Privacy Policy

At Once Upon Publishing AB (“Once Upon,” “we,” “our,” and “us”), we take your personal privacy very seriously and want you to always feel confident that we are handling your personal data securely.


This privacy policy (“Privacy Policy”) is intended to give you confidence that we, as data controller, handle your data in accordance with applicable personal data legislation. Here we have gathered information about how we process the personal data you have provided to us in connection with your visit to onceupon.photo (“the Website”, “our Website”), your use of our Service and mobile app (“the App”, “our App”), and the personal data we have otherwise gained access to and process. When we refer to “our Service” or “the Service”, we mean the digital platform, offers, features, tools, services, or resources we provide through the application on our Website and in the App.


When you create a product (e.g., a photo book) in our Service, you are responsible for the images and text you upload. You control and decide on these yourself – according to the GDPR, you are the data controller for personal data in images and texts. In this case, we act as a data processor, which means that we only process your images and texts in accordance with your instructions. We will therefore never process your images or texts for our own purposes.


If you have any questions, please feel free to contact us. Information on how to contact us can be found in the section “Data controller and our contact details” below in this Privacy Policy. 


If you live in the United States, our Privacy Policy for the United States applies.

In summary:

How do we process your personal data?


Our processing of personal data means that your personal data is shared with certain suppliers who process it outside the EU/EEA. Read more here.

Your rights


If you have any questions about your rights or wish to exercise any of your rights, please feel free to contact us.

Click to read more about:

Data controller and our contact details

Once Upon Publishing AB, with company registration number 559073–3670, is responsible for the processing of your personal data. If you have any questions about how we process your personal data, or if you wish to exercise any of your rights, you can contact us at our email address privacy@onceupon.se or send a letter to Trädgårdsgatan 7, 931 31 Skellefteå, Sweden.

Detailed information about how we process and store your personal data

In this detailed description below, you can read more about: 

  • why we process your personal data, 
  • the categories of personal data we process,
  • the legal basis for the processing of your personal data, and 
  • how long we store your personal data.


Under the headings ”Who processes your personal data and why” and ”Where we process your personal data” below, we describe whether your personal data is processed by parties other than Once Upon and why, as well as whether your personal data is transferred outside the EU/EEA.

If you use the Service

You can choose to create a user account in the Service. In order to create and manage your user account, we need to process your personal data. If you do not provide us with your personal data, we will not be able to create or manage your user account, and you will therefore not be able to create an account with us. As a general rule, we receive the information directly from you, but if you choose to create an account via Apple, Google or Facebook, we also receive information from the provider you have chosen to create an account with, in order to enable you to log in. 


We also need to collect personal data from you when you create a product so that you can save your ongoing products and share the photo book with your co-creators. We provide tools that use artificial intelligence to determine whether your images can be improved before printing. If improvements are needed, they are made without artificial intelligence. If you have not disabled these tools, we also process your personal data by your choices and use of our tools. 


When you create a product in the Service, you are responsible as a data controller for the images and texts you upload. This means that we do not process your images or texts for our own purposes as listed below. In this case, we act as a data processor, which means that we only process your images and texts in accordance with your instructions. This is regulated in the data processing agreement, which is attached to the terms of use.

To create and manage your user account
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Grant you permission to log in to your user account when you log in with your email address
  • Show your order history
  • Email address
  • Your choices and settings, such as language and region, notifications, or whether you opted to receive newsletters from us
  • Your logged-in devices

Performance of a contract (article 6.1 b of the GDPR)


The processing is necessary for us to create and manage your user account, and thereby perform the agreement relating to your user account. If you do not provide us with your personal data, you will not be able to create a user account with us.

  • Grant you permission to log in to your user account when you log in with a third-party account such as Apple, Google or Facebook
  • Show your order history
  • Email address from the service you chose to log in with, such as your Apple ID or Google account
  • Your choices and settings, such as language and region, or whether you want to share your email address
  • Confirmation of successful authentication from the service you chose to log in with
  • Offer you features that makes it easier for you to use the Service (including making purchases and viewing your previous purchases)
  • Order information, e.g., information about purchased products (such data is also processed when you place an order and are not logged in via your user account) 
  • Payment, purchase, and order history
  • Ensure a secure login
  • Password

Storage period: We process your personal data for three years from your last use of the Service, after which your user account will be terminated, and your data will be anonymized or deleted. If your user account is terminated at your own initiative, your data will be anonymized or deleted within 30 days of your request.

