1. Introduction
This privacy policy explains what personal data Voyado AB and other Voyado group companies (“Voyado”, “we”, “our”, “us”) collect, why we collect it, how we use and share it, and what rights you have. This policy applies to visitors of our websites, individuals who engage with us, attendees of our events, and individuals who visit our offices. Separate privacy policies apply to users of our services and are accessible within those services.
Voyado AB, reg. no. 556787-0208, and Voyado Lund AB, reg. no. 556588-5240, are joint data controllers for the processing described in this policy.
Voyado is committed to protecting your personal data and to being transparent about how we use it. We encourage you to read this policy carefully and to contact us if you have any questions – our contact details are found in Section 12 below.
Capitalized terms used but not defined in this privacy policy have the meaning given to them in Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).
2. What personal data we collect and why
We process personal data for the following purposes. Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interest, you may object to the processing.
2.1 Website analytics and user experience
We use website analytics, session recording, heatmap, and survey tools to understand how visitors use our websites and to improve usability, content, and user experience. These tools may collect information about pages visited, interaction patterns (such as clicks and scrolling), survey responses, device and browser type, and online identifiers (such as pseudonymized cookie IDs and IP addresses).
The tools we use fall into categories such as analytics tools, heatmap and session recording tools, and on-site survey tools, such as Google Analytics and Hotjar. Session recordings are used in a privacy-protective way, and sensitive form fields are masked by default.
Legal basis:
- Consent (Art. 6(1)(a) GDPR). You can manage, update, or withdraw your preferences at any time through our cookie settings.
2.2 Prospect engagement and scoring on our website
We use scoring and web intent technologies to help identify website visitors, companies or accounts that may be interested in our products. Where you have consented to the relevant cookies or similar technologies, these technologies may collect information about your use of our websites, such as pages visited, time spent, traffic sources and website interactions. We may use this information to identify high-interest accounts, prioritize sales and marketing activities, and improve the relevance of outreach and advertising. These technologies do not identify you unless and until you identify yourself, allow direct marketing or otherwise engage with Voyado. If you have consented to direct marketing, or where direct marketing is otherwise permitted under applicable law, this information may lead to personalized marketing communications or outreach.
Legal basis:
- Consent (Art. 6(1)(a) GDPR) for the use of cookies or similar technologies for scoring and web intent purposes.
- Subsequent direct marketing or outreach is based on consent (Art. 6(1)(a) GDPR) where required under applicable marketing laws, or otherwise on our legitimate interest (Art. 6(1)(f) GDPR) in promoting our services to individuals in a professional capacity who have shown interest in Voyado’s products. You can manage or withdraw cookie consent through our cookie settings, and you may object to or unsubscribe from direct marketing at any time.
2.3 Marketing communications and events
When you sign up for our newsletter, request a product demo, register for a webinar or event, or otherwise ask to receive communications from us, we use your contact details (typically name, email address, company and job title) to send you relevant marketing material, product news, invitations etc. We may also analyze recipients’ engagement with our marketing communications, such as email opens, clicks and preferences, to measure performance and improve relevance.
When you attend a Voyado event, we may take photographs or video recordings for marketing purposes, subject to your consent where required under applicable laws on the use of name, image, likeness or recordings in advertising or marketing (such as the Swedish Act on Names and Pictures in Advertising (1978:800)). The legal basis for such processing under the GDPR is consent, see below.
Legal basis:
- Consent (Art. 6(1)(a) GDPR) for marketing sign-ups and event photography. You may withdraw consent and unsubscribe at any time via the unsubscribe link in our emails or by contacting us. Please note that this does not affect administrative or contractual messages we may need to send you.
- Legitimate interest (Art. 6(1)(f) GDPR) for direct marketing to existing customers. We have a legitimate interest in maintaining contact with our customers. You may object and unsubscribe at any time via the unsubscribe link in our emails or by contacting us.
- Legitimate interest (Art. 6(1)(f) GDPR) for analyzing recipients’ engagement with marketing communications to measure performance and provide more relevant offers and a better user experience.
2.4 Outreach to prospective customers
We identify and contact individuals who may be interested in Voyado’s products and services. For this purpose, we may collect contact and professional information from publicly available sources and professional networks (such as LinkedIn), as well as from collaboration partners and third-party data providers. This may include your name, job title, employer, and business contact details. We may use this information to maintain, enrich and update CRM and prospecting records, identify relevant contacts and accounts, prioritize outreach, and support sales and marketing activities, including through automated or AI-assisted tools (see Section 2.9 below).
