At Klimra, we adhere to the highest standards of data protection in compliance with the General Data Protection Regulation (GDPR). We use third-party service providers, such as Amazon Web Services (AWS), to operate our website and delivers our services. Your data is always handled securely and in accordance with applicable laws. For more details about how AWS handles data, we encourage you to review their privacy policy and terms of use. Additionally, we use your browser's local storage to keep you logged in and manage access tokens. For further details about our data practices, please refer to our complete Privacy Policy.

To automate the reimbursement process, we need access to your email inbox. After you have linked your email to our application, we will save the tokens in a database to later search for tickets in your inbox. In some cases, we will also send out replacement tickets from your email. If you want to disconnect an email address, you can do this by going to My Pages and clicking on the Email tab. If you delete an email address, all tokens will be invalidated and deleted from our database. Deleting your account will also delete and invalidate all email links.

Encryption: All sensitive data transmitted between your browser and our servers is encrypted using industry-standard Secure Sockets Layer (SSL) technology. This ensures that any information sent or received is protected from unauthorized access.

Access controls: Access to sensitive data is restricted to authorized personnel. We use robust access control mechanisms to ensure that only people with a legitimate need to access your data can do so.

Data Anonymization and Pseudonymization: Where possible, we anonymize or pseudonymize data to further protect your privacy. This means that the data is altered in a way that it cannot be traced back to you without additional information.

Data minimization: We only collect the minimum amount of personal data necessary to provide our services. By limiting the data we collect, we reduce the risk of unauthorized access and exposure.

Data Retention and Deletion: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, we ensure that it is securely deleted or anonymized.

We collect and use the following types of personal data to deliver and maintain effective and secure Services, for the purposes set out below:

• (a) Name;
• (b) e-mail address
• (c) telephone number
• (d) IP address
• (e) social security number;

Please note that we cannot provide the Services without processing the above personal data. When you use the Services, certain information will be collected automatically, including information about your use of our service

We will process the information listed above for the following purposes:

• (a) To administer your account, to enable and provide the Services and integration with third party services and to otherwise provide the Services in accordance with the Terms of Use. The processing of personal data for this purpose is based on the necessity to perform our contract with you.
• (b) To send you notifications or messages by email or otherwise, including to provide you with marketing of our and our affiliates' products and services based on our legitimate interest to send you promotional materials about products and services in which you may be interested
• (c) to inform you about updates to the Services or the Terms of Use based on our legitimate interest to keep you updated on the development of the Services, such as new features and the terms under which you agreed to use the Services
• (d) to improve and develop the Services or new services and products and to analyze your use of the Services based on our legitimate interest in providing you with updated services based on your use of the Services, and to develop new products and services that meet your preferences and your consent to our use of cookies
• (e) to ensure the technical functioning of the Services and to prevent the use of the Services in violation of the Terms of Use in order to perform our contract with you and based on our legitimate interest to ensure that our Services are not abused to protect ourselves and our other users
• (f) to enforce the Terms of Service, including to protect our rights, property and safety and also the rights, property and safety of third parties if necessary on the basis of our legitimate interest in protecting our business, our users of the Services and other third parties; and
• (g) to comply with legal requirements, based on our obligations to comply with such laws.

For processing activities based on a legitimate interest, we have carefully weighed this legitimate interest against your right to privacy and concluded that our interest can be exercised without infringing your rights and freedoms in a way that prohibits the processing of personal data about you.

As a general rule, we will retain your personal data only for as long as necessary to perform the Services, unless there is a legal obligation to retain the data for longer.

After you have closed your account, personal data linked to the account will be stored for a maximum of 90 days.

Personal data processed on the basis of a legal obligation will be retained for as long as the legal obligation justifies the retention of the personal data. This includes when personal data is processed for accounting purposes, where the account data is stored for the current year and until the seventh year following the end of the calendar year in which the financial year ended.

We collect information through technologies such as cookies, pixels, and local storage (for example, in your browser or on your device). For information on how we use system technologies and analytics tools, and how you can prevent the use of cookies, please refer to our Cookie Notice (available here[https://klimra.com/cookies ]).

We may access, preserve, and share your information in response to a legal request (such as a search warrant, court order, or subpoena, among others) or when it is necessary to detect, prevent, and address fraud and other illegal activities, to protect ourselves, you, and other users, including as part of investigations, if we have a good faith belief that applicable law requires us to do so.

This may include responding to legal requests from jurisdictions outside the EU/EEA where we have a good faith belief that the response is required under the law of that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.

Information we receive about you through the Website by using our Services may be accessed, preserved, and stored for an extended period if it is subject to a legal request or obligation, government investigation, or investigation of possible violations of our terms or policies, or otherwise to prevent harm.

Links to other websites

You should be aware that while browsing our website, you may be directed to other websites operated by third parties, where the personal information collected falls outside of our control. The privacy notice of the new website will govern the information collected from you on that site.

Change of ownership

If the ownership of our business changes, we may transfer your information to the new owners so they can continue providing the services. The new owner will still be required to fulfill the commitments we have made in this privacy notice.

Notice of changes

If we make changes to this privacy notice, we will notify you via email. If the changes are significant, we will provide you with additional, prominent notice appropriate to the circumstances, and, if required by applicable law, we will request your consent.

You have an absolute right to object to the processing of your personal data for direct marketing purposes. You also have the right to withdraw your previously given consent. The withdrawal of your consent does not affect the legality of the processing based on consent before it was withdrawn, and we may continue to process your personal data based on other legal grounds, except for direct marketing.

You have the right to request access to and further information about the processing of your personal data, or request that we correct, rectify, supplement, delete, or limit the processing of your personal data. You have the right to receive a copy of the personal data we process about you free of charge once (1) per calendar year. For any additional copies you request, we may charge a reasonable fee based on administrative costs.

If the processing is based on the legal grounds of legitimate or public interest, you have the right to object to the processing. If you do so, we will no longer be allowed to process your personal data unless we can demonstrate compelling reasons why our legitimate grounds for the processing outweigh your interests, rights, and freedoms - unless the processing is necessary to establish, exercise, or defend legal claims.

If the processing is based on the legal grounds of consent or the performance of a contract, you have the right to data portability. Data portability means that you can obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transfer such data to another data controller.

To exercise the aforementioned rights, or if you have any questions about our sharing practices, your rights under EU law, or wish to have your personal data deleted, please contact us at the following address: Contact@klimra.com or Klimra AB, Drömstigen 41. To ensure you receive a prompt response, please provide your full name and, if applicable, your address, username, and the email address used for registration. Please note that any request for information about the processing of your personal data must be personally signed by you.

If you have any complaints regarding our processing of your personal data, you can file a complaint with the relevant data protection authority. You can find more information about the local data protection authorities at the following link: https://commission.europa.eu/law/law-topic/data-protection_en.