Privacy Policy
1. Introduction
This Privacy Policy explains how Theca Systems AB (“Theca”) processes personal data in connection with (i) Theca’s website, and (ii) customer administration (such as sales, contracting, invoicing and support).
2. Controller and Contact
Theca Systems AB (registration number 559390-0557) is the data controller for the processing described in this Privacy Policy.
Contact: privacy@theca.com (or other contact details provided on the website).
3. Categories of Personal Data
Theca may process the following categories of personal data, depending on the interaction:
- Contact information (name, email address, phone number, company).
- Account and authentication data (user identifiers, access logs).
- Customer administration data (contract details, billing and invoicing information, correspondence).
- Usage-related information (website analytics, service usage logs, support tickets).
- Marketing preferences and communications history.
4. Purposes and Legal Bases
Theca processes personal data for the following purposes and based on the following legal bases (as applicable):
- To provide and administer customer relationships, including contracting, onboarding, invoicing and support (performance of a contract and/or legitimate interests).
- To respond to inquiries and communicate with customers and prospects (legitimate interests and/or performance of a contract).
- To improve the website and services, including analytics, security monitoring and troubleshooting (legitimate interests).
- To comply with legal obligations (legal obligation), e.g., accounting requirements.
- To send marketing communications where permitted (legitimate interests and/or consent, depending on applicable rules).
5. Recipients and Third Parties
Theca may share personal data with service providers that support Theca’s operations (for example, IT and hosting providers, analytics providers, and customer support tools). Such providers act as processors or independent controllers depending on the service. Where relevant, Theca maintains information about material service providers on its website or upon request.
6. International Transfers
If personal data is transferred outside the EEA, Theca will ensure that appropriate safeguards are in place in accordance with applicable data protection law.
7. Retention
Theca retains personal data only as long as necessary for the purposes described above, including to comply with legal obligations and to resolve disputes. Retention periods may vary depending on the type of data and the applicable relationship.
8. Security
Theca implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration.
9. Your Rights
Individuals have rights in relation to their personal data, including rights of access, rectification, erasure, restriction, objection, and data portability (where applicable). Individuals may also have the right to lodge a complaint with the competent supervisory authority.
10. Theca as Processor for Customer Data in the Services
When Customers use Theca’s Services and submit personal data to the platform, Theca typically acts as a data processor and processes such data on behalf of the Customer. In such cases, the Customer is the data controller and is responsible for providing notices and handling data subject requests. The processing is governed by the Data Processing Agreement between Theca and the Customer. Under the Data Processing Agreement, Theca may process such personal data to provide, secure, maintain and improve the Services (including development and training of models used in the Services), subject to the Customer’s documented instructions and any restrictions set out in the Commercial Terms.
11. Changes to this Privacy Policy
Theca may update this Privacy Policy from time to time. The latest version will be made available on Here