Enable you to create and save your started products
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • To enable you to create and save your products that you have done in the Service
  • Enable sharing of your photo books with other co-creators
  • User account
  • Information related to your products, such as the stylistic choices you have made
  • Your sharing links to invite co-creators

Balancing of interests (article 6.1 f of the GDPR)


The processing is necessary for purposes related to our legitimate interest in being able to offer our Service.

Storage period: We process your personal data for three years from your last use of the Service, after which your user account will be terminated, and your data will be anonymized or deleted. If your user account is terminated at your own initiative, or if you delete your started products, your data will be anonymized or deleted within 30 days of your request.

Provide tools for adjustments and improvements
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • We provide tools that use artificial intelligence to determine whether your images can be improved before printing. If improvements are needed, they are carried out without artificial intelligence

Please note that you can always disable the use of these tools in the product settings.

  • Information about whether the tool is activated and information about your use of the tool

Balancing of interests (article 6.1 f of the GDPR)


The processing is necessary for purposes related to our legitimate interest in being able to offer our Service.

Storage period: We process your personal data until you close your account or delete your saved products.

If you purchase our products

When you make a purchase from us via the Website or the App, we process your personal data in the manner described below.


We collect your personal data from you when you use the Service and when you purchase products. In addition, we may obtain your personal data from other persons, for example if you are added as a collaborator for a photo book.

To manage your purchase
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Send order confirmations
  • Create print files
  • Notify deliveries
  • Deliver your products
  • Name
  • Username, if applicable
  • Contact details (such as address, postal code, city, delivery address, email address, phone number)
  • Order number
  • Order information, e.g., information about purchased products 
  • Payment, purchase, and order history

Performance of a contract (article 6.1 b of the GDPR)


The processing is necessary for us to perform the contract relating to your purchase. If you do not provide us with your personal data, you will not be able to make a purchase from us.


Balancing of interests (article 6.1 f of the GDPR)


If you make a purchase as a representative of a company or organization (hereinafter referred to as “company”), the processing is necessary for purposes related to our legitimate interest in being able to handle purchases made by that company.

Storage period: We process the personal data linked to your purchase for the time required to administer and manage your order so that you can receive the products you have purchased. In addition to your products remaining in your account when you are logged in, we also save digital copies of the products you purchase for a period of 90 days. This is for the purpose of being able to reproduce returned products.


We will then process information about your purchase so that we can handle any questions or complaints about your purchase smoothly and in accordance with applicable consumer regulations. You can read more about this in the table below.

To communicate with you about your purchase
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • If necessary, communicate with you about your purchase, e.g., to inform you of any delays
  • Name
  • Email address
  • Telephone number
  • Information about your order and which product you have purchased

Balancing of interests (article 6.1 f of the GDPR)


The processing is necessary for purposes related to our legitimate interest in being able to offer our Service.

Storage period: We process your personal data for communication purposes for a maximum of six months after your purchase but continue to store it for other purposes as described in this Privacy Policy.

To handle any questions about your purchase, complaints, and other claims
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Handle any questions you may have and handle complaints smoothly and in accordance with applicable consumer regulations and our agreement with you

If you have questions about your purchase, wish to complain about a product, or otherwise exercise any of your rights under applicable consumer law or our agreement with you, we will process your personal data to assist you and to comply with applicable law and the terms of our agreement. For example, we may need to look up your order, your contact details, and your payment information for you to exercise your right to complain about a product.

  • Name
  • Username, if applicable
  • Contact details (such as address, delivery address, email address, telephone number) 
  • Order number
  • Order information, e.g., information about purchased products 
  • Payment, purchase, and order history

Performance of a contract (article 6.1 b of the GDPR)


The processing of your personal data to handle questions relating to your purchase is necessary for us to perform the contract relating to your purchase. If the personal data is not provided, we will not be able to help you with, for example, a complaint.


Legal obligation (article 6.1 c of the GDPR)


The processing of your personal data for the purpose of handling other matters is necessary for us to be able to act in accordance with consumer law and thus comply with a legal obligation that we have. If you do not provide us with your personal data, we will not be able to comply with consumer law. 


Balancing of interests (article 6.1 f of the GDPR)


The processing is necessary for purposes related to our legitimate interest in being able to handle your questions, complaints, and other requests in an efficient and customer-friendly manner.

