Last modified: 30 April, 2020

Privacy Policy – GDPR


I wrote this privacy policy to help you as a visitor to understand what data is collected about you when you visit and interact with this site in different ways, as well as what security measures are in place to keep that data safe and what control you have over this data. I also tell you about what third-party services I use and provide links to their privacy policies so you can read and/or get in touch with them.

Even though this policy might seem long and daunting to read, I have sectioned everything in a way to make it easy to understand what section contains what information. Also, I have written everything myself, so it should be easy to understand and “jargon-free”.

That said, if you feel something is unclear after reading this privacy policy, you are very welcome to contact me. Contact details can be found at the bottom of this privacy policy.

What data is collected and why

I collect data about you as a visitor to this site for different purposes depending on your actions. I also use third party services which also collects data about you when you visit and interact with this website such as for statistical purposes.

You can read below what data I collect about you, as well as what third-party services I use and why I use them.

There will also be links to the privacy policies for each third-party service I use below where you can get information and contact details for each of them.

Contact Form

When you contact me through the contact form, the data in the form is collected. This includes:

  • Your name (optional)
  • Your email address(required)
  • Your message subject (required)
  • Your message (required)

This data is collected in order for me to be able to respond to your message such as in the case of providing support, answering a question or otherwise provide you with information regarding your message to me.

Generally, no information you supply through the contact form is shared with third-parties, except for cases in which they are involved in your request. This could be cases such as if you request deletion of your data. In such a case, third parties that might hold data about you as well will be notified of this and handed relevant data about you for this purpose. Your data might also be shared with relevant entities such as if requested as necessary by law.

Contact form data is also checked for spam with the third-party service called Askimet. Please read the third party section below for more information about Askimet.

The legal basis is: legitimate interest.

Ordering of services or products

When you order a service or product from me in the shop, I collect data about you in order to:

  • provide such service or product to you
  • provide you with your order information
  • notify you of any changes in your customer account
  • be able to invoice you for payment
  • provide you with any purchase related service/support like in the case you request a refund or otherwise exercise your rights in regards to your order/purchase.

The data I collect about you is that which you supply to me through the billing information on the checkout page. This includes but are not limited to:

  • Your first name and last name
  • Your organization number or national identification number/SSN (if applicable)
  • Your street address
  • Your country
  • Your town/city
  • Your state/county (if applicable)
  • Your Postcode/ ZIP
  • Your email address

Other information such as your IP-address is also collected in order to help verifying your location for tax/VAT purposes.


An account is also automatically created for you when you place an order using the information stated above that you provide at checkout. The account is created to provide you with ability to have an overview of you purchase history and order details and so you can edit your shopping/ordering settings and preferences such as in cases you want to subscribe to product update notifications or not.

Email Subscription Choices

At checkout, you can choose if you want to receive product update notifications to your email address. Please read more about what data is collected for this purpose in the “Email Subscriptions/Newsletters” section below.

Browsing and interacting with the shop

When you browse or otherwise interact with the shop in different ways such as clicking on a product to view it or adding a product to the cart, a few different cookies are set in your browser. Please refer to the cookie policy to know which these cookies are and what control you have over them.

Legal basis is: Legitimate interest.

Email Subscriptions/Newsletters

At different places on this site, you can choose to subscribe to different newsletters or other email notifications of your choice. This includes in your personal account, in the sidebar of the site and on checkout to name a few. If you choose to sign up for any of these, some data about you will be collected and stored in order to fulfill this service to you. This data includes:

  • Your email address
  • Your IP-address

This data is required in order to be able to send emails to you and to be able to verify your subscription choices.

Legal basis: Consent

Your control over this data

You can at any time cancel your subscription to any of the newsletters or email notifications  you have previously subscribed to by clicking the link “Manage subscriptions” in the newsletter emails you receive, or by contacting: kontakt(at)aurorakreativ(dot)com or by using the contact form available on this site and requesting it. You can also, via the same link in the subscription emails you receive, change your email address.

