A shelf corporation is a ready-made and registered limited company that you can buy and use immediately. Many entrepreneurs choose to purchase a shelf corporation to quickly get started with their business. This way, you avoid going through the time-consuming process of registering a new company from scratch. With a shelf corporation, you still have the opportunity to customize the company according to your needs. So you can, for example, change the name, modify the business description, and appoint your own board of directors. This allows you to start your business faster when buying a shelf corporation.

What are the advantages?

One of the main advantages of buying a shelf corporation, and why so many choose it as an option, is that you avoid the initial administration that comes with starting a limited company. It saves both time and energy, especially if you haven’t gone through the process of starting a company before. It’s valuable if you’re in a hurry to sign contracts, apply for loans, or need to get your business up and running quickly. Since the shelf corporation is already registered, you can instead focus on customizing the company and begin operating your business. This also means you can buy a one regardless of the type of business you plan to run. It doesn’t matter if you plan to, for example, run a store, a consulting business, or a tech startup, as you can quickly adapt the shelf corporation to suit your needs.

And what are the disadvantages?

One of the biggest drawbacks of shelf corporations is the high cost. This is because you’re essentially paying to avoid the registration process and get a ready-to-use limited company. So you still need the 25,000 SEK required for share capital and possibly other funds needed to start your business. If you’re starting with limited capital, it can be difficult to purchase a shelf corporation, even though it saves time.

Another downside is that the corporation isn’t entirely new, even if it hasn’t conducted any business previously. The shelf corporation may have been registered for some time without being active. This means that the company’s fiscal year begins when it was first registered with the Swedish Companies Registration Office. The fiscal year doesn’t start from the date you purchase the shelf corporation. This could bring up certain financial issues that you may need to address from the outset.

It’s also important to remember that even though the process of starting a limited company is faster with a shelf corporation, it doesn’t mean you completely avoid the initial administration. You still need to spend some time setting up things like the company’s board of directors, the company name, and business description, which requires some processing time with the Swedish Companies Registration Office.

Is a shelf corporation the right choice for you?

Buying a shelf corporation can be a good option if you need a company quickly and don’t want to wait for the registration of a new limited company to be completed. It’s especially beneficial if you want to start your business immediately and need a company registration number to sign contracts or conduct business.

At the same time, it’s important to remember that a shelf corporation costs money. So, it’s a good idea to consider whether investing in one is valuable for your business. You simply need to weigh the advantages of the quick start against the higher cost. If you have time to wait and want to save money, it might be better to start a limited company from scratch instead.

Do you need legal help?

Have you protected your brand yet?

Building and maintaining a strong brand is critical to a company’s success and competitiveness. And through strong trademark protection, you’re able to protect your company against trademark infringement and strengthen its position on the market. You can protect your brand by registering it with the Swedish Intellectual Property Office (PRV) or by incorporation.

A brand that has achieved an established position on the market and is well known among consumers is protected by trademark protection. Since establishing this requires a lot of time and work, it’s easiest and most efficient to register your brand. That gives your brand formal rights. It protects your brand from others trying to register brands that could be interchangeable with your brand. And it allows you to use the ®-symbol in marketing.

Important things to consider before registering your brand

Distinctiveness is key to strong trademark protection and simply means that your have to be able to distinguish your products or services from others on the market. To ensure your brand is distinctive enough, it shouldn’t be generic or descriptive of the products or services your brand represents.

If your brand is illegal or violates morals or public order, you won’t be able to register it. You also won’t be able to register it if there’s risk of misleading consumers or if your brand is similar to other protected intellectual property rights.

Register for trademark protection

To make sure your brand is protected, you can register it with the Swedish Intellectual Property Office (PRV). Just send an application through their site and pay SEK 2,400 to register your brand for protection in one class. If you want to protect your brand in more classes, additional fees will apply. If you instead choose to register your brand by sending in an application by post, it’ll cost you SEK 3,500. Once you’ve submitted your application, it takes approximately 3-4 months before you receive a response.

Regardless of whether your brand is registered or not, you’ll need to pay for your application. But if your brand is registered, the registration will be valid for ten years. You can then renew your registration provided you pay a fee to PRV. The registration only applies to protection in Sweden. For trademark protection internationally, you’ll have to turn to other means.

International trademark protection

There are ways to secure international protection through various international agreements and organizations. For example, you can apply for EU trademark registration for trademark protection within the EU. The registration can be made with the European Union Intellectual Property Office (EUIPO).

You can also register your brand through the so-called Madrid Protocol, a collaboration among over 80 countries worldwide, and which is administered by WIPO (World Intellectual Property Organization).

Do you need legal help?

Make sure your CEO agreement is airtight.

Did you know that companies have to draw up a special agreement for their CEO? The CEO isn’t covered by the Employment Protection Act (LAS) and usually not by collective agreements either. This is why an ordinary employment agreement isn’t enough, and a special agreement that covers the extensive terms of employment must be drawn up. In other words, a CEO agreement.

