Integrity policy

Easyweb Headless CMS is approved by both Swedish and international security companies for handling sensitive data and is certified according to ISO 27001, ISO 14001, and ISO 9001. Easyweb promises an uptime of 99.9% and has redundant data storage in Greater Stockholm. No data storage for Swedish websites occurs outside the country's borders, and the platform is fully GDPR compliant. All technology is developed in Sweden with security as the highest priority.

"For a Faster, Safer, and More Stable Internet

i. Data stored in Easyweb© is not sold or shared with third parties.

ii. Data stored in Easyweb©, including any personal data, can easily be requested or deleted.

iii. Data stored in Easyweb© follows the Personal Data Act and GDPR recommendations.

iv. Data stored in Easyweb© is not disclosed or censored by political forces.

v. Data stored in Easyweb© is not subject to security vulnerabilities due to external plugins. (Easyweb© does not use external third-party plugins at all - instead, you build your own functions directly via Easyweb© Studio or connect external functionality via API).

vii. Easyweb© saves cookies on your and your visitors' computers. The purpose of the cookies is solely to verify that you as the site owner have the correct access for administration and to collect general visit statistics on how your website is used. No personal data such as IP numbers are stored.

viii. Data stored in Easyweb© via import or synchronization of external channels (e.g., social media including Facebook and Instagram) consists only of the token (generated via the provider) and the username for the account linked by the user. These details are used only to fetch posts via the API provided by the supplier; (for example, Instagram). Easyweb only uses this data to display the customer's own data on the customer's own site, and the connection is entirely managed by the user. To delete/deactivate a connection, this can be easily done via the 'Disconnect' function located in the site's settings, and no data or history is stored in Easyweb thereafter.

  • In cases where a website using Easyweb© is connected with a third-party tool to collect and process user data and/or personal data (e.g., HubSpot, Facebook, Google Analytics, etc.), the collected data is managed by that party and is subject to the terms they provide. Responsibility for this data management lies with the site owner and the respective third-party services used.

Terms of Use for Easyweb

  1. General

1.1 These are the terms between you as the customer ("the Customer") and Easyweb.

1.2 Sphinxly AB, 556682-6482 has developed and provides the Service called Easyweb (hereinafter referred to as Easyweb). Easyweb is a program for administering and publishing a website on the Internet (CMS), more fully described at ("the Service"). Through these terms, the Customer obtains the right to use Easyweb for this purpose.

1.3 Upon registration of the Service, the Customer agrees that he or she has read and understood, and approves of, the contents of the terms - ("Terms of Use").

  1. Support

2.1 Support for the Service, along with other contact with Easyweb, occurs according to the conditions stated in the respective package chosen by the customer.

  1. System and Equipment Requirements

3.1 Easyweb is constantly working to extend the Service's compatibility with various platforms.

3.2 To use the Service today, a computer with a reasonably updated web browser is required. Easyweb strives for the Service to work today with all web browsers.

  1. User Manuals

4.1 The Customer

has access to complete user manuals in the logged-in mode.

  1. Personal Data

5.1 Easyweb collects and processes the information that the Customer enters when registering for the Service, such as company, name of Customer or Customer's representative, address and contact details, account information, etc. The information is used to be able to carry out the delivery of the Service and take payment for it. Easyweb does not sell information but safeguards customer privacy.

5.2 For data entered into Easyweb, the Customer is the controller of personal data and Easyweb is the processor of personal data.

5.3 Easyweb is committed to protecting the privacy of its customers, suppliers, partners, and employees and always strives to comply with applicable data protection regulations. Everyone has the right to protection of their personal data.

5.4 Therefore, Easyweb has adopted this Policy for the processing of personal data to ensure that everyone within the organization follows the data protection rules.

5.5 The General Data Protection Regulation (GDPR) came into effect on May 25, 2018. It provides enhanced protection for individuals whose personal data are processed and imposes stricter requirements on organizations processing personal data.

5.6 The Policy applies to all Easyweb's employees and consultants, in all markets, and at all times.

5.7 Easyweb's board is responsible for ensuring compliance with this Policy, which includes training for all employees. The information to the employees should also include information that violation of the policy may lead to, for example, employment law consequences.

5.8 The basic principles described below must always be observed when processing personal data. Easyweb is responsible for, and must be able to demonstrate, compliance with the principles.

