Introduction
This privacy policy (“Policy”) describes how Ollivin Stockholm AB, org. no. 559139-8432 (“we”, “our” and “us”), with address Fridhemsgatan 41, 11246 Stockholm, processes personal data.
We protect your personal privacy and make sure that you feel safe with our processing of your personal data. In this Policy, we have therefore collected information on how we process the personal data that you have provided to us in connection with your use of our services and the personal data we have otherwise gained access to. Regardless of whether you as a customer have used our services in Sweden, Norway or Finland, we process your personal data in our capacity as personal data controller. This means that we have an obligation to ensure that the processing takes place in accordance with this Policy and at any time applicable personal data legislation.
The Policy describes the categories of personal data we process, the purposes for which we process the data and the legal basis on which we base the processing. We also explain where we have obtained the information from, who may have access to and process it, the principles of thinning, which third parties we may share the personal data with, where the personal data is processed and your rights as registered in the form of right to information, correction and deletion etc. We ask you to carefully read the Policy and familiarize yourself with the content as it is applied in all our processing of personal data.
It may be helpful for you to keep in mind that this Policy applies only to our site and mobile application, which means that when you link from our site or mobile application to another site, the privacy policy of the other site applies. We therefore do not take responsibility for other websites’ processing of your personal data.
We may need to update or change the Policy from time to time. If this happens, we will inform you in an appropriate manner and ask you to take note of the changes that have been made. You will always find the latest version of the Policy on our website.
We hope that the Policy answers your questions about our processing of and protection of your personal data. If you have further questions or concerns, you are always welcome to contact us at the address above or via info@dacilia.se
2 . How we process your personal data
This section describes which categories of personal data we process, for what purposes we process them, which treatments are performed, what legal basis we support the processing on and during which time the data is stored.
2.1 Where do we collect personal data from?
We process personal data that you provide to us when you e.g. create a user account with us, buy goods via our website, initiate a customer service case or sign up for our newsletter.
We also process personal data that we collect from our payment service provider (a so-called third party) in connection with you making a purchase with us, personal data that we receive from general registers and personal data generated when you use our services online or via our mobile application, such as your IP address and browser settings etc.
2.2 What personal data do we process and why?
- To manage user accounts
Purpose
– To be able to create and administer user accounts, including e.g. to grant permission to log in to your user account, offer you functions that make it easier for you to use our services (including placing orders and buying goods) and view your order history.
Treatments performed
– Collection and storage of personal data in our business systems, backup systems and other online storage facilities.
Categories of personal data
– User name.
– Email address.
– Customer type (private person / company).
– Where applicable, name, telephone number and country.
– Password.
Date of creation of user account.
– Order information, e.g. information about ordered goods (such information is also processed when you place an order and are not logged in via your user account).
– Payment, purchase and order history.
Legal basis: For active customers: The processing is necessary for the fulfillment of agreements on the purchase of goods from us.
For inactive customers: Balancing of interests. The processing is based on our legitimate interest in administering user accounts and providing our services.
Storage period: Three (3) years from the creation of the user account or your most recent purchase, after which your user account will be terminated and your information will be deidentified or deleted. If your user account is terminated on your own initiative, your information will be deidentified or deleted within seven (7) days of the request.
- To handle orders / purchases etc.
Purpose
– To be able to handle your orders / purchases (including sending order confirmations, announcing deliveries, delivering your ordered / purchased goods and handling contacts in connection with delayed deliveries).
– To be able to handle your complaints, complaints and warranty matters regarding ordered / purchased goods.
– To be able to carry out invoicing.
– To be able to prevent misuse of our, our suppliers ‘or partners’ services or to prevent, prevent and investigate crimes.
– To be able to establish your placed orders (by order number or social security number).
– To be able to ensure our operational reliability and our ability for system recovery.
Treatments performed
– Collection and storage of personal data in our business systems, backup systems and other online storage facilities.
Sending order confirmations, notification of delivery and correspondence in connection with delayed delivery.
– Transfer of personal data to freight forwarders and transport companies.
