Last updated 13 January 2026.
Your privacy matters to us. We want you to feel confident when using pinDeliver. That’s why we’ve gathered all the details on how we handle your personal data in this Privacy Policy.
Your use of and access to websites or software owned by pinDeliver AB (“pinDeliver Property”) that are either (i) made available to you directly or indirectly through this website, or (ii) directly linked to this Privacy Policy, is subject to this Privacy Policy. This policy describes what data we collect and how we use it. The policy is available at www.pindeliver.com.
We respect your privacy. pinDeliver AB always complies with applicable data protection laws and will not disclose personal data to third parties without prior consent, unless otherwise explicitly stated in this policy.
If you have any questions or comments regarding privacy or this Privacy Policy, you can contact us via email at: security@pindeliver.com
This policy provides information about who we are and how we process personal data, including what data we collect about you when you use pinDeliver Property, which organization collects the data, how the data is used or disclosed, what choices you have regarding the collection and use of the data, what security measures are in place to protect your personal data, and how you can request correction of any inaccuracies.
pinDeliver AB, registered with the Swedish Companies Registration Office under organization number 556908-8197 and headquartered at Stora Nygatan 13, 411 08 Gothenburg (“pinDeliver”, “we”, “our” or “us”), is the data controller in accordance with the EU General Data Protection Regulation (“GDPR”). If you have any questions regarding the processing of your personal data, you can contact us via email at security@pindeliver.com.
Under data protection laws (GDPR), you have the right to control your own personal data and to receive direct information from us about how we process data about you. Below, you can read about your rights. If you wish to obtain information about which personal data pinDeliver processes about you through what is known as a data subject access request, have certain data deleted, or get in touch with us to exercise your other rights, you can contact us at security@pindeliver.com.
Your rights
Right to have your personal data erased
In certain cases, you have the right to have your personal data deleted. This applies, for example, to data that (i) is no longer necessary for the purpose for which it was collected, or (ii) if you withdraw your consent to processing. In some cases, pinDeliver may not be able to delete your personal data. This may be because the data is still necessary for the purpose for which it was collected, because pinDeliver’s interest in continuing to process the data outweighs your interest in having it deleted, or because we are legally required to retain it. You can read more about the legal requirements that apply to pinDeliver’s data retention, even when you request to be forgotten, in section 4 and section 8. These laws prevent us from immediately deleting certain information. You also have the right to object to our use of your personal data for certain purposes, such as direct marketing, as described below.
More information on the right to erasure can be found on the Swedish Authority for Privacy Protection’s website.
Right to information on how your personal data is processed
You have the right to be informed about how we process your personal data. We provide this information through this Privacy Policy.
More information on the right to information can be found on the Swedish Authority for Privacy Protection’s website.Right to access your personal data (“data subject access”)
You have the right to know whether pinDeliver processes your personal data and to receive a copy of it—known as a data subject access request. This allows you to see what data we hold about you and how we process it.
Right to data portability
This right allows you to request a copy of the data pinDeliver holds about you, which we process to fulfill a contract with you or based on your consent, in a machine-readable format. This enables you to transfer your personal data to another recipient.
More information on the right to data portability can be found on the Swedish Authority for Privacy Protection’s website.
Right to rectification of inaccurate data
You have the right to request that we correct inaccurate or incomplete information about you, and to have your data updated.
More information on the right to rectification can be found on the Swedish Authority for Privacy Protection’s website.
Right to restrict processing
If you believe the data we hold about you is incorrect, that our processing is unlawful, or that we no longer need the data for a specific purpose, you have the right to request that we restrict processing. You may also ask us to pause processing while we assess your request for rectification or objection, as described below.
More information on the right to restriction can be found on the Swedish Authority for Privacy Protection’s website.
Right to object to our processing of your personal data
You may object to our processing based on legitimate interest (Article 6(1)(f) GDPR), referring to your personal circumstances. You also always have the right to object to the use of your personal data for direct marketing. Once you notify us that you no longer wish to receive marketing from us, we will stop sending it.
More information on the right to object can be found on the Swedish Authority for Privacy Protection’s website.
Right to withdraw your consent
As described in section 5, where we process your personal data based on your consent or explicit consent, you have the right to withdraw that consent at any time. Once withdrawn, we will stop processing the data.
Right to file a complaint
If you have complaints about pinDeliver’s processing of personal data, you can contact the Swedish Authority for Privacy Protection, which is the supervisory authority for data protection in Sweden. You can reach them via this link. You may also file a complaint with your own national data protection authority, which you can find in the list here.In this section, we describe the types of personal data we collect or generate. In section 4, we explain how we use these types of personal data.
