Privacy Policy
- INTRODUCTION
1.1 This Privacy Policy (the “Policy”) explains how Ketter Retreats AB, company registration number [559539-8248] (“Ketter”), collects, processes, and protects personal data when an individual (the “User”) uses Ketter’s services, visits our website, or interacts with us via our digital platforms, including social media (the “Services”).1.2 Ketter is the data controller and is responsible for ensuring that all personal data is processed in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).
1.3 The purpose of this Policy is to provide the User with clear information regarding how their personal data is processed and what rights they have. It also explains how to contact us with questions or to exercise any rights.
1.4 By using our Services, submitting information through our website, or otherwise interacting with us, the User accepts that their personal data will be processed in accordance with this Policy, to the extent such processing is necessary for Ketter to deliver Services or communicate with the User.
1.5 If required information is not provided, or consent is not granted where applicable, this may limit Ketter’s ability to provide certain Services or functionalities.
1.6 Any updates to this Policy will be made available on our website and, where appropriate, communicated directly to the User. - PROCESSING OF PERSONAL DATA – PURPOSES AND LEGAL BASIS
2.1 “Personal data” refers to any information that directly or indirectly relates to an identifiable natural person. Ketter processes such data when providing Services or responding to inquiries from the User.
2.2 Ketter processes personal data for purposes such as administering the User’s registration for Services or expressions of interest, enabling membership or participation in our community, and communicating relevant offers and information.
2.3 Data is processed to ensure the proper delivery of requested Services, to communicate effectively with the User, and to market our offerings. Personal data is collected only to the extent necessary to fulfill these purposes.
2.4 If the User contacts Ketter, we will store the necessary data to respond, follow up, or otherwise manage the communication.
2.5 The legal basis for processing personal data may be:
– The User’s consent (e.g., for direct marketing);
– A contract between Ketter and the User (e.g., where data is required to provide a booked Service);
– A legal obligation (e.g., retention of records by accounting laws).
2.6 In some cases, data may be processed based on a legitimate interest, where Ketter’s interest outweighs the User’s right to privacy. This may apply to follow-up communication, outreach to former participants, or legal matters.
- SENSITIVE PERSONAL DATA
3.1 Sensitive personal data includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, sexual orientation, or sex life.3.2 In limited cases, Ketter may process sensitive personal data, but only with the User’s explicit and informed consent, and only when necessary to provide specific Services—for example, health-related information before a retreat or to accommodate particular needs.
- DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
4.1 Ketter will never share a User’s personal data with third parties without the User’s consent, unless permitted by this Policy, our cookie policy, applicable law, a government authority, or in connection with legal, administrative, or enforcement actions involving Ketter.
4.2 Ketter engages selected service providers and partners to support the delivery of our Services. Some may act as data processors and handle personal data on Ketter’s behalf. In such cases, we ensure that these processors access only the information necessary to perform their tasks.
4.3 All data processors engaged by Ketter are bound by written agreements that require them to:
(i) process personal data in accordance with this Policy and Ketter’s instructions,
(ii) implement appropriate security measures, and
(iii) refrain from using or sharing the data for any other purpose.
4.4 Some external providers, such as payment services, may act as independent data controllers. In such cases, their own privacy policies apply when the User interacts directly with them. Ketter refers Users to the respective provider’s policy for details on how they handle personal data.
- DATA STORAGE
Personal data collected by Ketter is stored on servers provided by trusted data processors operating within the EU/EEA. We ensure that these providers meet the required standards for data security and privacy protection. - TRANSFERS TO THIRD COUNTRIES
As a general rule, Ketter does not transfer personal data to countries outside the EU/EEA. If such a transfer becomes necessary—for example, when using a service from a provider based in a third country— Ketter will ensure that the recipient country has been deemed to have an adequate level of protection by the European Commission or that appropriate safeguards, such as standard contractual clauses, are in place. - RIGHT TO ACCESS (DATA EXTRACTS)
7.1 Users have the right to request, free of charge, a record of the personal data that Ketter holds about them. Requests must be submitted in writing, signed by the User, and sent to Ketter using the contact information below. The request should specify which data is being requested, unless a full extract is needed.
