This Privacy Policy describes how Faunabonespark ("we," "us," or "our") collects, uses, stores, and protects personal data when you visit our website at faunabonespark.world or interact with our morning walking group programs and related services. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR), the Swedish Data Protection Act (Dataskyddslagen), and other applicable international data protection laws.
1. Data Controller Information
The data controller responsible for your personal data is:
- Company Name: Faunabonespark
- Address: Drottninggatan 53, 111 21 Stockholm, Sweden
- Email: hello@faunabonespark.world
- Phone: +46 8 446 83 399
- Website: faunabonespark.world
For any questions or concerns regarding this Privacy Policy or our data processing practices, you may contact us using the details above. We aim to respond to all privacy-related inquiries within 30 days.
2. Scope of This Policy
This Privacy Policy applies to all personal data collected through our website, contact forms, email communications, phone inquiries, program enrollment processes, and any other channels through which you interact with Faunabonespark. It does not apply to third-party websites or services that may be linked from our site. We encourage you to review the privacy policies of any external sites you visit.
3. Categories of Personal Data We Collect
We may collect and process the following categories of personal data depending on how you interact with our services:
3.1 Identity and Contact Data
When you submit our contact form, enroll in a walking program, or communicate with us directly, we may collect your full name, email address, phone number, and postal address. This information is necessary to respond to your inquiries, manage program enrollment, and maintain communication regarding scheduled walking group sessions.
3.2 Communication Data
We retain the content of messages you send through our contact form, email correspondence, and phone conversations related to program inquiries. This includes your stated preferences for walking groups, preferred neighborhoods, schedule availability, and any other information you voluntarily provide.
3.3 Technical and Usage Data
When you visit our website, we may automatically collect certain technical information including your IP address, browser type and version, operating system, device type, referring URL, pages viewed, time spent on pages, and the date and time of your visit. This data is collected through cookies and similar technologies as described in our Cookie Policy.
3.4 Program Participation Data
If you enroll in a walking program or seasonal challenge, we may collect attendance records, preferred meeting points, program type selections, and payment-related information necessary for enrollment administration. We do not collect health data, medical history, or fitness assessment results as part of our programs.
4. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
- Consent (Article 6(1)(a)): When you submit our contact form, you provide explicit consent for us to process your name, email, and message content for the purpose of responding to your inquiry. You may withdraw this consent at any time by contacting us.
- Contractual Necessity (Article 6(1)(b)): When you enroll in a paid walking program, we process your data as necessary to fulfill our contractual obligations, including program administration, schedule coordination, and payment processing.
- Legitimate Interests (Article 6(1)(f)): We process technical and usage data based on our legitimate interest in maintaining website security, improving user experience, and analyzing site performance. We balance these interests against your rights and freedoms.
- Legal Obligation (Article 6(1)(c)): We may process and retain certain data to comply with applicable legal requirements, including tax regulations, accounting standards, and responses to lawful requests from public authorities.
5. Purposes of Data Processing
We use your personal data for the following specific purposes:
- Responding to contact form submissions and general inquiries about our walking group programs
- Processing program enrollments and managing participant records
- Communicating schedule updates, route changes, and program-related notifications
- Processing payments and maintaining financial records for enrolled programs
- Improving our website functionality, content, and user experience
- Analyzing website traffic and usage patterns through analytics cookies (with your consent)
- Detecting and preventing fraudulent activity, unauthorized access, and security threats
- Complying with legal obligations and responding to lawful requests from authorities
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to third parties for marketing purposes. We may share your data with the following categories of recipients when necessary:
- Service Providers: We engage trusted third-party providers for website hosting, email delivery, payment processing, and analytics services. These providers process data on our behalf under strict data processing agreements that require GDPR-compliant handling.
- Legal Requirements: We may disclose personal data when required by law, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.
All third-party processors are located within the European Economic Area (EEA) or have adequate safeguards in place for international data transfers, such as Standard Contractual Clauses approved by the European Commission.
7. Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Contact Form Submissions: Retained for 24 months from the date of submission, unless an ongoing program relationship exists.
- Program Enrollment Records: Retained for the duration of your participation plus 36 months after your last active session, to address any post-program inquiries or refund requests.
- Payment Records: Retained for 7 years in accordance with Swedish accounting and tax regulations (Bokföringslagen).
- Technical and Analytics Data: Retained for 26 months from the date of collection, after which it is anonymized or deleted.
- Cookie Consent Records: Retained for 12 months from the date consent was given or updated.
When retention periods expire, personal data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual.
8. Security Measures
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- HTTPS encryption for all data transmitted between your browser and our website
- Secure server infrastructure with regular security updates and patches
- Access controls limiting personal data access to authorized personnel only
- Regular review and updating of security practices and policies
- Employee training on data protection responsibilities and GDPR compliance
- Incident response procedures for detecting, reporting, and addressing data breaches
While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.
9. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Article 15): You may request a copy of the personal data we hold about you, along with information about how it is processed.
- Right to Rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
- Right to Erasure (Article 17): You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing.
- Right to Restriction of Processing (Article 18): You may request that we limit the processing of your data in certain circumstances.
- Right to Data Portability (Article 20): You may request your personal data in a structured, commonly used, machine-readable format for transfer to another controller.
- Right to Object (Article 21): You may object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: You have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se if you believe your data protection rights have been violated.
To exercise any of these rights, contact us at hello@faunabonespark.world or Drottninggatan 53, 111 21 Stockholm, Sweden. We will respond within 30 days of receiving your request.
10. International Data Transfers
Our primary data processing activities occur within the European Economic Area. If we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions by the European Commission, or other legally recognized transfer mechanisms under Chapter V of the GDPR.
11. Children's Privacy
Our website and walking group programs are intended for adults. We do not knowingly collect personal data from individuals under 16 years of age without verifiable parental consent. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information promptly. Participants under 18 may join walking groups with a parent or guardian present.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. All program enrollment decisions and inquiry responses involve human review.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our data processing practices, legal requirements, or service offerings. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy regularly. Continued use of our website after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
- Email: hello@faunabonespark.world
- Phone: +46 8 446 83 399
- Address: Drottninggatan 53, 111 21 Stockholm, Sweden
You may also contact the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) at Box 8114, 104 20 Stockholm, or visit imy.se for guidance on your data protection rights.