Personal data you provide yourself – This includes information you submit when contacting us via contact forms (such as name, phone number, and email address), by phone, mail, or email. We may also store correspondence that contains personal data, for the purpose of fulfilling agreements with you and/or the organization or legal entity you represent, or for informational and marketing purposes.
Technical data and usage information – This includes data collected when you use pinDeliver Property, as well as through cookies. Such data may include browser type, operating system, internet service provider domain name, which pages and content are visited, which services are used and how, interactions with content, and other statistics related to usage and preferences.
Camera and image information – Images captured via our mobile applications using the device’s camera, such as photos used as Proof of Delivery, scanning of goods, or other documentation initiated by the user through the application.
Location information – Geographical position (location data) collected from our mobile applications when a user is actively performing a delivery or assignment. This may include the starting and ending point of a route, current location during an active route, and timestamps associated with these locations.
In the tables below, you can read about:
When pinDeliver uses your personal data based on your consent or explicit consent, you may withdraw that consent at any time. You can do this by sending an email to security@pindeliver.com. We will then delete the information (or stop using it for the purpose where consent is the legal basis).
If you withdraw your consent or delete the uploaded information, it may result in the service being unavailable in cases where pinDeliver’s processing of personal data relies on your consent.
As described in section 2, you also have the right to object to certain uses of your personal data (for example, you can opt out of marketing). You also have the right to have certain data deleted, which is also explained in section 2.
When we share your personal data, we ensure that the recipient processes it in accordance with this information, for example by entering into data transfer agreements or data processing agreements with the recipients. These agreements include all reasonable contractual, legal, technical, and organizational measures to ensure that your data is processed with an adequate level of protection and in compliance with applicable law.
Description of recipient: Suppliers and subcontractors are companies that are only authorized to process the personal data they receive from pinDeliver on behalf of pinDeliver—that is, as data processors. Examples of such suppliers and subcontractors include software and data storage providers, as well as consultants.
Purpose and legal basis: pinDeliver needs access to services and functionality provided by other companies that pinDeliver cannot offer on its own. We have a legitimate interest in accessing these services and functionalities (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: pinDeliver may disclose necessary information to authorities such as the Police, the Swedish Tax Agency, or other government agencies and courts.
Purpose and legal basis: Sharing personal data with authorities is done when we are legally required to do so, or in certain cases, if you have requested us to do so—for example, when needed to manage tax deductions or prevent crime. Depending on the authority and purpose, the legal bases may be compliance with a legal obligation (Article 6(1)(c) GDPR), performance of a contract with you (Article 6(1)(b) GDPR), or pinDeliver’s legitimate interest in protecting itself against criminal activity (Article 6(1)(f) GDPR).
Description of recipient: In the event that pinDeliver sells its business or assets, we may share your personal data with a potential buyer of such business or assets. If pinDeliver or a substantial part of its assets is acquired by a third party, personal data about pinDeliver’s customers may also be shared.
Purpose and legal basis: pinDeliver has a legitimate interest in being able to carry out these transactions (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: To retrieve latitude and longitude for recipients’ addresses, display stops on a map, and calculate travel time between two geographic locations, we share relevant data with Google. Google will process your data in accordance with the Google Maps Terms of Service and Privacy Policy.
Purpose and legal basis: pinDeliver shares this information based on our legitimate interest in operating our business (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: To retrieve latitude and longitude coordinates for recipients’ addresses, we share relevant data with Hitta.se. Hitta.se will process your data in accordance with their terms of service and privacy policy.
Purpose and legal basis: pinDeliver shares this information based on our legitimate interest in operating our business (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: To retrieve latitude and longitude coordinates for recipients’ addresses, we share relevant data with Metria. Metria will process your data in accordance with their privacy policy.
Purpose and legal basis: pinDeliver shares this information based on our legitimate interest in operating our business (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: To send latitude and longitude data for route optimization, we share relevant data with Workwave. Workwave will process your data in accordance with their terms of service and privacy policy.
Purpose and legal basis: pinDeliver has a legitimate interest in carrying out these transactions (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: To send latitude and longitude data for route optimization, map visualization of stops, and retrieving coordinates for recipients’ addresses, we share relevant data with PTV. PTV will process your data in accordance with their privacy policy.
Purpose and legal basis: pinDeliver has a legitimate interest in carrying out these transactions (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: To send SMS messages to the mobile phones of delivery recipients and drivers, we share relevant data with 46Elks. 46Elks will process your data in accordance with their privacy policy.
Purpose and legal basis: pinDeliver has a legitimate interest in carrying out these transactions (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: To send SMS messages to the mobile phones of delivery recipients and drivers, we share relevant data with Spirius. Spirius will process your data in accordance with their privacy policy.