7.2 Repetitive or unreasonable requests may be subject to a reasonable fee or may be denied in accordance with applicable law.
7.3 Ketter normally provides the requested data within 30 days of receiving the request. If the request is extensive or requires further investigation, the User will be informed of the delay and the reasons for it.
- RIGHT TO RECTIFICATION
8.1 Ketter strives to ensure that all processed personal data is accurate and up to date. Users have the right to request correction of any inaccurate, incomplete, or misleading data. Minor errors will be corrected without further review, but more substantial changes may require verification.
8.2 Where applicable, Ketter will also notify relevant data processors or third parties of the correction. Users may request information on which third parties have received the corrected data.
- RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”)
9.1 Users may request the erasure of their personal data in the following cases:
– The data is no longer necessary for its original purpose;
– The User withdraws consent and there is no other legal basis for processing;
– The data is used for direct marketing and the User objects;
– Processing is based on legitimate interest and the User’s privacy interest prevails;
– The data has been unlawfully processed;
– Erasure is required by law or a government decision;
– Other valid legal grounds apply.
9.2 If the request is granted, Ketter will, where reasonable and feasible, notify relevant data processors or other recipients to delete the data.
9.3 Ketter may retain personal data despite a request for erasure if it is necessary to:
– Fulfill legal obligations (e.g., accounting or tax rules); or
– Establish, exercise, or defend legal claims (e.g., in a dispute regarding payment or breach of contract).
9.4 Upon receiving a deletion request, Ketter will assess it based on applicable rules and circumstances. The User will be informed of the outcome.
- RIGHT TO RESTRICT PROCESSING
10.1 Users have the right to request restriction of processing in the following situations:
– If the accuracy of the data is contested, pending verification;
– If processing is unlawful but the User prefers restriction over erasure;
– If the data is no longer needed, but the User needs it to establish, exercise, or defend legal claims;
– If the User has objected to processing based on legitimate interest, pending assessment.
10.2 Restriction means that data will be marked and, aside from storage, only used for specified purposes permitted by the User, legal obligations, or legal claims.
- DATA RETENTION
Personal data is retained only as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations, such as those under accounting regulations. Data is reviewed and deleted regularly in accordance with current legislation. - RIGHT TO DATA PORTABILITY
Suppose the User has provided personal data to Ketter. In that case, they have the right—under certain conditions—to receive it in a structured, commonly used, and machine-readable format and to transmit it to another controller.This right applies only if the processing is based on:
– The User’s consent, or
– A contract with the User, and the processing is automated. It does not apply where the legal basis is legitimate interest or legal obligation, or where transfer is not technically feasible.
- RIGHT TO LODGE A COMPLAINT
If a User is dissatisfied with how Ketter handles personal data, we encourage them to contact us first so we can attempt to resolve the matter. Users also have the right to complain with the relevant supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (IMY). For more information, visit www.imy.se.
- SECURITY
Ketter implements appropriate technical and organizational security measures in line with applicable law to protect personal data against unauthorized access, loss, alteration, or destruction. Security measures are regularly reviewed and updated under technological developments and risk assessments. - CONTACT INFORMATION
15.1 To exercise any of the rights described in this Privacy Policy, the User must submit a written, signed request by email to: info@ketter.se. The request must include:- The User’s signature,
– A scanned copy of a valid ID (e.g., passport or driver’s license),
– A clear description of the right being exercised and the data concerned.15.2 For general inquiries about this Privacy Policy or how Ketter processes personal data, please contact us at: info@ketter.se.
– A contract between Ketter and the User (e.g., where data is required to provide a booked Service);
– A legal obligation (e.g., retention of records under accounting laws).