Enerbrightia

Privacy Policy

This Privacy Policy explains how Enerbrightia collects, uses, stores, and protects your personal data when you visit our website or use our services.

1. Data Controller

The data controller responsible for your personal data is:

Enerbrightia
Hyllie Boulevard 19
215 32 Malmö, Sweden
Email: assist@enerbrightia.world
Phone: +46 40 36 37 00

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us using the details above. We aim to respond to all privacy-related inquiries within 30 days as required under the General Data Protection Regulation (GDPR).

2. Personal Data We Collect

We collect personal data in the following categories depending on how you interact with our website and services:

2.1 Data You Provide Directly

  • Contact form submissions: Your name, email address, and message content when you use our contact form.
  • Consulting inquiries: Additional information you voluntarily share about your living space, preferences, or scheduling availability.
  • Program enrollment: Name, email, billing address, and payment-related information when you purchase educational programs or consulting sessions.
  • Communication records: Content of emails, messages, and correspondence exchanged with our team.

2.2 Data Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage data: Pages visited, time spent on pages, referral source, click patterns, and navigation paths within the website.
  • Cookie data: Information stored through cookies and similar technologies as described in our Cookie Policy.

2.3 Data We Do Not Collect

We do not intentionally collect sensitive personal data such as health records, medical diagnoses, or information about disabilities. Our services are educational and environmental in nature. If you voluntarily share health-related information in a message, we will treat it with additional care and delete it when no longer needed for your inquiry.

Under the GDPR, we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a)): When you submit our contact form and check the GDPR consent box, or when you accept non-essential cookies through our cookie banner.
  • Contract performance (Article 6(1)(b)): When processing is necessary to deliver consulting sessions, personalized plans, or educational programs you have purchased.
  • Legitimate interests (Article 6(1)(f)): For website security, fraud prevention, analytics to improve our content, and responding to general inquiries where consent has been provided.
  • Legal obligation (Article 6(1)(c)): When we are required to retain data for tax, accounting, or regulatory compliance under Swedish law.

4. Purposes of Data Processing

We use your personal data exclusively for the following purposes:

  • Responding to your inquiries submitted through the contact form or email
  • Scheduling and delivering consulting sessions and personalized guidance plans
  • Providing access to purchased educational programs and materials
  • Processing payments and issuing invoices for paid services
  • Sending service-related communications such as session confirmations and follow-up summaries
  • Improving our website content, user experience, and service offerings through aggregated analytics
  • Complying with legal obligations including tax reporting and responding to lawful requests from authorities
  • Protecting the security and integrity of our website and preventing unauthorized access

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form inquiries: Retained for up to 12 months after your inquiry is resolved, then deleted unless an ongoing business relationship exists.
  • Consulting and program records: Retained for the duration of the service plus 3 years for warranty, dispute resolution, and legal compliance purposes.
  • Financial and billing records: Retained for 7 years in accordance with Swedish accounting legislation (Bokföringslagen).
  • Analytics data: Aggregated and anonymized after 26 months. Individual identifiers are removed earlier when consent is withdrawn.
  • Cookie consent records: Retained for 12 months to demonstrate compliance with consent requirements.
  • Marketing communications data: Retained until you withdraw consent or unsubscribe, after which deletion occurs within 30 days.

When retention periods expire, data is securely deleted or anonymized so it can no longer be associated with you.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share data with the following categories of recipients when necessary:

  • Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that process data on our behalf under strict data processing agreements.
  • Professional advisors: Accountants, auditors, and legal counsel when required for business operations or compliance.
  • Authorities: Public bodies when required by law, court order, or regulatory obligation.

All third-party processors are bound by contractual obligations to protect your data, process it only according to our instructions, and comply with applicable data protection laws.

7. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If any of our service providers transfer data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other mechanisms recognized under GDPR Chapter V.

8. Security Measures

We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Access controls limiting personal data access to authorized personnel only
  • Regular security assessments of our website infrastructure and third-party providers
  • Secure storage of passwords and authentication credentials using industry-standard hashing
  • Employee training on data protection principles and incident response procedures
  • Backup systems with encrypted storage to ensure data availability and recovery

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately.

9. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data when it is no longer necessary or when you withdraw consent.
  • Right to restriction: Request that we limit processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with Integritetsskyddsmyndigheten (IMY), the Swedish Authority for Privacy Protection, at imy.se.

To exercise any of these rights, contact us at assist@enerbrightia.world. We will verify your identity before processing requests and respond within one month.

10. Cookies and Tracking

Our website uses cookies and similar technologies. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on this page with a revised date. We encourage you to review this policy periodically. Material changes will be communicated through a notice on our website.

13. Contact Information

For privacy-related questions, data subject requests, or concerns about how we handle your personal data:

Enerbrightia
Hyllie Boulevard 19, 215 32 Malmö, Sweden
Email: assist@enerbrightia.world
Phone: +46 40 36 37 00