Storage period: We process your personal data for as long as necessary to respond to questions about your purchase and handle any returns, and to enable you to easily complain about your products in accordance with applicable consumer protection legislation.


If you contact us with a question and we open a case to handle your complaint, for example, we will process your personal data for six months after the case is closed so that you can receive good service if you wish to contact us again.


Read more about how long we otherwise process your personal data in our communication when you contact us here.

To comply with accounting legislation
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Comply with accounting legislation by recording, accounting for, and archiving your payments and other transactions that take place between us and you
  • Payment history, transactions and other material constituting accounting records

Legal obligation (article 6.1 c of the GDPR)


The processing is necessary to comply with mandatory law, i.e., accounting legislation.

Storage period: We process personal data included in our accounting records for seven to eight years to comply with the Accounting Act (end of the seventh financial year).

If you visit our Website or App

If you consent, we will also analyse how our Website is used and show you relevant offers on other pages and social media you visit based on such analysis. In addition, we process your personal data to enable the Website to function and to remember your choices. We explain this in detail in the tables below. To protect your privacy, we and our suppliers have taken measures to avoid identifying you as a user of our Website, for example, we only share an encrypted version of your IP address with Google. Personal data is collected from your device (e.g., mobile phone, computer or tablet) when you visit our Website, if you have chosen to consent to this. Google and the other services we use on the Website also use information they already have to perform analysis and display relevant marketing.


To collect personal data, we use cookies and/or similar technologies. In our information text about cookies, which you can find here, we explain in more detail how this works.

To evaluate and improve our Website, App and Service
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • To evaluate the use of, develop and improve the Service, Website and App with the help of cookies 
  • Analyse technical information in aggregated form provided when visiting the Website and App
  • Technical information about devices (e.g., mobile phone, computer, or tablet) used when visiting our Website and App (e.g., IP address)
  • Information about how you use the Website and App, including which pages or parts of pages you have visited, how you access and leave the Service, and what searches you have made on our pages and via the App

Balancing of interests (article 6.1 f of the GDPR)



The processing is necessary for purposes related to our legitimate interest in being able to offer our Service.


Storage period: The data we collect to evaluate the use of, develop and improve the Service is stored for a maximum of two years from the date of the visit. After this period the data is anonymized.

Other technical data is processed for 90 days.

Show interesting offers from us on other pages you visit
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Promote our products by displaying offers and new products that we believe are of interest to you. We display marketing tailored to you on other Websites and social media that you visit.
  • We may display offers using marketing services from Meta (Facebook and Instagram), Rakuten and Google (including YouTubes’s service). We do this based on analysis of our Website, through cookies or similar technology, as well as information that these parties already have about you.

We tailor the marketing to suit you based on information that the marketing services already have about you and based on your previous browsing history with us. This means that your browsing history is profiled*.

  • Encrypted IP address that we at Once Upon cannot link to you personally
  • Information about which area of the country you are using our Website from
  • Information about how you interact with our Website or advertisements. For example, information about which pages you visited after clicking on our advertisement and analysis of how and when you use our Website, for example, if you add something to your shopping cart, make a purchase or search for something
  • Information that Meta, Rakuten and Google already have about you, for example, which Website you found us on

Consent (article 6.1 a of the GDPR)


For marketing purposes, we obtain your consent when you visit our Website. You have the right to withdraw your consent at any time.


Here you can make choices about the marketing you see from Google and here you can find information about the choices about the marketing you see from YouTube. Here you can find more information about your choices on Instagram and here on Facebook, you can choose which marketing you want to see.

Storage period: The technical information about how you use our Website and App and how you interact with our advertisements is stored for a maximum of 540 days from your visit.

*Profiling: Your personal data is used to show you the offers that we and the marketing services we use, believe are most suitable for you. So-called profiling is done because otherwise we would not be able to show you relevant offers and marketing, and you would instead see offers that are not relevant to you. You have the right to object to profiling. You can read more about your right to object below, where your rights are explained in detail.

If you receive marketing from us

If you have consented to receive marketing from us, we will process your personal data in accordance with the tables below. The tables below also describe how we process your personal data if you have unsubscribed from our marketing. We obtain your personal data from you when you consent to receive marketing from us or when you unsubscribe from marketing.


If you have invited a friend, we process your and your friend's personal data in order to offer you a discount code when your friend has made their first purchase, unless you have declined such mailings. If you have been invited, we obtain the data from you when you use the Service and from your friend who invited you.

