Cookie Policy
Wisdom of Soma
Operated by EstEye AB (Reg. No. 559357-4865)
Lillängvägen 8B, 83772 Duved, Sweden
Last updated: 27.02.2026
1 | Controller Information
This website is operated by EstEye AB, a company duly incorporated and registered under the laws of Sweden with company registration number 559357-4865. Throughout this Policy, references to “the Company”, “we”, “us”, or “our” refer to EstEye AB in its capacity as the operator of the Wisdom of Soma website and related digital services.
For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation – GDPR) and applicable Swedish data protection legislation, EstEye AB acts as the data controller in relation to personal data collected through cookies and comparable technologies deployed on this website. As data controller, the Company determines the purposes and means of such processing and is responsible for ensuring that any collection, storage, or use of personal data via cookies is carried out in accordance with applicable EU and Swedish legal requirements.
Where third-party technologies are used in connection with website functionality, analytics, or marketing integrations, such providers may act either as data processors on our behalf or, in certain circumstances, as independent data controllers under their own privacy frameworks. In all cases, the Company seeks to ensure that appropriate contractual, technical, and organisational safeguards are in place to maintain compliance with European data protection standards.
2 | Legal Framework
The use of cookies and comparable technologies on this website is regulated by European Union data protection and electronic communications law, as implemented in Sweden. In particular, the processing of personal data through cookies is subject to Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), while the storage of or access to information on a user’s device is governed by Directive 2002/58/EC (the ePrivacy Directive), as transposed into Swedish legislation, including the Swedish Electronic Communications Act.
Under this legal framework, storing information on, or retrieving information from, a user’s device is permitted only in clearly defined circumstances. Cookies that are strictly necessary for the technical provision of a service explicitly requested by the user may be used without consent. All other cookies – including those used for analytics, functionality enhancement, or marketing purposes – require prior, informed, and freely given consent before activation.
In practice, this means that non-essential cookies are not placed on your device unless and until you have provided a clear affirmative indication of consent. The Company applies a consent-based model consistent with EU regulatory guidance, ensuring that users are able to make an informed choice and retain meaningful control over the use of non-essential tracking technologies.
3| What Are Cookies?
Cookies are small text files that are placed on your device when you access a website. They enable the website to recognise your device, retain certain information about your interaction, and ensure consistent functionality across visits. Depending on their purpose and configuration, cookies may store technical data, user preferences, session identifiers, or information relating to website usage.
In addition to traditional browser cookies, websites may use comparable technologies that operate in a similar manner. These may include local storage mechanisms, session storage technologies, tracking pixels, embedded scripts, and other digital identifiers capable of storing or retrieving information from your device. While these technologies may differ in technical structure, their functional purpose is broadly similar.
For clarity and consistency, this Policy uses the term “cookies” as a collective reference to cookies and all comparable tracking or storage technologies that involve storing information on, or accessing information from, your device.
4 | Categories of Cookies
Depending on the functionality of the website and the services offered, different categories of cookies may be used. These categories reflect the purpose and legal basis under which the cookies operate.
4.1 Strictly Necessary Cookies
Strictly necessary cookies are essential for the technical operation, security, and stability of the website. They enable fundamental functions such as secure access to certain areas of the site, page navigation, system performance management, network integrity, and protection against fraudulent or malicious activity. Without these cookies, the website cannot function in a secure and technically reliable manner.
Because these cookies are indispensable for providing the website service explicitly requested by the user, they are permitted under applicable law without the need for prior consent.
4.2 Functional Cookies
Functional cookies enhance usability by remembering certain choices or preferences made by the user, such as language selection, interface customisation, or previously entered settings. These cookies improve the user experience by enabling a more personalised and consistent interaction with the website.
Where functional cookies are not strictly necessary for the operation of the website, they are activated only after the user has provided consent, in accordance with applicable European data protection and electronic communications law.