Purpose and legal basis: pinDeliver has a legitimate interest in carrying out these transactions (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: For operations and server storage, we share relevant data with Cygate. Cygate will process your data in accordance with their privacy policy.
Purpose and legal basis: pinDeliver has a legitimate interest in carrying out these operations (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
Description of recipient: pinDeliver may need to share your information when we sell or assign the collection of overdue unpaid debts to a debt collection agency.
Purpose and legal basis: This data sharing is done to collect your overdue debts. Debt collection agencies process personal data either in accordance with their own privacy policy or solely on behalf of pinDeliver, acting as pinDeliver’s data processor. These agencies may report your unpaid debts to credit reference agencies or the Swedish Enforcement Authority (Kronofogden). This data sharing is based on our legitimate interest in collecting and selling debts (Article 6(1)(f) GDPR). In our legitimate interest assessment, pinDeliver has determined that we have a valid interest in collecting and selling debts. We ensure that the processing is necessary to fulfill this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found in section 2.
To provide our services and operate our business, we may need to transfer your personal data outside the EU/EEA. This occurs when we share your information with a supplier or subcontractor operating outside the EU/EEA.
pinDeliver always ensures that the same high level of protection for your personal data, in accordance with the GDPR, is maintained even when data is transferred outside the EU/EEA. Your rights regarding your personal data (as described in detail in section 2) are not affected by such transfers. For more information about the recipients we share your data with, see section 6.
If you would like more details about our safeguards, you are welcome to contact us. Our contact information can be found in section 11. You can find more information about countries considered to have an “adequate level of protection” on the European Commission’s website, and you can read more about standard contractual clauses on the Swedish Authority for Privacy Protection’s website.
Specific safeguards used by pinDeliver when transferring data outside the EU/EEA
Countries outside the EU/EEA may have laws allowing public authorities to access personal data stored in that country for purposes such as combating crime or protecting national security. Regardless of whether it is we or one of our service providers processing your personal data, we ensure a high level of protection and that appropriate safeguards are implemented in accordance with applicable data protection regulations (such as the GDPR). These appropriate safeguards include:
Ensuring that the European Commission has decided the non-EU/EEA country to which your personal data is transferred provides an “adequate” level of protection comparable to that under the GDPR. This means, for example, that the data remains protected against unauthorized access and that you can exercise your rights in relation to the data, or
That the European Commission’s Standard Contractual Clauses (SCCs) have been entered into between pinDeliver and the recipient of the personal data outside the EU/EEA. This means the recipient guarantees that the GDPR-level protection of your personal data remains in effect. In such cases, we also assess whether any legislation in the recipient country could affect the protection of your personal data. If necessary, we implement specific technical and organizational measures to ensure your data remains protected when transferred to the respective non-EU/EEA country.
That the transfer is covered by the EU-U.S. Data Privacy Framework. This is an opt-in certification system for U.S. companies, administered by the U.S. Department of Commerce. This privacy framework includes a number of enforceable principles and requirements that must be certified by the U.S. company, ensuring that your data remains sufficiently protected.
How long pinDeliver stores your data depends on the purpose for which the data is used:
Personal data used in the contractual relationship between you and pinDeliver is typically stored for as long as the agreement is in effect, and thereafter for up to 10 years due to statutory limitation periods.
Personal data that pinDeliver is required to store under applicable laws, such as accounting legislation, is generally stored for 5 or 7 years.
The legal requirements mentioned above mean that pinDeliver cannot delete your personal data even if you request its deletion, as described in section 2. If we are not legally required to store the data, we must assess whether we need it to protect ourselves from legal claims.
Please note that even if we are obligated to store your data for legal reasons, this does not mean we are allowed to use it for other purposes. pinDeliver evaluates each specific purpose to determine how long we may use your data, as explained in section 4.
Information about our use of cookies can be found in our “Cookie Policy“.
We are constantly working to improve our services. This may result in changes to both current and future services.
This policy may be updated from time to time. We will inform you of any changes by publishing the updated Privacy Policy on this page. You are advised to review the policy regularly. Changes take effect from the time they are published here.
We reserve the right to modify this Privacy Policy as needed, for example due to changes in legislation.
pinDeliver is registered with the Swedish Companies Registration Office under organization number 556908-8197 and has its headquarters at Stora Nygatan 13, 411 08 Gothenburg.
pinDeliver AB complies with Swedish data protection legislation. If you have any questions or comments regarding data protection at pinDeliver AB, please contact us at security@pindeliver.com or via the address listed above.
