Last updated: [28/03/2025]

This Privacy Policy describes how ENFRO SUN CLUB AB (“we”, “our”, “us”) collects, uses, discloses, and protects your personal data when you use our mobile application Tanlux, available on the App Store and Google Play.

We are committed to protecting your privacy and handling your data in compliance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and applicable Swedish data protection laws.

1. Data Controller

The data controller for your personal data is:

ENFRO SUN CLUB AB
Organization Number: 5591228720
Address: Enfro Sun Club Östra Ringgatan 9M 44131 Alingsås.
Email: markus.front@enfro.se

2. Personal Data We Collect

We collect and process the following categories of personal data:

a) Data Provided by You via BankID Sign-In

  • Full Name
  • Personnummer (Personal Identity Number)
  • Mobile Number

b) Automatically Collected Data

  • Device information (model, OS, IP address)
  • Session logs and timestamps
  • Location data (with your consent)
  • Bluetooth/Nearby Device interactions within studios

c) Payment & Transaction Data

  • Swish transaction details (excluding sensitive payment credentials)
  • In-app wallet activity and balance
  • Purchase history (tanning sessions and vending machines)

d) Location Data

  • Real-time geographic location (only if you grant permission)

e) Third-Party Services Data

  • Google Maps API may collect limited, anonymized location and device interaction data per their Privacy Policy.

3. Purpose and Legal Basis for Processing

PurposeLegal Basis
Authentication via BankIDLegitimate Interest / Contract
Providing tanning and vending servicesPerformance of Contract
Payment processing via SwishLocation-based services Consent
Wallet usage and top-upsPerformance of Contract
Equipment control via BluetoothLegitimate Interest / Contract
Compliance with Swedish laws (e.g. taxes,audits)Legitimate Interest
Customer support and refundsLegal Obligation
Marketing (if opted in)Performance of Contract / Legitimate Interest

4. Data Sharing and Disclosure

We do not sell your personal data. However, your data may be shared with:

  •  Authorized service providers (e.g., BankID, Swish, Google Maps API)
  • Technical support partners for debugging and service maintenance
  •  Accounting and legal firms for compliance purposes
  • Authorities if required by law

All data processors are under strict contractual obligations and GDPR compliance standards.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined above:

  • Transaction and wallet data: Up to 10 years, as required by Swedish accounting laws
  • Location and device data: Deleted or anonymized after 90 days, unless required for incident logs or analytics
  • Support communication: Retained for a maximum of 2 years from the date of your last interaction
  • Consent-based marketing data: Until you withdraw your consent

6. Data Transfers Outside the EU

As a rule, we store and process your data within the EU/EEA. If any third-party service providers are located outside the EEA (e.g., Google), we ensure they comply with GDPR by using:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Supplemental safeguards where required

7. Your Rights Under GDPR

You have the following rights under GDPR:

  • Right of Access – Know what data we hold about you
  • Right to Rectification – Correct inaccurate or incomplete data
  • Right to Erasure – Request deletion of your personal data
  • Right to Restrict Processing – Temporarily halt data processing
  • Right to Object – Object to specific data uses (e.g., marketing)
  • Right to Data Portability – Receive your data in a structured format
  • Right to Withdraw Consent – At any time, without affecting lawfulness of prior processing
  • Right to Lodge a Complaint – With the Swedish Authority for Privacy Protection (IMY)

To exercise your rights, contact us at: markus.front@enfro.se

We aim to respond to all requests within 30 days.

8. Data Security

We implement appropriate technical and organizational security measures including:

  • Encrypted connections (TLS/SSL)
  • Secure authentication via BankID
  • Data minimization and role-based access
  • Regular audits and monitoring

9. Use of Google Maps and Bluetooth Services

  • The app uses Google Maps API to provide studio locations and navigation. Google may process anonymized location/device info as outlined in their Privacy Policy.
  • Bluetooth/Nearby Devices are used only to detect and control compatible devices (e.g., tanning beds) inside our studios. No external tracking or device control is performed outside the studio context.

10. Cookies and Analytics

Tanlux does not use third-party advertising or behavioral tracking cookies. Any analytics collected are anonymized and used solely for:

  • Performance improvements
  • Bug detection
  • Session heatmaps (only if explicitly opted in)

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the “Last updated” date
  • Notify you via in-app message or email (if applicable)

12. Contact Information

For any privacy-related inquiries or GDPR requests, contact:

ENFRO SUN CLUB AB
Organization Number: 5591228720
Address: Enfro Sun Club Östra Ringgatan 9M 44131 Alingsås.
Email: markus.front@enfro.se

 

Rulla till toppen