Legal basis:
- Legitimate interest (Art. 6(1)(f) GDPR). We have a legitimate interest in marketing our services to individuals in professional roles who are likely to be interested in our offerings. You may object to this processing or opt out of marketing communications at any time by contacting us or via the unsubscribe link in our emails.
2.5 Meetings and call recordings
We may use Gong.io to record, transcribe, summarize and analyze external calls and video meetings with customers, partners and prospects. We use this to support training, improve customer interactions, enable collaboration across teams, ensure accurate documentation of commercial discussions, facilitate follow-up, and improve our services and sales processes. We may also analyze Gong recordings, transcripts, summaries and call metadata, together with relevant CRM or other business-related information, to generate internal business insights (including trends, customer sentiment, win/loss patterns, and other aggregated business insights) and to improve our services, customer interactions and commercial processes. This may include the use of AI-assisted technologies, as further described in Section 2.9 (Artificial Intelligence (AI)) below.
You will always be informed before a recording begins, and where required by law, may be asked to consent before joining. You may object or opt out; if you object, recording and transcription will not start or will be stopped.
Legal basis:
- Legitimate interest (Art. 6(1)(f) GDPR) for external business meetings in professional contexts where permitted by applicable law, based on our interest in documenting, following up on and improving customer, partner and prospect interactions, and generating relevant internal business insights.
- Where consent is required by applicable law, we rely on consent (Art. 6(1)(a) GDPR), which you may withdraw at any time.
2.6 Marketing attribution and analysis
We analyze customer journey, web intent and account-level engagement data from our marketing and sales platforms to understand which activities drive engagement and to improve the relevance of our outreach and advertising. For this purpose, we may process contact and engagement data relating to your professional interactions with Voyado, including website visits, email engagement, event and webinar attendance, advertising interactions, and sales activities.
Legal basis:
- Legitimate interest (Art. 6(1)(f) GDPR). Any profiling carried out under this section is based solely on your professional capacity, not your private life. You may object to this processing at any time by contacting us.
2.7 Voyado Academy
If you register for Voyado Academy, we process your name, email address, company name, and course-related data (including assessments and results) to manage your account and provide the learning experience. Inactive accounts may be deactivated or deleted in accordance with applicable retention routines. You may request earlier deletion by contacting us.
Legal basis:
- Performance of a contract (Art. 6(1)(b) GDPR), e. the agreement between us or your employer (as applicable).
2.8 Office visits
When you visit our offices, we may process your name, workplace, contact details, and visit duration for security and access control purposes. This data is retained for six (6) months following your visit.
Legal basis:
- Legitimate interest (Art. 6(1)(f) GDPR). We have a legitimate interest in maintaining the physical security of our premises, safety, and controlling access to our facilities. You may object to this processing at any time by contacting us.
2.9 Artificial Intelligence (AI)
We use AI-assisted technologies across our business to improve efficiency, quality and ways of working, including for internal productivity, automation of internal processes, analysis and summarization, content drafting, customer and sales support, prospecting and sales operations, service improvement, and meeting and call analysis (regarding our use of Gong to record and transcribe meetings, see Section 2.5 above). Where such use involves personal data (e.g. names, contact details, call and meeting transcripts, email contents, website and app behavioral data, or other business-related data), we process only what is necessary for the relevant purpose and do so in compliance with applicable data protection laws, including the GDPR.
Our use of AI is governed by strict technical and organizational safeguards. We do not use AI for automated decision-making, including profiling, that produces legal or similarly significant effects within the meaning of Art. 22 GDPR, such as decisions that deny you access to a service, affect your rights, or otherwise have a significant negative impact on you, and we do not use your personal data to train third-party AI models.
Legal basis:
- Legitimate interest (Art. 6(1)(f) GDPR). We have a legitimate interest in using and leveraging AI-assisted technologies to improve the quality, efficiency and/or relevance of our services, internal processes, customer and sales support, and business insights. You may object to this processing at any time by contacting us.
3. Cookies and tracking technologies
We use cookies and similar tracking technologies that store or access information on your device, such as local storage, tracking pixels and session storage. Some of these are strictly necessary for our website to function; others are non-essential and require your consent. You can manage, update, or withdraw your preferences at any time by clicking the cookie icon in the bottom right corner of our website.
The main categories of non-essential cookies we use, subject to your consent, are:
- Statistical cookies, used to measure how visitors interact with our websites and to improve our content and user experience.
- Functional cookies, used to remember your preferences and personalize your experience.
- Marketing cookies, used to track visitors across websites, measure campaign performance and enable targeted advertising through third-party platforms such as Google, LinkedIn and Meta.
