privacy policy.

Your privacy matters to us. This policy explains how Burner Atelier collects, uses, and protects your personal data when you shop with us. We comply with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

Data controller Burner Studio AB ("Burner Atelier," "we," "us," "our"), org. nr 559480-7702, is responsible for your personal data. Jarlaplan 2, 113 57 Stockholm, Sweden support@burneratelier.com

What we collect

Order information: name, email, shipping and billing address, phone number, and order history. We need this to process and deliver your order.

Payment information: processed securely by Stripe. We never store or have access to your full card details.

Newsletter: if you opt in, your email address and basic engagement metrics (opens, clicks) to improve our communications.

Customer service: records of your correspondence with us, kept to handle your enquiry and any follow-up.

Website data: technical information such as IP address, browser, device, and pages visited, collected through cookies and analytics. See the Cookie Policy.

Legal basis for processing

  • Contract: to process orders, take payment, deliver goods, and handle returns.

  • Legal obligation: to keep accounting records as required by Swedish law.

  • Legitimate interest: to prevent fraud, secure the site, analyse usage, and market to existing customers. We balance this against your privacy rights.

  • Consent: for newsletter sign-up and non-essential cookies. You can withdraw consent at any time.

How we share your data

We share data only with service providers acting on our instructions under data processing agreements:

  • Squarespace — website hosting, online store, and newsletter (USA; Standard Contractual Clauses in place).

  • Stripe — payment processing (EU/USA; Standard Contractual Clauses in place).

  • PostNord — delivery (Sweden, EU).

  • Shipmondo — shipping label and fulfilment platform, if used (Denmark, EU). [Remove if not used.]

  • Google Analytics — website analytics, only with your consent (USA; Standard Contractual Clauses in place). [Remove if not used.]

  • Fortnox AB — accounting (Sweden, EU).

We never sell or rent your personal data.

International transfers Where a provider processes data outside the EU/EEA, we rely on European Commission Standard Contractual Clauses and additional safeguards such as encryption and access controls.

Data retention

  • Order and accounting records: 7 years, as required by the Swedish Bookkeeping Act (Bokföringslagen).

  • Newsletter: until you unsubscribe or withdraw consent.

  • Customer service correspondence: up to 2 years.

  • Website analytics: per the analytics provider's default retention.

Your rights under GDPR You have the right to access, rectify, erase, restrict, and object to the processing of your data, to data portability, and to withdraw consent at any time. To exercise any right, email support@burneratelier.com We respond within 30 days and may verify your identity first.

Complaints If you believe we've mishandled your data, you can lodge a complaint with the Swedish Authority for Privacy Protection: Integritetsskyddsmyndigheten (IMY), Box 8114, 104 20 Stockholm — imy.se — imy@imy.se

Changes We may update this policy. Significant changes will be posted here with a new date.

Last updated: 25 May 2026