Privacy Policy

Burner Studio AB | October 2025

At Burner Studio, your privacy matters. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

1. Who We Are

Burner Studio AB (“Burner Studio,” “we,” “us,” or “our”) is the Data Controller responsible for your personal data when you interact with us through our studio, website, or digital platforms.

Contact:
hello@burnerstudio.com | Jarlaplan 2, 113 57 Stockholm, Sweden

You can contact us at any time with questions about your personal data or this policy.

2. What Data We Collect

We collect only the data necessary to provide our services, operate the studio, and communicate with you.

Data you provide:
We collect your name, email address, and phone number when you book classes, subscribe to updates, or contact us. We also process booking and membership information (such as class reservations and attendance) to manage your training with us. Payment information is handled securely by our booking system provider; Burner Studio never stores card details. If you share preferences or feedback through messages or surveys, we process that to improve your experience.

Automatically collected data:
When you visit our website, certain technical data (such as your IP address, browser type, and device information) may be collected for security and analytics. We use Google Analytics to understand general usage trends and improve site performance. Cookies are used to make the website function properly — more on this in section 8.

What we don’t collect:
We do not collect or store any health or medical information. Instructors may sometimes ask about injuries or conditions verbally to ensure safety during class, but this information is never written down or saved in any system.

3. Legal Basis for Processing

We only process personal data when there is a valid legal reason under GDPR. Most of the data we process is necessary to perform our contract with you — for example, when managing bookings, memberships, and payments. Some data, such as website analytics, is processed based on our legitimate interest in improving our services and ensuring security. When you sign up for newsletters or marketing communications, we rely on your explicit consent, which you can withdraw at any time. We also process certain data to comply with legal obligations, such as tax and accounting requirements.

4. How We Use Your Data

We use your data to:

  • Manage bookings, memberships, and schedules.

  • Process payments securely.

  • Send service-related information (e.g., booking confirmations).

  • Improve our website and member experience.

  • Fulfil legal and tax obligations.

We do not sell, rent, or share your personal data with any external partner or brand for marketing purposes.

5. How We Share and Store Your Data

We only share data with trusted service providers who help us deliver our services. These providers act as Data Processors under GDPR and may only process data on our behalf and according to our instructions.

Main processors:

  • Mana (GetMana.app): for class bookings and payments.

  • Squarespace: for website hosting and newsletters.

  • Google Workspace: for secure business communication and document storage.

All providers are required to comply with GDPR and have Data Processing Agreements (DPAs) in place.

International Transfers

Some data may be processed or stored by providers located outside the EU/EEA (e.g. Google). In these cases, transfers are protected using Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

We only keep your personal data for as long as it is needed for the purpose it was collected.
Booking and membership data are normally deleted after two years of inactivity.
Payment and accounting information are retained for seven years as required by Swedish law.
Newsletter subscription data are kept until you unsubscribe.
Website analytics data follow Google’s standard retention settings.
We regularly review and delete outdated or unnecessary information.

7. Your Rights

You have the right to:

  • Access your personal data.

  • Correct inaccurate or incomplete information.

  • Request deletion (“right to be forgotten”).

  • Restrict processing in certain situations.

  • Object to processing based on legitimate interest.

  • Withdraw consent at any time (e.g. unsubscribe from emails).

  • Request portability of your data in a structured, machine-readable format.

To exercise your rights, contact us at hello@burnerstudio.com.
We will respond within 30 days.

8. Cookies and Analytics

Our website uses cookies to function properly and improve performance.

  • Essential cookies ensure core site functionality (e.g., login, booking).

  • Analytics cookies (Google Analytics) help us understand how visitors use our site.

You can manage or disable cookies through your browser settings. We do not use cookies for behavioral advertising or share analytics data with third parties for marketing.

9. Data Security

We apply technical and organisational measures to protect your data, including:

  • Encrypted data transmission and secure connections (HTTPS).

  • Access controls and password protection for staff accounts.

  • Limited access on a need-to-know basis.

  • Regular reviews of third-party security practices.

10. Data Breach Procedure

If a data breach occurs that may affect your rights or freedoms, Burner Studio will:

  • Notify the Swedish Data Protection Authority (IMY) within 72 hours where required.

  • Inform affected individuals if necessary.

  • Document the incident and corrective actions.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any major changes will be communicated clearly on our website or via email.

Thank you for trusting Burner Studio.

If you have any questions about this policy or your personal data, please contact us at hello@burnerstudio.com.