The specific cookies in use, including their retention periods and providers, are described in our cookie declaration, accessible via our Cookie Policy.
For information on how we use the data collected through these technologies, please see Section 2 above.
4. Who we share your personal data with
We share personal data only where necessary for the purposes described in this policy. Within Voyado, access to personal data is limited to personnel who need it for those purposes.
The categories of recipients may include Voyado group companies; service providers acting as data processors or independent controllers, such as providers of IT infrastructure and hosting, security, analytics, marketing, advertising, sales and CRM, communications, event, learning management, office administration, and support services; professional advisers; and public authorities where required by law.
The specific providers we use may change over time. Where third parties process personal data on our behalf, we require appropriate contractual, confidentiality and security safeguards, including data processing agreements.
5. Third-country transfers
Some of our service providers are located, or process personal data, outside the EU/EEA. We transfer personal data internationally only where permitted under applicable data protection laws and where an appropriate transfer mechanism or safeguard is in place, such as:
- an adequacy decision, regulation or other recognition that the destination provides an adequate level of protection;
- the EU-U.S. Data Privacy Framework; or
- the European Commission’s Standard Contractual Clauses (SCCs), supplemented by additional technical and organizational measures where needed.
6. How long we keep your personal data
We retain personal data only for as long as necessary for the purposes described in this policy, taking into account any legal retention obligations. As a general guide:
- Marketing contact and communication data: generally kept for up to two (2) years from your last relevant interaction, or for as long as you are an active customer/contact or otherwise maintain an active relationship with Voyado. If you withdraw consent, object to direct marketing or unsubscribe, we will stop using the data for marketing and delete or suppress it as appropriate, subject to legal retention or suppression list obligations.
- Cookie and analytics data: in accordance with the retention periods set out in our cookie declaration.
- Office visit records: six (6) months.
- Voyado Academy data: retained for as long as your account is active. Inactive accounts are soft deleted after one (1) year, or after 180 days if you have never logged in. Unless restored, the data is permanently deleted one (1) year after soft deletion. You may request earlier deletion by contacting us.
Personal data may be retained for longer where required by applicable law, such as accounting or tax requirements, or where necessary to establish, exercise or defend legal claims.
7. Your rights under the GDPR
Under the GDPR, you have the following rights in relation to your personal data. These rights are not unconditional and may be subject to exceptions under applicable law. For more information on your rights, please see here.
- Access (Art. 15): the right to obtain a copy of your personal data and information about how it is processed.
- Rectification (Art. 16): the right to have inaccurate or incomplete data corrected.
- Erasure (Art. 17): the right to request deletion of your personal data in certain circumstances.
- Restriction (Art. 18): the right to request that we restrict processing of your data in certain circumstances.
- Data portability (Art. 20): the right to receive your data in a structured, machine-readable format.
- Objection (Art. 21): the right to object to processing based on legitimate interests, including for direct marketing.
- Withdrawal of consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise your rights, contact us at privacy@voyado.com. We will normally respond within one (1) month of receipt of your request. In complex cases this period may be extended by a further two months, in which case we will notify you.
You may unsubscribe from our promotional emails at any time by using the unsubscribe link included in each email. Please note that even if you opt out of receiving promotional communications, we may continue to send you administrative messages where necessary to fulfil our contractual obligations or to respond to a request made by you.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) at https://www.imy.se/kontakta-oss/ or with your local data protection authority.
8. Children’s privacy
Our websites and services are not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at privacy@voyado.com and we will delete the information promptly.
9. Third-party websites
Our websites may contain links to third-party websites, products, or services that we do not operate. This privacy policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy notices of any third-party websites you visit.
10. How we protect your data
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures may include implementation of security standards and secure private connections, traceability, disaster recovery, access limitations, regular and independent vulnerability and penetration testing, physical access control, organizational measures such as risk management and change control, data breach management and business continuity management.
We regularly review our security policies and procedures to ensure our systems are secure and protected.
11. Changes to this policy
We may update this policy from time to time. Any changes will be published on this page and will take effect upon posting. The date of the most recent update appears below. We encourage you to review this policy periodically.
12. Contact us
For questions about this policy or to exercise your rights, please contact us at privacy@voyado.com. You may also write to us at our registered address:
Voyado AB
Attn. Data Protection Officer
Lumaparksvägen 9, 120 31 Stockholm, Sweden
While we always hope to be able to resolve any questions or complaints directly, you also have the right to lodge a complaint with your local data protection authority. In Sweden, the competent supervisory authority is the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten):
https://www.imy.se/kontakta-oss/
* * *
Last updated: 2026-06-29