Privacy Policy

At prismshift AB, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our spa equipment consultation services and visit our website.

Data Controller Information

prismshift AB (registration number 617358-4295) is the data controller responsible for processing your personal data. We are located at Folkungagatan 112, 754 25 Uppsala, Sweden. You can contact us at privacy@prismshift.pro or +46 18 864 17 66 for any privacy-related questions.

Data We Collect

The data we collect includes personal information you provide directly to us and information collected automatically through your use of our website and services. We collect the following types of personal data:

• Contact Information: Name, email address, phone number, company name, and postal address
• Communication Data: Messages, inquiries, and correspondence with our team
• Business Information: Details about your spa or beauty business, equipment needs, and project requirements
• Website Usage Data: IP address, browser type, pages visited, time spent on pages, and referral sources
• Technical Data: Device information, operating system, and browser settings

How We Use Your Information

We process your personal data for legitimate business purposes and with your consent where required. The use of your data includes providing our spa equipment consultation services, responding to your inquiries, and improving our website functionality. Specifically, we use your information to:

• Provide consultation services and equipment recommendations
• Respond to your inquiries and communicate about our services
• Process and fulfil service requests
• Send relevant business communications and updates
• Improve our website and service offerings
• Comply with legal obligations and protect our business interests
• Analyse website usage and user behaviour for service improvement

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: (a) Consent for marketing communications and non-essential cookies, (b) Contract performance for providing our consultation services, (c) Legitimate interests for improving our services and website functionality, and (d) Legal obligation for compliance with applicable laws and regulations.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our cookie usage, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell or rent your personal information to third parties. We may share your data with trusted service providers who assist us in operating our business, such as website hosting, email services, and analytics providers. All third-party processors are bound by data protection agreements and are required to protect your information in accordance with applicable privacy laws.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Contact information and communication records are typically retained for 7 years for business and legal compliance purposes. Website usage data and cookies are retained according to the periods specified in our Cookie Policy. You may request earlier deletion of your data, subject to our legal obligations.

Your Rights

Under GDPR, you have specific rights regarding your personal data. These your rights include the ability to request access to, correction of, or deletion of your personal information, as well as the right to object to or restrict certain processing activities. You have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal obligations)
• Restriction: Request limitation of processing in certain circumstances
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for processing where applicable

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include encrypted data transmission, secure server hosting, access controls, and regular security assessments. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

International Data Transfers

As we operate primarily within the European Union, your data is generally processed within the EU/EEA. When we use third-party services that may transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the following information:

Supervisory Authority

You have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) if you believe we have not handled your personal data in accordance with applicable data protection laws. You can contact them at imy@imy.se or visit their website at www.imy.se.