Technical and usage data, such as IP address, browser type, device information, pages visited, timestamps, referring URLs, security logs, and consent-related records, where applicable.
  • Email subscription or communication preference data, where you request updates, resources, or email communications from us.

Please do not submit passwords, login details, access credentials, confidential credentials, special-category personal data, or information that is not necessary for your request or service.

3. How we collect personal data

We may collect personal data:

  • directly from you when you fill in a form, submit a Fit Check, complete an intake form, send us an email, make an enquiry, purchase a service, or otherwise contact us;
  • automatically through your use of the website and its essential technical functions;
  • through consent management and cookie-related mechanisms, where applicable;
  • through payment, checkout, invoice, or order-related workflows, where applicable;
  • from service providers that help us operate the website, receive forms, process payments, manage communication, or deliver services.

4. Why we process personal data and the legal bases we rely on

We process personal data only where we have a valid legal basis to do so.

a) To respond to enquiries and Fit Check submissions

We process personal data to review your enquiry, assess Fit Check submissions, communicate with you, and decide whether the Client Acquisition Review or another SvereSystems service appears to be a sensible next step.

Legal basis: pre-contractual steps at your request, and where appropriate, our legitimate interests in operating and improving our business communications.

b) To prepare and deliver paid services

If you order a service, we process the data reasonably necessary to manage the order, understand the submitted business context, prepare internal working material, produce the client-facing written review or response, deliver the service, and manage related communication.

Legal basis: performance of a contract, pre-contractual steps where relevant, and legitimate interests in administering our services and records.

c) To use automation and AI-assisted internal drafting tools

We may use secure automation, cloud storage, email, and AI-assisted drafting tools to receive, organize, store, summarize, and prepare internal working drafts based on submitted information. AI-assisted outputs are used as internal working material only. Final client-facing responses and written review documents are checked, edited, and approved by SvereSystems before delivery.

Legal basis: performance of a contract or pre-contractual steps, and legitimate interests in operating an efficient, consistent, and quality-controlled service process.

d) To handle payments, invoicing, bookkeeping, and legal obligations

We may process personal data where necessary for payment administration, invoicing, bookkeeping, tax compliance, fraud prevention, and the defence or establishment of legal claims.

Legal basis: legal obligation, contractual necessity, and legitimate interests where applicable.

e) To operate, protect, and improve the website

We may process limited technical data to keep the website working properly, maintain security, prevent abuse, manage consent choices, and understand basic site performance where applicable.

Legal basis: legitimate interests, and consent where required by law for non-essential cookies or similar technologies.

f) To send email updates or follow-up communications

If you request resources, join an email sequence, or otherwise ask to hear from us, we may process your contact details to send those communications.

Legal basis: consent where required, or legitimate interests where permitted by applicable law.

5. AI-assisted processing and human review

Some SvereSystems service workflows may use AI-assisted drafting tools to help organize submitted information, identify internal review points, and prepare internal working drafts. These tools are used to support the service process and do not replace SvereSystems' final judgement.

SvereSystems does not send AI-generated drafts directly to clients as final deliverables. Final client-facing responses and written review documents are manually checked, edited, and approved by SvereSystems before delivery.

We do not ask clients to submit passwords, login details, access credentials, confidential credentials, special-category personal data, or unrelated private information for the Fit Check, Client Acquisition Review, or First Contact Fix process.

6. Automated decisions

SvereSystems does not use fully automated decision-making that produces legal or similarly significant effects for clients. Automation and AI-assisted tools may help organize information or prepare internal drafts, but Fit Check responses, service decisions, and final written review documents remain subject to human review by SvereSystems.

7. Who we may share personal data with

We do not sell personal data. We may share personal data with carefully selected service providers only where reasonably necessary for the purposes described in this policy.