To send you marketing communications
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • To be able to send marketing via email, text message, social media, or other similar communication channels
  • Name
  • Email address
  • Telephone number

Consent (article 6.1 a of the GDPR)


For marketing purposes, we obtain your consent on our Website or in the Service before you receive marketing communications from us.

  • To tailor our marketing to your interests
  • Information about your started products and purchases
  • Develop and improve our email communications and marketing by analysing how our customers interact with them 

However, we do not perform such analysis at an individual level and therefore do not look at how you specifically interact with our email communications.

  • Information about how you interact with our emails, such as whether you open our emails and what you click on (for the purpose of performing a general analysis of how our customers interact with our emails)
  • IP address

Storage period: You will receive our marketing communications until further notice. You can opt out or object to receiving our marketing communications at any time, and we will then stop processing your personal data for marketing purposes. If you opt out of our marketing communications, your personal data will be stored in our register of unsubscriptions until further notice. See the table below for more information.

To comply with marketing legislation
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • If you have announced that you do not wish to receive marketing communications, or if we stop sending newsletters due to inactivity as described above, we will store your email address in a “register of unsubscriptions” to ensure that we do not market to you.

This is not personal data that we actively process, so we do not look at your email address and do not use it for anything other than ensuring that you do not receive marketing from us.

  • Email address
  • Information that you no longer wish to receive marketing from us

Legal obligation (article 6.1 c of the GDPR)


The processing is necessary to fulfil our obligation under marketing law to ensure that you do not receive mailings that you have requested not to receive.

Storage period: We will process your email address in our register of unsubscriptions until further notice.

Offer a feature to invite friends and receive discount codes
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Enable invitations to friends
  • To send you a discount code via email when your invited friends have made a purchase, unless you have opted out of marketing communications
  • Email address
  • Information about the people you have invited to the Service 
  • Information that the person you invited has made a purchase

Balancing of interests (article 6.1 f of the GDPR)


The processing is necessary for purposes related to our legitimate interest in being able to offer you the opportunity to invite friends to receive a discount code.

Storage period: We process your personal data until the person you invited has made their first purchase.

If you participate in a contest or event with us, or if we share your posts on our social media/Website

If you participate in a contest with us, we will process your personal data. We obtain your personal data from you through your participation in the contest and from your social media (if you participate through your social media account).


If you tag us in social media posts or use our hashtag, or if we otherwise share your stories and posts with us, we will process your personal data as described below. We obtain the data from the information you have published on social media or that you have chosen to share with us.

Process and manage your participation in contest and events
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Invite you to a contest or event
  • Manage any RSVP/participant lists and communicate with you as a participant in a contest or event (for example, respond to questions and confirm your registration)

If you participate in a contest:

  • Verify that you are eligible to participate in the contest, for example, if there are age requirements for participation. 
  • Select winners and distribute prizes, for example, verify that your entry meets the requirements for the contest.
  • Name
  • Contact details such as address, email address, telephone number 
  • If you participate in a contest: Information from your contest entry

Balancing of interests (article 6.1 f of the GDPR)


The processing is necessary for our legitimate interest in being able to process and manage your participation in our contests and events.

Storage period: We process your personal data during the contest and to administer your participation or prize. We then delete your personal data after three months, except if you have won our contest, in which case we delete your personal data after six months.

Share your stories and photos on social media and our Website
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • Send you a request to share your content 
  • Share your content on our digital channels, such as Instagram, Facebook, or our Website, if you consent to it
  • Name
  • Username on, for example, Instagram 
  • Your content on social media that you have tagged us in, e.g., posts from Instagram 
  • Information about whether you have given your consent in accordance with the Swedish Act on Names and Pictures in Advertising (1978:800)

Consent (article 6.1 a of the GDPR)


For the personal data we process to share your posts on social media and the Website, we obtain your consent


You have the right to withdraw your consent at any time. Your withdrawal of consent does not affect the lawfulness of processing before consent is withdrawn.

Storage period: We process your personal data included in the content you have chosen to publish and share with us until further notice, as long as it remains on our Website or our social media account. We regularly review the content and delete it when it is no longer relevant (which may vary from post to post), or if you contact us and ask us to delete the post or your personal data.

