KUPA Privacy Policy
Kupa privacy policy sets out how Kupa.bar handles your personal data, from security to cookie preferences. We follow the EU GDPR and Swedish law to keep your information safe and transparent.
Effective 6 October 2025
Who we are
Kupa™ is a brand owned by the Barkonsult group.
| Entity | Reg. no. | Address | Phone | |
|---|---|---|---|---|
| Barkonsult AB | 556590-3274 | Upplagsvägen 25, 117 55 Stockholm, Sweden | info@barkonsult.se | +46 8 644 60 40 |
| Barkonsult Norway AS | 937 577 532 | Nils Hansens vei 14, 0667 Oslo, Norway | firmapost@barkonsult.no | +47 22 79 42 39 |
| Barkonsult Denmark ApS | 29148694 | Lergravsvej 61, 2300 København S, Denmark | order@barkonsult.dk | +45 36 72 72 11 |
Website: https://kupa.bar
Privacy contact (all territories): info@barkonsult.se
Scope
This Policy applies only to kupa.bar. When you click “Buy” you leave kupa.bar for Barkonsult’s webshop, which has its own privacy notice.
Personal data we process
• Technical data – IP address, browser, operating system, referring URL (collected automatically)
• Usage data – page views, time on page, clicks (Google Analytics 4)
• Marketing identifiers – Google Ads cookie “_gcl” and Meta Pixel “_fbp” (set only if you consent)
We do not collect special-category data and do not offer user accounts.
Purposes and legal bases
- Site analytics and performance – Legitimate interest (GDPR Art 6 (1)(f))
- Ad measurement and retargeting – Consent (Art 6 (1)(a)) via cookie banner
- Future newsletters – Consent (Art 6 (1)(a))
Data recipients (processors)
- GoDaddy Europe – web hosting (servers in EU/EEA, Amsterdam)
- Google LLC – GA4 & Google Ads (EU Standard Contractual Clauses)
- Meta Platforms Ireland – Facebook/Instagram Ads (EU Standard Contractual Clauses)
International transfers
Where data is stored outside the EEA we rely on EU Standard Contractual Clauses plus supplementary security measures. We do not receive personal data about you from third parties, nor do we use automated decision-making or profiling on Kupa.bar.
How long we retain your data
- Google Analytics event data – 14 months
- Google/Meta ad identifiers – 180 days
Security
We secure the site with HTTPS/TLS encryption and managed WordPress hardening. We also implement server-level firewalls and least-privilege account controls where available. Barkonsult maintains an incident-response plan and will notify the Swedish Authority for Privacy Protection (IMY) and affected individuals of any personal-data breach within 72 hours, as required by GDPR Article 33.
Your rights
Right to access, rectify, erase, restrict or port your data; right to object; right to withdraw consent at any time. Complaints: Integritetsskyddsmyndigheten (IMY), Sweden. The Site is not directed to children under 13 and we do not knowingly process their data.
Changes
Updates will appear here; see “Effective date” above.
For more information: