How ValueOrbit AB collects, processes, shares and protects your personal data — under the EU General Data Protection Regulation (GDPR) and the Swedish Data Protection Act.
Last updated: June 12, 2026
ValueOrbit AB, org. nr. 559363-1145
Solvägen 10, 183 52 Täby, Sweden
sami.rejeb@valueorbit.com
ValueOrbit AB ("ValueOrbit") collects and processes personal data when we interact with a number of different external parties and persons when you use the services offered by ValueOrbit.
ValueOrbit platform offers a software as a service solution which help our customers manage sales methodologies and guide them to predictable win.
For further details about the product please see ValueOrbit's website www.valueorbit.com.
ValueOrbit protect your integrity and make sure to protect the personal data being processed. ValueOrbit's processing of personal data is in accordance with applicable data protection laws, such as the EU General Data Protection Regulation, the "GDPR" and the Swedish Data Protection Act (Dataskyddslagen, SFS 2018:218) aiming to the protection of the integrity of individuals in processing their personal data.
The following describes how ValueOrbit collects, processes and shares your personal data. Furthermore, information is provided about how we handle an eventual data breach as well as information about your rights under the GDPR.
Please be aware that third-party companies may have separate data privacy information that can be found on their webpages.
For the purposes of this Privacy Policy:
The following categories of information may be collected for the following purposes:
Providing our service requires access to the data in the customer's CRM system. This includes access to the following data: profile, contact, lead, opportunity, account, activity objects and certain custom fields subject to configuration. ValueOrbit accesses also third-party platforms such as Salesforce and Hubspot.
ValueOrbit collects and processes customer activity data — email, calendar, phone number, address, etc. and customer activity data on behalf of ValueOrbit customers, by allowing Outlook, Google suite etc. ValueOrbit collects email and calendar data for business-related use only of the End User and ValueOrbit's customers.
Such information is not shared or disclosed to anyone other than the End Users authorized by the customer. ValueOrbit does not obtain or store your password for these third-party platforms, relying on OAUTH authentication protocols and tokens. Customers are required to follow their own company's policies regarding storage, management, sharing and retention of data in question.
When a ValueOrbit customer creates an account with ValueOrbit, we request them to authorise ValueOrbit, via OAuth, to interact with customer CRM system in the context of the End User. We use that authorisation to access the information (including personal data) we need in the CRM system for account administration, for providing our services and communicating with ValueOrbit customers about provided services.
When ValueOrbit is used with email/calendar systems, we prompt the End Users to connect or can be connected by an administrator with a service account to provide access to the contained information for delivery of the application services.
ValueOrbit, when used in conjunction with email/calendar systems, prompt the End Users to connect or to be connected by an administrator with a service account to provide access to the contained information for delivery of the application services.
Where our customers enable meeting recording or transcription features, ValueOrbit processes meeting audio, video and transcripts (which may contain Personal Data such as names, voices, images and the content of conversations) on behalf of the customer, in order to generate meeting notes, summaries, follow-ups and related insights. This processing is performed through our meeting-recording subprocessor identified in our Subprocessor List, hosted in the European Union. Customers and their End Users are responsible for informing meeting participants and obtaining any consents required under applicable laws (including the GDPR and applicable call-recording laws) before recording a meeting or call. Retention periods for recordings and transcripts are configurable by the customer in accordance with the Data Processing Agreement, and such data is not deleted without the customer's instruction during the term of the agreement.
Usage Data is collected automatically when using the Service. Usage Data may contain Personal Data.
Usage Data may include information such as your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
We may also collect information that your browser sends whenever You visit our Service.
We use Cookies and similar tracking technologies to track the activity on our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. The technologies we use may include:
Cookies or Browser Cookies — A cookie is a small file placed on your Device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, you may not be able to use some parts of our Service. Unless you have adjusted your browser setting so that it will refuse Cookies, our Service may use Cookies.
Web Beacons — Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count End Users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as you close your web browser. Learn more about cookies on the Privacy Policy: https://www.valueorbit.com/privacy-policy.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies — Type: Session Cookies. Administered by ValueOrbit. Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate End Users and prevent fraudulent use of End User accounts. Without these Cookies, the services that You have asked for cannot be provided, and we only use these Cookies to provide You with those services.
Cookies Policy / Notice Acceptance Cookies — Type: Persistent Cookies. Administered by ValueOrbit. Purpose: These Cookies identify if End Users have accepted the use of cookies on the Website.
Functionality Cookies — Type: Persistent Cookies. Administered by ValueOrbit. Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
For more information about the cookies we use and Your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
The Company may use Personal Data for the following purposes:
Under the GDPR we process Personal Data only where we have a valid legal basis to do so. Depending on the processing activity and your relationship with us, we rely on one or more of the following legal bases:
Performance of a contract (Article 6(1)(b) GDPR). To provide and maintain the Service, create and administer your Account, deliver the features you have subscribed to, and provide support and related communications. Where ValueOrbit processes Personal Data as a processor on a customer's behalf, the customer is responsible for establishing the legal basis for the underlying processing.
Legitimate interests (Article 6(1)(f) GDPR). To operate, secure, troubleshoot, analyse and improve the Service; to prevent fraud, abuse and security incidents; to administer our business and customer relationships; and to send service-related and similar-product communications to our existing business contacts. Where we rely on legitimate interests, we have weighed those interests against your interests, rights and freedoms, and you may object at any time as described in the section on your rights below.
Consent (Article 6(1)(a) GDPR). For the use of non-essential cookies and similar technologies, and for electronic marketing where consent is required by applicable law. Where processing is based on consent, you may withdraw your consent at any time; this does not affect the lawfulness of processing carried out before withdrawal.
