top of page

PRIVACY POLICY

At RE:FLOW Studio Norr AB (corporate ID 559517–9648) – referred to as “re:flow”, “we”, “our” or “us” – we care deeply about your privacy and are committed to being transparent about how we handle your personal data.

This notice is here to inform you about how your information is processed when you interact with us – whether you visit our website, book a class, contact us, or engage with us on social media.

You can find detailed information in our Privacy Policy below, covering how we process your data in different situations.

  1. Controller
    re:flow studio
    Boulevarden 79,
    183 41 Täby, Sweden
    Email: hello@reflowstudio.se
    Instagram: @reflow.studio
     

  2. General Information on Data Processing
    We process your personal data only to the extent necessary to provide a functional website, our content, and services.
    Processing is generally based on:
    - your consent (Art. 6(1)(a) GDPR),
    - our legitimate interests (Art. 6(1)(f) GDPR), or
    - to fulfill a contract or legal obligation (Art. 6(1)(b, c) GDPR).
    We do not sell your personal data.
     

  3. Collection of Data When Visiting Our Website
    When you visit our website purely for informational purposes, we collect the following data, which is technically
    necessary to display the website and ensure security and stability:

    - IP address
    - Date and time of access
    - Time zone difference to GMT
    - Specific page(s) requested
    - HTTP status code
    - Amount of data transferred
    - Referring website (if any)
    - Browser type and version
    - Operating system and interface
    - Language and version of browser

    Legal basis: Art. 6(1)(f) GDPR. Data is stored for up to 7 days in server log files and deleted automatically. It is not merged with other data sources.
     

  4. Cookies
    We only use technically necessary cookies to ensure the basic functions of our website (e.g. language settings). These cookies are deleted after your browser session ends.
    Currently used cookies:
    - Language preference (Swedish or English.
    Since no non-essential cookies are used, no consent banner is required. If this changes, we will implement a cookie consent tool.
     

  5.  Contact via Email or Forms
    f you contact us via email or a contact form, we process your data (e.g. name, email address, message content) for the purpose of responding to your inquiry.
    Legal basis:
    - Your consent (Art. 6(1)(a) GDPR) or
    - Our legitimate interest in communication (Art. 6(1)(f) GDPR)
    We will not use this data for marketing unless you explicitly consent. Data is deleted when storage is no longer necessary or legally required.
     

  6. Use of Google Fonts
    Our website uses Google Fonts for uniform and aesthetically pleasing text. This is a service provided by:
    Google Ireland Limited
    Gordon House, Barrow Street, Dublin 4, Ireland
    When you visit a page, your browser may load fonts from Google servers, potentially sharing your IP address.
    Legal basis: Art. 6(1)(f) GDPR.
    More info: https://policies.google.com/privacy
     

  7. Use of Google Maps
    We embed Google Maps to visually display our studio location.
    When the map loads, your browser connects to Google’s servers. Google may collect your IP address and
    location data if your device allows it.
    Legal basis: Art. 6(1)(f) GDPR.
    More info: https://policies.google.com/privacy
     

  8.  Social Media & Embedded Content
    Our website may include links to or embedded content from platforms such as Instagram. These platforms may collect data when you interact with embedded elements, even if you are not logged in.
    We have no control over how third-party platforms process your data.
    Please consult their privacy policies:
    - Instagram: https://privacycenter.instagram.com
     

  9. Use of Mindbody for Class Booking and Client Management
    We use Mindbody, a third-party service provided by Mindbody Inc., to manage class schedules, bookings, payments, and client profiles. When you book a class, create an account, or make a purchase through our booking system, your data is processed through Mindbody’s platform.
    The types of personal data processed may include:
    - Name
    - Contact information (email address, phone number)
    - Payment details
    - Booking history
    - Health-related information you voluntarily provide (e.g. injuries, preferences)
    Purpose of processing:
    To fulfill our services (e.g. booking, class attendance, communication, payment processing), manage your account, and provide customer support.

    Legal basis:
    - Art. 6(1)(b) GDPR (performance of contract)
    - Art. 6(1)(f) GDPR (our legitimate interest in operating an efficient studio management system)
    Mindbody acts as a data processor on our behalf. We have a Data Processing Agreement (DPA) in place to
    ensure your data is handled securely and in accordance with the GDPR.
    Mindbody Inc. may process your data outside the EU/EEA (e.g., in the United States). In such cases, appropriate
    safeguards (e.g. Standard Contractual Clauses) are in place to ensure an adequate level of data protection.
    You can learn more about Mindbody’s privacy practices here:
    https://www.mindbodyonline.com/legal/privacy-policy
     

  10. Data Processors
    We use trusted service providers such as Mindbody Inc. for booking, payments, and client management. All processors operate under strict data protection agreements (Art. 28 GDPR) to ensure your data is protected.
    Your Rights Under the GDPR

    You have the following rights:
    - Access to your data (Art. 15)
    - Rectification (Art. 16)
    - Erasure ("Right to be Forgotten", Art. 17)
    - Restriction of processing (Art. 18)
    - Data portability (Art. 20)
    - Objection to processing (Art. 21)
    - Withdraw consent at any time (Art. 7(3))
    - Lodge a complaint with a supervisory authority (Art. 77)

    The relevant authority in Sweden is Integritetsskyddsmyndigheten (IMY):
    https://www.imy.se
     

  11. Currency and Changes to This Privacy Policy
    This Privacy Policy is effective as of August 2025.
    We may update it to comply with legal requirements or to reflect changes in our website or services.
    The latest version will always be available on this page.

     

bottom of page