5.9 Legality, fairness, transparency - Personal data must be processed lawfully, correctly, and transparently in relation to the data subject. This means that each type of processing must be based on a valid legal basis, such as contract fulfillment, legal obligation, public interest task, legitimate interest, or consent. If no applicable legal basis for the processing can be identified, then the processing should not be performed. The starting point for this principle is clear communication with the data subject about, among other things, the purposes for which personal data are processed, what type of processing is carried out, whether and how personal data are shared with others, how long personal data are stored, and how to contact Easyweb. Thus, data subjects should be provided with clear and transparent information about the processing of their personal data.

5.10 Purpose limitation - Personal data may only be collected and otherwise processed for specific, explicitly stated, and legitimate purposes, and they may not later be processed in a way that is incompatible with these purposes.

5.11 Data minimization - Personal data processed should be adequate, relevant, and not excessive in relation to the purposes.

5.12 Accuracy - Personal data processed must be correct and, if necessary, updated.

5.13 Storage limitation - Personal data must not be stored for longer than necessary with regard to the purposes of the processing. When the data is no longer needed, they must be purged, which means that they must either be deleted or anonymized.

5.14 The principle of accountability means that Easyweb must be able to demonstrate compliance with the GDPR. The company must therefore, for example, document implemented and planned processes and actions concerning data protection issues.

Further, there must be a register of all types of processing of personal data that are carried out, and Easyweb must be able to present such a register to the supervisory authority when required.

5.15 Personal data is all information relating to an identified or identifiable natural person and that directly or indirectly can identify a person. Examples of personal data are name, contact information, localization data, or factors specific to a person's physical, economic, cultural, or social identity. Data that individually do not meet the requirements can together still constitute personal data.

5.16 All

processing of personal data is covered by the GDPR and its rules. Processing refers to any action or combination of actions concerning personal data, carried out wholly or partly by automated means. This also includes personal data in emails and documents on servers, in a simple list, on websites, and in other unstructured material.

5.17 A processing of personal data is only lawful if and to the extent that one of the following grounds applies:

5.17.1 The data subject has consented to the processing of their personal data for one or more specific purposes. Specific requirements must be met for the consent to be valid.

5.17.2 The processing is necessary for the performance of a contract in which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.

5.17.3 The processing is necessary for compliance with a legal obligation to which Easyweb is subject.

5.17.4 The processing is necessary to protect interests that are of fundamental importance for the data subject or for another natural person (e.g., when there is danger to life).

5.17.5 The processing is necessary for purposes related to the interests of Easyweb or a third party, unless the data subject's interests or fundamental rights and freedoms outweigh these and require protection of personal data (balance of interests). In the balance of interests, special requirements for documentation regarding the assessment made apply.

5.18 Personal data must be processed in a way that ensures appropriate security of the personal data, using technical and organizational measures. Organizational security measures can mean that access control is used for systems containing personal data, logging of access to personal data, or that computers and the like containing personal data should be stored so that unauthorized access is hindered and not left out. Examples of technical measures that must be checked include whether the company has adequate backup procedures, sufficient firewalls, password-protected wireless networks, updated virus protection, password protection for mobile devices such as mobile phones and tablets, protection against unauthorized internal access, password requirements, encryption if necessary, logging of access to and use of IT systems, etc.

5.19 Personal data must not be kept longer than is necessary with regard to the purpose of the processing. By establishing and following a purging routine for each database/process, structured purging work is ensured. Personal data in so-called unstructured material such as in documents on servers, in a simple list, on websites, etc., also need to be deleted when the purpose of the processing has been fulfilled.

5.20 Special rules apply to the transfer of personal data to countries outside the EU and EEA (so-called third-country transfer). The GDPR implies that all EU Member States and EEA countries have equivalent protection of personal data and personal privacy, and therefore personal data can be freely transferred within that area without restrictions. For countries outside that area, however, there are no general rules that provide equivalent guarantees, and therefore third-country transfer can only take place under special conditions. needs to be analyzed specifically.

5.21 Easyweb has a specific routine in place to identify and manage specific privacy risks within the business and for structured follow-up. Special risks to the rights and freedoms of natural persons may occur, for example, in connection with a certain type of data processing, particularly sensitive data, processing to a particularly large extent, the use of new technology, etc.

5.22 If a new or changed personal data processing is likely to entail a high risk to the rights and freedoms of natural persons, the routine must be followed and an assessment of the effects of the planned processing on the protection of personal data must be made before processing begins.

5.23 The General Data Protection Regulation grants data subjects a number of rights regarding the processing of personal data. It is Easyweb's responsibility to fulfill these rights and ensure that sufficient processes are in place to accommodate the data subjects.

5.24 The data subject has the right to information when personal data are collected. This information must be provided in a readily accessible written form using clear and plain language. The General Data Protection Regulation specifies a number of clear requirements that must be met, and these requirements vary depending on whether the information is collected from the data subject themselves or from a third party.