1. What are the CEO’s responsibilities?

As CEO, you’re responsible for a company’s day-to-day operations and have ultimate responsibility according to, among other things, the Work Environment Act, the Environmental Code, the Tax Act, the Annual Accounts Act and the Accounting Act, as well as labor laws. So it’s important to clearly state in the agreement which areas of responsibility are included. You can also draw up a special CEO instruction that clarifies the division of work and responsibility within the board members and other functions.

2. What are the specifics concerning the CEO’s employment protection?

Since the CEO isn’t covered by LAS, it’s important to write down exactly what form of employment they have, how long the notice period is and how notice is given, as well as if, how and in which situations the company can fire them. Most often, the notice period is a few months and can be the same regardless of whether it concerns a dismissal or the CEO being fired. It’s also common to then receive a severance payment which means you also have to state how much that will be and when it will be paid out.

3. How and how much will the CEO be paid?

In addition to salary, the CEO can also receive a bonus for the work they perform. There are usually conditions for bonus payment. That is, goals that they have to reach to get the bonus. As well as when it’s paid out in that case. The agreement should also state when it’s time to renegotiate the compensation going forward.

4. Make sure you have a confidentiality clause

As CEO, you’re sitting on a lot of information that can be valuable for competing businesses. So it can be good to include a confidentiality clause in the agreement. In it, you specify what is confidential and may not be shared with external parties. This way, you can ensure that your trade secrets are protected both while the CEO is with you and after they have left the company.

5. Non-competing clauses are important

It is just as important to have a non-competing clause in the agreement. Through the clause, you can prevent the CEO from going to and working for a competitor immediately after employment with your company. Most often, this is done by offering compensation for the time they’re not allowed to work at competing businesses. However, it is important to remember that non-competing clauses can’t be too extensive. Make sure to check with a lawyer if your agreement holds up to be on the safe side.

6. What are the consequences for breach of contract?

If the CEO violates any of the terms of the agreement, it needs to be clearly stated what the consequences are. Most of the time, it usually means that they have to pay a fine. And you have to state how big the fine will be and whether the company has liability insurance to cover certain situations.

7. How do you resolve any disputes?

If a dispute arises between the company and the CEO, it’s easiest to resolve them in an arbitration court. Just because the process is faster, the verdict isn’t public and it isn’t possible to appeal either.

Do you need legal help?

Does your cookie policy include all the necessary information?

Companies that want to get to know their users and analyze their behavior can use cookies to do so. It’s a good way to improve your offers and make sure your users get the information that benefits them the most. If you use cookies on your website, you have to have a cookie policy where you inform about how you use cookies.

Most websites use cookies, i.e. small text files with information that is stored in browsers. By saving cookies in the browser, the user’s experience of the site becomes smoother. It’s because of cookies that users can collect products in a shopping cart knowing they’ll remain until the next time they visit the site. It’s also because of cookies that users only need to log in to sites once and choose to keep themselves logged in even after they’ve closed the browser.

This is what your cookie policy should contain

Your cookie policy has to be clear and easy to understand. Users have to be able to quickly understand what it means to accept or not accept cookies. Simply put, what the consequences are for each choice. In addition, your policy has to include:

• what cookies are. The user has to be able to quickly understand what cookies are and how they work.
• how and why you use cookies. You don’t have to get into details, but should give an overall, clear explanation of which type of cookies you use and what the purpose for using them is. As a separate paragraph in this section, you can also include whether you use cookies from a third party, for example if you use Google Analytics.
• how the user can disable cookies. The user should both receive information about how they deactivates cookies and what happens when they do so. You can also link to other pages where the user can follow instructions on how to disable cookies. In this section, you can also explain how users delete the cookies that have already been saved.

Do you need legal help?

It’s important you have an air-tight policy.

All companies that in any way process and store personal data has to have a data protection policy, i.e. a GDPR policy. All information that has a connection to you in some way, whether directly or indirectly, is considered personal data. It can be anything from name, address, phone number and social security details to email address containing your name, ID card number and even your IP address. Even pictures, videos and sound recordings are considered as personal data.

In your GDPR policy, there are a number of details you must have easily accessible to your users. The information has to be straight-forward and easy to understand. Otherwise, the risk is you can be fined for violating GDPR. And above all, there has to be a legal ground that allows you to collect other people’s personal data.

There are six legal grounds that allows you to process personal data. Organizations that process personal data in any way has to fulfill at least one of these grounds:

• You need consent from the user to be able to save their data.
• You need to have an agreement with the user that requires their personal data to be saved.
• You need to have a legal obligation that requires you to save certain personal data by law.
• You need to show that you’re processing personal data to be able to protect peoples fundamental interests, for example to save their lives. This mainly applies to healthcare.
• You need to be an authority and process personal data as part of your work as an authority and in the interest of the public.
• You need to have your interests to process personal data outweigh the interests of your users making processing personal data necessary. This can apply to when your organisation is part of a large group and you having to share personal data with others within the group in order to be able to pay salaries and the like.

