HappySent

Privacy Policy

Last updated: 23 May 2026

Summary

("we", "us") is the controller for the personal data submitted by our customer companies. We comply with the GDPR and only collect what we need to deliver a cake to the right person, on the right day, at the right address.

What we collect

  • The employee's first and last name, so the bakery can bake and deliver to the correct person.
  • Date of birth, so we know when to deliver the cake. When someone submits add/remove requests via our website, we collect the full calendar date so we can tell employees apart in confirmations; you do not need to enter a complete national ID number.
  • Delivery address, your workplace visit address.
  • Department size, so we know what size of cake to order.
  • Contact person's email, at the customer company, for confirmations and invoices.
  • Phone number, when you reach out as a potential new customer via our contact form, so we can call or message you about your enquiry.

What we do not store

  • Long-term storage of national identity numbers as general HR payroll records (we do not maintain personnel files beyond what is needed for deliveries)
  • Salary or HR records
  • Health data or other special categories of personal data
  • Bank or card details (invoices are sent as PDF to your billing email)

Legal basis

We rely on legitimate interests (Article 6(1)(f) GDPR): your employer wants us to celebrate employees, and we cannot provide the service without name, birth date, and address. We have balanced those interests against employee privacy; processing is minimal and in line with what employees can reasonably expect in a workplace context.

Who we share with

We only share data with the local bakery assigned to your company's delivery area, and only what is needed to fulfil delivery (name, address, date, party size). We never sell data, we do not use it for marketing, and we do not transfer it outside the EU/EEA for processing.

Retention

We keep personal data for as long as you remain a customer. When an employee is removed, their personal data is deleted within 30 days. Accounting records (invoices) are retained for 7 years as required by Swedish bookkeeping law.

Your rights

You have the right to request access, rectification, erasure, restriction, or data portability, and to object to our processing. Contact us at info@happysent.com.

If you are unhappy with how we handle your data, you may lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

Security

Data is stored in encrypted databases in the EU. Only authorised staff can access it, and access is protected with multi-factor authentication.

Contact

Questions? Email info@happysent.com or use our contact form.