Privacy Policy

1. Introduction

RnC Take One ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

This policy applies to all visitors and users of our website and services.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

3.1 Information You Provide to Us

When you submit forms on our website, we collect the following personal data:

• Guest List Form: Full name, email address, phone number, number of guests, and any additional messages you provide
• Partnership Inquiry Form: Name, email address, phone number, company/organization name (optional), and your inquiry message
• Consent Records: Your consent preferences and timestamps for receiving marketing communications

3.2 Information Collected Automatically

When you visit our website, certain information is collected automatically:

• Technical Data: IP address, browser type, operating system, referring URLs
• Usage Data: Pages visited, time spent on pages, interaction with website features
• Cookie Data: Information stored in cookies (see our Cookie Policy for details)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a) GDPR): When you explicitly consent to receive marketing communications and event updates
• Legitimate Interests (Article 6(1)(f) GDPR): For responding to partnership inquiries and managing event logistics
• Contract Performance (Article 6(1)(b) GDPR): When processing is necessary to fulfill our obligations related to event attendance or partnerships

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• Managing guest lists and event attendance
• Sending event updates, announcements, and related communications (with your consent)
• Responding to partnership inquiries and business proposals
• Improving our website and services
• Complying with legal obligations
• Maintaining security and preventing fraud

6. Third-Party Services and Data Sharing

We use the following third-party services that may process your data:

We do not sell your personal data to third parties. Data is only shared with service providers necessary for our operations, and we ensure appropriate data processing agreements are in place.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Guest List Data: Retained until 30 days after the event completion, unless you request earlier deletion
• Partnership Inquiries: Retained for 12 months after the last contact, or as long as a business relationship exists
• Marketing Consent: Retained until you withdraw consent or we cease marketing activities
• Legal Compliance: Some data may be retained longer if required by law

After the retention period, your personal data will be securely deleted or anonymized.

8. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): You can request a copy of the personal data we hold about you
• Right to Rectification (Article 16): You can request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): You can request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Article 18): You can request restriction of processing in certain circumstances
• Right to Data Portability (Article 20): You can receive your data in a structured, machine-readable format
• Right to Object (Article 21): You can object to processing based on legitimate interests
• Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at: [email protected]

We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY): www.imy.se

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit using HTTPS/TLS
• Secure storage with access controls
• Regular security assessments
• Data processing agreements with third-party providers
• Limited access to personal data on a need-to-know basis

10. International Data Transfers

Some of our service providers (Google, Instagram, Spotify) may be located outside the European Economic Area (EEA). When we transfer data internationally, we ensure adequate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Privacy Shield frameworks (where applicable)

11. Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: