Privacy Policy
Last updated: April 22, 2026
This privacy policy describes how TQ HealthOps AB ("CrossFit Maskineriet", "we", "us") processes your personal data.
Data controller
TQ HealthOps AB is the data controller for the data described in this policy.
Contact: info@crossfitmaskineriet.com, +46 72 516 29 50, Maskingatan 1, 702 86 Örebro, Sweden.
Data we process
What data we process depends on how you interact with us:
- Membership and bookings: name, email, phone, address and booking history.
- Payments: transaction status, amount and reference. Card details are handled by our payment provider.
- Contact form and email: your name, email and the content of your message.
- Newsletter: email address and name.
- Messenger and social platforms: your user account and the content of the messages you send us, and — if you identify yourself — the link to your member account.
- Site visits: technical information and usage data generated when you use the website (via consent-based analytics and marketing tools).
- Information you enter yourself in our member services.
Legal basis for processing
We rely on the following legal bases:
- Contract — to administer your membership, handle bookings and process payments.
- Legal obligation — for bookkeeping and tax reporting.
- Legitimate interest — to answer inquiries you send us.
- Consent — for newsletters and for marketing and non-essential tracking. You can withdraw your consent at any time.
Recipients and categories of recipients
We engage providers that process personal data on our behalf within the following categories:
- Member and booking platform.
- Payment services.
- Social platforms and communication tools.
- Analytics and marketing tools.
- Cloud infrastructure.
- Email and newsletter delivery providers.
Where GDPR requires it, we have data processing agreements in place with our providers.
Transfers outside the EU/EEA
Some of our providers may process data outside the EU/EEA. In such cases, the transfer is made with appropriate safeguards under Chapter V of the GDPR.
Retention
We only keep your data as long as needed for the purpose, or as long as the law requires. The retention period is determined by the following criteria:
- Member data: during the membership and thereafter for as long as needed for legitimate purposes.
- Accounting records, including payments: 7 years under Swedish bookkeeping law.
- Newsletter subscription: until you unsubscribe.
- Messages and conversations: while the dialogue is active plus a reasonable follow-up period.
- Support cases: as long as needed to handle the case and any follow-up.
Your rights
Under GDPR you have the right to:
- Access the data we hold about you.
- Correct inaccurate data.
- Request erasure, to the extent we are not required by law to retain it.
- Restrict or object to certain processing.
- Receive your data in a machine-readable format.
- Lodge a complaint with the Swedish Authority for Privacy Protection (IMY) — imy.se.
Contact us at info@crossfitmaskineriet.com if you wish to exercise any of these rights.
Cookies and similar technologies
We use cookies to make the site work and — with your consent — for analytics and marketing.
For visitors in the EU/EEA, we ask for consent to non-essential tracking. You can change your consent via the consent banner.
Security
We apply appropriate technical and organisational measures to protect your data, taking into account risk, cost and the state of the art.
Changes to this policy
We may update this policy as the business or the law changes. The latest version lives on this page; the date at the top shows when it was last changed.