Legal Document

Privacy Policy

Last updated: 11 March 2026

KiwiClub Sweden ("we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, store, and protect information from visitors and members of our platform at lostkiwi.online, in compliance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law (Dataskyddslagen, SFS 2018:218).

Data Controller
What Data We Collect
Why We Collect It (Legal Basis)
How We Use Your Data
Marketing Communications
Data Sharing & Third Parties
Data Storage & Security
Data Retention
Cookies
Your Rights Under GDPR
Children's Privacy
Changes to This Policy
Contact Us

1. Data Controller

The data controller responsible for your personal data is:

                KiwiClub Sweden

                Operated by Richard Taimalie

                Stockholm, Sweden

                Email: privacy@lostkiwi.online

For any questions about how your data is processed, contact us at the email above.

2. What Data We Collect

We collect the following categories of personal data:

Category	Data Collected	Source
Identity	Name, username	You provide this
Contact	Email address, phone number	You provide this
Profile	City in Sweden, hometown in NZ	You provide this
Technical	IP address, browser type, device info	Automatically collected
Usage	Pages visited, features used	Automatically collected
Consent	Consent status, timestamp, method	Recorded when you opt in

We do not collect sensitive personal data such as health information, political opinions, religious beliefs, or biometric data.

3. Why We Collect It (Legal Basis)

Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following:

Purpose	Legal Basis	GDPR Article
Sending marketing emails & newsletters	Consent — you explicitly opt in	Art. 6(1)(a)
Providing platform services (community, jobs, events)	Contract — necessary to provide the service	Art. 6(1)(b)
Account management & communications	Legitimate Interest — maintaining the platform	Art. 6(1)(f)
Security & fraud prevention	Legitimate Interest — protecting users	Art. 6(1)(f)
Legal compliance (tax, record keeping)	Legal Obligation	Art. 6(1)(c)

4. How We Use Your Data

We use your personal data for:

Platform operation — creating and managing your account, displaying community content, job listings, events, and marketplace items.
Communication — sending service-related emails (account updates, event confirmations) and, only with your consent, marketing newsletters.
Community features — enabling interactions between members (posts, comments, messages).
Analytics — understanding how the platform is used to improve it (aggregated, non-identifiable data).
Security — protecting against unauthorised access and ensuring platform integrity.

5. Marketing Communications

We will only send you marketing emails if you have given explicit consent. This includes:

Launch announcements and platform updates
Weekly or monthly newsletters
Event promotions and community highlights
Partner offers and recommendations

                Your consent is:

                ✅ Freely given — you choose to opt in

                ✅ Specific — you know what you're signing up for

                ✅ Informed — this policy explains everything

                ✅ Unambiguous — via an active checkbox (not pre-ticked)

                ✅ Withdrawable — you can unsubscribe at any time

Every marketing email includes an unsubscribe link. You can also withdraw consent at any time by contacting us at privacy@lostkiwi.online.

Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Data Sharing & Third Parties

We do not sell your personal data. We may share data with:

Recipient	Purpose	Safeguards
Hosting provider (DreamHost)	Website hosting & data storage	US-based, Standard Contractual Clauses
Email service provider	Sending transactional & marketing emails	GDPR-compliant processor agreement
Analytics (if applicable)	Understanding site usage	Anonymised/aggregated data only

All third-party processors are bound by data processing agreements (DPAs) and process data only on our instructions.

7. Data Storage & Security

Your data is stored on secure servers. We implement the following security measures:

Encryption — HTTPS/TLS for all data in transit
Access control — only authorised administrators can access personal data
Password hashing — passwords are stored using bcrypt (never in plain text)
Audit logging — all consent-related actions are logged with timestamps
Regular backups — data is backed up to prevent loss

While we take every reasonable precaution, no system is 100% secure. If a data breach occurs that poses a risk to your rights, we will notify you and the Swedish Authority for Privacy Protection (IMY) within 72 hours as required by GDPR Article 33.

8. Data Retention

We retain your personal data only as long as necessary:

Active accounts — data is kept while your account is active
Waitlist signups — kept until platform launch, then converted to member data or deleted
Consent records — retained for the duration of the relationship plus 3 years (for legal compliance)
Deleted accounts — personal data is erased within 30 days of account deletion
Legal obligations — some data may be retained longer if required by Swedish law

9. Cookies

We use minimal cookies:

Session cookies — essential for keeping you logged in (strictly necessary, no consent required)
Preference cookies — remembering your settings (with consent)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies without your explicit consent.

For full details on every cookie we use, see our Cookie Policy.

10. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

                📋 Right of Access (Art. 15)

                You can request a copy of all personal data we hold about you. We will provide this within 30 days.

                ✏️ Right to Rectification (Art. 16)

                You can request correction of inaccurate or incomplete personal data.

                🗑️ Right to Erasure (Art. 17)

                You can request deletion of your personal data ("right to be forgotten"). We will delete all data within
                30 days unless a legal obligation requires retention.
            

                ⏸️ Right to Restrict Processing (Art. 18)

                You can request that we limit how we use your data while we address a concern.

                📦 Right to Data Portability (Art. 20)

                You can request your data in a structured, machine-readable format (JSON/CSV).

                🚫 Right to Object (Art. 21)

                You can object to processing based on legitimate interest. For direct marketing, we will stop
                immediately.
            

                🔒 Right to Withdraw Consent (Art. 7(3))

                You can withdraw consent at any time. Use the unsubscribe link in any email, or contact us directly.

To exercise any of these rights, email privacy@lostkiwi.online. We will respond within 30 days. There is no fee unless your request is manifestly unfounded or excessive.

If you are not satisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):

IMY — Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm
Website: www.imy.se
Phone: +46 8 657 61 00

11. Children's Privacy

KiwiClub Sweden is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we discover that a child under 16 has provided us with personal data, we will delete it immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will:

Post the updated policy on this page
Update the "Last updated" date at the top
Notify registered members by email if the changes affect how we process their data

13. Contact Us

If you have any questions about this privacy policy or how we handle your personal data:

📧 Email: privacy@lostkiwi.online
🌐 Website: lostkiwi.online
📘 Facebook: KiwiClub Sweden Group

Related Documents:
Cookie Policy · Terms of Service