Back to Home
GIOF (logo)

Privacy policy

This page explains how I handle personal data on giof.se. For information about how I work with personal data on behalf of clients, see How GIOF handles privacy.

Controller: Gotland Internet & Finsnickeri (GIOF), reg. no. 800517-6790, Haltarvevägen 14, 624 62 Fårösund, Sweden.

What I collect, and why

When you use the contact form

I collect your name, email address, and the content of your message. I use this to reply and, if relevant, to follow up on a potential project.

Legal basis: legitimate interest in responding to inquiries.

When you email or call directly

The same applies — I have your details because you sent them, and I use them only to respond.

Legal basis: legitimate interest.

When you book a video meeting

Bookings are handled by Cal.com, which collects your name, email, and meeting time. Their privacy policy applies to that data. I receive the booking details to be there at the agreed time.

Legal basis: legitimate interest, and Cal.com's terms.

When you become a client

For active engagements, I keep the contact and project information needed to deliver the work, send invoices, and meet legal requirements (Swedish accounting law requires invoice records for seven years).

Legal basis: contract and legal obligation.

Analytics and cookies

This site uses Umami, a privacy-friendly analytics tool. Umami does not use cookies, does not track individuals, and does not collect personal data. I use it to see roughly how the site is used — not to identify visitors.

The site does not use advertising trackers, social media pixels, or third-party analytics like Google Analytics.

Hosting and infrastructure

The site is hosted by Vercel. Vercel processes technical request data (IP addresses, request metadata) as part of standard hosting and security. Hosting is in the EU.

DNS and CDN are provided by Cloudflare, which sees traffic metadata as part of its function.

Sharing data

I do not sell or share your data for marketing purposes. The only third parties involved are the infrastructure providers above, and Cal.com if you book a meeting through it.

How long I keep things

  • Contact form messages and email exchanges: as long as relevant, then deleted. Old conversations get cleaned out periodically.
  • Active client data: for the duration of the engagement.
  • Invoices and accounting records: seven years, as required by Swedish law.
  • Analytics data in Umami: anonymised aggregate data, kept for general trend analysis.

Your rights

You have the right to:

  • Know what data I have about you
  • Have it corrected if it's wrong
  • Have it deleted (subject to legal retention requirements)
  • Object to processing based on legitimate interest
  • Receive your data in a machine-readable format
  • Complain to a supervisory authority — in Sweden, that's IMY, or the equivalent authority in your country

To exercise any of these, just email me.

Changes

If this policy changes meaningfully, I'll update it here and note the date below.

Contact: hello@giof.se

Last updated: 27 April 2026

Privacy policy