This Privacy Policy describes how Fitgrowback, a wellbeing studio based at Riddargatan 12 in Stockholm, Sweden, collects, uses, stores and shares personal data when you visit this website, write to our team, or take part in one of our workplace programs. We have written this document in plain English so that any visitor, regardless of background, can understand what happens to their information. If anything below is unclear, please contact us at customer@fitgrowback.world and we will gladly explain in more detail.
1. Who we are
Fitgrowback is the data controller for the personal data described in this policy. Our registered studio address is Riddargatan 12, 114 35 Stockholm, Sweden. Our main contact number is +46 8 400 200 12. We are a small organisation and a named team member is responsible for reviewing every request related to personal data.
2. What information we collect
We collect only the data we need to respond to your enquiry, deliver a workplace program, and operate this website in a reliable way. The categories of personal data we handle are listed below.
2.1 Information you send through the contact form
When you complete the form on our contacts page, you provide your name, your email address, the content of your message and your explicit consent for us to process this information. We use this data solely to reply to you and, where you ask us to, to follow up about a potential workplace program.
2.2 Information collected automatically
When you visit this website, our hosting provider may log technical information such as the page requested, the date and time of the request, your approximate location based on IP address, and your browser type. This information is used to keep the site secure, diagnose errors and improve performance. We do not use it to build profiles or to advertise to you.
2.3 Information collected during a program
If your employer engages us to deliver a program, we may collect attendance lists, anonymous feedback forms and aggregated reflections. Individual contributions in coaching circles are never shared with employers in identifiable form.
3. Why we use your information
We process personal data for the following limited purposes:
- To respond to messages sent through the contact form.
- To prepare proposals, contracts and invoices for partner companies.
- To deliver and improve our workplace programs.
- To meet legal, accounting and regulatory obligations in Sweden.
- To detect and prevent fraud, misuse and security incidents.
4. Legal bases under the GDPR
We rely on one or more of the following lawful bases when handling your data:
- Consent — for messages you send through our contact form and for optional communications.
- Contract — when we prepare or perform a written agreement with a partner company.
- Legal obligation — for example, retaining invoices for the period required by Swedish accounting law.
- Legitimate interests — for basic website security, fraud prevention and improving our own services, balanced against your privacy rights.
5. How long we keep your data
We keep contact form submissions for up to 24 months unless you ask us to delete them earlier. Contracts, invoices and related accounting records are kept for the period required by Swedish law, currently seven years. Anonymous feedback collected during a program is retained indefinitely in aggregated form for service improvement.
6. Who we share data with
We share personal data only with carefully selected service providers who help us run our business, such as our email provider, our hosting provider, our accountant and the map service used on our contacts page. Each provider is bound by contractual confidentiality and data protection obligations. We never sell personal data, and we never share identifiable participant information with employers.
7. International transfers
Most of our service providers are based in the European Economic Area. Where a provider operates outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission and additional safeguards where required.
8. Your rights
If you are located in the European Economic Area, you have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, object to certain processing, restrict processing in some circumstances, and request data portability. You may also withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please write to customer@fitgrowback.world. We will respond within one month, in line with the GDPR. If you believe we have not handled your data correctly, you may lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).
9. Security
We protect personal data with reasonable technical and organisational measures, including encrypted connections, role-based access to our internal systems, and regular review of our data handling practices. While no system is perfectly secure, we work to reduce risk wherever possible.
10. Children
This website and our services are intended for working adults. We do not knowingly collect personal data from children under the age of 16. If you believe we hold information about a child, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the “last updated” date at the top of this page. Material changes will be highlighted on the home page for at least 14 days.
12. Contact
Questions about privacy can always be sent to customer@fitgrowback.world or to our studio at Riddargatan 12, 114 35 Stockholm, Sweden.