Privacy Policy

Klassikerkollen, operated by Kotte Consulting AB (Reg. no. 559195-0802) ("we," "us," or "our"), is committed to protecting your personal integrity. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our mobile applications and web services (the "Service").

We process your data in compliance with the General Data Protection Regulation (GDPR) and the developer policies of our third-party integration partners (Garmin and Polar).

1. Data Controller

Kotte Consulting AB is the Data Controller responsible for your personal data.

• Org. Number: 559195-0802
• Address: Sundbybergs Torg 1, 172 67 Sundbyberg
• Contact: support@klassikerkollen.se

2. Data We Collect

To provide the Service, we collect the following categories of data:

• Account Information: When you register, we collect your email address, username, and encrypted password.
• Profile Data: Information regarding your specific goals (e.g., which "Classic" year you are attempting, target times, and previous race history) and race performances (dates and race times).
• Health and Fitness Data (via Integrations): If you choose to connect your Garmin Connect or Polar Flow accounts, we retrieve specific activity data via their APIs. This includes activity files (GPS/FIT), performance metrics (heart rate, speed, distance), and metadata to match activities to your training plan.
• Technical Data: IP address, device information (e.g., mobile device ID), and cookies necessary for the app's functionality.

3. How We Use Your Data

• Service Delivery: To visualize your training progress, populate your dashboard, and track your cumulative time towards "En Svensk Klassiker".
• Performance Analysis: To calculate race time predictions, seeding groups, and "Superklassiker" feasibility based on your historical training volume.
• Logistics & Planning: To provide relevant checklists and weather insights based on your selected races and location data (if provided).
• Community Intelligence: To analyze the training patterns of successful "En Svensk Klassiker" finishers (e.g., "People aiming for a sub-5h Cykelvasan usually train X hours per week"). This aggregated data allows us to generate insights for other users. This data is strictly anonymized.
• Communication: To send important service notifications (e.g., password resets).

4. Legal Basis for Processing

• Performance of Contract: Processing your account credentials and profile data is necessary to provide the Service you requested.
• Consent (Health Data): We only process health and location data from Garmin/Polar based on your explicit consent. You grant this consent by actively linking your third-party account in the Service settings. You may withdraw this consent at any time by disconnecting the service.
• Legitimate Interest: We process technical data (logs/analytics) to ensure the security and stability of the Service.

5. Marketing Communications

We distinguish between transactional emails (necessary for the Service) and marketing emails.

• Transactional: We may send you emails regarding your account status, sync alerts, or legal notices. You cannot opt-out of these as they are required for the Service.
• Marketing: We will only send you newsletters or race tips if you have opted in (Consent) or if you are an existing customer (Legitimate Interest). You can unsubscribe from these at any time via the link in the email or by contacting support.

6. Data Sharing and Third Parties

We do not sell your personal data. We only share data with trusted sub-processors necessary to operate the Service:

• Garmin & Polar: We exchange data with these platforms via API solely to fetch your activities. We do not write data back to their platforms without your permission.
• Cloud Hosting: Our backend infrastructure (Google Cloud) stores data securely within the EU/EEA.
• Email Service: We use SendGrid to deliver transactional emails and MailChimp for newsletters and marketing e-mails.

7. Data Retention and Deletion

We retain your data only as long as you have an active account.

• Account Deletion: You may delete your account at any time via the app settings or by sending an e-mail with your e-mail adress used to login to your account to support@klassikerkollen.se. Upon deletion, all your personal data and synced activity history will be permanently removed from our production database immediately and from backups within 30 days.
• Revoking Third-Party Access: If you disconnect Garmin or Polar, we immediately stop collecting new data. Previously synced data remains in your account until you delete it or your account.

8. International Transfers

Our primary storage locations are within the EU/EEA. If we use a sub-processor located outside the EU/EEA (a "Third Country"), we ensure adequate protection via standard contractual clauses (SCCs) or adequacy decisions adopted by the EU Commission.

9. Your Rights

Under the GDPR, you have the right to access, correct, or request deletion of your personal data. You also have the right to restrict processing and request data portability.

To exercise these rights, please contact us at support@klassikerkollen.se.

10. Cookies

We use essential cookies to maintain your login session and functional cookies to remember your preferences. We may use anonymous analytics cookies to understand visitor traffic. You can control cookie settings via your browser.

11. Changes to this Policy

We may update this policy to reflect changes in our Service or legal requirements. If we make significant changes, we will notify you via email or a prominent notice within the app.

Contact

If you have any questions about this Privacy Policy, please contact us at: support@klassikerkollen.se.