Categories of personal data
– Name.
– User name.
– Social security number.
– Contact details (such as address, delivery address, e-mail address, telephone number and port code).
– Order number.
– Order information, e.g. information about ordered goods.
– Customer type (private person / company).
– Payment, purchase and order history.
Legal basis: The processing is necessary for the fulfillment of an agreement on the purchase of goods from us. In other cases, the processing is necessary for us to be able to fulfill a legal obligation or to satisfy our legitimate interest in being able to prevent misuse of our, our suppliers ‘or partners’ services or to prevent, prevent and investigate crimes, or so that we can otherwise safeguard legal interests.
Storage period: We store your personal information for as long as it is necessary for us to be able to fulfill our agreement with you, however no longer than three (3) years from your last purchase. If, in accordance with, for example, the Accounting Act, we are obliged to save the information for a longer period of time, we may do so, the information is then saved for a maximum of seven (7) years after the end of the calendar year in which the financial year ended.
- To handle customer service matters etc.
Purpose
– To be able to communicate with you and answer the questions you ask us via e-mail, telephone, our chat function or Facebook.
– To be able to secure your identity.
– To be able to prevent misuse of our, our suppliers ‘or partners’ services or to prevent, prevent and investigate crimes.
– To be able to establish your placed orders (by order number or social security number).
– To be able to handle your complaints, complaints and warranty matters regarding ordered / purchased goods.
Treatments performed
– Collection and storage of personal data in our business systems, backup systems and other online storage facilities.
Categories of personal data
– Name.
– Username and password (eg for support in case of login problems).
– Social security number.
– Contact details (such as address, e-mail address and telephone number).
– Order number.
– Order history, e.g. information about ordered goods.
– Customer type (private person / company).
– Photographs that you have sent to customer service.
– Your correspondence with us.
– Health data when you leave it to us and it is necessary to handle your customer service matter. It can e.g. concern information about an allergic reaction and / or health condition. We never request health data from you, but process such information only if you have provided it to us on your own initiative.
Legal basis: The processing is based on our legitimate interest in helping you if you have questions regarding or complaints about purchased goods or problems with the use of our services. In other cases, the processing is necessary to satisfy our legitimate interest in being able to prevent misuse of our, our suppliers ‘or partners’ services or to prevent, prevent and investigate crimes, or in order for us to otherwise be able to safeguard legal interests.
Storage period: We only store your personal information for as long as it is needed to be able to handle your customer service case, however no longer than one (1) year from the time your case is closed. If the information is needed to be able to handle your complaints, complaints and warranty matters regarding ordered / purchased goods, they may be stored longer, however, for a maximum of three (3) years from the purchase to which the information relates.
- To market our products and services etc.
Purpose
– To be able to send direct marketing (such as newsletters) via mail, e-mail, text message, social media or other similar electronic channels for communication.
– To be able to carry out targeted marketing campaigns (such as personal offers, benefits or gifts).
– To be able to analyze your buying habits in order to provide you with relevant information and marketing.
Treatments performed
– Collection and storage of submitted personal data in our business systems, backup systems and other online storage facilities.
– Transfer of data to third-party suppliers for e.g. direct marketing mailings and targeted marketing campaigns.
Categories of personal data
– Name.
Address.
– Email address.
– Mobile number.
– Gender.
– Date of birth.
– Name day.
– Purchase and order history.
– Search history
Legal basis: Balancing of interests. Our legitimate interest in being able to market our products and services and conduct customer surveys.
Storage period: For active customers: We store your personal data for marketing purposes as long as the customer relationship lasts or until you request that the marketing ceases, but no longer than one (1) year after your last purchase.
For people who have signed up to receive newsletters / marketing mailings: We store your personal information for marketing purposes until you request that the marketing cease.
Based on the information we collect about you and your purchases as well as other customers with similar buying behavior, we make an analysis at the individual level. The analysis will form the basis for the targeted offers, for example within special product categories, that you can get. Different customers can therefore receive different benefits and offers, for example, you who buy products with organic labeling can get extra offers on organic products.
