Restoreglow

Privacy Policy

This Privacy Policy explains how Restoreglow collects, uses, stores, and protects your personal data when you visit our website or use our services.

Last updated:

1. Data Controller

The data controller responsible for processing your personal data is:

Restoreglow
Hamngatan 18–20, 111 47 Stockholm, Sweden
Phone: +46 8 762 80 00
Email: hello@restoreglow.world
Website: restoreglow.world

As the data controller, we determine the purposes and means of processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish data protection legislation, including the Swedish Data Protection Act (Dataskyddslagen).

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through our website at restoreglow.world, including data submitted via contact forms, cookie consent mechanisms, email correspondence, and telephone communications related to our outdoor fitness workshops, training programs, and educational products.

This policy does not apply to third-party websites that may be linked from our pages. We encourage you to review the privacy policies of any external sites you visit.

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

When you contact us through our website form or by email, we may collect the following personal data:

  • Full name
  • Email address
  • Message content and any additional information you choose to include
  • Consent records related to data processing

3.2 Data Collected Automatically

When you visit our website, certain technical data may be collected automatically through cookies and similar technologies, subject to your consent preferences:

  • IP address (anonymized where possible)
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent on each page
  • Date and time of access
  • Device type and screen resolution

3.3 Data from Service Interactions

If you register for workshops, purchase educational products, or enroll in training programs, we may additionally collect:

  • Payment transaction references (processed by third-party payment providers)
  • Workshop attendance records
  • Program enrollment details
  • Communication history related to your inquiries

4. Purposes of Data Processing

We process your personal data for the following specific purposes:

  • Responding to inquiries: To read, process, and respond to messages submitted through our contact form or sent via email.
  • Service delivery: To manage workshop registrations, training program enrollments, and delivery of educational materials you have requested or purchased.
  • Website functionality: To ensure the proper operation of our website, including cookie consent management and session preferences.
  • Analytics: To understand how visitors use our website, identify popular content, and improve user experience, only when you have consented to analytics cookies.
  • Marketing communications: To send information about upcoming workshops, new programs, or educational products, only when you have provided explicit consent or where permitted by applicable law.
  • Legal compliance: To fulfill obligations under applicable laws, regulations, and legal proceedings.
  • Security: To detect, prevent, and address technical issues, fraud, or unauthorized access to our systems.

5. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases for processing your personal data:

  • Consent (Article 6(1)(a)): When you submit our contact form, accept cookies, or opt in to marketing communications, you provide explicit consent for the specified processing activities.
  • Contract performance (Article 6(1)(b)): Processing necessary to fulfill our obligations when you register for workshops, enroll in programs, or purchase educational products.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as website security, fraud prevention, and internal analytics, provided these interests do not override your fundamental rights.
  • Legal obligation (Article 6(1)(c)): Processing required to comply with Swedish tax, accounting, or other legal requirements.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: Retained for up to 24 months from the date of submission, unless a business relationship continues.
  • Workshop and program records: Retained for up to 36 months following the last interaction or completion of services.
  • Payment records: Retained for 7 years in accordance with Swedish accounting and tax legislation.
  • Cookie consent records: Retained for 12 months from the date consent was given or updated.
  • Analytics data: Retained in aggregated or anonymized form for up to 26 months when analytics cookies are accepted.
  • Marketing consent records: Retained until you withdraw consent, plus an additional 3 months for audit purposes.

After the applicable retention period expires, personal data is securely deleted or anonymized so it can no longer be associated with you.

7. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share data with the following categories of recipients when necessary:

  • Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that assist in operating our website and delivering services. These providers process data only on our instructions and under data processing agreements.
  • Legal authorities: When required by law, court order, or governmental regulation.
  • Professional advisors: Lawyers, accountants, or auditors bound by confidentiality obligations.

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Access controls limiting personal data access to authorized personnel only
  • Regular security assessments of our website infrastructure
  • Secure storage of contact form submissions and customer records
  • Employee training on data protection principles and GDPR requirements
  • Incident response procedures for potential data breaches

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and relevant authorities of any breach as required by GDPR Article 34.

9. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): Request deletion of your personal data when it is no longer necessary for the purposes collected, when you withdraw consent, or when processing is unlawful.
  • Right to restriction of processing (Article 18): Request that we limit processing of your data under certain circumstances.
  • Right to data portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract.
  • Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Article 7(3)): Withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decision-making (Article 22): We do not use automated decision-making or profiling that produces legal effects concerning you.

To exercise any of these rights, contact us at hello@restoreglow.world or write to our postal address. We will respond within 30 days of receiving your request. We may ask for verification of your identity before processing your request.

10. Complaints to Supervisory Authority

If you believe our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):

Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm, Sweden
Website: imy.se

11. Children Privacy

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website. We encourage you to review this policy regularly.

13. Contact Information

For questions about this Privacy Policy or our data processing practices, contact us at:

Restoreglow
Hamngatan 18–20, 111 47 Stockholm, Sweden
Email: hello@restoreglow.world
Phone: +46 8 762 80 00