Boostshine

Effective date:

Privacy Policy

This document explains how Boostshine collects, uses, stores, and protects personal data when you visit our website or interact with our active break program services.

1. Data Controller

The data controller responsible for processing your personal data is:

Boostshine
Åsögatan 140
116 24 Stockholm
Sweden
Telephone: +46 8 642 45 00
Email: hello@boostshine.world
Website: boostshine.world

For any questions regarding this Privacy Policy or the exercise of your data protection rights, please contact us using the details above. We aim to respond to all privacy-related inquiries within thirty days as required under the General Data Protection Regulation (GDPR).

2. Scope of This Policy

This Privacy Policy applies to all personal data processed through:

  • Our website at boostshine.world and all associated subpages
  • Contact forms and inquiry submissions
  • Email and telephone communications initiated through our published contact channels
  • Program enrollment and consulting engagement processes
  • Cookie and similar tracking technologies as described in our Cookie Policy

This policy does not apply to third-party websites that may be linked from our pages. We encourage you to review the privacy practices of any external sites you visit.

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

When you contact us or engage with our services, we may collect:

  • Full name and job title
  • Email address and telephone number
  • Organization name and department
  • Content of messages and inquiries submitted through our contact form
  • Program preferences and scheduling information
  • Billing and payment details when purchasing educational products or programs

3.2 Data Collected Automatically

When you visit our website, certain technical data may be collected automatically, including:

  • IP address (anonymized where possible for analytics purposes)
  • Browser type and version
  • Operating system
  • Referring URL and pages visited on our site
  • Date and time of access
  • Device type and screen resolution

3.3 Data We Do Not Collect

We do not collect sensitive personal data such as health records, medical diagnoses, biometric data, or information revealing racial or ethnic origin, political opinions, religious beliefs, or trade union membership. Our active break programs are educational in nature and do not require health-related personal information.

4. Legal Basis for Processing

Under the GDPR, we process personal data only when a lawful basis applies. The bases we rely upon include:

  • Consent (Article 6(1)(a)): When you submit our contact form, accept non-essential cookies, or subscribe to informational communications, you provide explicit consent for the specified processing activities.
  • Contractual necessity (Article 6(1)(b)): Processing required to fulfill agreements for program delivery, consulting services, or product purchases you have requested.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving website functionality, ensuring network security, and responding to general inquiries, provided these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)): Processing required to comply with applicable laws, including Swedish accounting regulations and tax reporting requirements.

5. Purposes of Data Processing

We use personal data exclusively for the following purposes:

  • Responding to inquiries submitted through our contact form, email, or telephone
  • Providing information about active break programs, consulting services, and educational products
  • Delivering purchased programs and managing participant enrollment
  • Processing payments and issuing invoices
  • Improving website content, navigation, and user experience through aggregated analytics
  • Maintaining website security and preventing fraudulent activity
  • Complying with legal and regulatory obligations in Sweden and the European Union
  • Communicating service updates, policy changes, and relevant educational content to existing clients who have opted in

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Contact form inquiries: Up to twelve months from the date of submission, unless an ongoing business relationship develops
  • Client and program records: Duration of the engagement plus six years for accounting and legal compliance purposes
  • Payment and invoice data: Seven years in accordance with Swedish bookkeeping legislation (Bokföringslagen)
  • Marketing communications consent records: Until consent is withdrawn, plus three years for proof of compliance
  • Server log files: Up to ninety days, unless required for security investigations
  • Cookie consent preferences: Twelve months, after which we will request renewed consent

When retention periods expire, data is securely deleted or irreversibly anonymized.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share data with the following categories of recipients when necessary:

  • Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that process data on our behalf under strict data processing agreements
  • Professional advisors: Accountants, legal counsel, and auditors bound by confidentiality obligations
  • Public authorities: When required by law, court order, or governmental request

All third-party processors are located within the European Economic Area or provide adequate safeguards as required under GDPR Chapter V for international data transfers.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Access controls limiting personal data access to authorized personnel only
  • Regular security assessments of our website infrastructure
  • Encrypted storage for sensitive data such as payment information
  • Employee training on data protection principles and incident response procedures
  • Documented procedures for detecting, reporting, and investigating data breaches

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and exercise caution when sharing personal information online.

9. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights regarding your personal data:

  • Right of access: Request confirmation of whether we process your data and obtain a copy of that data
  • Right to rectification: Request correction of inaccurate or incomplete personal data
  • Right to erasure: Request deletion of your data when it is no longer necessary, consent is withdrawn, or processing is unlawful
  • Right to restriction: Request limitation of processing under certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format and transmit it to another controller
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: File a complaint with Integritetsskyddsmyndigheten (IMY), the Swedish Authority for Privacy Protection, at imy.se

To exercise any of these rights, contact us at hello@boostshine.world or +46 8 642 45 00. We will verify your identity before processing requests and respond within one month.

10. Children's Privacy

Our website and services are directed at professionals and organizations. We do not knowingly collect personal data from individuals under sixteen years of age. If we become aware that data from a minor has been collected without appropriate parental consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through a notice on our website. The effective date at the top of this page indicates when the policy was last revised. We encourage you to review this page regularly.

12. Contact Information

For privacy-related questions, data subject requests, or concerns about our data handling practices:

Boostshine
Åsögatan 140, 116 24 Stockholm, Sweden
Email: hello@boostshine.world
Phone: +46 8 642 45 00