Designed for global mobility, locally protected. GDPR compliant and hosted exclusively within the EU/EEA.
Permly is a platform for work‑permit compliance, relocation workflows, and employer documentation. We process personal data under GDPR and Swedish law, operate on EU/EEA‑only infrastructure, and apply a strict secure‑by‑design, least‑privilege model. The following sections detail our compliance with key regulations and our commitment to data protection.
Overview of key legal frameworks.
Regulation (EU) 2016/679
We comply with the EU GDPR as both a Data Controller and Processor. For employer clients, this includes formal Art. 28 Data Processing Agreements (DPAs). We also perform internal Data Protection Impact Assessments (DPIAs) for sensitive processing and apply strong security controls (encryption, access limits, audit logs).
Lag (2018:218)
This complements the GDPR in Sweden. We follow IMY (Swedish Privacy Authority) guidance and apply national rules for lawful and secure processing of personal data.
OOSL (2009:400) & Arkivlagen (1990:782)
We handle submissions to authorities and manage archival materials in line with Swedish secrecy and retention laws.
MIGRFS
Job offers and insurance details are automatically validated against current Migrationsverket requirements (e.g., salary thresholds, mandatory insurances) before submission to ensure compliance.
Bokföringslagen (1999:1078)
We retain accounting‑related records for 7 years, as required by Chapter 7, Section 2 of the Swedish Bookkeeping Act.
Permly's tools classify as 'limited‑risk' under the draft EU AI Act. They only assist users (e.g., document drafting, classification) and never make legally binding decisions. We review these systems quarterly for bias, fairness, and performance.
Transparency and safeguards for our AI use.
Permly deploys large‑language models (LLMs) and other AI components solely for low‑risk, assistive tasks. These tools help us deliver faster, safer, and more compliant permit case preparation, always under human oversight and in accordance with GDPR and the EU AI Act.
AI outputs are assistive tools, not authoritative records. All content is reviewed and approved by humans before submission to any authority.
How we use cookies and respect your privacy choices.
Always Active
Required for core functionality such as secure log‑ins, authentication, and user preferences. These cannot be disabled.
Consent‑Based
Google Analytics with privacy‑enhanced settings to understand usage and improve performance. Only enabled if you consent.
Not Used
We do not use marketing, advertising, or third‑party tracking cookies. No personal data is sold to third parties.
You can manage or withdraw your consent at any time via our cookie banner or in your browser settings. Disabling strictly necessary cookies may affect the Platform's functionality.
Access our key legal and compliance documents.
How we handle policy updates and our commitment to transparency.
Major updates, for example, changes to why or how we process your personal data, are communicated proactively and before they take effect. In line with Articles 12–14 of the GDPR, these updates are clearly highlighted in our revised policies.
Smaller updates or clarifications are published immediately on our Platform. Version numbers always increase, and changes are logged.
Every change is documented in our public changelog with dates and version history so you can always review what changed and when.
Questions about our policies, your rights, or how updates may affect you?
admin@permly.aiWe're here to help you understand our policies and how updates impact you.