Privacy Policy
At Korkorttest4u.se, we respect your privacy. This Privacy Policy explains what personal data we collect when you use our website (https://www.korkorttest4u.se), why we collect it, how long we keep it, who we share it with, and what rights you have under the General Data Protection Regulation (GDPR) and applicable Swedish law.
1. Data Controller
Name: Tittu Thomas (trading as Korkorttest4u)
Email: support@korkorttest4u.se
Website: https://www.korkorttest4u.se
Country: Sweden
If you have any questions about how we handle your data, please contact us at the email address above.
2. Data We Collect and Why
2.1 Account Data (when you register)
- Name and email address — to create and identify your account.
- Password (hashed) — we never store your plain-text password.
- Account creation date — for internal record-keeping and security.
Legal basis: Article 6(1)(b) GDPR — processing is necessary to perform the contract (your account).
2.2 Usage & Log Data
- Pages visited, referring/exit pages, date and time of visits, browser type, device type, and IP address (anonymised where possible).
Legal basis: Article 6(1)(f) GDPR — our legitimate interest in maintaining site security and understanding aggregate usage. We anonymise or aggregate this data before analysis where possible.
2.3 Contact / Enquiry Data
- Name, email address, and message content when you submit a contact form or email us.
Legal basis: Article 6(1)(b) GDPR (responding to your request) or Article 6(1)(f) GDPR (our legitimate interest in handling support queries).
2.4 Cookies and Tracking Technologies
See Section 4 (Cookies) for full details. Advertising and analytics cookies are only set after you give explicit consent via our cookie banner.
Legal basis: Article 6(1)(a) GDPR — your consent, collected via the cookie consent banner.
3. How Long We Keep Your Data
- Account data: kept for as long as your account is active, plus up to 30 days after you request deletion (to allow recovery from accidental deletion). Accounts inactive for 3 years without login may be purged after notice.
- Contact / support messages: kept for up to 2 years to allow follow-up.
- Server log data: kept for up to 90 days for security and diagnostic purposes, then deleted.
- Advertising and analytics data retained by third parties per their own policies (see Section 5).
4. Cookies & Similar Technologies
We use cookies in the following categories. You can withdraw consent for non-essential cookies at any time using the Cookie Settings link.
| Category | Cookie / Provider | Purpose | Duration | Consent needed? |
|---|---|---|---|---|
| Strictly necessary | PHP session (PHPSESSID) |
Keeps you logged in and secures forms (CSRF) | Session (deleted when browser closes) | No — essential for site to work |
| Strictly necessary | cookie_consent (1st party) |
Remembers your cookie preferences | 1 year | No — needed to honour your choices |
| Functional | remember_email (1st party) |
Pre-fills your email on the login page when "Remember me" is checked | 30 days | No — set only if you check "Remember me" |
| Analytics | Google Analytics / Google Tag Manager | Aggregated statistics on how visitors use the site (pages, sessions, bounce rate) | Up to 2 years | Yes — only after consent |
| Advertising | Google AdSense (__gads, IDE, others) |
Display relevant ads; measure ad performance | Up to 13 months | Yes — only after consent |
| Security (3rd party) | Google reCAPTCHA | Bot/fraud prevention on sign-up and login forms | 6 months | No — strictly necessary for form security; see note below |
reCAPTCHA note: Google reCAPTCHA collects hardware and software information and sends it to Google for analysis. Use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service. We use it solely to prevent automated abuse.
5. Third-Party Service Providers & Data Transfers
We share data with the following third parties. Some are located outside the EEA; where data is transferred to the USA or other third countries, Google relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the appropriate safeguard.
| Provider | Purpose | Data shared | Country | Privacy policy |
|---|---|---|---|---|
| Google AdSense / Google LLC | Display advertising | IP address, cookie identifiers, browsing behaviour (after consent) | USA (SCCs) | Link |
| Google Analytics / Google LLC | Website analytics | Anonymised/pseudonymised usage data (after consent) | USA (SCCs) | Link |
| Google reCAPTCHA / Google LLC | Bot prevention | Browser & interaction data on sign-up/login pages | USA (SCCs) | Link |
| Strato AG (SMTP relay) | Transactional email (account verification) | Your email address and name when sending system emails | Germany (EEA) | Link |
| Webspace-host.com (hosting) | Web hosting & database | All data stored on the site's database | Check with provider | Link |
We do not sell your personal data to any third party.
6. Advertising (Google AdSense)
We display adverts via Google AdSense. Google may use cookies and web beacons to serve ads based on your prior visits to this and other websites. Personalised advertising is only enabled after you grant consent via our cookie banner.
- Manage your Google ad settings: adssettings.google.com
- Opt out of interest-based advertising: aboutads.info/choices
- EU users: youronlinechoices.eu
7. Your Rights Under GDPR
If you are located in the EEA or UK you have the following rights. To exercise any of them, contact us at support@korkorttest4u.se. We will respond within 30 days. We may need to verify your identity before processing the request.
- Right of access (Art. 15): request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): ask us to correct inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17): ask us to delete your account and associated data. You can also email us to request this at any time.
- Right to restriction of processing (Art. 18): ask us to pause processing of your data in certain circumstances.
- Right to data portability (Art. 20): receive a copy of data you provided to us in a machine-readable format.
- Right to object (Art. 21): object to processing based on our legitimate interests.
- Right to withdraw consent (Art. 7(3)): where processing is based on consent, you can withdraw it at any time (via cookie settings or by emailing us). This does not affect the lawfulness of processing before withdrawal.
- Right to lodge a complaint: you have the right to complain to the Swedish Data Protection Authority:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm
www.imy.se | imy@imy.se
8. Children's Privacy
This site is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, please contact us immediately so we can delete it.
9. Security
We use reasonable technical and organisational measures to protect your data, including HTTPS encryption, hashed password storage, and CSRF protection on all forms. However, no internet transmission or storage method is 100% secure.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and you directly if the risk is high.
10. Third-Party Links
Our site may contain links to external websites. We are not responsible for their privacy practices or content. We encourage you to review their privacy policies before providing any personal data.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced by updating the "Last updated" date at the top of this page. We encourage you to review this page periodically.
12. Contact Us
Tittu Thomas (Korkorttest4u)
Email: support@korkorttest4u.se
Website: https://www.korkorttest4u.se