Compliance with a legal obligation (Article 6(1)(c) GDPR). To comply with our legal and regulatory obligations, including accounting and tax obligations and responding to lawful requests from competent authorities.
We collect some Personal Data directly from you, for example when you register, configure the Service or contact us. We also process Personal Data obtained indirectly, including: (i) from our customers and the systems they connect to the Service (such as CRM, email and calendar accounts) when a customer uses the Service to process data about its own contacts, leads, prospects, customers, investors and meeting participants; and (ii) from our contact-enrichment subprocessor and publicly available business sources, in order to verify and supplement business contact details. The categories of such data are described under "What Data We Collect" above. Where ValueOrbit processes this data on behalf of a customer, the customer is the controller and is responsible for providing the information required under Articles 13 and 14 of the GDPR to the relevant data subjects.
The Service uses AI-assisted features to analyse sales, CRM and meeting data and to generate scores, qualifications, summaries, briefs, recommendations and forecasts. These outputs are designed to support human decision-making by our customers and their users. ValueOrbit does not use them to take decisions producing legal effects concerning a data subject, or similarly significantly affecting a data subject, based solely on automated processing within the meaning of Article 22 of the GDPR. Where a customer configures the Service in a way that involves such automated decision-making, the customer is responsible for compliance with Article 22, including providing any information and safeguards required for data subjects.
ValueOrbit is the data controller for the processing of Personal Data for which ValueOrbit determines the purposes and means. When we share your Personal Data with a company that is an independent data controller, that company's privacy policy and personal data management applies. We also use subcontractors for some Personal Data processing. Subcontractors who process information on our behalf and according to our instructions are called data processors. We have signed agreements with these data processors to ensure that personal data is not disseminated further and that it is adequately protected.
We may share your Personal Data in the following situations:
Default retention periods. Unless configured otherwise by the customer:
Customers may configure shorter or longer retention periods subject to applicable law.
The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Upon expiration or termination of a customer's agreement, the customer may request an export of its data in accordance with the General Terms, following which Personal Data is deleted or anonymised, subject to any legal retention obligations.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or when we are legally obligated to retain this data for longer time periods.
Customer application data, databases, file storage, primary compute infrastructure and meeting recording and transcription services are hosted within the European Union. Certain approved subprocessors — including providers used for AI processing and contact enrichment — may process limited Personal Data outside the European Union, including in the United States, as disclosed in our Subprocessor List and Data Residency Statement (see the section "Subprocessors and Data Residency" below).
Where Personal Data is transferred outside the European Economic Area, such transfers are carried out subject to appropriate safeguards under Chapter V of the GDPR, including, where applicable, the European Commission's Standard Contractual Clauses, together with supplementary measures where required.
The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Personal Data.
We retain copies of emails which we analyse for our products and services and because it is necessary in order to provide that service for performance reasons. We retain these emails for the duration of the customer's agreement, after which they are exported and deleted in accordance with this Privacy Policy and the Data Processing Agreement.
We use a limited number of subprocessors to deliver the Service. Customer application data, databases, file storage and primary compute infrastructure are hosted in European Union regions (Microsoft Azure and Google Cloud, EU), and meeting recording and transcription (Recall.ai) is hosted in the European Union. The following categories of subprocessors may process limited Personal Data in the United States: (i) AI processing (Google Gemini, provider default region); and (ii) contact enrichment (Apollo.io). The current Subprocessor List and Data Residency Statement, including any changes to the providers listed above, is available at https://www.valueorbit.com/dpa and may be updated from time to time in accordance with the Data Processing Agreement.from privacy@valueorbit.com and is updated from time to time. No Personal Data or customer data is used to train foundation models, and we contractually require our AI subprocessors not to use customer data submitted through the Service to train their models.
In the event of a personal data breach affecting Personal Data we process, we will notify affected customers without undue delay and, in any event, within seventy-two (72) hours of becoming aware of it, in accordance with the GDPR and the Data Processing Agreement.
You have the right to delete or request that we assist in deleting the Personal Data that we have collected about You.
Our Service may give you the ability to delete certain information about You from within the Service.
You may update, amend, or delete your information at any time by signing in to your Account, if You have one, and visiting the account settings section that allows You to manage your Personal Data. You may also contact us to request access to, correct, or delete any Personal Data that you have provided to us.
Please note, however, that we may need to retain certain information when we have a legal obligation or lawful basis to do so.
In addition to deletion, you have the rights under the GDPR to request access to, rectification of, restriction of or objection to the processing of your Personal Data, as well as the right to data portability, the right to withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing before withdrawal), and the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another competent supervisory authority. If you would like to exercise any of these rights, including the removal of any of your Personal Data that has been stored by ValueOrbit, please contact us at privacy@valueorbit.com. Where ValueOrbit processes Personal Data as a processor on behalf of a customer, we will refer your request to the relevant customer and assist them in responding, in accordance with the Data Processing Agreement.
If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose your Personal Data in the good faith belief that such action is necessary to:
The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
The Services are reserved exclusively for professional use and are not available to anyone under the age of 18, consistent with our General Terms. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 18, we take steps to remove that information from our servers.
If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.
Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
We protect our systems with appropriate technical and organisational measures, including firewalls, access control systems, strong passwords, and robust information security policies. We actively monitor our systems for signs of attack or intrusion.
However, there are certain aspects of the security of personal data are beyond our control. In particular:
We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on the Website.
We will let You know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on the Website.
If you have any questions about Personal Data, please contact us at privacy@valueorbit.com.