Privacy Policy

The data controller responsible for processing personal information described here is Beautrinsing, reachable at its registered correspondence address Stjärntorget 2, 169 79 Solna, Sweden and by telephone on +46 8 644 20 50. For written correspondence regarding privacy matters, please contact service@beautrinsing.world electronically using the mailbox link replicated in our site footer alongside this policy.

Our organisation provides general informational nutrition consultations and publishes educational materials on beautrinsing.ddd. We do not operate as a clinical provider and are not licensed healthcare professionals, dietitians, or medical doctors. Descriptions of consultations and website content emphasise structured education about food planning, budgeting, grocery habits, and related everyday topics rather than diagnosing or treating disease.

This Privacy Policy explains what categories of personal data we may process through the publicly available website hosted at https://beautrinsing.world, inquiry forms hosted on our infrastructure or third-party tooling, emailed messages, telephone calls, invoicing portals, calendars, videoconferencing tools, CRM records maintained for bookings, analytical metrics subject to lawful consent banners on other templates, referral partner workflows, referral links, downloadable educational PDFs gated behind authenticated links, onsite visitor logs maintained at Solna premises, CCTV where legally permitted and signposted independently, newsletters if you voluntarily subscribe, voluntary satisfaction surveys following sessions, integrations with bookkeeping software, integrations with CRM email automation, integrations with webinar platforms if used for education, and archival records held for auditing tax compliance.

External websites that hyperlink to us follow their own policies. Embedding third-party widgets or video players occurs only where configuration allows contractual data protection clauses, and whenever technically feasible those embeds defer processing to your affirmative choices.

If you collaborate with independent contractors formally engaged by Beautrinsing, contractual clauses referencing Article 28 of the GDPR designate those contractors as processors with limited instructions. Volunteers or informal helpers do not gain access production databases absent written processor agreements supervised by leadership.

We minimise data collected to what reasonably supports enquiries, contractual delivery of informational consultations, bookkeeping, security monitoring proportionate to organisation size, aggregated web analytics authorised by consent on applicable surfaces, satisfaction surveys voluntarily completed, archival evidence for tax statutes, onboarding acknowledgements stressing non-clinical scope, subcontractor onboarding registers without embedding dossiers unrelated to procurements beyond necessity, voicemail handling if offered with destruction windows described in internal procedures, and occasional anti-abuse telemetry purged when benign rate-limit challenges resolve without escalated incidents.

Where personal data could become sensitive under national law because you voluntarily describe health-adjacent topics, we treat such statements as ordinary personal data under your control and store them only if you request written session summaries; we do not repurpose such statements for clinical dossiers, therapy notes, or diagnostic coding. Staff training emphasises redirecting medical questions to licensed professionals without recording clinical recommendations.

• Identity and contact particulars: full name variants, invoicing postcode segments, reachable telephone subset digits, organisational affiliation if bookings mention employer sponsorship.
• Booking and logistical metadata: chosen delivery channel onsite versus remote videoconferencing, language preference toggles referencing Swedish versus English explanatory decks, reschedule counters not tied to discriminatory profiling.
• Consultation conversational context: voluntarily described household grocery constraints, budgeting targets, culturally informed ingredient preferences articulated without clinical framing, handwritten bullet reminders consultants transcribe into plaintext summaries flagged non-clinical by template macros referencing Session Summary boilerplate disclaimers reaffirming lack of diagnoses.
• Financial evidence: invoice numbers, reconciliation tokens surfaced by gateways, bookkeeping ledger references bridging Fortnox-compatible exports hypothetically if bookkeeping vendor integration toggles activate later roadmap phases subject to DPIA appendix updates.
• Electronic engagement signals: newsletter double opt consent timestamps segmented by Scandinavian metropolitan macro regions only without street-level granularity, hashed survey redemption tokens invalidated after redemption to prevent duplication while enabling aggregated satisfaction dashboards.

Direct collection dominates our dataset: enquiry forms transmitted over TLS, voicemail left on published numbers transcribed minimally if transcription vendors operate under GDPR Article 28 terms, handwritten visitor logs voluntarily signed onsite, paper contracts countersigned referencing informational scope disclaimers aligning with Terms of Use, Swish confirmations forwarded as PDF attachments without storing sender bank identifiers redundantly whenever vendor exports already embed reconcilable hashes, onboarding questionnaires emailed as password-protected documents when confidentiality requests justify extra friction, onboarding questionnaires alternatively delivered through client portals enforcing multi-factor authentication if product roadmap activates later gated behind DPIAs, onboarding questionnaires forbidding unsolicited upload of medically classified laboratory reports reaffirmed by textual warnings above every file input widget if such widgets activate later respecting minimal data principle.

