Linkedin X-twitter

Privacy Policy

Privacy Policy

1. Privacy Policy – Mimir Invest AB

Last updated: 30 March 2026

1. Introduction

This Privacy Policy explains how Mimir Invest AB (“Mimir”, “we”, “us”, “our”) collects and uses personal data when you visit our corporate website, contact us, or subscribe to communications from us.

We process personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and applicable Swedish data protection law.

By using our website, you acknowledge that you have read this Privacy Policy.

2. Data controller and contact details

The data controller responsible for the processing of your personal data is:

Mimir Invest AB
Kungsgatan 7
111 43 Stockholm
Sweden

Email: info@mimirinvest.com

If you have any questions about how we process your personal data, you can contact us at the email address above.

We currently do not have a mandatory Data Protection Officer, but you can always reach our privacy contact using this address.

3. Categories of personal data we process

We generally collect and process the following categories of personal data in connection with our corporate website:

  • Identification and contact details:
    Name, job title, company/organization, email address, phone number and similar details that you choose to provide.
  • Communication data:
    Information you include when you contact us by email or through any contact form or similar channel on the site (for example your message, subject and time of contact).
  • Newsletter and marketing preferences:
    Email address and any information about the types of communications you choose to receive or opt out of.
  • Usage and technical data:
    IP address, browser type and version, device identifiers, operating system, time and duration of visits, pages viewed, and similar information generated by your use of the website. This is typically collected through cookies and similar technologies (see section 12 below).
  • Other data you choose to provide:
    Any other personal data you decide to share with us in connection with your interaction with the website or our business (for example when you send information about potential investments, cooperation opportunities, or general business enquiries).

We do not intentionally collect sensitive (special category) personal data via the website and ask you not to include such information in website forms or general enquiries.

4. How we collect your data

We collect personal data from the following sources:

  • Directly from you, for example when you:
    • Send us an email.
    • Fill in a contact form.
    • Subscribe to a newsletter or other updates.
  • Automatically from your device when you:
    • Visit and browse our website, in which case usage and technical data are collected via cookies and similar technologies.

5. Purposes and legal bases for processing

We only process your personal data when we have a legal basis under GDPR. The main purposes and corresponding legal bases are:

5.1 Handling contacts and enquiries

  • Purpose:
    To receive, read and respond to enquiries sent via the website or by email (for example from portfolio companies, potential partners, advisors, service providers or other stakeholders).
  • Legal basis:
    • Our legitimate interests in communicating with business contacts and other stakeholders about our operations and potential cooperation (GDPR Art. 6(1)(f)); and
    • Where relevant, performance of a contract or steps prior to entering into a contract (GDPR Art. 6(1)(b)).

5.2 Newsletters and other information you sign up for

  • Purpose:
    To send you newsletters or other communications that you have requested or agreed to receive, and to manage your subscription (including unsubscribes).
  • Legal basis:
    • Consent (GDPR Art. 6(1)(a)) where we rely on your opt‑in to send electronic marketing; and/or
    • Our legitimate interests in providing information about our business and activities to existing business contacts, where permitted by law (GDPR Art. 6(1)(f)).

You can withdraw your consent or opt out of receiving marketing communications at any time by following the unsubscribe link in our emails or by contacting us.

5.3 Operating and improving the website

  • Purpose:
    To operate, secure and improve our website, including troubleshooting, usage analytics, and understanding how visitors interact with the content.
  • Legal basis:
    • Our legitimate interests in operating an efficient, secure and user‑friendly corporate website (GDPR Art. 6(1)(f)); and
    • Where required for non‑essential cookies/trackers, consent obtained through the cookie banner or settings (GDPR Art. 6(1)(a)).

5.4 Compliance and protection of rights

  • Purpose:
    To comply with legal obligations (for example bookkeeping, regulatory requirements) and to establish, exercise or defend legal claims or protect our rights, property or safety, or those of our group, portfolio companies, or other stakeholders.
  • Legal basis:
    • Compliance with legal obligations (GDPR Art. 6(1)(c)); and
    • Our legitimate interests in managing and protecting our business and legal rights (GDPR Art. 6(1)(f)).

If we intend to use your data for a new purpose that is incompatible with the purposes above, we will inform you and explain the new legal basis before we do so where required by law.