5.25 The data subject has the right to obtain confirmation as to whether personal data concerning them are being processed, and in such cases, receive a copy of the personal data (data subject access request). This right applies regardless of where the personal data are processed.

5.26 If personal data being processed are inaccurate or incomplete, the data subject may request rectification. If the data subject demonstrates that the purpose for which the personal data are processed is no longer lawful, necessary, or reasonable under the circumstances, the relevant personal data shall be deleted, unless other legal provisions state otherwise.

5.27 The data subject has the right to transfer personal data they have provided to Easyweb to another data controller (right to data portability) if the processing is based on legal grounds of a contract or consent. Personal data shall be provided to the data subject in a structured, commonly used, and machine-readable format. If technically feasible, the data subject may request that the data be transferred directly to another data controller. The right only applies to the personal data that the data subject has provided to Easyweb.

5.28 In certain cases, the data subject has the right to request that Easyweb restricts the processing of their personal data, i.e., restricts processing to certain limited purposes. The right to restriction applies, for example, when the data subject believes the data are inaccurate and has requested rectification of the personal data. The data subject can then request that the processing of the personal data be restricted while the accuracy of the data is verified. When the restriction is lifted, the individual shall be informed of this.

5.29 The data subject has the right to object to the processing of personal data based on a legitimate interest as the legal basis. In case of an objection, the Company shall cease processing unless it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

5.30 In certain cases, the data subject has the right to request the deletion of their personal data (the "right to be forgotten"). An example is when consent is the legal basis for processing and the data subject withdraws their consent.

5.31 When personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them. If a data subject opposes the processing of personal data for direct marketing purposes, such processing shall cease.

5.32 A personal data breach is a security incident that leads to accidental or unlawful destruction, loss, alteration, or unauthorized access to personal data. Examples of personal data breaches include theft of customer registers, accidental disclosure of salary information via email to the wrong recipient, an employee taking home an unencrypted work computer which is later stolen in a burglary leading to the disclosure of information about employees or customers, personal data published on the web by mistake, a portable computer containing personal data being lost or stolen, etc.

5.33 Personal data breaches may need to be reported to the supervisory authority within 72 hours of discovering the incident if it is likely that there is a risk to the rights and freedoms of individuals. Occurred incidents must be documented, and the affected data subjects may need to be informed.

5.34 For definitions regarding terms used in this policy, refer to the General Data Protection Regulation.

5.35 For further informationon how we process your personal data, click here "information for data subjects."

6. Marketing

6.1 Easyweb has the right to display the Customer's website for marketing purposes. If the Customer wishes to revoke this right, it can be done by sending an email to our support.

7. Intellectual Property Rights

7.1 All intellectual property rights in the Software belong to Easyweb. All customer-specific code, web design, and customer's own inserted images and content belong to the customer. Codes related to templates and Easyweb's own images may only be used by the Customer as long as they pay for the Service.

8. Publication Restrictions

8.1 The Customer undertakes through the Service not to publish images or texts that they do not own or have the right to use. The Customer further undertakes not to publish images, films, or texts that may cause offense or violate the Discrimination Act 2008:567 or other legislation. The Customer may not: publish or disseminate information or material that constitutes incitement to racial hatred, libel, child pornography offenses, illegal depiction of violence, breach of confidentiality, or incitements to crime, or otherwise violates the law or is offensive.

9. Liability for Damages

9.1 The Customer's right to compensation from Easyweb for damage related to the Customer's use of the Service is limited to compensation for direct damage and loss and thus not in any case for lost profits or other indirect damage or loss. Easyweb's total liability is limited to an amount corresponding to the Customer's most recent payment for the Service.

10. Choice of Law & Dispute Resolution

10.1 Disputes arising in connection with the Service shall be finally settled by arbitration according to the Rules for Simplified Arbitration of the Stockholm Chamber of Commerce's Arbitration Institute. The seat of arbitration shall be Stockholm. The language of the proceedings shall be Swedish. Swedish law shall apply to the dispute.

The parties undertake, without time limitation, not to disclose without compelling reasons:

a. the existence of, or the content of, arbitration in connection with the Service,

b. information about negotiations, arbitration proceedings, or mediation in connection with the Service,

c. decisions or judgments issued by the arbitral tribunal in connection with the Service.

Easyweb icon

This website uses cookies to improve your user experience, for security routines and for statistics. By continuing to use the website, you agree to the use of cookies.

Feel free to read ours privacy policy. If you agree to our use, choose Accept all. If you want to change your choice afterwards, you will find that option at the bottom of the page.