Indirect collection complements direct routes with automatically generated server logs segregated alongside consent-gated instrumentation packages if marketing teams enable aggregated heatmaps respecting aggregate-only contracts, referrer headers analysed only after truncated IP hashing inside jurisdictions consistent with supervisory guidance, uptime monitors executing synthetic pings from regional vantage points devoid of injecting cookies into browsers, automated TLS certificate expiry alerts referencing domain inventory spreadsheets without tying alerts to identifiable clients absent incident correlation mandates, bookkeeping exports synchronising invoice rows via encrypted channels without mirroring proprietary nutrition consultation agendas beyond invoice line textual descriptions referencing package SKUs enumerated publicly on Savings page SKU tables.

• Voluntary uploads: grocery receipts optionally anonymised manually per your instruction before consultants reference them privately during sessions.
• Partnership introductions: referral partners authorised under written agreements transmit lead metadata through encrypted spreadsheets limited to pseudonymous tokens until you voluntarily identify yourself initiating contact.

Article 6 of the GDPR requires a documented lawful basis for each processing purpose. We map activities such as delivering booked informational consultations, maintaining accurate client records, issuing invoices, meeting bookkeeping rules, keeping limited security logs, and sending optional marketing or analytics (where a consent-based approach applies on pages that use a cookie layer) to the bases summarised in the table below. Where we rely on legitimate interests, we maintain internal notes describing the balancing test between our interests and your rights; where we rely on consent, you may withdraw it without affecting processing that remains necessary on other grounds.

1. Contract administration: confirm schedules, reschedule sessions respecting Refund Policy windows, transmit videoconference links ephemeral outside archived consent requests, reconcile packages described transparently Savings page SKU tables aligning marketing copy with invoicing artefacts.
2. Informational consultation delivery: reference voluntarily supplied grocery patterns to propose educational meal scaffolding never framed as diagnosing disease, escalate repeated medical question attempts to scripted redirection disclaimers reaffirming non-clinical stance without recording clinical advice attempts beyond minimal benign logs safeguarding staff wellbeing.
3. Operational improvement: aggregate voluntary survey metrics without reversing pseudonym tokens unless statistics teams operate within consent pool boundaries, evaluate consultant training effectiveness using anonymisation-first slide decks illustrating aggregate satisfaction deltas across quarters without quoting identifiable remarks absent separate consent channels.
4. Regulatory and dispute readiness: retain proportionate artefacts supporting bookkeeping audits, lawful access requests timelines, benign dispute resolutions encouraging mediation culturally typical Nordic commercial relationships.
5. Security oversight: monitor authentication attempts into administrative dashboards housing booking metadata only accessible role-based segregation matrices reviewed quarterly onboarding checklists verifying least privilege philosophies.

Retention never extends indefinitely absent statutory bookkeeping minima superseding deletion preferences or narrowly tailored justified legitimate interest defence packages proportionate litigation holds triggered only after counsel mandates referencing concrete dispute identifiers never speculative fishing expeditions. Session summary PDFs volunteered by clients referencing archival indefinite persistence receive layered warnings enumerating indefinite exposure risks juxtaposed GDPR erasure gateways exercisable notwithstanding archival requests once statutory minima lapse except where contradictory legitimate defence interests demonstrably articulated.

Processors receive instructions documented in GDPR Article Twenty Eight agreements enumerating permissible purposes, confidentiality duties, subprocessors notification windows, audits rights proportionate organisational scale, deletion or return mandates upon termination, assistance obligations honouring data subject exercise channels without undue delay philosophies emphasising pragmatic SME-friendly SLAs aligning Nordic commercial realism expectations.

Primary datasets remain within European Economic Area infrastructures whenever commercially realistic procurement tenders evaluate hosting bids emphasising sovereign cloud regions benefiting Swedish latency expectations juxtaposed geopolitical uncertainties periodically reviewed leadership strategy memos reaffirming EEA-centric defaults absent compelling commercial constraints enumerated transparently contractual footnotes referencing Transfer Impact Assessments artefacts stored confidentially accessible supervisory inquiries proportionately.

Should occasional ancillary transfers become indispensable supporting global conferencing reliability during cross-border itineraries consultants operate while travelling, safeguards include European Commission adequacy decisions when destinations listed positively, Standard Contractual Clauses 2021 modules tailored controller-to-processor motifs supplemented Transfer Impact Assessments documenting supplementary technical measures encompassing encryption aligning Schrems II jurisprudence expectations dynamic jurisprudence evolution monitored compliance bulletins minimally quarterly ingestion routines referencing IMY-published guidance abstracts summarising major court shifts without dispensing legal conclusions substituting personalised counsel unrealistic website generalities scope.

• Binding Corporate Rules: not currently activated due to SME scale but governance reviews scheduled triennially evaluate scaling triggers.
• Derogations: explicit consent narrowly scoped hypothetical rare scenarios enumerated case-by-case never boilerplate indefinite authorisations circumventing purposeful limitation principles.

Article thirty-two mandates appropriate security calibrated to evolving risk landscapes referencing processing involving everyday identifiers rather than large-scale systematic health data categories minimising extremes yet still safeguarding confidentiality integrity availability using layered defences enumerated incident response playbooks rehearsed tabletop exercises annually budget permitting otherwise biennially minimally.