Depending on how you interact with us, this may include providers such as:

  • ClickSites AI for website page delivery or website-related infrastructure, where applicable.
  • Namecheap / Private Email for domain, email, and related communication infrastructure, where applicable.
  • Google for services such as Gmail, Google Sheets, cloud storage, or related business tools, where applicable.
  • Make.com for workflow automation, form handling, and operational integrations, where applicable.
  • OpenAI for AI-assisted internal drafting or analysis support, where applicable.
  • Stripe for payment processing, where applicable.
  • Payhip for checkout, digital sales, or order delivery workflows, where applicable.
  • Acumbamail for email communications, automation, or subscription-related workflows, where applicable.
  • Silktide Consent Manager for consent and cookie preference management, where applicable.

These providers may act as processors, independent controllers, or both, depending on the service and the specific processing activity. We aim to use providers that offer appropriate privacy, security, and data processing terms for the relevant use case.

We may also disclose personal data where necessary to comply with law, enforce our rights, protect our business, prevent abuse, or respond to lawful requests from authorities.

8. International transfers

Some of the service providers we use may process personal data outside the European Economic Area (EEA), or may use infrastructure that involves international data transfers.

Where this happens, we aim to rely on appropriate safeguards under applicable data protection law, such as an adequacy decision, Standard Contractual Clauses, data processing terms, or other lawful transfer mechanisms, depending on the provider and the circumstances.

9. How long we keep personal data

We do not keep personal data longer than reasonably necessary for the purposes for which it was collected, unless a longer retention period is required or justified by law, accounting requirements, security needs, dispute handling, or the establishment, exercise, or defence of legal claims.

  • Test submissions: deleted or anonymised as soon as reasonably possible after testing has been completed, unless needed to verify that a technical issue was fixed.
  • General contact enquiries and Fit Check submissions: normally up to 12 months after the last meaningful contact, unless a longer period is reasonably necessary to continue a requested discussion, handle a service request, or deal with a legal issue.
  • Unpaid or abandoned service submissions: normally up to 6 months after the last meaningful contact, unless needed for fraud prevention, dispute handling, or a later requested service.
  • Client and service-related communications: for the duration of the engagement and, where reasonably necessary, for up to 24 months afterwards for service records, quality control, and dispute-resolution purposes.
  • Internal AI-assisted drafts and working notes: kept only as long as reasonably necessary to prepare, check, deliver, and document the service, then deleted, anonymised, or retained only where there is a legitimate business, legal, accounting, or dispute-resolution reason.
  • Final delivery documents: normally retained for up to 24 months after delivery, unless a longer period is required or justified for legal, accounting, tax, or dispute-resolution purposes.
  • Email subscription or automation records: until you unsubscribe, withdraw consent, or the communication purpose has ended, and in any case no longer than reasonably necessary.
  • Consent records and cookie preference records: for as long as reasonably necessary to demonstrate and manage consent choices.
  • Invoices, payment records, accounting material, and tax-related records: for the period required by applicable accounting and tax laws.

10. How we protect personal data

We take reasonable technical and organisational steps to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include access controls, limited role-based access, secure service providers, password protection, two-factor authentication where available, data minimisation, limited access to operational systems, and the practical minimisation of data handling wherever possible.

No method of transmission or storage can be guaranteed to be completely secure, but we aim to handle personal data responsibly and proportionately.

11. Your rights

Subject to applicable law, you may have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing based on legitimate interests;
  • withdraw consent where processing is based on consent;
  • request data portability where applicable;
  • lodge a complaint with the competent data protection authority, including the Office of the Data Protection Ombudsman in Finland.

If you would like to exercise any of these rights, please contact us using the contact details shown in this policy. We may ask for reasonable information to verify your identity before responding to a request.

12. Cookies and similar technologies

This website may use cookies or similar technologies for essential site functionality, consent management, analytics, security, and other limited purposes described in our Cookie Policy.

For more information, please see our Cookie Policy.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or business changes. The latest version will be published on this page with the updated revision date.

15. Contact

If you have questions about this Privacy Policy or how personal data is handled, please contact SvereSystems using the contact details shown in the footer of this page.

SvereSystems
Operated by Sveresa TMI
Business ID: 3592316-3
Finland