Privacy policy

Last updated: January 13, 2026

1. Data Controller

Grant Garden is operated as a sole proprietorship.
The data controller is the individual operating the business.

Martin Kjellberg
Organization number: 772071-4013
Grynbodgatan 15A, 211 33 Malmö, Sweden
Email: [email protected]

2. What Personal Data Do We Collect?

2.1 Account Information

When you create an account on Grant Garden, we collect:

  • Name
  • Email address
  • Phone number
  • Address
  • Personal identity number (required for secure identification and grant disbursements)
  • Password (stored encrypted)

Personal identity numbers are necessary and are protected with enhanced security and access controls.

2.2 Application Information

When you apply for grants through Grant Garden, the following data may be collected depending on the specific call:

  • Project description
  • Budget
  • CV and qualifications
  • Attachments and documents

Note: Application data is processed by the foundation or organization responsible for the call. Grant Garden acts as a data processor. The foundation or organization is the data controller. Processing is governed by data processing agreements.

2.3 Technical Information

  • IP address (used for security and troubleshooting, anonymized in error reporting systems)
  • Browser type and language preferences
  • Login timestamps and activity

2.4 Support Communication

When you contact us via email, we process the personal data you provide in order to handle your inquiry.

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Performance of contract: To create and manage accounts, provide services, enable grant applications, and communicate with users.
  • Legal obligation: To comply with accounting and other applicable legal requirements related to granted funds.
  • Legitimate interest: To ensure technical functionality, maintain security, prevent misuse, and improve our services.
  • Consent: For the use of non-essential cookies, if applicable.

4. Data Retention

  • Account information: Stored while the account is active.
  • Granted funds: Retained for 7 years in accordance with accounting law.
  • Non-granted applications: May be deleted after processing is completed, according to the controller’s policy.
  • Technical data: Typically deleted within 90 days.
  • Support inquiries: Stored as long as necessary to resolve the matter.

5. Data Sharing

Foundations and Organizations

Grant applications are shared with the responsible foundation or organization, which becomes the data controller.

Service Providers

We use the following data processors:

  • Hetzner (Germany) – Hosting and storage
  • Postmark – Transactional emails
  • Sentry – Error reporting (personal data anonymized)
  • CookieYes – Cookie information (if applicable)

We have data processing agreements in place with our service providers. We never sell personal data to third parties.

6. Transfers Outside the EU/EEA

Our servers are located within the EU. Where data is transferred to third countries, appropriate safeguards such as Standard Contractual Clauses are used.

7. Your Rights

Under GDPR, you have the right to:

  • Access your data – Request information about what personal data we hold about you
  • Rectify incorrect data – Have inaccurate information corrected
  • Delete your data – Request deletion of your account and data (except where retention is required by law)
  • Restrict processing – Request that we temporarily stop processing your data
  • Data portability – Receive your data in a machine-readable format
  • Object to processing – Object to processing based on legitimate interest
  • Withdraw consent – When processing is based on consent

To exercise your rights, contact us at [email protected]. We will handle your request within 30 days.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe we are processing your personal data incorrectly. Users in other EU countries may also contact their local supervisory authority.

8. Cookies

We use only essential cookies necessary for site functionality:

  • Session cookies
  • CSRF tokens
  • Language preferences

We do not use cookies for marketing, analytics, or tracking.

9. Security

We protect personal data through encryption, access controls, backups, and regular security reviews.

10. Changes

The latest version of this policy is always available at grantgarden.org.

11. Contact

Martin Kjellberg
Grynbodgatan 15A, 211 33 Malmö, Sweden
Email: [email protected]