If you have an account on this site, you can also log in to it and manage your subscriptions or change your email address by clicking the link “Manage Email Subscriptions”.

Who your data is shared with

Third-party Services

I never sell any data about you to third parties. I do however use third-parties that provide different services to me that helps me run this website or my business, and sometimes I use affiliate links that may result in compensation for me when used by a visitor. Some of these services uses data about you in order to provide their services to me. For example, I use an umbrella company in order to invoice my customers. They invoice my customers on my behalf, as well as handle all income-taxes etc. and then pays me as an employee. This simplifies my work so I can focus on running this site and provide my services and products.

These third-parties have their own privacy policies that I do not have control over. They are their own companies and as such they have their own regulations. That said, I make sure to keep my self updated with the data-practices of the third-party services I use. You can read each of their privacy policies as described below.

Google Analytics

I use an analytical service called Google Analytics for this website. It helps me analyze how many views I get on different pages, what content is interacted with and how the visitor journeys through the sites pages for example. I only use this service to be able to better my websites content and the statistics gathered is not sold or otherwise shared with any other third-parties. It also isn’t  combined with any other service or data that would allow me to identify you personally. The service requires data about my website visitors in order to be able to provide the statistics, however, this data is anonymous and cannot identify you as a person. For example, your IP-address is collected and sent to the analytic service but is anonymised in the process before it can be used for statistical purposes.

This service also sets three cookies on visitors browsers. One of these cookies (named _ga) makes it possible to see unique visits to a page in the statistics instead of seeing many visits that may or may not be from the same person alone. In other words, this cookie is used to distinguish you as a visitor to my site from other visitors. Please refer to the Cookie policy to read more about this cookie and the other two cookies used by this service, and to read about your control over these.

You can read more about how this service works in regards to collecting data about you as a visitor to my site here: https://support.google.com/analytics/answer/6004245
The relevant parts are under the Google Analytics sections.

Jetpack Features – Automattic

I use a number of features/services that are made by the company Automattic to enhance the performance, security etc for this site. For these services to work, Automattic receives some data about you depending on your actions on this site. In this section, you can read more about what these services are and there are also relevant links to pages where you can read more about the specific data which is collected about you for these services. I highly recommend you read each of those pages as well.

Statistical Service (Jetpack Stats): I use a statistical service to help me improve my site with relevant articles, other site content and for SEO (search engine optimization). This service collects data about you (such as your IP-address) when you visit my site, as well as when you interact with it (such as when you click a link). That data is then used by Automattic in order to provide me anonymous statistical data (such as what link on my page was clicked, what search terms was used in a search engine before the user entered my site etc.). In other words, I can’t tell who you are (I can’t see your IP-address or other identifying information about you) through the statistics as I do not have any access to such data.

Your control over this data

This site honors your DNT(Do Not Track) settings in regards to this statistical service. That means if you have the Do Not Track setting turned on in your browser, the statistical service will not track you on this site. Please refer to the manual for your specific browser to know how to turn DNT on/off.

You can read the privacy notice of Automattic here: https://automattic.com/privacy-notice/
You can also read about the exact data that Automattic collects about you for this statistical service here: https://jetpack.com/support/wordpress-com-stats/#privacy

Comments & Comment Spam Detection (Askimet): I also use a comment service which allows visitors to post comments on my website through a comment form. In conjunction with this comment form service I use a comment spam detection service. This service helps with detecting spam comments on my site to filter them away from the other legitimate comments. That means that when you as a visitor to this site use the comment form on any page or article post, the data of that comment might be sent to Automattic for spam detection as well as some other data that is not visible in the comment form such as your IP-address, user-agent etc. As a user to this service, I have direct access to your IP and email address when you leave a comment.

Contact Form Spam Detection (Askimet): I also use the Askimet spam detection service for the contact form submissions in which the contact form data is sent to Automattic for spam detection. All fields that you fill in will be sent to Automattic for this service. The contact form in question can be located at the page: Contact.