1. Your GDPR policy must include who’s responsible of the personal data

Who’s responsible for personal data depends on the form of the company. It’s usually not a person, but the organization itself. If you’re a company, then the company is responsible for personal data. If you’re an association, it’s the association who’s responsible. One individual can also be responsible for personal data, such as in individual companies.

2. Why do you collect personal data?

Different organizations have different reasons for collecting personal data. What’s important to keep in mind is that the personal data you collect doesn’t only apply to your users, but also to your employees. For example, data you collect in payroll systems has to comply with GDPR. The same goes for when you want to communicate with your users, for example through a newsletter.

Regardless of the reason, it’s particularly important to be clear about why you’re collecting personal data. Both so your users can easily get that information, but also because you can’t use the information you’ve collected in any other way than how you’ve specified. For example, you can’t collect email addresses when your users create accounts at your webpage and then at a later stage use the same information to start sending newsletters to them. If you want to change the purpose, you have to disclose the information to your users and be clear about how the changes affects them and why you’ll collect their personal data going further.

3. Where do you store the personal data?

Do you store the data within the EU or do you store it in a country outside of the EU? Depending on where you store the data, you need to check that the country has a sufficiently high level of protection of personal data according to the EU/EEA standard. If the country doesn’t, you can’t store personal data in that country. So you need to check whether there is a decision from the European Commission regarding the level of protection in the country you want to store the data in. If there’s no such decision, you need to have standard contract clauses that the European Commission has decided on. But since such clauses sometimes means you also need to take other protective measures according to the EU Court, it would be a good idea to bring in a GDPR expert who can make sure that your GDPR policy is air-tight.

4. The type of personal data you collect has to be included in your GDPR policy

Even when it comes to which personal data you collect, you have to be clear and can’t change and collect other personal data without approval. If there’s a change in your systems that causes you to collect new personal data, you have to share that information with your users. Remember that it’s important to be clear and include exactly all information that’s considered personal data. All information that can in any way be linked to individuals is personal data and must be categorized in your GDPR policy.

5. Who will have access to the personal data?

Are there other parties who will have access to the data? Do you have external suppliers who have access to them? Or are there other parties you collaborate with who will have access to the personal data you collect? Then this has to be stated in your policy. You also have to clarify rights and obligations your partners have. The important thing here is that the personal data you collect isn’t at risk of being misused by partners using it for purposes other than what you’ve informed your users about.

6. How long will you store the data?

Depending on how you intend to use the personal data, the period for how long you intend to store it varies. Simply put, you can save the data as long as you need it for the purpose you’ve specified in your policy. When the purpose is no longer relevant, you have to delete the data.

Sometimes, however, you may need to state that you don’t know how long you’ll need to store the personal data. Then you instead have to state why you can’t limit the storage in time.

7. Your users’ rights have to be stated in your GDPR policy

According to the GDPR, everyone has the right to access their personal data from organizations collecting them. Everyone has the right to both receive an extract and have information changed if it’s incorrect. In addition, everyone has the right to request to have their data deleted in the vast majority of cases. It’s only if there are no other legal obstacles that prevent you from deleting the data that this doesn’t apply. However, this exception mainly applies to authorities. For most companies, if a user wants the company to delete the person’s data, the company has to do so.

8. Where do users submit any complaints?

In January 2021, the Data Inspectorate changed its name to The Swedish Authority for Privacy Protection. They’re the ones who ensure that Swedish organizations comply with the GDPR. It’s also where private individuals can report complaints if they’re concerned about how an organization handles their personal data. That’s why you have to include contact information to the Authority for Privacy Protection in your policy so that your users can easily contact them about any questions, concerns and complaints.

Do you need legal help?

Make sure you follow GDPR regulations by talking to our GDPR expert.

The Swedish Authority for Privacy Protection (IMY) has now stated that four large companies in Sweden have violated the GDPR while using Google Analytics (GA) as a measurement tool. The four companies IMY has reviewed are CDON, Coop, Dagens Industri and Tele2, all of which now have to stop using GA. In addition, Tele2 receives a fine of SEK 12 million and CDON of SEK 300,000. The version of GA the companies used is from August 14, 2020.

The basis is how the four companies transfer personal data to the United States through GA. The European Court of Justice determined in 2020 that the United States doesn’t have a sufficiently high level of protection of personal data. Because of that, forwarding personal data from a country within the EU/EEA to the USA is a violation of GDPR. GA is a common measurement tool for many companies. So this case is also relevant for other companies in Sweden that use GA.

