Privacy Policy

Privacy Policy

Last updated: January 19, 2026

This Privacy Policy explains how Winn Scandinavia AB (“we”, “us”, “our”), the company behind the Bass Habit brand, collects and uses personal data when you use the Bass Habit website and our mobile apps (the “Service”). We process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

1) Controller and contact details

Controller: Winn Scandinavia AB
Address: Idrottsvägen 37, 702 32 Örebro, Sweden
Email: support@winnscandinavia.com

If you have questions about this policy or want to exercise your rights, contact us using the details above.

2) Scope

This policy applies to:

  • Our website (including product/catalog pages and contact forms)
  • Our mobile apps used for offline configuration of audio equipment (e.g., DSP and similar devices)

This policy does not apply to third-party websites/services that you may reach via links, nor to Apple/Google app store platforms acting as independent controllers for their own processing.

3) What personal data we collect

A) Website

Contact forms / email inquiries
If you contact us, we may collect:

  • Name
  • Email address
  • Phone number
  • Any information you include in your message and attachments

Technical data (server logs)
When you visit the website, we may collect:

  • IP address
  • Device/browser information
  • Date/time of access and requested pages
    This is collected via server logs and similar technical measures for security and troubleshooting.

Analytics (GA4)
If you consent via our cookie banner (where required), we use Google Analytics 4 to collect usage information such as:

  • Pages visited, interactions, approximate location (derived from IP), device/browser details
  • Timing and navigation patterns
    We use this only to understand website usage and improve the site. We do not use GA4 for advertising personalization.

Anti-spam (Google reCAPTCHA v3)
We use reCAPTCHA to protect forms and prevent abuse. reCAPTCHA may process technical and behavioral signals (e.g., IP address, device/browser data, page interactions) to assess whether traffic is legitimate. Google may process this information in accordance with its own privacy policy.

B) Mobile apps

Our apps are intended to work offline and do not require accounts.

App data collection
We do not collect, transmit, or share personal data from the apps. Configuration data is stored locally on the device and/or on the connected equipment.

Permissions (only to enable functionality)
Depending on the app and device, the app may request permissions such as:

  • Bluetooth / Nearby devices (to connect to hardware)
  • Local network access (to discover/connect to compatible devices)
  • File access (to import/export configuration files you choose)

4) Why we use personal data (purposes)

We use personal data to:

  • Respond to inquiries and provide support
  • Operate, secure, and maintain the website (including preventing abuse)
  • Understand website usage and improve the website (analytics, where enabled by consent)
  • Protect forms and services from spam and abuse (reCAPTCHA)

We do not use personal data for profiling or automated decision-making that produces legal or similarly significant effects.

5) Legal bases (GDPR)

We rely on the following legal bases:

  • Legitimate interests (Article 6(1)(f)) for:
    • Website operation, security, fraud/spam prevention, troubleshooting
    • Responding to inquiries and managing support
  • Consent (Article 6(1)(a)) where required for:
    • Non-essential cookies and analytics (e.g., GA4)
    • Any other optional tracking technologies (if implemented)

You can withdraw consent at any time via our cookie banner/settings (where available) and/or your browser settings.

6) Whether you must provide data

  • Contact forms: Providing at least an email address is necessary for us to respond. Name may be required to identify your request. If you do not provide required details, we may not be able to handle your request. Phone number is optional unless needed to handle your request.
  • Analytics cookies: Optional. You can refuse without losing access to the website content.

7) Sharing and disclosure

We do not sell personal data.

We may share personal data with service providers (processors) only as necessary to operate the Service, such as:

  • Web hosting provider (e.g., Loopia) for website hosting and logs
  • Email providers (e.g., Microsoft/Outlook) to receive and respond to inquiries
  • Support/ticketing provider (e.g., Zendesk) to manage support cases
  • Google for reCAPTCHA and (if consented) Google Analytics 4

We may also disclose personal data if required by law or to protect our rights, users, and services (e.g., in response to lawful requests by authorities).

8) International transfers

Some service providers (including Google and potentially Microsoft/Zendesk depending on configuration) may process data outside the EU/EEA. When personal data is transferred outside the EU/EEA, we use appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and, where relevant, supplementary measures.

9) Retention (how long we keep data)
We keep personal data only as long as necessary for the purposes described in this policy:

  • Support inquiries (Zendesk/Outlook): retained for up to 24 months after the case is closed, unless a longer period is required by law or needed to handle disputes.
  • Website server logs: retained for up to 30 days for security and troubleshooting.
  • GA4 analytics data: retained for up to 14 months according to our GA4 settings, and used in aggregated form where possible.
  • App data: stored locally on the user’s device and/or connected equipment unless the user chooses to share it with us (e.g., by emailing exported files for support).

10) Security

We use appropriate technical and organizational measures to protect personal data. However, no method of transmission or storage is completely secure.

11) Your rights

Subject to applicable law, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion
  • Object to processing based on legitimate interests
  • Restrict processing
  • Data portability (where applicable)
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us at support@winnscandinavia.com.

You also have the right to lodge a complaint with a supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY).

12) Children

Our Service is not directed to children under 13, and we do not knowingly collect personal data from children.

13) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date.

14) Contact

Winn Scandinavia AB
Idrottsvägen 37
702 32 Örebro, Sweden
Email: support@winnscandinavia.com

This website uses cookies, including third party cookies, to improve user`s browsing and our services. If you continue on this site, you accept our use of cookies.

Accept & close