You can read more about what data is collected about you when you leave comments here:  https://jetpack.com/support/for-your-privacy-policy/#jetpack-comments
You can read the privacy notice of Automattic here: https://automattic.com/privacy-notice/

Brute-force login protection (Protect): Automattic also provides a service which I use for protection against unauthorized attempts at logging in to the back-end of the site. This service uses visitors data when an attempt is made at logging in to the back-end in order to function. In other words, it does not collect any data automatically without attempting to log in. As a user to this service, I do not have access to any personally identifiable information about you.

You can read more about what data is collected for this purpose here:https://jetpack.com/support/for-your-privacy-policy/#protect
You can read the privacy notice of Automattic here:https://automattic.com/privacy-notice/

Other third-party services

Web-hosting service: I use a web-host to host my site named One.com (B.one). They collect data about you as a visitor to my site in order to provide their hosting service for purposes such as securing their servers etc. This includes data such as your IP-address.
You can read more about the privacy policy of One.com here: https://www.one.com/static/info-privacy-notice.do

Payment Solution: I use an umbrella company by the name Frilans Finans Sverige AB when I sell my services and products. They invoice customers on my behalf and then pay me in form of a salary as a temporary employee. They use the data that I collect from you from the billing form you fill in at checkout in order to invoice you. I provide this data to them manually.

If any information that you have given for the purpose of this invoicing service is lacking or incorrect (such as you gave an incorrect name or other details), Frilans Finans Sverige AB might ask for additional/correct details from you in order to be able to provide their service.

You can read more about the privacy policy of Frilans Finans Sverige AB here:https://www.frilansfinans.se/en/privacy-policy/

Affiliate Networks: I use affiliate networks to link to products and services that may be of interest to you as a visitor to my website. Affiliate networks allows companies a way to pay people who help them sell their products by linking to them via an affiliate link provided by the affiliate network. If a visitor clicks on the affiliate link and decides to purchase a product from the company’s website, the company then pays the person a specified fee via the affiliate network. You can read more in depth about affiliate marketing here: https://adtraction.com/blog/what-is-affiliate-marketing

If you follow a link of this nature on this website and make a purchase on the website it leads to, I may receive monetary compensation from the affiliate network (at no extra expense/cost to you).

Any article, page or other parts of this website that contain these links are clearly marked as containing affiliate links to inform you as a visitor of their existence. When you click on one of these affiliate links, you will for a short moment go through the affiliate networks website before you land on the intended website.

The affiliate networks and the product websites may gather information about you when you go through them. Their privacy polices, just like any other website you visit or interact with, is the one you should turn to when you have questions about their data collecting practices and your rights regarding your data. However, I do make sure to set any settings that I have control over in any of these affiliate networks to gather as little information as possible from my website visitors.

These are the affiliate networks I currently use which you can visit and read more about:

Publicly shown data

Some data you post on this site is shown to the public that visits this site. As such, your data is shared with the public when:

You post a comment on a post/article or page. The data you provide in the comment form is the data that is shown to the public except for your email address which is not shown. No other comment data is available for the public/visitors to see.

Product reviews: If you leave a product review on a product page, the data you provided in the review form will be visible to the public who visits this site.

Information shared as requested by law

If requested by law, some information about you might be disclosed to appropriate entities.

How long your data is retained for

Data is retained for different lengths of time depending on their purpose for being stored. For example, when you use the contact form to ask me a question, your contact form details will be stored for as long as it’s needed to answer your question. This will obviously depend on the individual conversation, one might take longer to be deemed as “complete” than others. I never store data for longer than I need it for the different purposes I have outlined in this privacy policy. The third-party services I use have different retention times, so you should refer to the privacy policies of these third-party services. I will refer to data I store, have access to and can control as data “on my end”.

Contact form

When you use the contact form to send a message to me, the data associated with the form is stored for two reasons (read more in the first-party section) and have two different retention times as outlined below.