According to IMY, information has been transferred that IMY believes can be connected with other unique information also being passed on. IMY also believes that the companies haven’t taken any technical measures to protect users personal data according to EU/EEA standard. Even if the companies have other technical solutions aiming to protect personal data, they aren’t sufficient. The companies have also used standard contract clauses as a basis for decisions on the transfer of personal data.

– These decisions have bearing not only on these four companies, but can also provide guidance for other organizations that use Google Analytics, says Sandra Arvidsson, lawyer who led the reviews of the companies.

Spotify receives fine of SEK 58 million for violations of the GDPR

Spotify was also fined in June for violating GDPR. At the time, IMY determined that the information from Spotify isn’t clear enough regarding how they use saved personal data. According to GDPR, every individual has the right to know which personal data a company handles and how it’s used.

Ensuring that a company follows GDPR regulations isn’t always easy. As a company, you can transfer personal data if the country you forward the data to is one that the EU Commission has decided has a sufficiently high level of protection of personal data. If it’s a country the EU Commission hasn’t made a decision about, companies can transfer data with the support of standard contract clauses that the EU Commission has decided on. However, sometimes additional protective measures has to be taken as well along with standard clauses according to the EU Court.

Making sure your company follows GDPR regulations isn’t always easy. Especially when you also have to make sure that the tools and programs you use also comply with GDPR.

Do you need legal help?

Do you know what the terms are for marketing in social media?

Even though social media has now been around for many years, the rules and laws surrounding what you can and can’t do when advertising on social media are difficult to navigate around. This is because social media is an incredibly fast-growing phenomenon and it’s difficult to keep up with what’s happening, both on a national and global level. Many companies violate advertising laws. So to make things clearer, we’re listing the most important rules for companies that advertise in social media.

1. Respect copyright and trademark protection

This may seem obvious but companies often miss this in their marketing. It’s easy to think that you can freely use memes and popular songs that are widely spread on social media, but the fact is that even the most popular visual and audio content on social media are covered by copyright.

On many sites, you can sign up and pay to be able to use content for social media. The websites will state in their terms how you’re allowed to reuse the content. In most cases, this is the safest way to ensure that the content you’re using is legally okay to use. If you still want to reuse content that is trending in social media, you need to try to find out who the author of the content is and ask for permission to use it.

2. What are the rules regarding UGC?

User generated content is content that social media users who use your products and/or services have created. Most often, UGC-content is created by smaller influencers who recommend products and services on their platforms. As a company, you can pay influencers to create user-generated content for you, and by default companies usually state that the copyright to the material in these cases belongs to the company.

Many companies also send samples to social media users which leads to the recipients creating user generated content. In these cases, it’s important that you ask the influencer if it’s alright to reuse the content, especially if you intend to advertise it. Best practice is to offer the influencer a fee to be able to advertise the content. How big the fee should be depends on how big a reach you expect to get, how long you intend to let your ad run and how well established the influencer in question is.

3. All paid ads with influencers must be clearly marked

If you want to use influencers to get your message out, it is especially important to mark the content as advertisement. On Instagram, among other platforms, you can now collaborate with influencers with branded content. This way, a branded content label appears above the post. But when it comes to advertising rules, this is usually not enough. According to Swedish practice, it should never be possible to misinterpret whether content in social media is a paid ad or not. Since the branded content labeling through Instagram is so small, it’s important that the influencer also writes in the caption that the collaboration is a paid collaboration between you and them.

The same applies to you as a company if you post the material on your channel as well. Otherwise, the risk is that you’ll be accused of false marketing.

4. GDPR also applies to social media

The purpose of advertising on social media can be different. It’s not always a company wants to sell a product or service, but sometimes the purpose may be to market a future launch where users can sign up to receive information in advance. Sometimes the aim is to get more subscribers to a newsletter. And sometimes you might want to promote your loyalty program. When collecting user data, you have to comply with applicable data protection laws. In Sweden, this simply means that you need to comply with the European Data Protection Regulation (GDPR).

It needs to be clear in your ad how you intend to use the data. The people you target must be able to give consent and approve that you may use their data in future communications. Although it can be seen as approval when a person enters their email address, it’s important that it’s clearly stated what the person in question actually agrees to when entering their email.

5. Be genuine and honest when advertising on social media

Last but not least, be transparent. Be clear and honest about who benefits from what you sell, why your concept is strong and what the customer actually gets when buying from you. In order to be heard through the social media noise, it can feel tempting to embellish the message, but the risk is that you’ll be reported for false marketing. And in today’s digital society, it’s incredibly easy for users to quickly find information about which companies have been reported and which ones receive critical reviews.

So make sure to use the strengths you have without embellishing them too much. If you have a good product or service, that will be enough. And in turn, that will only lead to the customers positive experiences giving your marketing an extra boost.

Do you need legal help?