Privacy Policy

1. Introduction

Kroppsfred is the data controller responsible for your personal data. I am committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection law. This Privacy Policy explains what data I collect, how I use it, and your rights.

2. Data I Collect

I may collect and process the following categories of personal data:

• Contact information: name, email address, phone number (via contact forms or

booking)

• Communication data: messages you send via forms or email

• Newsletter subscription: email address and communication preferences

• Payment data: billing information processed securely via my payment provider

• Usage data: cookies, IP address, browser type, and pages visited (via analytics

tools)

• Session-related information: notes and records relevant to our coaching relationship

3. Legal Basis for Processing

I process your personal data based on the following legal grounds under GDPR:

• Contract performance (Article 6(1)(b)): to provide the services you have requested

• Legitimate interest (Article 6(1)(f)): to improve my Website and services, and to send relevant communications to existing clients

• Consent (Article 6(1)(a)): for newsletter subscriptions and non-essential cookies —

you may withdraw consent at any time

• Legal obligation (Article 6(1)(c)): where required by law, such as accounting or tax

obligations

4. How I Use Your Data

I use your personal data to:

• Provide and manage your bookings and sessions

• Send booking confirmations, reminders, and relevant service communications

• Send newsletters if you have subscribed (you can unsubscribe at any time)

• Process payments securely

• Improve my Website through analytics

• Comply with legal and regulatory obligations

5. Cookies

My Website uses cookies to enhance your experience. I use:

• Essential cookies: necessary for the Website to function correctly

• Analytics cookies: to understand how visitors use my Website (e.g. Google Analytics)

• Marketing/preference cookies: to remember your settings or display relevant content

When you first visit my Website, you will be asked for your consent to non-essential cookies.

You can manage or withdraw your cookie consent at any time through your browser settings or my cookie consent tool.

6. Data Sharing

I do not sell your personal data. I may share your data with trusted third-party service providers who assist me in operating my Website and delivering my services, including:

• Payment processors (e.g. Stripe, Klarna, or similar)

• Email marketing platforms (if you have subscribed to my newsletter)

• Analytics providers (e.g. Google Analytics)

• Booking and scheduling platforms

All third-party providers are required to process your data in accordance with GDPR and applicable data processing agreements.

7. International Transfers

Some of my third-party providers may be located outside the EU/EEA. Where this is the

case, I ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data.

8. Data Retention

I retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law. Specifically:

• Client session records: retained for up to 5 years after the end of our professional relationship

• Payment records: retained for 7 years in accordance with Swedish accounting law

(Bokföringslagen)

• Newsletter data: retained until you unsubscribe

• Contact form submissions: retained for up to 12 months

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access: to request a copy of the personal data I hold about you

• Right to rectification: to request correction of inaccurate or incomplete data

• Right to erasure: to request deletion of your data under certain circumstances

• Right to restriction: to request that I limit how I process your data

• Right to data portability: to receive your data in a structured, machine-readable

format

• Right to object: to object to processing based on legitimate interest

• Right to withdraw consent: at any time, without affecting prior processing

To exercise any of these rights, please contact me at the details below. I will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy

Protection (IMY) at www.imy.se.

10. Data Security

I implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. However, no method of transmission over the internet is 100% secure and absolute security cannot be guaranteed.

11. Changes to This Privacy Policy

I may update this Privacy Policy from time to time. When I do, I will update the date at the top of this page. I encourage you to review this policy periodically. Continued use of my Website after changes constitutes acceptance of the updated policy.

12. Contact and Data Controller

If you have any questions or concerns about this Privacy Policy or how I handle your

personal data, please get in touch:

Kroppsfred

Email: camilla@kroppsfred.se

Website: www.kroppsfred.se