Privacy Policy
Megadeals International AB / Njord
Last updated: 17 April 2026
This Privacy Policy describes how Megadeals International AB (trading as Njord) collects and uses personal data through our website njord.io and our marketing activities.
1. Who we are
Legal name: Megadeals International AB (trading as Njord)
Organisation number: 559220-2120
Registered address: c/o Njord, Mäster Samuelsgatan 42, 111 57 Stockholm, Sweden
Privacy contact: privacy@njord.io
We are the data controller for personal data processed through njord.io and our marketing activities. When we process personal data on behalf of a customer within a contracted engagement, we act as a data processor under a separate Data Processing Agreement (DPA), which governs that processing in place of this policy.
2. What personal data we collect
Data you give us directly: name, business email, phone number, job title, company name, and the content of any messages or form submissions.
Data collected automatically when you visit njord.io: IP address, browser and device information, pages viewed, and cookie and tracking data (see our Cookie Policy).
Data from third-party sources: publicly available professional information (name, business email, job title, employer, LinkedIn profile) from B2B data providers and professional networks, used only for B2B outreach.
3. Why we process it and on what legal basis
- To respond to enquiries, demos, and pre-sales conversations. Legal basis: pre-contractual steps and legitimate interests.
- To provide our platform and services to customers. Legal basis: contract performance.
- To send B2B marketing communications (newsletters, product updates, event invitations). Legal basis: legitimate interests, or consent where required by law.
- To run targeted digital advertising. Legal basis: consent, via our cookie preference centre.
- To identify visiting companies at the organisation level, to improve our website, and to protect against fraud and misuse. Legal basis: legitimate interests.
- To comply with legal and regulatory obligations.
Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. You may object at any time by contacting privacy@njord.io.
4. Data obtained from third parties (Art. 14 notice)
Where we obtain professional contact data about you from third-party sources such as B2B data providers and professional networks rather than directly from you, we limit that data to publicly available professional information (name, job title, employer, business email, public profile). We rely on legitimate interests as the lawful basis. If you would prefer not to be contacted, you can object at any time by emailing privacy@njord.io.
5. Who we share data with
We share personal data with categories of service providers who act as processors on our behalf, including:
- Customer relationship management and marketing automation providers
- Website analytics providers
- Advertising networks and B2B advertising partners
- Cloud infrastructure and hosting providers
- Error monitoring and diagnostics providers
A full list of these providers is available on request at privacy@njord.io, and an up-to-date list of sub-processors used in the provision of our platform to customers is maintained in the DPA.
We do not sell your personal data.
6. International transfers
Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) or another approved transfer mechanism. A copy of the relevant safeguards is available on request.
7. Profiling
For our own B2B marketing, we segment website visitors and contacts based on professional attributes and engagement signals in order to send relevant communications. This processing does not produce automated decisions that have legal or similarly significant effects on you within the meaning of Art. 22 GDPR. You can object at any time by contacting privacy@njord.io.
8. How long we keep personal data
- Website visitor analytics: up to 26 months
- Contact and lead data: up to 3 years from last interaction
- Customer account data: duration of the contract plus 5 years
- Marketing email interactions: until you unsubscribe or after 3 years of inactivity
- Accounting and tax records: 7 years (Swedish statutory requirement)
- Security and system logs: minimum 6 months
When data is no longer required, it is deleted or anonymised.
9. Your rights
If you are in the EU, EEA, or UK, you have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected or incomplete data completed
- Have your data erased, subject to legal exceptions
- Restrict or object to our processing
- Receive your data in a portable format
- Withdraw consent at any time where processing is based on consent
- Not be subject to solely automated decisions with legal or similarly significant effects
To exercise any of these rights, email privacy@njord.io. We will respond within 30 days.
You also have the right to complain to the supervisory authority in your EU/EEA Member State. In Sweden, this is Integritetsskyddsmyndigheten (IMY), www.imy.se.
10. Security
We implement appropriate technical and organisational measures to protect personal data. Our security documentation is available to enterprise customers and prospects on request.
If you believe your data has been compromised, contact us immediately at privacy@njord.io.
11. Children
Our services are directed at business users and not at anyone under 18. We do not knowingly collect personal data from minors.
12. Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the most recent revision. For material changes, we will notify you by email or by prominent notice on njord.io.
13. Contact
Email: privacy@njord.io
Postal: c/o Njord, Mäster Samuelsgatan 42, 111 57 Stockholm, Sweden