Privacy Policy
This privacy policy explains how Backuitendonio (referred to as “the studio”, “we”, “our”) collects, stores, uses and protects personal data submitted through this website (backuitendonio.world) and during ongoing work with client companies in Sweden. Our registered studio address is Barnhusgatan 4, 111 23 Stockholm, Sweden. We act as the data controller for the information described below and we are committed to handling it in line with applicable Swedish and European data protection rules, including the General Data Protection Regulation.
1. What information we collect
When you use the contact form on this website, we collect the personal data that you choose to provide. The form only asks for three pieces of personal information: your name, your email address and the content of your message. We also store the timestamp of the submission and the IP address recorded by the receiving server, for the strict purpose of preventing automated abuse of the form.
When you visit the website without sending a form, our hosting provider records standard server access information such as the page requested, the response status, the approximate location derived from the IP address, the referring page and a user-agent string. These records are retained for a short window and used only for security review and to keep the website operating reliably.
1.1 Information collected during an ongoing engagement
If your company becomes a client, we will additionally store the details we need to deliver the agreed program. This typically includes the names and contact details of the people responsible for the relationship, the address of the office where sessions take place, the agreed schedule, billing details, and notes taken by our facilitators after each visit. We do not collect or store sensitive personal data about individual employees of our client companies.
2. Why we use this information
We use the information you submit to respond to your enquiry, to schedule and deliver the services your company has booked, to issue invoices, to keep accounting records as required by Swedish law, and to keep in touch with you about changes to the schedule or the program. We do not use the personal data submitted through this website for unsolicited marketing.
- To reply to enquiries sent via the contact form on this website.
- To deliver, schedule and follow up on the active break sessions you have booked.
- To send administrative messages such as appointment confirmations, schedule changes and invoices.
- To keep the records that Swedish accounting and tax legislation requires us to keep.
- To monitor the security and stability of this website.
3. Legal basis for processing
Where we process personal data submitted through the website, our legal basis is the steps taken at your request before entering into a contract, together with your explicit consent to the processing of your personal data, given via the checkbox on the contact form. Where we process personal data during the delivery of services to a client company, our legal basis is the performance of a contract with that company. Where we keep accounting records, our legal basis is the legal obligation we have under Swedish bookkeeping law. In limited cases we rely on our legitimate interest in keeping the website secure and the business operating safely.
4. Who can see your information
Personal data submitted through this website is accessible only to the people in the studio who are involved in replying to enquiries and scheduling work. We do not sell personal data to anyone and we do not share personal data with third parties for advertising purposes.
We rely on a small number of carefully selected suppliers who help us run the studio. These include our website hosting provider, our email service provider, our accounting partner and the providers of the office software we use to manage schedules. These suppliers act as data processors, are bound by written agreements with us, and may process personal data only as instructed.
5. International transfers
We aim to keep personal data within the European Economic Area. Where a supplier is based outside the European Economic Area, we make sure that an appropriate transfer mechanism is in place, such as the European Commission’s standard contractual clauses or an adequacy decision.
6. How long we keep information
We keep enquiry messages for up to twelve months after our last contact with you, after which they are removed unless you have become a client. Information collected during the delivery of services is kept for the duration of the contract and for as long as required by Swedish accounting law, which is currently seven full financial years. Website server logs are kept for a short rolling window not exceeding ninety days.
7. Your rights
Under the General Data Protection Regulation you have the right to ask for a copy of the personal data we hold about you, to ask us to correct any inaccurate information, to ask us to delete personal data where we no longer have a legal basis to keep it, to restrict our processing in certain situations, to object to processing based on legitimate interest, and to receive your personal data in a structured, commonly used format so that you can transfer it elsewhere.
You also have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing that we carried out before the withdrawal. If you wish to exercise any of these rights, please contact us using the details on the contacts page of this website. We will respond to your request without undue delay and at the latest within one calendar month.
8. Complaints
If you believe that we have not handled your personal data correctly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten), which is the supervisory authority for data protection in Sweden.
9. Children
Our services are offered to companies and we do not knowingly process the personal data of individuals under the age of sixteen through this website. If you believe that a child has submitted personal data through our contact form, please write to us so that we can remove the information promptly.
10. Security
We apply reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration or disclosure. This includes encrypted connections to the website, restricted access to internal systems, regular updates to the software we rely on, and confidentiality obligations for everyone who works with us.
11. Changes to this policy
We may update this policy from time to time, for example when our internal practices change or when the law evolves. When we publish a new version, the date at the top of the page will be refreshed. We encourage you to revisit this page from time to time to stay informed.
12. Contact
For any question about this privacy policy or about the way we handle personal data, please write to us at the address on the contacts page or send a message using the contact form.