Handling of personal data

Who are we?

Our URL is https://www.crystone.se/en/. Crystone is part of Loopia Group AB, one of Europe's leading companies within domain names and web hosting.

Crystone was founded over 10 years ago and has been through major changes. One thing that has always been obvious, however, is that Crystone is the most affordable option that suits everyone. Over the past decade, Crystone has focused on being a long-term safe business partner for our customers. Today we are the obvious choice for 15,000 active customers. Crystone always stands for quality, safety and experienced support.


On May 25, 2018, the new EU General Data Protection Regulation (GDPR) came into force. To summarize it, this is about an EU regulation with the purpose to strengthening the protection of private individuals, in the processing of personal data. When it comes into force, it replaces the Data Protection Directive of 1995, as well as the current national regulations of all Member States. In Sweden's case, it is about the PUL, the Personal Data Act.

GDPR also demands new requirements on all companies, authorities and organizations that collect and manage personal data. Easily said, GDPR specifies the regulations on the protection of personal data, and clarifies the responsibility for data that is handled and stored. It is important that you who store or in any other way manage personal data, educates yourself in the basics of GDPR.

You can find more information about GDPR and what it means here:

Swedish Authority for Privacy Protection
EU Commission

Here is a checklist to keep in mind when processing personal data in our services

To begin with, it's good to take a look at this page to understand what personal data actually is. If you are aware of processing personal data in one way or another, there is a lot to have in mind as mentioned earlier.

Here are some specific tips regarding processing of personal data linked to our services:

• Do not process personal data you do not need (regardless of consent or similar) and if possible, completely avoid processing extra sensitive data.
• Make sure that the information you process and collect is done on a legal basis.
• Make sure you are aware of your obligations in the form of personal data controller/manager.
• Use encrypted protocols for e.g. your web, mail and file transfers.
• Keep your applications where data is processed secure, constantly updated and restrict access to data as much as possible.

Important documents for you as a customer

We have gathered some important documents for you, as a customer of Crystone from when GDPR came into force.

General Terms and Conditions
General terms and conditions regarding IT operations and communication services
Privacy Policy
Personal Data Assistance Agreement
Personal data management (Appendix 1 to the Personal Data Entry Agreement)

Crystone as personal data manager

Crystone acts as controller for you as a customer for us, and for your information you enter when registering in our services. This means that we assume the responsibility that applies within the GDPR to personal data controllers regarding the processing of your personal data. In the document ”Privacy Policy” you will find all information that applies to you as registered with us. Our customers can in turn be responsible for personal data for information they collect and store in our services, and our role then becomes as Personal Data Assistant to our customers.

Crystone as personal data assistant

If you in turn to store personal data in our services, we act as personal data assistant (processor). This is important especially for you as a customer to keep track of (you can read more about this here) and you as a personal data manager need to make sure you have an agreement (assistance agreement). This is something that we have provided together with our legal partners and it is also a personal data assistant agreement that applies to all our customers. This, together with Appendix 1 (”Personal data management”), our general terms and conditions and ourdata protection policy is the aggregated information that you use when you consider us as personal data assistant.

Unfortunately, we do not have the opportunity to make adjustments in the assistance agreement we offer, nor can we sign physically for you as a customer within our web hosting or cloud services - moreover, we offer the standard digital agreement found on the link above. For you who buy for e.x. consultancy, server services or similar through contact with sales team or account management can have this without any extra cost and we will turn to your sales contact.


We work continuously with our law firm to have good and clear agreements and conditions, and have built up good routines and systems to match data protection and GDPR with the help of a supplier who works exclusively with this.

Trained and knowledgeable staff

We have undergone training as well as an internal GDPR certification for all our staff in all departments, and do it on a regular basis once a year. We also have cutting edge expertise and supplier / system support to keep us up to date and work actively to follow the directives and try to facilitate this for our customers as well.


Other important information about how we work with GDPR, both as an assistant and a responsible person, can be found in our data protection policy and our Appendix to the Personal Data Assistance Agreement, which describes how we process personal data as personal data assistant. We have a full understanding that many people have questions and concerns about GDPR, but unfortunately have no opportunity to answer questions and concerns about how you should work with this other than for the information we have published here which is more specific about our services. For other issues we refer to Swedish Authority for Privacy Protection (IMY) which has very good information and guides for working with GDPR.