Privacy Policy

Returkultur values your personal privacy when you use our services. This privacy policy explains how we process and protect your personal data.

Who is responsible for the personal data we collect?
Returkultur ideell förening (org. no. 802515-2532) is the data controller for the association's processing of personal data.

How do you contact us?
Returkultur
Varholmsgatan 7
414 74 Gothenburg
Västra Götaland County

Email: hej@returkultur.se

If you have any questions about how we handle your personal data, want to correct, delete, or request the portability of your data, please feel free to contact us.

What is personal data?
Personal data refers to any kind of information that can be directly or indirectly attributed to a living individual. For example, images and audio recordings processed in a computer can be considered personal data even if no names are mentioned. Encrypted data and various types of electronic identities (such as IP addresses) are also personal data if they can be linked to physical persons.

What personal data do we collect about you?
We collect personal data that you share with us when you visit our website, contact us, subscribe to our newsletter, become a member of the association, or borrow through the sharing pool. Some data may also be obtained from third parties. Below are examples of why we process your personal data, what data is processed, the legal basis for processing, and how long the data is stored.

To handle membership applications and establish membership agreements
Personal data processed:

  • Name.

  • Contact details (such as address, email, and phone number).

  • Personal identification number or organizational number.

Legal basis: Processing of membership applications and establishment of membership agreements. This collection of your personal data is necessary for us to fulfill our obligations under the membership agreement. Storage period: Until the member terminates the agreement and membership in the sharing pool.

To manage membership, reservations, and loans
Personal data processed:

  • Name.

  • Contact details (such as address, email, and phone number).

  • Payment history.

  • Payment information.

  • IP address.

  • Loan information (such as the borrowed item, its intended use, and the loan period).

Legal basis: Performance of the loan agreement. This collection of your personal data is necessary for us to fulfill our obligations under the loan agreement. Storage period: Until the loan has been completed (including return) and for a period of 36 months thereafter to handle any disputes arising from the agreement.

To fulfill the association's legal obligations
Personal data processed:

  • Name.

  • Contact details (such as address, email, and phone number).

  • Payment history.

  • Payment information.

  • IP address.

  • Your correspondence.

  • Information about the time of purchase, any defects/complaints.

Processing performed: Necessary processing to fulfill the association's legal obligations according to statutory requirements, court decisions, or official decisions (such as the Accounting Act, the Anti-Money Laundering Act, or rules on product liability and product safety, which may require the provision of communication and information to the public and customers about product alerts and recalls in the event of a defective or hazardous product). Legal basis: Legal obligation. This collection of your personal data is required by law. Storage period: Until the loan has been completed (including return) and for a period of 36 months thereafter (certain information is stored for 7 years in accordance with the Accounting Act).

To handle loan matters
Personal data processed:

  • Name.

  • Contact details (such as address, email, and phone number).

  • Your correspondence.

  • Information about the loan time, any defects/complaints.

  • Technical information about equipment.

  • Communication and response to any inquiries to the association (via phone or digital channels, including social media).

Legal basis: Legitimate interest. The processing is necessary to satisfy our and your legitimate interest in managing loan matters. Storage period: Until the loan matter is completed.

Who may we share your personal information with?

In cases where it is necessary for us to provide our services, we may share your personal information with companies that act as data processors on our behalf. A data processor is a company that processes information on our behalf and according to our instructions. We have data processors that assist us with:

  • Payment solutions (card acquiring companies, banks, and other payment service providers).

  • IT services (companies that handle necessary operations, technical support, and maintenance of our IT solutions).

  • Communication services (newsletter).

When your personal information is shared with data processors, it is only done for purposes that are compatible with the purposes for which we collected the information (e.g., to fulfill our obligations under the membership and loan agreement). We control all data processors to ensure that they provide sufficient guarantees regarding the security and confidentiality of personal data. We also share your personal information with government authorities (police, tax authorities, or other authorities) if we are required to do so by law or in case of suspected criminal activity.

Where are the data stored?

The data collected about you will be processed and stored using storage services that comply with GDPR laws and regulations.

How long do we keep your personal information?

We never keep your personal information longer than necessary for each purpose. See more about specific storage periods under each purpose.

What rights do you have as a registered individual?

Right of access (so-called register extract). We are always open and transparent about how we process your personal information, and if you want a deeper insight into the personal information we process about you, you can request access to the information. Please note that if we receive a request for access, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person.

Right to rectification. You can request correction of your personal information if the information is incorrect. Within the specified purpose, you also have the right to supplement any incomplete personal information.

Right to erasure. You can request the erasure of personal information we process about you if:

  • The information is no longer necessary for the purposes for which it was collected or processed.

  • You object to a balancing of interests we have made based on legitimate interests, and your reason for objection outweighs our legitimate interest.

  • The personal information is processed unlawfully.

  • The personal information must be erased to fulfill a legal obligation we are subject to.

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal information. These obligations stem from accounting and tax legislation, banking and anti-money laundering legislation, as well as consumer rights legislation. It may also happen that processing is necessary for us to establish, assert, or defend legal claims. If we are prevented from complying with a request for erasure, we will instead block the personal information from being used for purposes other than the purpose that prevents the requested erasure.

Right to restriction.

You have the right to request that our processing of your personal data is restricted. If you dispute the accuracy of the personal data we process, you can request restricted processing while we need time to verify the accuracy of the personal data. If we no longer need the personal data for the stated purposes, but you still need them to establish, exercise, or defend legal claims, you can request restricted processing of the data from us. This means that you can request that we do not delete your data. If you have objected to a balancing of legitimate interests that we have made as the legal basis for a purpose, you can request restricted processing while we need time to verify whether our legitimate interests outweigh your interests in having the data deleted. If the processing has been restricted according to any of the above situations, we may only, in addition to storage itself, process the data to establish, exercise, or defend legal claims, to protect someone else's rights, or if you have given your consent.

Right to object to certain types of processing.

You always have the right to object to direct marketing and to object to all processing of personal data based on a balancing of interests. In cases where we use a balancing of interests as the legal basis for a purpose, you have the opportunity to object to the processing. In order to continue processing your personal data after such objection, we need to demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, or freedoms. Otherwise, we may only process the data to establish, exercise, or defend legal claims. You have the opportunity to object to the processing of your personal data for direct marketing purposes. If you object to direct marketing, we will cease processing your personal data for that purpose as well as cease all types of direct marketing measures.

Right to data portability. If our right to process your personal data is based on your consent or the performance of a contract with you, you have the right to request the transfer of the data concerning you, which you have provided to us, to another data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically possible and can be automated.

How do we protect your data?

We use IT systems to protect the confidentiality, integrity, and availability of personal data. We have implemented specific security measures to protect your personal data against unauthorized or unlawful processing (such as unauthorized access, loss, destruction, or damage). Only those individuals who actually need to process your personal data in order for us to fulfill our specified purposes have access to them.

What about Cookies?

The carpooling platform uses cookies. Learn more about how cookies are used on the platform here.

Changes to the privacy policy

This policy may be updated. The latest updated version of the privacy policy can always be found on this page.

Supervisory authority

The Swedish Data Protection Authority is the supervisory authority. You can find the current contact information on the Swedish Data Protection Authority's website: https://www.imy.se/.