Glowlife
Home › Privacy Policy
Legal

Privacy Policy

Last updated today. This policy explains, in plain language, how Glowlife handles personal information.

1. Who we are

Glowlife is a small consulting studio registered in Sweden, operating from killnadsgatan 32, 111 51 Stockholm. References in this policy to "we", "us" and "our" mean Glowlife acting as the data controller for the information described below. If you have questions about anything in this policy, you can reach our team through the address above, by phone, or via the contact form on our website.

2. The information we collect

We aim to collect as little personal information as possible. The categories below describe everything we may collect through our website and direct interactions:

2.1 Information you give us directly

  • Your name and email address when you submit the contact form.
  • The content of your message and any attachments you choose to send by email.
  • Details about your organisation that you choose to share during a consultation, proposal or engagement.
  • Billing details (company name, VAT identifier and invoicing address) when we agree to begin work together.

2.2 Information collected automatically

  • A single technical cookie used to remember that you have closed the privacy notice on our site.
  • Standard server log entries, including IP address, browser user agent and the page requested, used solely to keep the site operational and secure.

3. Why we use this information

We only process personal information for specific, limited purposes: replying to your message, scoping potential engagements, fulfilling contracts we have entered into with you or your employer, meeting our legal and accounting obligations, and protecting our website and systems from misuse. We do not use your information for behavioural advertising or profiling.

4. Our legal basis for processing

Where European data protection law applies, we rely on the following legal bases:

  • Consent — when you tick the consent box on our contact form.
  • Performance of a contract — when we are delivering services to you or your organisation.
  • Legal obligation — when we are required to retain records for tax or accounting purposes.
  • Legitimate interests — for narrowly defined activities such as ensuring the security and proper functioning of our website.

5. How long we keep your information

Messages received through the contact form are kept for up to twelve months and then deleted, unless they have led to an ongoing engagement, in which case they form part of our client records. Engagement and invoicing records are kept for the period required by Swedish accounting law, typically seven years. Anonymous technical logs are kept for thirty days.

6. Who can see your information

Access to personal information is restricted to members of our small team who genuinely need it to do their work. We may share limited information with carefully chosen service providers (for example, our email host and our accounting software vendor) under written data processing agreements. We do not sell personal information, and we do not share it with advertisers or data brokers.

7. International transfers

Our infrastructure is operated within the European Economic Area wherever possible. If a service provider transfers personal information outside the EEA, we use Standard Contractual Clauses or another lawful mechanism to ensure your information is protected to a comparable standard.

8. Your rights

Under European data protection law, you have the right to access the personal information we hold about you, request that we correct or delete it, restrict or object to certain types of processing, and request a copy in a structured, machine-readable format. You also have the right to withdraw any consent you have given and the right to lodge a complaint with a supervisory authority — in Sweden this is the Integritetsskyddsmyndigheten (IMY).

9. How we keep your information secure

We use sensible, modern security practices: encrypted connections (HTTPS) across our website, strong authentication on staff accounts, principle-of-least-privilege access controls, and regular reviews of the suppliers we work with. No system can be guaranteed perfectly secure, but we work to keep risks low and to respond quickly if something does go wrong.

10. Children

Our services are intended for organisations and adult professionals. We do not knowingly collect personal information from children under the age of sixteen.

11. Changes to this policy

From time to time we may update this policy to reflect changes in our practices, our tools or the law. When we make a meaningful change, we will update the date at the top of this page. We encourage you to review the policy occasionally so you remain informed about how we look after your information.

12. Contact us about privacy

If you have a question or concern about how we handle your personal information, please write to us at our studio address or use the form on the contact page. We will respond as soon as we can, normally within a few working days.