4.3 Analytics Cookies
Analytics cookies are used to collect aggregated information about how visitors interact with the website. This may include data relating to device type, browser configuration, pages visited, duration of visits, navigation paths, and general usage patterns.
The purpose of analytics cookies is to better understand website performance, improve content structure, enhance usability, and optimise technical functionality. Analytics data is used for statistical and performance analysis only and is not intended to identify individual users directly.
Analytics cookies are deployed only after the user has provided prior consent. They are not activated automatically upon entry to the website.
4.4 Marketing or Tracking Cookies
Marketing or tracking cookies may be used to measure the effectiveness of communications, analyse engagement patterns, or deliver content that is relevant to user interests. These technologies may involve tracking user interactions across different websites or digital environments.
Where implemented, such cookies are used exclusively on the basis of explicit and informed consent. No marketing or tracking cookies are activated unless the user has actively agreed to their use via the consent management interface.
At present, the Company does not actively deploy advertising tracking technologies unless and until they are explicitly implemented and disclosed through the consent banner.
5 | Legal Basis for Processing
Where cookies involve the processing of personal data, such processing is carried out in accordance with the legal bases established under the General Data Protection Regulation (GDPR).
For all cookies that are not strictly necessary for the operation of the website, the legal basis for processing is the user’s consent pursuant to Article 6(1)(a) GDPR. Consent is obtained through a clear affirmative action via the website’s consent management interface and is provided on a voluntary, specific, informed, and unambiguous basis. No non-essential cookies are activated prior to the user’s expression of consent.
For cookies that are strictly necessary for the technical operation, security, and integrity of the website, the storage of or access to information on the user’s device is carried out in accordance with the exception for strictly necessary technologies under applicable electronic communications legislation.
Where such cookies involve the processing of personal data, the legal basis under Article 6 GDPR may additionally be Article 6(1)(f), namely the Company’s legitimate interest in ensuring the secure, stable, and technically functional delivery of its online services.
Such cookies are limited to what is objectively necessary to provide the website service explicitly requested by the user and are not used for tracking, profiling, or marketing purposes.
Consent may be withdrawn at any time through the cookie settings interface available on the website. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
6 | Consent and Withdrawal
Upon your initial visit to the website, you are presented with a consent management interface designed to ensure compliance with applicable EU data protection and electronic communications legislation. This interface provides you with a genuine choice regarding the use of non-essential cookies and similar technologies.
You are given the option to accept all cookies, reject non-essential cookies, or customise your preferences by category. No cookies that are not strictly necessary for the technical operation of the website are placed on your device unless and until you have provided prior consent through a clear affirmative action.
Consent is granular, specific, and informed. You may choose to consent to certain categories of cookies while declining others. Your preferences are recorded and can be adjusted at any time.
You retain the right to withdraw or modify your consent at any moment by accessing the cookie settings link available on the website. Withdrawal of consent will apply going forward and will not affect the lawfulness of any processing carried out prior to the withdrawal.
The Company does not condition access to the website on consent to non-essential cookies, except where certain functionalities inherently require the use of specific technologies to operate.
7 | Third-Party Technologies
The website operated by EstEye AB may integrate services provided by carefully selected third-party technology providers in order to ensure secure hosting, analytics functionality, payment processing, marketing integrations, content delivery, email distribution, or other elements of technical infrastructure necessary for the operation of the website and the delivery of services.
Where such third-party providers deploy cookies or similar tracking technologies, or otherwise process personal data collected via cookies, their role is determined on a case-by-case basis in accordance with applicable data protection law. In certain instances, the provider acts as a data processor on behalf of the Company pursuant to Article 28 GDPR and processes personal data strictly in accordance with documented instructions and a data processing agreement. In other cases, the provider may act as an independent data controller, determining its own purposes and means of processing under its respective privacy policy.
Where third-party providers qualify as independent controllers, users are encouraged to review the relevant provider’s privacy documentation to understand how personal data is processed in that context.
