top of page

PRIVACY POLICY

At KUMO Studio, we value your privacy and are committed to protecting your personal data. Any information collected via kumo-studio.com is handled in compliance with the updated data protection laws (1998/2018) and relevant European regulations.

We collect and store personal data only when you contact us directly, such as via email or our contact form. This information is used solely to respond to your inquiries or with your explicit consent.

 

This Privacy Policy applies solely to your use of kumo-studio.com. The website may contain links to other websites. Please note that KUMO Studio has no control over how your data is collected, stored, or used by other websites. We advise you to review the Privacy Policies of such websites before providing any personal data.

If you have any questions about how we handle your personal data, or if you wish to access, update, or delete your information, please contact us at hello@kumo-studio.com.

By using kumo-studio.com, you agree to the terms outlined in this Privacy Policy.

What is personal data, and what constitutes the processing of personal data?
Personal data is any information that can directly or indirectly identify a living individual.
Photos and audio recordings of individuals, processed digitally, can also be considered personal data, even if no names are mentioned.
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679 - the 'GDPR') as:

"Any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier."

In simpler terms, personal data includes anything that enables you to be identified. This covers obvious details such as your name and contact information, as well as less apparent data like identification numbers, electronic location data, and other online identifiers. Encrypted data and digital identities, such as IP addresses, also count as personal data if they can be linked to an individual.

The processing of personal data refers to any action taken with personal data. Every operation involving personal data, whether automated or not, constitutes processing. Common examples include collection, registration, organisation, structuring, storage, processing, transfer, and deletion.

 


Who is responsible for the personal data we collect?
KUMO Studio
Data Protection Officer: Fredrik Kullberg (073 578 54 07, hello@kumo-studio.com)
 

What does it mean that the Swedish Authority for Privacy Protection (IMY) is the supervisory authority?
It means that IMY oversees compliance with GDPR in Sweden. They monitor the application of data protection laws and ensure that organisations processing personal data adhere to the regulations. As a supervisory authority, IMY has the power to issue warnings, reprimands, and require organisations to take corrective action if their data processing does not comply with the law.

If you believe your personal data has been handled improperly, you have the right to file a complaint with IMY at www.imy.se.

 

How can you contact us regarding data protection?
You have the right to contact us to obtain information about the personal data we process about you. You may also request rectification, transfer, or deletion of your data. We are obligated to process only accurate, relevant, and necessary personal data. You have the right to verify this.

Simply ask, and we will provide you with the details. Please contact us at hello@kumo-studio.com. We will respond to your request within two weeks.
 

What rights do you have as a data subject?

1. Right to information/access (known as subject access request)
We are transparent about how we process your personal data and the purposes for processing. If you wish to know more about the personal data we hold about you, you may request access to this data. This information will be provided in a report detailing the purpose, categories of personal data, recipients, retention periods, data sources, and any automated decision-making.

 

2. Right to rectification
You can request correction of incorrect data or completion of incomplete personal data within the scope of the stated purpose.

 

3. Right to erasure (“right to be forgotten”)
You can request the deletion of personal data if:

  • The data is no longer necessary for the purposes for which it was collected.

  • Processing is based on consent, and you withdraw your consent.

  • You object to processing based on legitimate interest, and your reasons outweigh ours.

  • You object to processing for direct marketing purposes.

  • The personal data is processed unlawfully.

  • Deletion is required to comply with legal obligations.

  • The data pertains to a child (under 13 years old) collected via information society services.

 

Please note that we may deny your request if legal obligations prevent immediate deletion (e.g., accounting, taxation, or consumer rights laws). If deletion is not possible, we will block the data from further use.

 

4. Right to restrict processing
You may request restriction of processing if:

  • You contest the accuracy of the data while we verify it.

  • Processing is no longer necessary for its original purpose, but you require it for legal claims.

  • You object to processing based on legitimate interest while we assess your objection.

 

5. Right to data portability

If processing is based on consent or a contract, you can request that your data be transferred to another data controller, provided it is technically feasible.

 

6. Right to object
You may object to processing based on legitimate interests, opt out of direct marketing, and object to all processing based on balancing of interests.

 


How do we handle personal identification numbers?
We process personal identification numbers only when justified by the purpose (e.g., invoicing) or necessary for secure identification (e.g., subject access requests). Wherever possible, we minimise the use of personal identification numbers by using alternative identifiers.
 