Please note that you as a customer always have the right to object to your information for direct marketing purposes. For more information about your rights, see section 2.4 below.
- To evaluate, develop and improve our services etc.
Purpose
– To be able to evaluate the use of, develop and improve our services as well as our website and mobile application.
– To be able to conduct customer surveys.
Treatments performed
– Analyzes in aggregate form of the technical information provided when visiting the website and the mobile application, regarding e.g. how our customers use our web pages, our mobile application and other digital channels (including which pages or part of pages visited, how visitors reach and leave the service and which searches visitors have made on our pages and via our mobile application).
– Transfer of data to third party suppliers for conducting customer surveys.
Categories of personal data
– Technical information regarding devices (eg mobile, computer or tablet) used when visiting our website and mobile application (eg IP address) as well as statistics on how you have interacted with us, ie. how you have used our website and mobile application.
– Results from customer or market research including individual customer feedback.
E-mail address (for conducting customer surveys).
Legal basis: Balancing of interests. The treatment is based on our legitimate interest in being able to evaluate the use of and improve our services and our website and our mobile application.
Storage time: The technical information about how visitors interact on our website and mobile application is stored for a maximum of ninety (90) days from the visit.
2.3 Direct marketing
We may use your personal data for direct marketing via electronic means if you have previously shopped with us or if you have consented to such marketing. Direct marketing refers to all types of outreach marketing measures, e.g. mailing via e-mail and sms. You have the right to object free of charge to your information being used for such purposes and every mailing from us for marketing purposes contains an option for deregistration, so-called opt-out. If you choose to unsubscribe from further mailings, we will make a note in our business systems to stop directing marketing to you.
3 . The protection of your personal data
We have taken a number of security measures to ensure that our processing of personal data takes place in a secure manner and to protect the personal data we process against illegal access, unauthorized processing and misuse. For example. access to the systems in which personal data is stored is limited to our employees and service providers who need to access the data within the framework of their tasks. These are also informed about the importance of maintaining the security of personal data. We also continuously monitor our systems to detect vulnerabilities and to protect your personal data.
4 . Who can we share your personal information with?
In order for us to be able to offer our services and send out marketing, we share your personal information with third parties. The following applies to this.
a) Service providers that we use in certain parts of the business, including the processing of personal data; We share personal information with these suppliers for mainly IT operations services (such as data storage, support, maintenance and development), communication services, as well as marketing services such as conducting customer surveys and administering marketing mailings.
b) Suppliers and partners in payment services, transport services, inventory management, delivery planning and delivery information services; We share personal information with these suppliers and partners in order to be able to deliver your ordered / purchased goods, but also to prevent misuse of our, these suppliers ‘and partners’ services or to prevent, prevent and investigate crimes.
c) IT security providers; We share personal information with IT security providers when this is necessary by law, to protect you or our customers and partners or to protect our services.
d) Advisors and potential buyers of our business; If all or parts of Dacilia´s business is sold or integrated with other business, your personal information can be provided to our advisers as well as any buyers and their advisers.
e) Government agencies (such as the Police, the Tax Agency and other agencies); We share personal information with authorities if we are required to do so by law or in case of suspicion of crime.
Most of the third parties with whom we share personal data as described above constitute in relation to us so-called personal data assistants. These may only process the transferred data on our behalf and in accordance with our express instructions. We only transfer your personal data to such personal data assistants for purposes that are compatible with the purposes for which we have collected the data and we ensure through written agreements with the personal data assistants that they undertake to comply with our security requirements and restrictions and international data transfer requirements.
Authorities and in some cases also companies to which we transfer personal data in accordance with the above may be independently responsible for personal data for the transferred data. When your personal data is transferred to someone who is an independent person responsible for personal data, we do not control how the data is then processed, but the responsibility for this then falls on the authority or company to which the transfer took place, involving e.g. that the authority or company is obliged to inform you about its processing of your personal data and to ensure that the processing is legal.
