Where are you shopping from?

Send to

Language

Checkout
Favourites

Privacy Policy

Mille Notti AB ("Mille Notti") processes your personal data when you visit our website, contact us, make a purchase, subscribe to our newsletters, or participate in any of our competitions. In this policy, we inform you about how we process your personal data and what rights you have in relation to the processing of your personal data.

If you have any questions regarding our processing of your personal data or if you wish to exercise any of your rights, you can contact us at our email address online@mille-notti.com or call us on +46 8 7000001. Our postal address is Mille Notti AB, Södra Fiskartorpsvägen 30, 114 33 Stockholm.

Summary: How do we process your personal data?

Our detailed description of the processing of personal data has been divided so that you can read about what applies specifically to you by clicking on the links above

Below you can read more about:

Who is responsible for the processing of personal data?

What rights do you have?

Detailed description of how we process and store your personal data

Who has access to your personal data and why?

Legitimate interest

What rights do you have when we process your personal data?

Who is responsible for the processing of personal data? 

Mille Notti AB, with registration number SE556428-2738, is responsible for the processing of your personal data as described in this privacy policy as the data controller.

If you have any questions regarding our processing of your personal data or if you wish to exercise any of your rights, you can contact us at our email address online@mille-notti.com or call us on +46 8-700 00 01.. Our postal address Mille Notti AB, Södra Fiskartorpsvägen 30, 114 33 Stockholm. 

What rights do you have? 

In accordance with data protection legislation, you have certain rights in relation to our processing of your personal data. If you have any questions about these rights or wish to exercise any of them, you are welcome to contact us using the contact details provided above. More detailed information about your rights is provided below.

  • Right to withdraw your consent

    You have the right to withdraw all or part of the consent you have given to us when consent is the legal basis for our processing of your personal data.

  • Right to object

    You always have the right to object to the processing of your personal data for marketing purposes and profiling, such as newsletters and personalized marketing. Read more about profiling below. You also have the right to object at any time to the processing of your personal data based on a legitimate interest. Read more about what a legitimate interest entails below

  • Right of access

    You have the right to obtain confirmation of whether or not we are processing your personal data. If we are processing your personal data, you also have the right to receive information about how we process it and to obtain a copy of the personal data. 

  • Right to rectification

    You have the right to have any inaccurate personal data concerning you corrected and to have any incomplete personal data completed.

  • Right to erasure (right to be forgotten)

    You have the right to request the erasure of your personal data, for example, if your personal data is no longer necessary for the purposes for which it was collected.

  • Right to restriction

    You also have the right to request that we restrict the processing of your personal data, for example, if you contest the accuracy of the personal data or if the processing is unlawful.

  • Right to data portability

    You have the right to receive your personal data in a structured, commonly used, and machine-readable format from us, and you have the right to transmit those data to another controller where technically feasible (data portability). The right to data portability applies to personal data that you have provided to us, based on your consent or for the performance of a contract, and where the processing is carried out by automated means.

  • Right to lodge a complaint

    You always have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Data Protection Authority www.imy.se.

Detailed description of how we process and store your personal data

Here you can read more in detail about why we process your personal data, what categories of personal data we process, and the legal basis for the processing of your personal data. You can also learn about how long we store your personal data. 

When you visit our website

We analyze how our website is used and show you relevant offers on other sites you visit based on such analysis. We explain this in detail in the tables below. To protect your privacy, we have taken measures to avoid identifying you as a user of our website, for example, only an encrypted version of your IP address is stored, so we cannot trace who you are.

We receive your personal data from your device when you visit our website, as well as from our partners who use information they already have to perform analysis and show you relevant offers from us.

To collect personal data for analysis and marketing purposes as described below, we use cookies. In our cookie information text, we explain in more detail how this works.


Purpose: Analyzing how our website is used

Processing activities carried out:
Analyze how you use our website to improve our products and website. For this purpose, we use Google's analytics tool, Google Analytics.

The analytics service involves placing a unique ID on your device to distinguish visitors and identify patterns of website usage. However, we cannot see who you are.

The personal data we collect is processed to optimize functionality, loading speed, and customize the website to suit you as a visitor.

Personal data processed:

  • Encrypted IP address that cannot be linked to you by Mille Notti

  • Geographic location

  • Other information about how you use the website, such as clicks, device information, and the number of times you have visited the website

  • Information that Google has about you from previous interactions, such as the website from which you found us

Legal basis:
Consent (Article 6(1)(a) of the GDPR)

We obtain your consent to analyze how you use our website in order to provide you with a better experience.

You can avoid Google Analytics by downloading and installing this browser extension. 


Processing activities carried out:
Analyze how you use our website to improve our products and website. For this purpose, we use Hotjar's analytics services. 

The analytics service records or captures your activity on the website and creates activity maps to identify patterns of website usage. However, we cannot see who you are.

 The personal data we collect is processed to optimize functionality and customize the website to suit you as a visitor.

Personal data processed:

  • Encrypted IP address that cannot be linked to you by Mille Notti

  • Other information about how you use the website, such as what you click on and which pages you visit

Legal basis:
Consent (Article 6(1)(a) of the GDPR)

We obtain your consent to analyze how you use our website in order to provide you with a better experience.

You can learn how to avoid Hotjar tracking your activity here.


Storage period: The information will be stored for 12 months from your visit. 

The analytics services we use will continue to process your personal data as independent data controllers. You can learn about the storage periods for your personal data in their respective privacy policies.

Recipients of your personal data: Your personal data is shared with Google and Hotjar. Google and Hotjar act as independent data controllers for the processing they carry out and provide you with separate information on how they process your personal data.

