1. LEGAL BASIS FOR PROCESSING PERSONAL DATA
We shall process your personal data for the following reasons:
– The execution of contracts or precontractual obligation, which you are party to.
– Complying with our legal obligations.
– Marketing and other business legitimate interests.
2. LEGITIMATE INTERESTS
Legitimate interests include the following:
– Sending our newsletter to our customers from whom we have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service.
– Collection of personal data to provide you with best possible customer experience.
– Operational requirements necessary for internal processes.
– Fulfilling your requirements or requests regarding our services and products.
– Fraud prevention.
– Protecting our rights, employees, and property.
3. PURPOSES OF PERSONAL DATA PROCESSING
– Online purchases (when you place an order or ask for a refund).
– Direct marketing (when we send our newsletters).
– Administration of user accounts.
– Enforcing our Terms and Conditions.
– Communication through our email, contact forms, social networks, or Customer Care.
– Managing subscriptions to our Blog.
This means that we want to provide you the most optimal and personalized service possible. Of course, we keep your privacy in mind. We will retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in. We will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive.
4. Why we use your personal data
– Processing, analysing and delivering your purchases.
– Taking payments and making refunds.
– Sending you service messages by SMS, email or otherwise.
– Providing customer care services and support, handling returns, warranty claims.
– All forms of fraud detection and prevention.
– Security and Protecting our website/IT systems.
– Showing you our advertisements while you browse the web.
– Providing you with information about our products and services, promotions, discounts and news regarding your preferences and wishes.
– Improving our website.
5. MARKETING ACTIVITIES
We process personal data when you subscribe to our newsletter, event, Blog, or you purchase our products. For this purpose, we process data, such as, name, surname, country, email address. If you give us your consent for receiving our newsletter, we use Mailchimp services. We process data regarding opening e-mails, bounce rate, clicks, subscription, news segments. We segment buyers according to previously bought products, gender, country.
Based on our legitimate interest (so called, soft opt-in), we send our newsletter to our customers who made a purchase of our product using Omnisend services.
If you contact us through webforms on our website, through an e-mail, phone, or social network profile we will process data from contact form and a message based on our legitimate interest to connect and communicate with potential customers.
In any case you can object to direct marketing activities, and you may unsubscribe from our newsletter by clicking the link in our email or responding to us with your claim. In such case we will stop with marketing activities and store your data in an unsubscribed list for 5 years from the day of unsubscribing, based on our legitimate interest to prove facts on compliance steps we need to take.
Based on our legitimate interest to protect our employees, customers, business associates, and our property we process personal data, such as log files, IP address, traffic data, metadata, incident reports, data from data breaches.
In case of personal data breach, we perform risk assessment and based on this assessment we will inform supervisory authority and data subjects.
Since no means of security, transmission or storage is 100% secure, we cannot guarantee absolute security, but we do use applicable technical and organizational security measures. We use access control, encryption and hashing of passwords, including industry standards authentication practices SSL and 2-factor authentication. We protect our IT systems from brute-force attacks by limiting the number of log-in attempts from a single IP address. We track logs and we make regular backups.
7. TYPES OF PERSONAL DATA
– Identity and contact information (email address, first name, last name, address, phone number, password).
– Financial and transaction information (cardholder data, details about payments provided by 3rd party payment processors, shipping, and billing address, order ID, payment method, order details, tracking ID, tax ID – if required by law, IP address).
– Profile information (user profile ID, first name, last name, email address, password, gender, time zone, date of birth, orders, reviews).
– Facebook account contact details if you choose this type of log in.
– Shipping information and billing information (country, first name, last name, address, house/apartment No., postal code, city, phone number, tax ID – if required by law, IP address).
– Warranty claims (proof of purchase, invoice number, image, or video of the product, tracking ID number, user address, shipping data).
– Technical information (IP address, your login data, browser info, time zone, language, browser plug-in types and versions, operating system, and other technology on the devices you use to access our website).
– Marketing and communications information (email address, first name, last name, gender, time zone, region, country, purchase date, IP address, order date, product purchased, subscription source, language, order ID, user ID, cookie ID, website visits, subscription date, last change date).
8. DATA ABOUT MINORS
We do not knowingly collect or solicit personal data from anyone under the age of 13. Do not use our sites if you are under age of 13. If we learn that we have collected information from a child under the age of 13, we will delete this information as soon as possible.