If you contact us and to send out updates to the Privacy Policy or similar terms

When you contact us, for example via social media or our customer service, we will process your personal data as described in the tables below. We obtain your personal data from you when you contact us.


If you use social media, the social media platform you use (e.g., Instagram) will also process your personal data, and we therefore recommend that you read our information below together with the information you find on the social media platform.

To communicate with you
Purpose of the processingWhat personal data we processOur legal basis for the processing
  • To communicate with you and respond to any questions, complaints or requests you submit to us via email or our social media channels.
  • Name
  • If applicable, username and password (e.g., for support with login problems)
  • Contact details (such as address, email address and telephone number)
  • Order number
  • Order history, e.g., information about purchased products
  • Any images you have sent to customer service
  • Other information you provide in connection with your correspondence with us

Balancing of interests (article 6.1 f of the GDPR)


The processing is based on our legitimate interest in assisting you if you have questions or complaints about purchased products or problems with the use of the Service. In other cases, the processing is necessary to satisfy our legitimate interest in being able to prevent misuse of our Services, those of our suppliers or partners, or to prevent, investigate and prosecute crimes, or to otherwise safeguard our legal interests.


Legal obligation (article 6.1 c of the GDPR)


If you exercise any of your rights under the GDPR, the processing is necessary to fulfil our obligations under the GDPR. You must provide us with your personal data, as otherwise we will not be able to respond to your request and will not be able to comply with the GDPR.

  • Send out any legal information, such as updated privacy policies or terms and conditions
  • Name
  • Email address

Legal obligation (article 6.1 c of the GDPR)


The processing is necessary to fulfil our obligations under the GDPR. You must provide us with your personal data for us to comply with the GDPR.

Storage period: We only store your personal data for as long as it is needed to handle your customer service case, but for no longer than six months from the date your case was closed. If the data is needed to handle your complaints and claims regarding purchased products, it may be stored for longer, but for no longer than three years from the date of purchase to which the data relates.


On social media, we delete your comments and our communication upon request. You can delete your own comments/communication yourself. Material that may be perceived as offensive is deleted on an ongoing basis. This applies, for example, to unpleasant comments, inappropriate language, or attacks on individuals.

Who processes your personal data and why

Your personal data is primarily processed by us. In some cases, we share your personal data with others. We use suppliers as personal data processors for analysis and marketing services, newsletter distribution and IT services, among other things. We only transfer your personal data to such processors for purposes that are compatible with the purposes for which we have collected the data, and we ensure through written agreements with the processors that they undertake to comply with our security requirements and restrictions, as well as requirements regarding international transfers of personal data.


In order to have a functioning IT system and to be able to conduct our business efficiently, we share your personal data with our IT suppliers, who process your personal data on our behalf and according to our instructions in their capacity as our personal data processors. We share personal data with them for all the purposes listed in the tables above.


When we share your personal data with others, the personal data will be used for the same purposes for which we originally collected it. 


When we share your personal data, in some cases this will involve transferring your personal data to a country outside the EU/EEA. See more information below regarding where we process your personal data and transfers outside the EU/EEA.


In certain cases, we also share your personal data with others who process your personal data as independent data controllers. Examples of these are shipping companies, authorities and certain analysis and marketing services. When your personal data is transferred to someone who is an independent data controller, we do not control how the data is then processed, but responsibility for this fall to the organization to which the transfer has been made, meaning, among other things, that the authority or company is obliged to inform you about its processing of your personal data and to ensure that the processing is lawful. If you wish to exercise your rights under the GDPR against these recipients, for example to access the data they hold about you (Art. 15 of the GDPR), you must contact them directly.


We share your personal data with our partners and suppliers in the manner described below.


  • If you make a purchase from us, we share your personal data with suppliers and partners within payment services, freight forwarding services, transport services, warehouse management, delivery planning and delivery information services to deliver your products. The payment service providers and transport companies that process your personal data are specified in the selection you make at checkout when making your purchase.
  • If you have consented on the Website or in the App we use analytics and marketing services from Google, Meta, Microsoft, Rakuten and Braze to analyse and improve our Website and Service. Your personal data will then be shared with these providers, who process your personal data on our behalf as our data processors, but also process your personal data as independent data controllers. These providers will inform you separately about the personal data processing for which they are responsible.
  • In order to send you newsletters, we use Braze and Mailchimp, which process your personal data in their capacity as our personal data processors.
  • To handle your customer service enquiries when you contact us, we use a supplier who assists us with our customer service and who processes your personal data in our capacity as a personal data processor. Please note that if you contact us via social media, the relevant social media platform will also process your personal data.
  • In the event of a legal dispute, we will share your personal data with authorities and any representatives as necessary.


