Privacy Policy

1. Introduction

Cuts From The Valley ("CFTV," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, protect, and handle your information when you visit our website at cftv.studio. We are established in Sweden and comply with Swedish data protection law and GDPR.

2. Data Controller

3. Information We Collect

3.1 Information You Provide

• Contact Information: Name, email address, and message content when you use our contact form
• Communication: Any information you provide when communicating with us

3.2 Information Automatically Collected

• Website Analytics: Basic visitor statistics (page views, visit duration, referral sources) via GoatCounter (privacy-focused, no cookies, no personal data)
• Technical Information: IP address, browser type, device information for security and functionality purposes
• Security Logs: Information necessary to protect our website from threats and abuse

3.3 What We DON'T Collect

• ❌ Google Analytics or other tracking tools
• ❌ Social media tracking pixels
• ❌ Third-party advertising cookies
• ❌ Personal information beyond what you voluntarily provide

4. Legal Basis for Processing

Under GDPR and Swedish data protection law, we process your personal data based on:

• Consent (Art. 6.1.a GDPR): When you voluntarily provide information
• Legitimate Interest (Art. 6.1.f GDPR): For business operations and service improvement
• Legal Obligation (Art. 6.1.c GDPR): When required by law
• Contract Performance (Art. 6.1.b GDPR): To perform services

5. How We Use Your Information

• Communication: To respond to your inquiries and provide customer support
• Website Operations: To maintain, improve, and secure our website
• Legal Compliance: To comply with applicable laws and regulations
• Security: To protect against fraud, abuse, and security threats

6. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:

• Service Providers: With trusted third-party services that help us operate our website
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with any merger, sale, or transfer of our business

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmission is encrypted using HTTPS/TLS
• Access Controls: Strict access controls limit who can view your information
• Security Monitoring: Continuous monitoring for threats and vulnerabilities
• Data Minimization: We collect only the minimum information necessary

8. Your Rights

Under GDPR and Swedish data protection law, you have the following rights:

• Access (Art. 15 GDPR): Request a copy of the personal information we have about you
• Correction (Art. 16 GDPR): Request correction of inaccurate information
• Deletion (Art. 17 GDPR): Request deletion of your personal information
• Restriction (Art. 18 GDPR): Request restriction of processing
• Portability (Art. 20 GDPR): Request a copy of your data in machine-readable format
• Objection (Art. 21 GDPR): Object to processing of your personal information
• Withdraw Consent: At any time

To exercise these rights, please contact us using the information provided below.

9. Cookies and Tracking

Our website uses minimal cookies and tracking:

• Essential Cookies: Required for website functionality and security
• Analytics: GoatCounter analytics (no cookies, no personal data, no tracking across sites)
• No Advertising: We do not use advertising cookies or trackers
• No Social Media: We do not use social media tracking or pixels

You can control cookies through your browser settings. GoatCounter does not set tracking cookies.

10. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by Swedish law. General retention periods are 3-7 years depending on the type of information and legal requirements.

11. International Transfers

We primarily transfer data within the EU/EEA. For transfers outside the EU/EEA, we ensure appropriate safeguards under Chapter V GDPR, including adequacy decisions or appropriate guarantees.

12. Data Breach

In case of data breaches, we follow GDPR and Swedish law:

• Reporting to IMY within 72 hours (Art. 33 GDPR)
• Notification to affected individuals in case of high risk (Art. 34 GDPR)
• Documentation of all incidents

13. Children's Privacy

Our website is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

14. Complaints

You have the right to lodge a complaint with the supervisory authority:

15. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.