Privacy Policy
Last updated: January 27, 2026
1. Introduction
RinkDrills ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and Swedish data protection law.
We are the data controller for the personal data processed through our Service. For questions about this Privacy Policy or your personal data, please contact us through our website.
2. Legal Basis for Processing
We process your personal data only when we have a valid legal basis under GDPR:
- •Contract performance: To provide and maintain our Service when you create an account
- •Legitimate interests: To improve our Service, prevent fraud, and ensure security
- •Consent: For marketing communications and optional features (which you can withdraw at any time)
- •Legal obligations: To comply with applicable laws and regulations
3. Personal Data We Collect
We collect personal data that you provide directly to us:
- •Account information: Name, email address, password
- •Content: Drill designs, training materials, and other content you create or share
- •Communications: Messages you send through contact forms or support channels
- •Payment information: Billing details for paid subscriptions (processed by secure third-party payment providers)
4. Automatically Collected Information
We automatically collect certain technical data when you use our Service:
- •Usage data: Pages visited, features used, time spent, interaction patterns
- •Technical data: IP address, browser type, device type, operating system
- •Cookies: See Section 9 for detailed information about cookies
5. How We Use Your Personal Data
We use your personal data for the following purposes:
- •Providing, maintaining, and improving our Service
- •Processing payments and managing subscriptions
- •Communicating with you about your account, updates, and support
- •Analyzing usage patterns to improve user experience
- •Detecting and preventing fraud, abuse, and security incidents
- •Sending marketing communications (only with your consent, which you may withdraw at any time)
- •Complying with legal obligations and protecting our legal rights
6. Sharing Your Personal Data
We do not sell your personal data. We may share your data only in the following limited circumstances:
- •Service providers: Carefully selected third parties who process data on our behalf (hosting, payment processing, analytics) under strict contractual obligations
- •Legal requirements: When required by law or to protect our legal rights and the safety of our users
- •Business transfers: In connection with a merger, acquisition, or sale of assets (with notice to you and continued protection of your data)
- •Your consent: With your explicit consent for specific purposes
7. International Data Transfers
Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure adequate protection through:
- •EU Commission adequacy decisions
- •Standard Contractual Clauses (SCCs) approved by the EU Commission
- •Other appropriate safeguards in accordance with GDPR
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
- •Account data: Until you delete your account or after a period of inactivity
- •Financial records: As required by tax and accounting laws (typically 7 years)
- •Marketing data: Until you withdraw consent
- •Technical logs: For a limited period necessary for security and troubleshooting
9. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- •Right of access: Request a copy of your personal data
- •Right to rectification: Correct inaccurate or incomplete data
- •Right to erasure: Request deletion of your personal data ("right to be forgotten")
- •Right to restriction: Limit how we process your data
- •Right to data portability: Receive your data in a structured, machine-readable format
- •Right to object: Object to processing based on legitimate interests or for direct marketing
- •Right to withdraw consent: Withdraw previously given consent at any time
- •Right to lodge a complaint: File a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) or your local supervisory authority
To exercise these rights, please contact us through your account settings or our website. We will respond to your request within one month as required by GDPR.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- •Encryption of data in transit and at rest
- •Regular security assessments and updates
- •Access controls and authentication measures
- •Staff training on data protection and security
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.
12. Children's Privacy
Our Service is not intended for children under 16 years of age (or the minimum age for digital consent in your country). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email or through a prominent notice on our Service at least 30 days before they take effect.
We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top indicates when this policy was last revised.
Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us through our website.
Contact Support