To provide support/answer questions: The retention time varies depending on the purpose of the message. If it’s a question for example, the retention time will be for however long it takes for the question to be deemed answered. If the visitor doesn’t continue the conversation within 30 days of their last message, then that conversation will be deemed as complete and therefore all data pertaining that conversation will be deleted. Also if the conversations is for example, particularly long, and older messages pertaining that conversation isn’t necessary for the context anymore, they will be also deleted. This does not include any information that is needed to be retained for legal reasons as appropriate by law.

To prevent misuse: If it’s deemed that someone is misusing the contact form, their IP-address will be retained for 6 months in order to prevent the misuse of it. After the 6 months retention time for this purpose, the data will be deleted unless needed for legal reasons such as if it is requested by law authorities.

Comments (Jetpack)

Comment spam detection service (Askimet):
You can read about how long Automattic stores data about you with this service here: https://akismet.com/gdpr/

No personally identifiable data about you is stored on my end with this service.

Comments: Any comments that shows on this site is stored on my end for as long as the article/post or page it is posted on exists or commenter requests removal of their comment(s).

Ordering of products or services

When you order a product or service from me, your data is stored for maximum 6 years on my end in order to be able to adhere to after-sale responsibilities according to European consumer guarantees.

The company which I use to invoice and collect payment from my customers with is called Frilans Finans Sverige AB, and their data-retention policy might differ.
You can read their privacy policy here: https://www.frilansfinans.se/en/privacy-policy/

Browsing and interacting with the shop

No data is retained about you on my end when you browse or interact with the shop without making an order. However, some cookies are set in your browser, which you can read more about in the cookie policy.

Statistics (Jetpack)

The data stored by the site statistics service as provided by Automattic is stored indefinitely and contains no personally identifying data about you on my end. However Automattic stores such data on their end for 28 days. You can read about that here: https://jetpack.com/support/wordpress-com-stats/#data-visibility-and-retention

Protect (Jetpack)

No data about you is stored on my end with this service. To learn how long Atomattic stores data about you, please refer to this page: https://jetpack.com/support/security-features/#privacy


Please refer to the privacy policy of One.com (B-one) with regards to how long they retain data about you as a visitor to my site: https://www.one.com/static/info-privacy-notice.do

Newsletter Subscriptions/Email Notifications

Your data will be stored for as long as you are subscribed to one or more newsletters or email notifications or until a newsletter or email notification ceases to exist. In such a case, your data will be removed in conjunction with the ceasing. If you unsubscribe form all newsletters or email notifications, then your data will be deleted as well.

What rights you have over your data

If you want to request an excerpt of the data that is held about you, want to update any data that is held about you or want to delete any of your data, you can contact me with the appropriate request. To do this, please contact: kontakt(at)aurorakreativ(dot)com. I will respond to your inquiry within one month.

Where your data is sent (Outside of Europe)

Below I have specified which third-party services I use that processes data in third-countries.

Services by Automattic (as specified in this privacy policy)

Automattic processes the data for the services I use in Ireland and USA and have measures in place to make sure any data they transfer outside of the EEA is adequately protected. You can read more about this in their privacy policy: https://automattic.com/privacy/#transferring-information

Invoicing service (Frilans Finans Sverige AB)

Frilans Finans Sverige AB processes the data for the service I use in Sweden but might also transfer some data outside of the EU/EEA region. In such cases, they take appropriate safeguards to make sure that the level of protection is the same as within the EU/EEA region.
You can read more about this in their privacy policy here: https://www.frilansfinans.se/en/privacy-policy/

Changes to this privacy policy

This privacy policy might come to change from time to time. As such, please check it regularly. At the top of this privacy policy, there’s a time-stamp “Last modified” that shows you when the last modification was made to it.

Contact details

I, the site owner, am the data controller for this website and my name is Sara Rennelöv. I operate this website from Sweden. If you wish to contact me, you can do so by emailing me at: kontakt(at)aurorakreativ(dot)com.

Sumbit an image of you playing the game