If you would like more information about how we share your personal data, please feel free to contact us.

Where we process your personal data

In connection with our use of certain service providers, your personal data may be transferred outside the EU/EEA. In the following cases, some of the external parties we use will in certain cases transfer your personal data outside the EU/EEA:


  • When we process your personal data to send you newsletters, we share your personal data with our service providers Braze and Mailchimp, which are based in the United States. 
  • To conduct our business, we use several IT providers such as Google, which means that your personal data is transferred to the United States. 
  • If you visit our Website, your personal data will be transferred outside the EU/EEA if you consent to Google, Meta, Rakuten and Microsoft processing your personal data. In the case of Rakuten, your personal data is transferred to Japan, while other providers process your personal data in the United States.
  • If you contact us via Instagram, your personal data will be processed outside the EU/EEA by being shared with Meta when you choose to be active on Instagram.


When we transfer personal data to other countries outside the EU/EEA, we do so based on the following mechanisms:


  • When your personal data is transferred to the United States and Japan, this is done based on adequacy decisions by the European Commission pursuant to Article 45 of the GDPR. This means that the EU has assessed that these countries have adequate protection for your personal data. In the case of the United States, this agreement between the EU and the United States is called the EU-US Data Privacy Framework. Microsoft, Meta and Google are certified under the EU-US Data Privacy Framework.
  • In some cases, we use suppliers that means your personal data is transferred to suppliers that are not certified under the EU-US Data Privacy Framework or outside the EU/EEA to a country that does not have an adequacy decision. In such cases, the transfer is primarily based on the standard contractual clauses (Article 46.2 (c) GDPR), Module 2 (controller to processor). You can find the standard contractual clauses here. In cases where we conclude that legislation or similar in a specific country outside the EU/EEA to which we transfer your personal data affects the effectiveness of the standard contractual clauses, we will take additional protective measures to ensure adequate protection of your personal data.

Balancing of interests

As stated above, in certain situations we process your personal data based on a balancing of interests. The balancing of interests means that we process your personal data when the processing is necessary for purposes related to our legitimate interests. Our legitimate interests will only constitute a legal basis for processing your personal data if your interests and fundamental rights and freedoms do not outweigh our legitimate interests.


If you would like to know more about how we have made this assessment (balancing of interests) or object to it, please contact us using the contact details provided above.

Consent

In certain situations, we process your personal data after you have given your consent to the processing. These situations are described above, and you can withdraw your consent at any time. If you withdraw all or part of your consent, we will cease processing for that purpose. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Your rights

In accordance with the GDPR, you have certain rights – see more information below.


If you have any questions about your rights or wish to exercise any of them, please contact us using our contact details. You can also find more detailed information about when your rights apply and what exceptions there are at the Swedish Data Protection Authority.


You have the right to submit a complaint to the competent supervisory authority if you believe that the processing of your personal data violates the GDPR. In Sweden, the competent supervisory authority is the Swedish Data Protection Authority.


You have the right to withdraw your consent at any time by contacting us using the contact details above. If you choose to consent on the Website, you can always withdraw your consent directly on the Website or in the App.


You have the right to obtain confirmation as to whether we are processing your personal data or not.  You can make a request by contacting us by using the contact details above. If we are processing your personal data, you also have the right to obtain a copy of the personal data processed by us as well as information about our processing, such as the purposes of the processing and for how long your personal data is stored.


You have the right to object to the processing of your personal data for direct marketing purposes (including any profiling) and to the processing of your personal data based on a balancing of interests at any time.


You have the right to have inaccurate personal data concerning you rectified without undue delay. You also have the right to have incomplete personal data completed.


Under certain circumstances, you have the right to have your personal data deleted by us without undue delay. For example, if you withdraw your consent and there is no other legal basis for the processing, or if the personal data is no longer necessary for the purposes for which it was collected or processed.


Under certain conditions, you have the right to request that we restrict our processing of your personal data. For example, if you contest the accuracy of the personal data, or if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction on the use of the personal data.


If we process your personal data based on your consent, you have the right to receive personal data concerning you. This right applies to personal data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit those personal data to another controller, where technically feasible.