Privacy Policy

KR8 Sports AB (Sweden)
Privacy Policy – KR8 Sports AB

Last updated: 20260216

KR8 Sports AB (“we”, “our”, “us”) respects your privacy and processes personal data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

KR8 Sports AB
Sweden
Email: info@kr8.se

2. Personal Data We Collect

  • Name
  • Email address
  • Phone number
  • Account login information
  • Encrypted/hashed password (we do not store plaintext passwords)
  • Technical data such as IP address, login timestamps, and security/usage logs

We do not collect national identification numbers or sensitive personal data.

3. Purpose of Processing

  • Provide access to the portal and services
  • Manage user accounts
  • Communicate regarding services and support
  • Ensure system security and prevent misuse
  • Maintain operational logs and system performance

4. Legal Basis for Processing

  • Contractual necessity — to provide access to the system and services
  • Legitimate interest — to maintain security, prevent fraud, and operate the platform
  • Consent — for optional cookies such as analytics and marketing/integration cookies

5. Data Retention

  • Account data: retained while the account is active
  • Logs/security data: retained as needed for operational and security purposes and as required by law
  • Consent preferences: retained to demonstrate compliance

When accounts are deleted, associated personal data is removed or anonymized unless legal obligations require retention.

Typical retention periods:
- Security and login logs: up to 90 days
- Backup copies: up to 30 days before automatic overwrite/deletion

6. Data Sharing

We do not sell personal data.

Data may be shared with trusted service providers necessary to operate the system, including:

  • Amazon Web Services (AWS) – hosting and infrastructure
  • one.com – email delivery (SMTP and related mail services)

These providers process data under GDPR-compliant data processing agreements.

Data may also be shared with authorities where required by law.

7. International Transfers

Personal data is primarily processed within the EU/EEA. If any transfer occurs outside the EU/EEA, appropriate safeguards are used.

8. Security Measures

  • Encrypted connections (HTTPS)
  • Password hashing
  • Access controls and authentication
  • Logging and monitoring

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Request data portability
  • File a complaint with the Swedish Authority for Privacy Protection (IMY)

Requests can be sent to: info@kr8.se

10. Cookies

Our system uses cookies necessary for login and functionality. Optional cookies (such as analytics) require your consent. See our Cookie Policy for details.

11. Changes to This Policy

We may update this policy when required. The latest version is always available within the portal.