Privacy Policy
Last updated: 6 June 2026
Summary
("we", "us") is the controller for the personal data submitted by our customer companies. We comply with the GDPR and only collect what we need to deliver a cake to the right person, on the right day, at the right address.
What we collect
- The employee's first and last name, so the bakery can bake and deliver to the correct person.
- Date of birth, so we know when to deliver the cake. When someone submits add/remove requests via our website, we collect the full calendar date so we can tell employees apart in confirmations; you do not need to enter a complete national ID number.
- Delivery address, your workplace visit address.
- Department size, so we know what size of cake to order.
- Contact person's email, at the customer company, for confirmations and invoices.
- Phone number, when you reach out as a potential new customer via our contact form, so we can call or message you about your enquiry.
What we do not store
- Long-term storage of national identity numbers as general HR payroll records (we do not maintain personnel files beyond what is needed for deliveries)
- Salary or HR records
- Health data or other special categories of personal data
- Bank or card details (invoices are sent as PDF to your billing email)
Legal basis
We rely on legitimate interests (Article 6(1)(f) GDPR): your employer wants us to celebrate employees, and we cannot provide the service without name, birth date, and address. We have balanced those interests against employee privacy; processing is minimal and in line with what employees can reasonably expect in a workplace context.
Who we share with
We only share data with the local bakery assigned to your company's delivery area, and only what is needed to fulfil delivery (name, address, date, party size). We never sell customer data or use it for marketing. If you accept analytics cookies, Google Analytics (Google) may receive anonymised visit statistics; Google may process data outside the EU/EEA under its terms and standard contractual clauses.
Cookies
Cookies are small text files stored by your browser. Some are necessary for the site to work; others require your consent.
| Cookie / service | Purpose | Requires consent |
|---|---|---|
| happysent_locale | Remembers your language choice (Swedish or English). | No (necessary) |
| Supabase-auth | Keeps you signed in to admin when you use login. | No (necessary) |
| happysent_cookie_consent | Stores your choice in the cookie banner. | No (necessary) |
| Google Analytics (_ga, _ga_*) | Visit statistics when you accept analytics cookies. | Yes |
You can change your choice at any time via Cookie settings in the footer.
Retention
We keep personal data for as long as you remain a customer. When an employee is removed, their personal data is deleted within 30 days. Accounting records (invoices) are retained for 7 years as required by Swedish bookkeeping law.
Your rights
You have the right to request access, rectification, erasure, restriction, or data portability, and to object to our processing. Contact us at info@happysent.com.
If you are unhappy with how we handle your data, you may lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
Security
Data is stored in encrypted databases in the EU. Only authorised staff can access it, and access is protected with multi-factor authentication.
Contact
Questions? Email info@happysent.com or use our contact form.