• Access control: unique staff accounts, password complexity rotation policies aligned NIST-inspired heuristics adapted pragmatically SME realities, multi-factor authentication on administrative consoles housing booking registers subject to quarterly access recertification spreadsheets signed leadership.
• Encryption: TLS 1.2 minimum upward preference 1.3 configurations disabled legacy cipher suites, disk encryption on laptops consulting road warriors storing ephemeral offline copies session agendas auto-purged after onsite visits unless contradictory explicit archival requests documented contractually referencing encryption key custody expectations.
• Availability: incremental backups geographically separated logically within contractual processor regions enumerated DPAs appendix tables referencing Recovery Time Objective Service Level Targets proportionate realistically budgets.
• Incident governance: sequential notification trees escalating privacy coordinator onward legal counsel supervisory channels if severity thresholds crossed referencing IMY guidelines summarising factors enumerating high risk likelihood severity intersection matrices internal scoring worksheets harmonised GDPR Article thirty-four press communication expectations emphasising cautious proactive transparency without sensationalism inconsistent brand tone educational calm.
• Vendor assurance: procurement security questionnaires scoring vendors before activation gating high-risk integrations behind pilot phases evaluating log export minimisation commitments.
• Physical security: locked cabinets housing occasional paper attendance slips destroyed weekly cross-cut shredders logged briefly referencing personnel IDs stored separately access-controlled HR systems distinct from client CRM environments minimising breach blast radii philosophically.

Under Articles 12 to 14 GDPR, you must receive clear information about the controller, the purposes and lawful bases of processing, the categories of data concerned, any recipients, retention, your rights, and further details where personal data are not obtained from you. This policy, together with shorter notices at the point of collection (for example in booking messages), is intended to meet those transparency duties. If anything is unclear, contact service@beautrinsing.world and we will respond without undue delay.

Article 15 — Right of access

You may ask whether we process your personal data and, if so, obtain a copy together with certain related information (purposes, categories, recipients, envisaged retention, and so on). We usually provide extracts electronically unless you reasonably need another format. A reasonable fee may be charged only if requests are manifestly unfounded or excessive; otherwise access is free of charge.

Article 16 — Right to rectification

You may require inaccurate personal data to be corrected and incomplete data to be completed, taking into account the purposes of processing. Where we maintain booking or invoicing records, promptly updating changed contact details helps avoid missed appointments and reconciliation issues.

Article 17 — Right to erasure ("right to be forgotten")

You may request deletion where one of the grounds in Article 17(1) applies — for example the data are no longer needed for their original purpose, you withdraw consent and there is no other lawful basis, or you successfully object under Article 21(1). Erasure cannot always be granted: Article 17(3) recognises exceptions including compliance with legal obligations (such as bookkeeping requirements) and the establishment or defence of legal claims. Where we deny erasure, we explain which exception applies.

Article 18 — Right to restriction of processing

You may obtain restriction while the accuracy of data is contested, while processing is unlawful and you prefer restriction to erasure, when we no longer need the data but you need them for legal claims, or when you object under Article 21(1) pending verification whether our legitimate grounds prevail. Where processing is restricted, data may — apart from storage — only be processed with your consent, for legal claims, for protecting another person's rights, or for substantial public-interest reasons recognised in EU or Swedish law.

Article 19 — Obligation to notify recipients

If we rectify, erase or restrict processing under Articles 16, 17 or 18, we inform each recipient to whom data were disclosed unless this proves impossible or involves disproportionate effort. You may ask who those recipients are.

Article 20 — Right to data portability

Where processing is based on consent or contract and is carried out by automated means, you may receive your personal data in a structured, commonly used and machine-readable format and transmit them to another controller where technically feasible. Portability relates to data you provided; it does not require us to disclose internal scoring models or unstructured consultant notes unless those constitute personal data provided by you. Session summaries largely consist of factual booking and voluntarily supplied preferences and can often be reproduced in portable formats on request.

Article 21 — Right to object

You may object, on grounds relating to your situation, at any time to processing necessary for tasks carried out in our legitimate interests (Article 6(1)(f)), including profiling based on those interests. Direct marketing carried out under legitimate interests must stop when objected to. When you object on other grounds we must cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms or need the data for legal claims.

Article 22 — Automated individual decision-making, including profiling

You have the right not to be subject solely to automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain narrow exceptions apply. Our nutrition consultations rely on dialogue with consultants; we do not use solely automated decisions to decide whether someone may book a service or to classify clients in legally significant ways. Simple tools (for example email routing or calendars) assist staff but do not replace human judgement for outcomes described in Article 22. See also the profiling section later in this policy.

Article 77 — Right to lodge a complaint

Without prejudice to any other remedy, if you believe our processing infringes the GDPR you may lodge a complaint with a supervisory authority, in particular in your habitual residence or place of work. Our lead supervisory interaction for Swedish-established processing is ordinarily the Swedish Authority for Privacy Protection (IMY).