Skip to content
Aktivitetskonceptet

Privacy policy

How we process your personal data.

We respect your privacy and only collect what we need to answer your questions and deliver our service. This policy describes how, why and for how long.

Last updated: 6 May 2026

1. Data controller

Aktivitetskonceptet Sverige is the data controller for the processing of your personal data described in this policy. You can reach us at info@aktivitetskonceptet.se or +46 (0)8 555 00 270.

2. What data we process

We process the personal data you provide to us, primarily when you fill in the contact form or send us an email:

  • Name
  • Email address
  • Phone number (if you provide it)
  • Organisation or operation (if you provide it)
  • The contents of your message
  • Time of submission and technical metadata required for secure delivery (e.g. IP address at the time)

3. Purposes and legal basis

We process the data in order to:

  • Respond to your enquiry and discuss our services with you.
  • Schedule demos, meetings and information sessions.
  • Manage administration around any assignments and contracts.
  • Fulfil legal obligations, for example bookkeeping.

The legal basis is primarily legitimate interest (being able to respond to incoming enquiries) and the consent you give when submitting the form. For contractual relationships the basis is performance of a contract, and for bookkeeping the basis is legal obligation.

4. Retention

Incoming messages are stored for as long as required to handle the matter, normally up to 24 months from the most recent contact. Data covered by accounting law is kept for seven years. You can request that we delete data not required to be kept by law at any time.

5. Who can access the data

We don't share your data with third parties for marketing. To deliver the website and the contact form we use the following processors:

  • Vercel Inc. – hosting of the website.
  • Supabase Inc. – database and serverless function (region within the EU) for receiving messages from the contact form.
  • Microsoft 365 / Exchange Online – delivery of email notifications to us.

Personal data is primarily processed within the EU/EEA. If a provider processes data outside the EU/EEA it is only with safeguards that meet GDPR (standard contractual clauses or equivalent).

6. Cookies and similar technologies

The website only uses essential cookies required for basic functionality. We don't use any third-party cookies for marketing, tracking or profiling. If we introduce analytics in the future we will obtain consent first.

7. Security

Traffic to the website is encrypted with TLS. Incoming messages are stored with access controls in the database, and access is limited to people who need the data to handle the matter.

8. Your rights

Under GDPR you have the following rights regarding your personal data:

  • Be informed about which data we process (subject access).
  • Request correction of incorrect data.
  • Request erasure when there is no legal basis to continue processing.
  • Request restriction of processing.
  • Object to processing carried out under legitimate interest.
  • Withdraw your consent when processing is based on consent.
  • Request data portability.

Requests are sent to info@aktivitetskonceptet.se. If you believe we are processing your data unlawfully you can lodge a complaint with the Swedish Authority for Privacy Protection (IMY), www.imy.se.

9. Changes to the policy

We may update this policy. The latest version is always published on this page with the date of the update.

10. Contact

Questions about our processing of personal data are answered by Aktivitetskonceptet Sverige, email info@aktivitetskonceptet.se.

Terms of serviceContact us