What are cookies, and how are they used?
Cookies are small text files sent from our web server and stored on your browser or device.
es.​ 

 

These are the essential cookies that are used on kumo-studio.com:

XSRF-TOKEN - a cookie for fraud detection of calls (during session)

hs - a security cookie for hive (legacy) (during session)

svSession - a session cookie for identification (duration: 6 months)

SSR-caching - a performance cookie for rendering (duration: 24 hours)

TS*  - cookies for attack detection (during session)

bSession - used for system effectiveness measurement (duration: 24 hours)

fedops.logger.sessionId - tracking session errors and issues (resilience) (duration: 12 months)

_wixAB3* - a cookie for site experiments (duration: 6 months)

server-session-bind - a cookie for API protection (during session)

client-session-bind - a cookie for API protection (during session)

Can you control cookies?
Yes. Adjust your browser or device settings to block all cookies, accept only first-party cookies, or delete cookies upon closing the browser. Visit www.pts.se for more information on cookies.

 


Cookies and social-media tools
If you share kumo-studio.com content with others through social networks – such as Instagram, Pinterest and X – you may be sent cookies from these websites. kumo-studio.com doesn’t control the settings of these cookies and is not responsible for how these cookies work.

 

 

How and where do we store or transfer your personal data?

We will only store or transfer your personal data in Sweden. This means that it will be fully protected under the GDPR. We will only store or transfer your personal data in Germany. This means that it will be fully protected under the GDPR. Alternatively, we will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means your personal data will be fully protected under the GDPR or to equivalent standards by law.


From what sources do we collect your personal data?
In addition to the information you provide directly to us, we may also collect personal data from third parties. The data we collect from third parties includes:

1. Address details from public records to ensure we have your correct address.

2. Creditworthiness information from credit rating agencies, banks, or credit reporting companies.

We never collect personal data from social media.

Who might we share your personal data with?
We will not share your personal data with any third parties for any purposes, except under one important exception. In limited circumstances, we may be legally required to share certain personal data, including yours, if we are involved in legal proceedings, complying with legal obligations, a court order, or instructions from a government authority.

In cases where it is necessary for us to provide our services, we share your personal data with companies acting as data processors on our behalf. A data processor is a company that processes information on our behalf and in accordance with our instructions.

We use data processors for:

  1. Transportation (logistics companies and freight forwarders).

  2. Payment solutions (card acquirers, banks, and other payment service providers).

  3. IT services (companies handling necessary operations, technical support, and maintenance of our IT solutions).

  4. Digital services (companies providing communication, evaluation, and booking collection services).

  5. Partners (companies connected to KOMM’s operations, such as competition sponsors and training providers).

 

When we share your personal data with data processors, it is only for purposes consistent with those for which we collected the information (e.g., fulfilling commitments under membership terms or other agreements). We ensure that all data processors provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all data processors, ensuring they guarantee the security of the personal data processed and comply with our security requirements, restrictions, and international data transfer policies.

We also share your personal data with certain companies that act as independent data controllers. An independent data controller determines how the information it receives will be processed.

Independent data controllers we share your personal data with include:

  1. Government authorities (e.g., police, tax authorities) if required by law or in cases of suspected crimes.

  2. Companies providing general goods transportation (logistics companies and freight forwarders).

  3. Companies offering payment solutions such (regarding invoicing, card acquirers, banks, and other payment service providers).

 

When your personal data is shared with a company acting as an independent data controller, their privacy policy and data handling practices apply.

What personal data do we collect about you as a buyer of KUMO Studio's services, and why?

Purpose: To manage orders/purchases and invoicing.

Processing Activities:

  • Delivery/execution (including notifications and related communication)

  • Payment processing

  • Handling complaints and warranty cases

Categories of Personal Data:

  • Name

  • Contact details (address, email, and phone number)

  • Personal identification number (for invoicing)

  • Purchase information (e.g., service ordered)

  • Correspondence

Legal Basis: Performance of a contract. This collection of your personal data is necessary for us to fulfill our contractual obligations. If the data is not provided, we will not be able to fulfill our obligations, and we may have to deny your purchase.

Retention Period: Until the purchase is completed (including delivery and payment), and for a period of 36 months thereafter to manage any complaints or warranty cases.

What personal data do we collect about you as an employee/owner of a potential partner, and why?

Purpose: To contact potential partners (e.g., real estate agents).

Processing Activities:

  • Contacting for collaboration inquiries

Categories of Personal Data:

  • Name

  • Contact details (e.g., address, email, and phone number)

  • Employment details

  • Correspondence

Legal Basis: Legitimate interest. The processing is necessary to fulfill our and your legitimate interest in KUMO Studio’s activities and relevant collaboration-related information.

Retention Period: From the time of collection until 12 months thereafter.

bottom of page