← Back to home

Privacy Policy

Last updated: April 6, 2026

Important: This document is a practical template. It is not legal advice. Have a qualified professional review and adapt it for your company and applicable law (including EU GDPR and Swedish rules).

1. Who we are

This Privacy Policy describes how IXTAbox (“we”, “us”) processes personal data when you use our websites, apps, and rental-related services (the “Service”). Contact: developerixtarent@gmail.com, phone +46-70-2223250, Hudenevägen 34, 524 92 Herrljunga, Sweden.

2. Times and time zones

Booking start and end times, access windows, and related communications are generally presented in Sweden local time using the Europe/Stockholm time zone (CET in winter, CEST in summer). This applies regardless of where you live, so you can align with the time at the rental location.

3. What data we collect

Depending on how you use the Service, we may process categories such as:

  • Account and profile: name, email, phone number, role (e.g. customer, distributor, location owner), and credentials managed via our authentication provider.
  • Booking and payments: rental dates, location/box-related details, payment status, and transaction references. Payment card data is typically handled by our payment processor (e.g. Stripe), not stored by us as full card numbers.
  • Communications: messages you send us (e.g. support), and emails or SMS related to bookings where applicable.
  • Technical data: IP address, device/browser type, approximate location derived from IP, and logs needed for security and troubleshooting.

4. Why we use your data (purposes)

  • To provide the Service: accounts, bookings, payments, access to boxes, and support.
  • To comply with legal obligations (e.g. accounting, tax, lawful requests).
  • For legitimate interests where balanced with your rights: fraud prevention, IT security, analytics to improve the Service, and enforcing our terms.
  • Where required, based on your consent (e.g. certain marketing or non-essential cookies).

5. Cookies and similar technologies

We and our partners may use cookies, local storage, and similar technologies. Strictly necessary cookies/storage are needed for core functions (e.g. keeping you signed in, security). Where we use optional cookies (e.g. analytics or marketing), we rely on your consent where required by law. You can control choices via our cookie banner and your browser settings. Blocking some cookies may limit functionality.

6. Sharing and processors

We use trusted service providers (“processors”) such as hosting, database, authentication, email, maps, and payments. They process data on our instructions and under appropriate agreements. We may disclose information if required by law or to protect rights, safety, and the integrity of the Service.

7. International transfers

If personal data is transferred outside the EU/EEA, we use appropriate safeguards (e.g. Standard Contractual Clauses) where required.

8. Retention

We keep personal data only as long as needed for the purposes above, including legal, accounting, and dispute resolution needs, then delete or anonymise it.

9. Your rights (EEA/UK)

You may have rights to access, rectify, erase, restrict, object, and data portability, and to withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority (in Sweden, IMY). To exercise rights, contact us at the email above.

10. Children

The Service is not directed at children under the age where parental consent is required for data processing in your country. Do not register if you do not meet that age.

11. Changes

We may update this Policy and will post the new version here with an updated “Last updated” date. Material changes may require additional notice where required by law.