Privacy Policy (GDPR-compliant)

Last updated: 22 October 2025

Shace AB ("Shace", "we", "us", "our") values your privacy and processes your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish legislation.

This privacy policy describes how we collect, use, store, and protect your personal data when you use our platform — a digital marketplace where landlords and tenants for offices and office spaces are connected in real time via our SaaS-based operational system.

By using Shace, you accept this policy.

1. Introduction & contact details

Shace AB

Shace AB is the data controller for the processing of personal data that takes place within the scope of our services.

If you have questions about how we handle your personal data, or wish to exercise your rights under the GDPR, you are welcome to contact us at [email protected].

2. What information we collect

We collect information needed to provide our services:

Personal information:

  • Name
  • Email address
  • Phone number

Information about listings and usage:

  • Information you provide when creating or interacting with listings
  • Information about your activities on the platform, e.g. bookings and searches

Payment information:

When you make payments through our service, we use Stripe as our payment provider. Stripe may process certain payment information, but we do not share your payment details directly with anyone else.

Technical information:

We may collect information via cookies and similar technologies to improve the user experience, analyse traffic, and ensure the platform works correctly. This may include IP address, browser type, device information, and pages visited.

Note: If we use cookies, users can often adjust browser settings to block them, but some features may be affected.

3. How we use your information

We process your data to:

  • Provide, administer, and improve our platform
  • Manage user accounts and listings
  • Match landlords and tenants
  • Process payments (via Stripe)
  • Communicate with you about updates, support, and relevant services
  • Fulfil legal obligations

4. How information is collected

We collect personal data in the following ways:

Directly from you: When you create an account, publish a listing, communicate with other users, or contact our support.

Automatically: When you use the platform, we may collect technical information via cookies and other tracking technologies, e.g. IP address, device type, browser, and user behaviour.

From third-party services: When paying via Stripe, certain payment data is collected directly by Stripe (e.g. card information), in accordance with their privacy policy.

5. Who can access the information

Only authorised Shace staff have access to personal data, to the extent required to perform their work.

In addition to Shace, the following categories of recipients may have access to the data:

  • Payment providers (Stripe): To process and verify payments.
  • Technical operations partners: For hosting, security, and support.
  • Authorities: Only when we are legally obliged to disclose information.

We do not sell or share personal data with third parties for marketing purposes.

6. Sharing of information

We do not share your information with third parties for marketing or other purposes, except for:

  • Payment processing: Stripe may process certain payment data to complete transactions.
  • We may also share information when required by law or to protect our rights and security.

7. Storage of information and security

We store personal data only for as long as necessary to fulfil the purposes described in this policy or as long as required by law.

We use appropriate technical and organisational security measures, including encryption and access controls, to protect the data against unauthorised access, loss, or alteration.

8. Why the information is processed (purposes)

We process your personal data to:

  • Deliver and administer the service: So you can create an account, publish listings, book offices, and communicate with other users.
  • Process payments: To handle payments and transactions via our payment provider Stripe.
  • Provide support and manage customer relationships: To answer questions, resolve issues, and provide customer service.
  • Develop and improve the service: To analyse user behaviour, detect errors, and optimise features.
  • Send relevant information: Such as updates, changes to the service, or security notices.
  • Marketing: To inform about new features, offers, or products (only with your consent).
  • Fulfil legal requirements: Such as accounting obligations, tax rules, or other statutory requirements.

We process personal data on the following legal bases under the GDPR:

  • Contract: Processing is necessary for us to fulfil our obligations under the contract with you, for example to deliver the service or process payments.
  • Consent: In some cases, e.g. for email marketing or use of non-essential cookies, we process your data only after you have given consent.
  • Legal obligation: When we must process data to comply with legal requirements, for example accounting legislation.
  • Legitimate interest: We may process certain data to improve our services, prevent fraud, or ensure platform security. We always carry out a balancing of interests before such processing.

10. Your rights (especially for EU users)

If you are resident in the EU, you have certain rights under the GDPR:

  • Right to receive information about what data we have about you
  • Right to request correction or deletion of your personal data
  • Right to request restriction of processing
  • Right to object to certain processing
  • Right to request data portability
  • Right to withdraw consent for certain processing at any time

To exercise these rights, contact us at [email protected].

11. Transfer to third countries (outside EU/EEA)

We strive to process personal data within the EU/EEA.

If personal data is nevertheless transferred to a country outside the EU/EEA (e.g. through our suppliers), this only occurs if:

  • The European Commission has determined that the country has an adequate level of protection, or
  • We use standard contractual clauses (SCCs) that ensure the data is protected in accordance with the GDPR.

Example: Stripe may process certain data outside the EU, but follows the EU's standard contractual clauses and meets GDPR requirements.

12. Data subject rights

As a registered user, you have the following rights under the GDPR:

  • Right of access: You have the right to receive confirmation as to whether we process personal data about you, and to request a copy of such data.
  • Right to rectification: You can request that incorrect or incomplete data be corrected.
  • Right to erasure ("right to be forgotten"): You can request that we delete your personal data when it is no longer needed or when the processing lacks a legal basis.
  • Right to restriction of processing: You can request that we temporarily restrict the processing of your data.
  • Right to data portability: You can request to receive data in a structured, machine-readable format.
  • Right to object: You can object to processing carried out on the basis of legitimate interest.
  • Right to withdraw consent: If processing is based on consent, you can withdraw it at any time.

To exercise your rights, contact us at [email protected].

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe your data is being processed incorrectly.

13. How cookies are used

Shace uses cookies and similar technologies to improve the user experience, analyse traffic, and ensure the service works as intended.

Cookies are small text files stored in your browser. We use:

  • Necessary cookies: Required for the platform to function.
  • Analytics cookies: Help us understand how the service is used so we can improve it.
  • Functional cookies: Remember settings and preferences.

You can adjust your cookie settings in your browser at any time. Note that some features may stop working correctly if you block cookies.

14. Changes to this policy

We may update this privacy policy as needed, for example when laws change or when our services change. The latest version is always available at www.shace.se. For significant changes, users will be notified by email or notice on the platform.

15. Contact details

If you have questions about this privacy policy or our processing of your personal data:

Shace AB