6. Recipients and categories of recipients

We will only share your personal data where necessary and with appropriate safeguards in place. Typical categories of recipients include:

  • Service providers (processors):
    External providers that help us operate our website and related services, such as hosting providers, IT support and security, email and newsletter distribution tools, and analytics or similar technical providers. These providers act on our instructions and are bound by data processing agreements.
  • Professional advisors:
    Legal, financial or other professional advisors where necessary in the context of transactions, legal claims, audits or similar matters.
  • Public authorities:
    Where we are legally obliged to do so, for example to tax authorities, law enforcement agencies or regulators.
  • Group entities or business counterparties:
    Where necessary in connection with corporate transactions, restructuring, or cooperation arrangements, and only to the extent permitted by law.

We do not sell your personal data.

7. International data transfers

Some of our service providers or their sub‑processors may be located outside the EU/EEA or may process data from such locations.

Where personal data is transferred to a country outside the EU/EEA that does not have an adequacy decision from the European Commission, we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission; and/or
  • Other lawful transfer mechanisms under GDPR.

You may contact us at info@mimirinvest.com for more information about applicable safeguards and, where relevant, to request a copy of key contractual protections (with confidential information redacted where necessary).

8. Data retention

We keep personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or to comply with legal, accounting or reporting requirements. In practice, this generally means:

  • Enquiries and general correspondence:
    Retained for the time needed to handle and follow up on the enquiry and for a limited additional period to document our communications and manage potential legal claims.
  • Newsletter and other subscriptions:
    Retained for as long as you remain subscribed. If you unsubscribe, we will stop sending you such communications and retain only the information necessary to document your opt‑out and comply with applicable rules.
  • Usage and technical data (analytics and logs):
    Retained for the period necessary to analyse website performance and security, generally aligned with technical and legal requirements and any settings applied in the tools we use.

When data is no longer needed, we will either delete it securely or irreversibly anonymise it.

9. Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures include access controls, secure infrastructure and processes, and contractual obligations with our service providers. However, no system is completely secure, and we cannot guarantee absolute security of information transmitted or stored electronically.

10. Your rights under GDPR

Subject to the conditions and limitations set out in GDPR and applicable law, you have the following rights in relation to your personal data:

  • Right of access:
    To obtain confirmation whether we process your personal data and to receive a copy of such data, together with certain information about the processing.
  • Right to rectification:
    To have inaccurate or incomplete personal data corrected or updated.
  • Right to erasure (“right to be forgotten”):
    To request deletion of your personal data in certain situations (for example if the data is no longer necessary for the purposes for which it was collected, or you withdraw consent and there is no other legal basis).
  • Right to restriction of processing:
    To request that we restrict the processing of your data in certain circumstances (for example while a complaint or request is being investigated).
  • Right to data portability:
    To receive the personal data you have provided to us in a structured, commonly used and machine‑readable format and, where technically feasible, to have it transmitted to another controller.
  • Right to object:
    • To object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests. We will then no longer process your data for that purpose unless we can demonstrate compelling legitimate grounds.
    • To object at any time to processing of your data for direct marketing purposes, including profiling to the extent related to such marketing. If you object, we will stop processing your data for direct marketing.

Where our processing is based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing that took place before the withdrawal.

To exercise any of your rights, please contact us at info@mimirinvest.com. We may need to verify your identity before acting on your request.

11. Complaints

If you believe that our processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State where you live, work or where the alleged infringement took place.

In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

We would, however, appreciate the chance to address your concerns first, so we encourage you to contact us at info@mimirinvest.com.

12. Cookies and tracking technologies

Our website may use cookies and similar technologies to:

  • Enable basic functions and ensure the site works properly (strictly necessary cookies).
  • Collect aggregated statistics about how visitors use the website (analytics cookies), such as which pages are visited and for how long.

Where required by law, we will obtain your consent before placing non‑essential cookies (for example certain analytics or marketing cookies). You can usually manage your cookie preferences via:

  • The settings available in any cookie banner or preference tool on the site; and/or
  • Your browser settings, which typically allow you to block or delete cookies.

Please note that blocking or deleting certain cookies may affect the functioning of the website.

More detailed information about the specific cookies used (if applicable) may be provided in a separate cookie notice or in the cookie settings tool.

13. Children’s privacy

Our website and services are not directed to children under the age of 16, and we do not knowingly collect personal data relating to children via the website.

If you believe that we may have collected personal data about a child, please contact us at info@mimirinvest.com, and we will take appropriate steps to investigate and delete the data if required.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities, legal requirements, or technical developments.

When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide a more prominent notice (such as on the website home page).

We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.