Privacy Policy

This Privacy Policy describes Forefront Consulting Group’s (“Forefront”) work with data protection and personal data and explains how and why we collect and use your personal data. It’s important for Forefront as a company that your personal data – as a private individual and as a potential or current customer – is processed in a safe and correct manner. Therefore, we advise you to read this Privacy Policy so that you know how we handle your information and why. In case of questions related to this policy, do not hesitate to contact us at

External Privacy Policy

Privacy Policy Forefront Consulting

This Privacy Policy describes the information and explains why we collect the information related to our customers and potential recruits.

It’s important for us that personal data collected from you as a potential or current customer, or as a visitor (to our website) is handled in a safe and correct manner.

Which information do we collect?

After a first contact has been established between Forefront and you as a customer, we save your Name (as a customer contact), your email, your phone number and the company name for which the case applies.

If you are applying for a position with Forefront, you will provide us with information about yourself. We will save this information for up to three years regardless of whether the application leads to a recruitment or not, so we can offer you other positions.

If you contact Forefront for anything other than the above, we will not collect any personal data about you, except what you send to us. We save this information in order to be able to manage daily communication with our customers or contacts, as well as be able to carry out customer surveys.

If you are a potential customer, have a different type of contact with Forefront or have consultants from Forefront, the individual consultants may store more personal data about you or your employees. All employees at Forefront have been informed of our IT Policy and of our Information Security Policy, which include guidelines on what information can be saved and in what way. We at Forefront will, as far as possible, follow up with our employees regarding the guidelines on erasing and retention and that only personal data, which is necessary for the assignment will be saved, in order for you as a customer to feel safe about the processing of your personal data.

How long do we save the information about you?

Forefront saves personal data about customers for the duration of the customer agreement and up to one year after the end of the customer agreement. After one year, Forefront deletes any personal data but saves the name of the customer contact as well as company name for any potential new assignments.

All employees have received routine descriptions regarding deletion and retention of personal data, including clearing of emails and other documentation after completion of any customer assignment.

Information regarding applications is saved for three years.

Other email and/or other information is deleted once the information no longer fills any purpose.

If you object to Forefront saving customer contact or company name, you can contact

To whom may we share your information?

Forefront only uses personal data about external parties for internal use. Only after consent from the customer, the company name of our customers is published on the website ( and then without personal information such as customer contact or similar. If you consider the information about you or your company to be incorrect or if you want to know more about the information Forefront handles about you, please contact Forefront’s GDPR responsible at

If you feel that Forefront handles your personal data in the wrong way or illegally, you have the right to report this to the Swedish Authority for Privacy Protection (IMY).
Telephone: 08-657 61 00

Forefront’s role as regards GDPR

Forefront safeguards individuals’ personal privacy and therefore strives to work with customers and suppliers who meet the requirements of companies that process personal data. Depending on the type of consulting service provided and how we work together with customers, the responsibility for the personal data processing may be distributed differently among the contracting parties.

Below we want to explain and clarify how Forefront generally perceives the division of responsibilities for the processing of personal data in accordance with applicable data protection legislation when providing consultancy services. Any questions can be directed to

Handling of personal data – Resource Consultant Agreement

When Forefront provides a consultant for work with a customer, regardless of whether the consultant is employed by Forefront or by a contracted sub-consultant, according to an agreement regarding resource consulting services, the consultant will work under the customer’s management and responsibility. The consultant will in such situations also have a confidentiality obligation in accordance with an agreement between the customer and the consultant which prevents personal data from being shared with Forefront and/or with any sub-consultant.

When a consultant in the performance of the consulting services processes personal data under the customer’s direct responsibility and work management, which can be done by using the work tools for which the customer is responsible such as the customer’s system, the customer is the data controller for the personal data processing that the consulting services include. Forefront or the sub-consultant is not a data processor for such processing.

In order to support the entering of such a confidentiality agreement with the above-mentioned confidentiality commitment before the assignment begins, Forefront may include a draft confidentiality agreement in the customer agreement, which the customer can use for simplicity.

No personal data is therefore transferred from or otherwise made available by the customer in relation to Forefront or a sub-consultant in connection with the consultant working for the customer. Accordingly, this does not result in processor relationship between any of the parties.

Forefront shall ensure that the consultant has given his consent to his personal data being disclosed to a customer by Forefront to the extent necessary for the agreed consulting services/assignment. The customer is the data controller for the data that the customer receives and processes in connection with this. Forefront is, however, responsible for its disclosure of personal data to the customer.

Handling of personal data – specific performance assignments (assignment agreement)

When Forefront provides consulting services within the framework of specific performance assignments (assignment agreements), such as design and technology solutions, strategy and business solutions, or support and maintenance services, Forefront may, where applicable, process personal data on behalf of the customer.

This is also the case when the consultant works under Forefront’s management and responsibility, since the customer ultimately decides on the processing of the personal data that the customer transfers to Forefront in connection with agreed assignments.

Thus, the customer is the data controller for the potential personal data processing while Forefront is the data processor to the customer. Forefront is as a starting point also acting as a data processor for the processing that any contracted sub-consultant may take in connection with the performance of assignments towards the customer. Such sub-consultant’s work does not, in Forefront’s view, lead to a sub-processor relationship, as sub-consultants work under Forefront’s leadership and responsibilities in the execution of the assignments.

In order to support the parties’ handling of agreements and commitments from a data protection perspective, Forefront always provides a draft Data Processing Agreement to the customer agreement, which the customer can use for simplicity with the purpose of regulating Forefront’s commitments as a data processor to the customer.

For the latest information about Forefront’s handling of personal data, please visit us at Any questions can be directed to


Cookies are text files that store information about users on a website, computer or mobile device. According to the Swedish Electronic Communications Act (2003:389), information that a website contains cookies should be given to everyone who visits the website. The purpose of collecting cookies should also be clear. Forefront uses different types of cookies with the aim of improving the website and our offering.

Different types of cookies

Persistent (stored) cookies

These remain on your hard drive until you erase them or they expire. They are activated every time you visit the website.

Session cookies

These are temporary and are erased when you close your browser at the end of your surfing session or when you leave the website.

Third party cookies

We use Google Analytics, LinkedIn Insight and Facebook Pixel to collect statistics.

Turn off cookies

If you do not consent to the use of cookies, you can turn them off in your web browser’s security settings.