Saab Webshop - Privacy Policy

Privacy Policy


Last updated 17 December 2018

Orio AB and its subsidiary undertake to respect and protect your personal data and your personal privacy in accordance with applicable legislation, industry rules and other relevant standards. In this privacy policy (hereinafter ”Policy”) we inform you about why Orio collects, uses and shares your personal data within the framework of your relationship with Orio. Please read this Policy carefully.

1.                   CONTROLLER

The controller responible for your personal data in accordance with applicable data protection legislation is Orio AB (hereinafter ”Orio”, ”we”, ”us” or ”our”). Orio is responsible for ensuring that your personal data is processed in accordance with this Policy and applicable data protection legislation.  

Contact details for the controller:

Orio AB

Corp. reg. no.:                                           556602-9277

Address:                                                     Flättnaleden 1, 611 45 Nyköping, Sweden

Telephone no.:                                         +46155244000


If you would like to contact us, you are welcome to e-mail or post a letter. Mark letters and e-mails with “GDPR”.

2.                   COLLECTION OF PERSONAL DATA

As a main rule, we process the personal data that you have provided us when you became a customer of ours or a member, or when you have otherwise contacted us (for example using the form on our website or via customer service). We can also collect personal data from external sources, for example information about your car at The Swedish Transport Agency. The personal data that we collect include e.g. the following categories of information: 

  • Names, e-mail addresses and telephone numbers. From corporate customers we can also collect relevant information concerning your position and contact details within the company you represent.
  • Information within the framework of the customer relationship, such as customer contact, customer communication, payment and invoice information. Information concerning your car that can indirectly be connected to you is also saved, such as the registration number.

At the end of this privacy policy is specified the type of information that we collect about you from each website and the legal ground, i.e. what right we have to process your personal data, how long we save them and who has access to them.    


We process personal data for the following purposes:

3.1 Provision of services and handling of your customer relationship

The primary purpose for collecting your personal data is to provide you with our services and to handle the customer relationship between us and you or the company that you represent. Processing is necessary for fulfilment of the agreement between us pursuant to 6(1) b GDPR.

3.2 Marketing

We process personal data in order to administer the sending of e-mail notifications and text messages to you regarding news about our services, request your feedback or provide you with other relevant information about our services. In this respect, our processing of your personal data is based upon our legitimate interest in providing you with relevant information about Orio and to promote our services pursuant to 6(1) f GDPR. You may at any time choose not to receive such marketing notifications by clicking here.

If you are not a customer of ours but you choose to sign up to our newsletter via any of our platforms, we will obtain consent to such processing pursuant to 6(1) a GDPR.

3.3 Development of technology and services, and information security

We will also process personal data in order to improve the quality of our services and to develop new ones. In these cases, our processing of personal data is based upon our legitimate interest, pursuant to 6(1) f GDPR, in ensuring that we have sufficient and relevant information to develop our services.

3.4 Invoice-related information

We will also process personal data in order to fulfil our legal obligations pursuant to applicable accounting and tax legislation. In these cases, our processing of personal data is based upon our obligation to fulfil mandatory provisions in law, pursuant to 6(1) c GDPR, that require us to store certain information for the purposes of accounting.


We may also share personal data with third parties:

  • Within the Orio group, in order to carry out our daily business and to the extent  required to fulfil our obligations to you.
  • When we are required to do so by law, e.g. to meet the demands of an authorised body or in conjunction with legal proceedings.
  • When our trusted service-suppliers provide us with service on our behalf and in accordance with the instructions we have given them. We will always control and be responsible for the use of your personal data.
  • If we are subject to a merger, an acquisition or a disposal of all or part of our assets.  
  • When we believe, in good faith, that it is necessary to share personal data to protect our rights, protect your security or the security of others, investigate fraud or respond to an enquiry from the state.


The information we collect from you is primarily stored within the EU/EES but may also be transferred and processed in a country outside the EU/EES. In the event of a transfer to a third-party country, we warrant that we take sufficient security measures in accordance with the GDPR. For example, we use a service supplier that stores data in the USA. This company is connected to Privacy Shield, which ensures that a company maintains an adequate level of protection for personal data. You are welcome to contact is if you would like more information.  

