Privacy Policy | NordMDR AB

Summary in plain language We only collect information you give us directly through our contact form. We do not sell your data, we do not use advertising trackers, and we do not share your information with third parties except as needed to respond to your enquiry. You can ask us to delete your data at any time.

1. Who we are

NordMDR AB is a regulatory affairs consultancy registered in Sweden, providing EU MDR Authorized Representative services and compliance support for medical device manufacturers and importers. We are the data controller for any personal data you provide to us.

Company: NordMDR AB
Registered in: Stockholm, Sweden
Email: info@nordmdr.com
Website: www.nordmdr.com

2. What data we collect

We only collect personal data that you provide to us directly. This includes:

Contact form submissions — your name, company name, email address, country, service enquiry, and message content
Email correspondence — any emails you send to us directly
Website analytics — anonymised usage data through Google Search Console (no personal identifiers)

We do not use advertising cookies, tracking pixels, or third-party analytics tools that identify individual users. We do not collect payment information — all payments are handled by third-party processors.

3. Why we collect your data

We collect and use your personal data for the following purposes:

Responding to your enquiry — when you submit our contact form, we use your information to respond to your compliance question or assessment request
Providing our services — if you become a client, we use your contact details to deliver the regulatory services you have requested
Legitimate business communications — following up on enquiries and sending relevant compliance updates where you have indicated interest

Our legal basis for processing your data is legitimate interest (responding to your direct enquiry) and contract performance (delivering services you have engaged us for). We do not rely on consent for routine business communications.

4. How we store and protect your data

Your data is stored securely on our email systems hosted in Sweden and the EU. We do not store contact form submissions in any external database — they are delivered directly to our email inbox and retained in our email system.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website is served over HTTPS with SSL encryption.

5. Who we share your data with

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

Email service providers — our email hosting provider processes emails on our behalf under a data processing agreement
Website hosting — our website is hosted on Hostinger, which may process server logs containing IP addresses
Legal requirements — if required by law or a court order in Sweden or the EU

All third-party service providers we use are based in the EU or operate under EU-compliant data protection agreements.

6. How long we keep your data

We retain contact form enquiries and email correspondence for up to 3 years from the date of last contact. If you become a client, we retain relevant correspondence and documentation for 7 years in accordance with Swedish accounting and business record requirements.

You can request deletion of your data at any time — see Your Rights below.

7. Your rights under GDPR

As a resident of the EU or EEA, you have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you
Right to rectification — you can ask us to correct inaccurate data
Right to erasure — you can ask us to delete your personal data
Right to restriction — you can ask us to limit how we use your data
Right to data portability — you can request your data in a portable format
Right to object — you can object to our processing of your data for legitimate interest purposes

To exercise any of these rights, contact us at info@nordmdr.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten — IMY) at imy.se if you believe we have not handled your data correctly.

8. Cookies

Our website does not use tracking cookies or advertising cookies. We use only essential technical cookies required for the website to function (such as session management). No consent banner is required for essential cookies under GDPR.

We use Google Search Console to monitor website performance — this uses anonymised aggregate data only and does not identify individual visitors.

9. Third-party links

Our website may contain links to third-party websites such as LinkedIn and Google. We are not responsible for the privacy practices of these external sites. We recommend reviewing their privacy policies before providing any personal information.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page shows when it was last updated. We will notify active clients of any material changes by email.

11. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

NordMDR AB
Stockholm, Sweden
Email: info@nordmdr.com
Website: www.nordmdr.com