If the use of third-party services involves the transfer of personal data outside the European Economic Area (EEA), such transfers are carried out in compliance with Chapter V GDPR. Appropriate safeguards may include adequacy decisions adopted by the European Commission, the use of Standard Contractual Clauses (SCCs), or other legally recognised transfer mechanisms designed to ensure an equivalent level of data protection.
The Company seeks to ensure that any third-party integration maintains a standard of data protection consistent with applicable EU and Swedish data protection requirements.
8 | Retention
Cookies deployed through this website may operate either on a session basis or as persistent identifiers. Session-based cookies are temporary in nature and are automatically deleted when you close your browser. Persistent cookies remain stored on your device for a defined period, or until they are manually deleted, depending on their technical configuration and intended function.
The duration for which a cookie remains active varies according to its purpose, category, and the specific service provider implementing it. Strictly necessary cookies are retained only for as long as required to ensure the technical functionality, security, and stability of the website. Analytics and marketing cookies, where used, are retained in accordance with the predefined retention settings configured within the relevant service provider’s platform, subject to applicable legal limitations.
Personal data collected through cookies is retained only for as long as necessary to fulfil the specific purpose for which it was collected, including for security, performance analysis, user preference management, or compliance with legal obligations. Once the relevant purpose has been fulfilled, or where consent has been withdrawn and no other lawful basis applies, the associated data is deleted or anonymised in accordance with applicable data protection requirements.
The Company periodically reviews cookie configurations and retention settings to ensure that storage periods remain proportionate and aligned with the principles of data minimisation and storage limitation under Article 5(1)(c) and (e) GDPR.
9 | Your Rights
To the extent that cookies or similar technologies involve the processing of personal data, you are entitled to exercise the rights granted to you under Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
Subject to the conditions and limitations set out in applicable law, you have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, to obtain access to such data (Article 15 GDPR). You may request rectification of inaccurate personal data and completion of incomplete data (Article 16 GDPR). Where legally applicable, you may request the erasure of personal data (Article 17 GDPR) or the restriction of processing (Article 18 GDPR).
You also have the right to object to processing carried out on the basis of legitimate interests (Article 21 GDPR) and, where processing is based on consent or contractual necessity and carried out by automated means, to request data portability (Article 20 GDPR).
Where the legal basis for processing is consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY), which acts as the competent supervisory authority in Sweden. You may also lodge a complaint with the supervisory authority in your country of residence within the European Union, where applicable.
Requests relating to data protection rights may be submitted using the contact details provided in this Policy. The Company reserves the right to verify the identity of the requester before responding, in order to protect personal data from unauthorised access.
10 | Changes to This Policy
This Cookie Policy may be updated from time to time in order to reflect changes in applicable legislation, regulatory guidance, technical configurations, third-party service integrations, or the operational structure of the website.
Where material changes are made that significantly affect the way cookies are used or personal data is processed, the Company will take appropriate steps to ensure transparency, which may include updating the “Last updated” date and, where legally required, requesting renewed consent.
The most current version of this Cookie Policy will at all times be available on the website. Users are encouraged to review this Policy periodically to remain informed about how cookies and similar technologies are used.
Continued use of the website following the publication of an updated version of this Policy shall be understood as acknowledgment of the revised terms, without prejudice to any requirement to obtain fresh consent where mandated by applicable law.
11 | Contact
If you have any questions regarding this Cookie Policy, the use of cookies and similar technologies, or the processing of personal data in connection with the website, you may contact the Company using the details below:
EstEye ABLillängvägen 8B83772 DuvedSwedenEmail:
olga@wisdomofsoma.co
Correspondence relating to data protection rights, consent withdrawal, or supervisory authority matters should be submitted in writing. For security and confidentiality purposes, the Company may request verification of identity before disclosing personal data or acting upon certain requests.
The Company is committed to addressing data protection inquiries in a timely and transparent manner in accordance with applicable Swedish and European Union data protection legislation.