Legal Document
Privacy Policy
Last updated: 11 March 2026
Lost Kiwi ("we", "us", "our") is committed to protecting your personal data.
This policy explains how we collect, use, store, and protect information from visitors
and members of our platform at lostkiwi.online, in compliance with the
EU General Data Protection Regulation (GDPR) and Swedish data protection law
(Dataskyddslagen, SFS 2018:218).
1. Data Controller
The data controller responsible for your personal data is:
Lost Kiwi
Operated by Richard Taimalie
Stockholm, Sweden
Email: privacy@lostkiwi.online
For any questions about how your data is processed, contact us at the email above.
2. What Data We Collect
We collect the following categories of personal data:
| Category |
Data Collected |
Source |
| Identity |
Name, username |
You provide this |
| Contact |
Email address, phone number |
You provide this |
| Profile |
City in Sweden, hometown in NZ |
You provide this |
| Technical |
IP address, browser type, device info |
Automatically collected |
| Usage |
Pages visited, features used |
Automatically collected |
| Consent |
Consent status, timestamp, method |
Recorded when you opt in |
We do not collect sensitive personal data such as health information,
political opinions, religious beliefs, or biometric data.
3. Why We Collect It (Legal Basis)
Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following:
| Purpose |
Legal Basis |
GDPR Article |
| Sending marketing emails & newsletters |
Consent β you explicitly opt in |
Art. 6(1)(a) |
| Providing platform services (community, jobs, events) |
Contract β necessary to provide the service |
Art. 6(1)(b) |
| Account management & communications |
Legitimate Interest β maintaining the platform |
Art. 6(1)(f) |
| Security & fraud prevention |
Legitimate Interest β protecting users |
Art. 6(1)(f) |
| Legal compliance (tax, record keeping) |
Legal Obligation |
Art. 6(1)(c) |
4. How We Use Your Data
We use your personal data for:
- Platform operation β creating and managing your account, displaying community
content, job listings, events, and marketplace items.
- Communication β sending service-related emails (account updates, event
confirmations) and, only with your consent, marketing newsletters.
- Community features β enabling interactions between members (posts, comments,
messages).
- Analytics β understanding how the platform is used to improve it (aggregated,
non-identifiable data).
- Security β protecting against unauthorised access and ensuring platform integrity.
5. Marketing Communications
We will only send you marketing emails if you have given explicit consent. This
includes:
- Launch announcements and platform updates
- Weekly or monthly newsletters
- Event promotions and community highlights
- Partner offers and recommendations
Your consent is:
β
Freely given β you choose to opt in
β
Specific β you know what you're signing up for
β
Informed β this policy explains everything
β
Unambiguous β via an active checkbox (not pre-ticked)
β
Withdrawable β you can unsubscribe at any time
Every marketing email includes an unsubscribe link. You can also withdraw consent at any time by
contacting us at privacy@lostkiwi.online.
Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
6. Data Sharing & Third Parties
We do not sell your personal data. We may share data with:
| Recipient |
Purpose |
Safeguards |
| Hosting provider (DreamHost) |
Website hosting & data storage |
US-based, Standard Contractual Clauses |
| Email service provider |
Sending transactional & marketing emails |
GDPR-compliant processor agreement |
| Analytics (if applicable) |
Understanding site usage |
Anonymised/aggregated data only |
| Google AdSense |
Serving and personalizing advertisements |
Google Privacy Policy, Standard Contractual Clauses |
| Google Analytics |
Analyzing website traffic and visitor behavior |
Google Privacy Policy, Standard Contractual Clauses |
All third-party processors are bound by data processing agreements (DPAs) and process data only on our
instructions.
7. Data Storage & Security
Your data is stored on secure servers. We implement the following security measures:
- Encryption β HTTPS/TLS for all data in transit
- Access control β only authorised administrators can access personal data
- Password hashing β passwords are stored using bcrypt (never in plain text)
- Audit logging β all consent-related actions are logged with timestamps
- Regular backups β data is backed up to prevent loss
While we take every reasonable precaution, no system is 100% secure. If a data breach occurs that poses a
risk to your rights, we will notify you and the Swedish Authority for Privacy Protection (IMY) within 72
hours as required by GDPR Article 33.
8. Data Retention
We retain your personal data only as long as necessary:
- Active accounts β data is kept while your account is active
- Waitlist signups β kept until platform launch, then converted to member data or
deleted
- Consent records β retained for the duration of the relationship plus 3 years (for
legal compliance)
- Deleted accounts β personal data is erased within 30 days of account deletion
- Legal obligations β some data may be retained longer if required by Swedish law
9. Cookies & Analytics
We use cookies on our platform to support essential functions, serve advertisements, and analyze traffic:
- Session cookies β essential for keeping you logged in (strictly necessary, no
consent required)
- Preference cookies β remembering your settings (with consent)
- Advertising cookies (Google AdSense) β third-party cookies used by Google to serve ads based on your prior visits to our site or other websites on the Internet (with consent)
- Analytics cookies (Google Analytics) β third-party cookies used to collect data about page usage and performance (with consent)
Google and other third-party vendors use cookies to serve personalized ads and analyze website behavior on this site. You may opt out of personalized advertising by visiting the Google Ads Settings page. To prevent your data from being used by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on.
For full details on every cookie we use, see our Cookie Policy.
10. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights:
π Right of Access (Art. 15)
You can request a copy of all personal data we hold about you. We will provide this within 30 days.
βοΈ Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data.
ποΈ Right to Erasure (Art. 17)
You can request deletion of your personal data ("right to be forgotten"). We will delete all data within
30 days unless a legal obligation requires retention.
βΈοΈ Right to Restrict Processing (Art. 18)
You can request that we limit how we use your data while we address a concern.
π¦ Right to Data Portability (Art. 20)
You can request your data in a structured, machine-readable format (JSON/CSV).
π« Right to Object (Art. 21)
You can object to processing based on legitimate interest. For direct marketing, we will stop
immediately.
π Right to Withdraw Consent (Art. 7(3))
You can withdraw consent at any time. Use the unsubscribe link in any email, or contact us directly.
To exercise any of these rights, email privacy@lostkiwi.online. We will respond within
30 days. There is no fee unless your request is manifestly unfounded or excessive.
If you are not satisfied with our response, you have the right to lodge a complaint with the
Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):
IMY β Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm
Website:
www.imy.se
Phone: +46 8 657 61 00
11. Children's Privacy
Lost Kiwi is not intended for children under 16 years of age. We do not knowingly collect personal
data from children. If we discover that a child under 16 has provided us with personal data, we will
delete it immediately.
12. Changes to This Policy
We may update this privacy policy from time to time. When we make significant changes, we will:
- Post the updated policy on this page
- Update the "Last updated" date at the top
- Notify registered members by email if the changes affect how we process their data