Search at IKSU

Privacy Policy

Read our Privacy Policy

How IKSU Processes Personal Data

IKSU values your privacy. Here we describe how we collect, use, and protect your personal data – both on our website and in the IKSU app.

What personal data we process

We process personal data that you provide to us, such as:

  • name and contact details (email address, phone number, address)

  • personal identity number or date of birth (for identification and age verification)

  • information related to memberships, bookings, and purchases

  • training and visit history

  • payment and invoicing details

In the IKSU app, we also process:

  • information about bookings and activities

  • access logs to our facilities

  • technical information about your device and how the app is used

How we use personal data

We use your information to:

  • manage memberships and agreements

  • process bookings and purchases

  • provide access to our facilities and services

  • communicate with you (e.g. booking confirmations and information)

  • improve our services and our app

Permissions in the IKSU app

The app may request the following permissions, always with clear information when they are used:

  • Bluetooth – used to access the facility upon entry

  • Camera and photo library – used if you choose to add a profile picture or scan QR codes

  • Location data – used to display our facilities on a map

  • Notifications – used for bookings, reminders, and offers

The following features are completely optional and are only activated if you choose to enable them:

  • Contacts

  • Calendar (to add bookings)

  • Health data

Device data, analytics and crash data

In the app, we collect:

  • an anonymous device identifier that links your device to your account (e.g. for access and push notifications)

  • usage data and crash reports that help us improve the app

Crash and analytics data:

  • are collected via Firebase

  • do not contain sensitive personal information

  • are used solely for troubleshooting and development

External providers and systems

To deliver our services, we work with trusted providers:

  • BRP Systems – business system, app, and booking platform

  • Firebase (Google) – push notifications and analytics

  • Braze – campaigns, content, and push notifications

  • AWS (Amazon Web Services) – backend and API

  • Xlent – website development

  • Google Analytics – analysis of usage on iksu.se

These providers process personal data in accordance with data processing agreements.

Sharing of personal data

We never sell your personal data.
Your data is only shared:

  • when necessary to provide our services

  • with our service providers under agreement

  • when required by law

Children’s personal data

Children under the age of 16 may use our services only with parental consent.

In the app, consent must be given during registration. Data is processed until the year the child turns 16.

How we protect your data

IKSU actively works to protect personal data through:

  • encryption in transit

  • restricted access and authorization controls

  • logging of access

  • pseudonymization where possible

In the event of any issues, we work closely with our providers to resolve them as quickly as possible.

Your rights

You have the right to:

  • access the data we hold about you

  • request correction

  • request deletion

  • object to certain processing

You also have the right to file a complaint with the Swedish Authority for Privacy Protection, Integritetsskyddsmyndigheten (IMY) imy.se.

Contact

Data Controller: IKSU
Organisation number: 894000‑4792
Address: Box 7092, 907 03 Umeå, Sweden

Data protection contact:
Ulrika Lundberg
dataskyddsombud@iksu.se