If you believe that we might have any information from or about a child under 13, please contact us by sending an e-mail to the email address, or contact forms, as communicated to you on our sites.
Minors may not make purchases through our sites unless they have appropriate permission and are under the direct supervision of their parent or legal guardian who owns the account. All financial information on the account, such as a credit card or PayPal account, must be that of the parent or legal guardian.
In accordance with the UK General Data Protection Regulation (UK GDPR), in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 13 years old. Where the child is below the age of 13 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
9. HOW LONG WE KEEP YOUR PERSONAL DATA
We will keep your personal data for as long as you have your account, or if it is needed to be able to provide services to you, including product warranty lasting, or (in the case of any contact you may have with our Customer Care) for as long as is necessary to provide support-related reporting.
We may keep some of your personal data, if required so by law, even after your account has been closed and we no longer need to provide any services to you. For the general business activities, we keep the data for 6 years, and we keep accounting and financial records for 6 years from the end of the last company financial year for which data relates to. In some cases, where the law does not define maximum data retention period, we keep some personal data based on legitimate interest, in case we need to defend our claim at court or some other public authority, in accordance with statutory limitations periods. If you wish to close your registered profile, please contact our customer support.
10. SHARING YOUR DATA WITH THIRD PARTIES
We share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
– Affiliated companies and processors – based on fulfilment of the purchase agreement or to perform internal processes and procedures.
– Companies issuing credit cards, providers of payment services to process payments and banks, based on your order to fulfil a purchase agreement.
– Carriers to deliver your order or services. We use logistics services from MOTUS EUROPE d.o.o. and BROZ Inc.
– Third parties, such as law enforcement agencies, other governmental agencies, and related parties, if we are required by law to do so.
– Data processors – we share personal data with authorised data processors for providing IT support, accounting, legal, HR, marketing and sales services. For this type of activities. We also use Zendesk services, as data processor, for chat and customer support. We send to all our customers automatic emails regarding their purchase through Mandrill Mailchimp add-on.
– Network operators and/or other communications service providers – when necessary for the set-up of proper routing and connectivity.
– Third-party service providers – to the extent strictly necessary for them to perform specific actions on our behalf. We may share personal data with our trusted and verified third-party service providers for example to enable them to process payments for us or to prevent fraud.
– Relevant legislation – in case we are presented with a legal obligation, we will share the data from users with such third parties that are legally entitled and authorized to request the same, such as within criminal procedures or threats to the public security.
– Mergers and acquisitions – in accordance with the applicable law, personal data may be transferred to data recipients who are in the process of buying our company (for example, in case of due diligence process), or personal data can be transferred to a company which merged with our company or to company who bought partially or in whole our company in case of business acquisitions or resolution/bankruptcy proceeding.
11. PAYMENT METHODS
12. WHAT ARE YOUR RIGHTS
– The right to access personal data we hold about you. You have the right to request information about personal data we hold about you.
– The right to portability. You have the right to get a copy of your data in a structured, commonly used, and machine-readable format transferred to you or to another data controller.
– The right to rectification. You have the right to request rectification of your personal data if it is incorrect, including the right to have incomplete personal data completed.
– The right to erase. You have the right to request that we delete, stop processing or collecting any personal data in accordance with the relevant law.
– The right to object to processing of personal data that is based on legitimate interest.
– The right to object personal data processing.
You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes.
In case we use your personal data based on your consent, you are entitled to withdraw that consent at any time subject to applicable law. We rely on you to ensure that your personal data is complete, accurate and current. Please inform us of any changes to or inaccuracies of your personal data by contacting us immediately.
If you would like to exercise your rights, require assistance, file a complaint, or just have any questions, please do not hesitate to contact us on email@example.com.
You have right to file a complaint to data protection supervisory authority:
Swedish Authority for Privacy Protection
Integritetsskyddsmyndigheten, Box 8114
104 20 Stockholm
Information Commissioner’s Office
Telephone: 0303 123 1113
13. BREXIT NOTICE
From 1 January 2021, the UK is no longer considered as an EU Member State and UK GDPR started to apply. Based on the agreement between the UK and the EU, until 2025 all the personal data transfers from the EU to the UK are not considered as transfers to a third country. For the transfer from the UK to the EU, UK finds this transfer as transfer with adequate protection, so currently there are no additional requirements needed for such personal data transfers.