Privacy Policy

Last updated: April 2025

Data controller

The data controller for makemesmile.se is Sofia Lindgren. You can contact the data controller at: [email protected].

What data is collected

This site is a static editorial website. The following data is processed:

Server access logs: IP address, browser type, pages visited, date and time of access. These are collected automatically by the web server for security and operational purposes.
Email messages: if you contact the site by email, the message content and your email address are retained for the purpose of responding to you.

This site does not use tracking cookies, advertising pixels, analytics platforms, or third-party tracking services of any kind. No profiling of visitors is carried out.

Legal basis for processing

Server log processing is based on legitimate interest (Article 6(1)(f) GDPR) - specifically the interest in maintaining website security and diagnosing technical issues. Email correspondence is processed on the basis of the request or communication being initiated by the data subject (Article 6(1)(b) GDPR, or alternatively Article 6(1)(f) GDPR).

Retention periods

Server access logs are retained for a maximum of 30 days before deletion. Email correspondence is retained for as long as it is relevant to the subject matter of the communication, and deleted when no longer needed.

Data sharing

Personal data is not shared with third parties, sold, or used for marketing purposes. Server logs may be accessible to the hosting provider as a data processor under an appropriate data processing agreement.

Cookies

This site does not set cookies. No consent banner is required.

Your rights under GDPR

As a data subject under the General Data Protection Regulation and the Swedish Data Protection Act (Dataskyddslagen 2018:218), you have the following rights:

Right of access: you may request confirmation of whether personal data concerning you is being processed, and if so, access to that data.
Right to rectification: you may request correction of inaccurate personal data.
Right to erasure: you may request deletion of personal data in circumstances provided for by Article 17 GDPR.
Right to restriction of processing: you may request that processing is restricted in circumstances provided for by Article 18 GDPR.
Right to object: you may object to processing based on legitimate interest.
Right to data portability: where technically feasible and legally applicable, you may request a structured, machine-readable copy of personal data you have provided.

To exercise any of these rights, contact [email protected]. Requests will be responded to within 30 days.

Right to lodge a complaint

You have the right to lodge a complaint with the Swedish supervisory authority, the Integritetsskyddsmyndigheten (IMY):

Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm
www.imy.se

Changes to this policy

This privacy policy may be updated if the data processing activities of the site change. The date at the top of this page reflects the most recent update. Significant changes will be noted in the site's content if applicable.