5 . Where we process your personal data
We aim to always process your personal data within the EU / EEA where all our own IT systems are located. However, it may happen that your personal data is shared with personal data assistants who are either themselves or through subcontractors established or store information in a country outside the EU / EEA. In such a case, we will take all reasonable legal, organizational and technical measures required to ensure that the level of protection for that treatment corresponds to that within the EU / EEA. This will be done either through a decision by the European Commission that the country in question ensures an adequate level of protection or through the use of appropriate protection measures such as standard contract clauses or approved codes of conduct in our agreements with such personal data assistants.
You can read more about which third countries the European Commission has assessed to ensure an adequate level of data protection at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en .
6 . Your rights as registered
This section describes your rights as a registrant. You can always assert these rights by contacting info@dacilia.se
6.1 The right of access
If you want information about what personal data we process about you, you can request access to the data. The information will then be provided in the form of a register extract that states which personal data we process, for what purposes we process them, where the data was obtained from, which third parties the data has been transferred to and how long the data will be stored. If your request is made in electronic form, the information will be provided in an electronic format that is widely used, unless you request otherwise.
6.2 The right to rectification
You have the right to receive incorrect information about you corrected without delay. You also have the right to complete incomplete information.
6.3 The right to delete
You have the right to have your personal data deleted without delay if any of the following occurs:
(a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) you withdraw your consent to a treatment based on consent and there is no other legal basis for the treatment;
c) you object to a treatment based on a balance of interests and your reason for the objection outweighs our legitimate interest;
d) the personal data has been processed illegally;
e) personal data must be deleted in order for us to fulfill a legal obligation.
6.4 The right to limit treatment
You have the right to request that the processing of your personal data be restricted if any of the following options apply:
- a) you dispute the accuracy of the personal data for a period of time which gives us the opportunity to check whether the data is correct;
b) the processing is illegal and you object to the data being deleted and instead request a restriction on their use;
c) we no longer need the personal data for the purposes of the processing but you need them to be able to establish, assert or defend legal claims;
d) you have objected to a treatment based on a balance of interests and we check whether our justified reasons outweigh your justified reasons.
If the processing has been restricted in accordance with this paragraph, such personal data for which the processing shall be restricted may, with the exception of storage, only be processed to establish, assert or defend legal claims or to protect third party rights or reasons relating to an important public interest for the EU or for an EU Member State.
6.5 The right to object to the processing of personal data for direct marketing
You also have the right to object to your personal data being processed for direct marketing. This right to object also includes the analyzes of personal data (so-called profiling) that are performed for direct marketing purposes.
6.6 The right to data portability
In cases where our processing of personal data takes place automatically and is based on your consent or fulfillment of an agreement, you have the right to request that the data concerning you and which you have provided to us be provided to you or transferred to another personal data controller in a structured, widely used and machine readable format. A prerequisite for this, however, is that the transfer is technically possible.
6.7 Withdrawal of consent
In cases where our processing of your personal data is based on your consent, you always have the right to revoke your consent at any time. Such withdrawal of consent does not affect the legality of treatment that took place on the basis of your consent before it was withdrawn. If you revoke your consent, we will no longer process the personal data based on the consent, unless we are legally obliged to continue to process it. Should it be the case that our legal obligations prevent us from deleting your data, we will instead mark them so that they are no longer actively used in our systems.
You can send an e-mail to info@dacilia.se at any time to revoke your consent. We will respond to your request promptly.
6.8 The right to lodge a complaint
If you believe that we are processing your personal data incorrectly, you can, in addition to contacting us, file a complaint with the competent supervisory authority in the country where you reside.
7 . The use of cookies
On our website and mobile application, we use so-called cookies to improve your website search (both on our website and mobile application), our services and our website and mobile application. A cookie is a text file that is sent from our web server and that is saved on your browser or device (eg mobile, computer or tablet). We also use cookies for overall analytical information regarding your use of our website and mobile application and to save functional settings. You have the opportunity to change the settings in your browser or device for the use and scope of cookies. Examples of such adjustments are blocking all cookies or deleting cookies when you close your browser or our mobile application.
Read more about our use of cookies in our Cookie Policy