6.                   COOKIES

We use cookies and other similar technology on our websites. Cookies are small text files that are placed on your device to collect and save usable information, with the purpose of increasing the functionality of our website and to make it easier to use. We may also use cookies and other similar technology for statistical purposes to collate, anonymously, aggregated statistics concerning e.g. use of our website, which enables us to understand how a user uses the website and to improve the user experience. 

You can set your web browser not to accept cookies, restrict the use of cookies or to remove cookies from your browser. But cookies are an important part of how our website works, which is why restricting cookies may affect the website’s functionality.   

To read more about how we use cookies, please see our cookie policy here.

7.                   STORAGE OF PERSONAL DATA

Your personal data will only be stored as long as it is necessary to fulfil the purposes defined in the Policy. You will find more detailed information about how long we store your data for each service at the end of this document.

8.                   YOUR RIGHTS

You have the right to access the personal data that we process regarding you. You have the right at any time to change, update and remove your personal data. Please note, however, that certain information is necessary to be able to fulfil the purposes defined in this Policy and that may additionally be required under law. As a result of this, you cannot remove such personal data.  

You have the right to object to certain processing, such as direct marketing and profiling. To the extent required under applicable data privacy legislation, you are entitled to restrict processing of personal data.

In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may then only – with the exception for storage – continue to process your personal data with your consent or to determine, assert or defend a legal claim, or to protect another natural or legal person, or for reasons concerning important public interest.  

You have the right to data portability, i.e. the right to receive your personal data in a structured, commonly-used and machine-readable format and to have these transferred to another data controller, to the extent required under applicable law.

Please send aforementioned request to use via the contact details in section 1 at the top of the Policy.

If you are not satisfied with the way we handle your personal data, you have the right to submit a complaint to a supervisory authority in the EU/EES. In Sweden the Swedish Data Protection Authority is the appropriate supervisory authority. You will find the contact details for the Swedish Data Protection on this link.

9.                   SECURITY

We maintain an appropriate level of security (comprising physical, electronic and administrative security) to protect personal data from loss, destruction, abuse and unlawful access or unlawful disclosure. For example, we restrict the personal data to authorised employees or consultants who need to know the information to perform their duties.

10.               CHANGES TO THIS POLICY

We reserve the right to change this Policy. If we make any changes to this Policy, we will communicate this via our applications and websites, on which we will also keep the most recent version of this Policy available. 

11.               CONTACT US

If you have any questions concerning this Policy or the personal data we process regarding you, please contact us using the contact details in section 1 at the top of this Policy.


Saab Webshop

Purpose of processing your personal data

Personal data which is processed

How long the personal data is stored

With whom we share personal data

The purpose of the processing is to enable Orio to fulfil its undertakings in accordance with the purchase agreement.

  • Customer number
  • Email
  • Name
  • Mobile phone number
  • Place of residence, country
  • Last order you have made and previous orders

Until the purchase has been executed (including delivery and payment) and for a period thereafter for the purpose of enabling Orio to handle complaints and warranty matters, if any.

  • Orio AB
  • Our trusted service suppliers

Legal grounds: Fulfilment of the purchase agreement. This collection of your personal data is required in order for us to fulfil our undertakings in accordance with the purchase agreement. If the data is not provided, our undertakings cannot be fulfilled and we will be forced to deny you the purchase.

The purpose of the processing is to enable Orio to provide the Newsletter.

  • Email

The data will be removed when you inform us that you no longer wish to be a customer/member with us.

  • Orio AB

Legal grounds: Consent. If you agree to  receive our newsletter, the processing of personal data which is necessary for administering the send-out, is based on your consent. For more details on how to withdraw your consent, see the Policy.

The purpose of the processing is to enable Orio to provide information, offers and services which can be beneficial to your car ownership.

  • Information about your use of the service, information about your Saab, e.g. registration number, car model, mileage, last service etc.

 The data will be removed when you inform us that you no longer wish to a customer/member with us.

  • Orio AB

Legal grounds:Legitimate interest. The processing is necessary in order to satisfy our legitimate interest in evaluating, developing and enhancing our services, products and systems, and our legitimate interest to keep in contact with you within the framework of the customer relationship.