Transfer outside the EU/EEA: [By sharing your personal data with Google and Hotjar, these personal data will be transferred to [specify country outside the EU/EEA]. When we transfer your personal data outside the EU/EEA, we do so based on the EU Commission's Standard Contractual Clauses (Article 46(1)(c) of the GDPR), Module Two. You can access the EU Commission's Standard Contractual Clauses here.]  


Purpose: Displaying relevant offers from us on other websites you visit

Processing activities carried out:

Market our products by showing offers and new products we believe may be of interest to you based on your browsing history with us. We display personalized marketing to you on Google, Facebook, Instagram, Pinterest, and other websites. We do this based on information that these parties have about you from previous interactions (referred to as profiling*). 

We may display offers using marketing services from Google, Meta, Match2One, and Pinterest.

Personal data processed:

  • Encrypted IP address that cannot be linked to you by Mille Notti

  • Geographic location

  • Which pages have you visited after clicking on our ad?


Afterwards, you will see search results and advertising banners based on:

  • Analysis of how and when you use our website, such as if you add items to the cart, make a purchase, or perform a search.

  • Information that the marketing services have about you from previous interactions, such as the website from which you found us.

Legal basis:
Consent (Article 6(1)(a) of the GDPR)

We obtain your consent in order to provide you with personalized marketing that is relevant to you based on the information we have about you, such as your expressed interests on our website.

Here you can make choices about the marketing you see from Google. Here you can find more information about your choices on Instagram, and here on Facebook, under the Ad Preferences section, you can choose the marketing you want to see. Here you can read more about how to choose the marketing you see on Pinterest.


Storage period: You will see marketing from us for up to 12 months after your visit to our website.

The marketing services we use will continue to process your personal data as independent data controllers. You can find information about how long Google, Meta, Pinterest, and Match2One store your personal data in their respective privacy policies.

Recipients of your personal data: We share your personal data with Google, Meta, Pinterest, and Match2One. These companies act as independent data controllers for the processing they carry out and provide you with separate information on how they process your personal data.

Transfer outside the EU/EEA: [By sharing your personal data with Google, Meta, Pinterest, and Match2One, these personal data will be transferred to [specify country outside the EU/EEA. When we transfer your personal data outside the EU/EEA, we do so based on the EU Commission's Standard Contractual Clauses (Article 46(1)(c) of the GDPR), Module Two. You can access the EU Commission's Standard Contractual Clauses here.]  

*Profiling: Your activity on our website is used for profiling purposes, which Google, Meta, Pinterest, and Match2One use to show you the offers that they and we believe are most suitable for you and to provide personalized marketing. Profiling is done because without it, we would not be able to show relevant offers and marketing specifically tailored to you. Without this profiling, you would instead see offers that are not relevant to you. You have the right to object to profiling. You can read more about your right to object below, where your rights are explained in detail.


If you contact us

When you contact us, for example, via social media, we will process your personal data as described in the tables below. We receive your personal data from you through our communication.

If you use social media, the social media platform you use (e.g., Facebook) will also process your personal data, and therefore, we recommend that you read our information below together with the information provided by these social media platforms.


Purpose: To communicate with you if you contact us

Processing activities carried out
Communicating with you if you contact us, for example, through our customer service or social media.

Personal data processed:

  • Name

  • Contact information you provide, such as email address, phone number, and/or address

  • Other information you provide in connection with our communication

If you contact us through social media (e.g., our Instagram), we also process information from your profile (username and the profile picture you have chosen)

Legal basis:
Legitimate interest (Article 6(1)(f) of the GDPR)

The processing is justified by our legitimate interest in being able to communicate with you on our social media and through our customer service.


Storage period: We retain our customer service cases for 6 months from the completion of our contact regarding the case. 

On social media, your comments and our communication remain until you delete the comments and/or communication. Materials that may be considered offensive are removed earlier. This applies, for example, to unpleasant comments, inappropriate language, or personal attacks.

Recipients of your personal data: Within the scope of a customer service case, your personal data is shared with our IT provider as the data controller. If you contact us through social media, the social media platform also has access to your personal data.


If you make a purchase from us

We process your personal data in connection with your purchase from us. We receive your personal data from you when you make your purchase. 


Purpose: To administer your purchase

Processing activities carried out:

  • Receive and register your order. 

  • Communicate with you after the purchase, such as sending an order confirmation.

  • Deliver your order.

Personal data processed:

  • Name

  • Contact information (postal address, email address, and phone number)

  • Order information (e.g., the product you have ordered)

  • Payment information

Legal basis:
Contractual performance (Article 6(1)(b) of the GDPR)

The processing is necessary for us to fulfill the contract regarding your purchase. If the personal data is not provided, you will not be able to make a purchase from us. 


Storage period: Purchase data is stored for 6 months. If you have purchased a product with a warranty, we store purchase data for 7 years. The personal data is stored for a longer period for the purposes stated in the tables below, such as for accounting reasons.

Recipients of your personal data: Our payment service provider Klarna collects your personal data in connection with the purchase. Klarna is an independent data controller for the processing of your personal data. Read more in Klarna's privacy policy here. 

We will share your name, address, and contact information with the carrier you choose at checkout to deliver your products. The carrier we use is an independent data controller for the processing of your personal data.

We also share your personal data with our IT providers as data processors.

Transfer outside the EU/EEA: [By sharing your personal data with our IT providers, this personal data will be transferred to [specify country outside the EU/EEA]. When we transfer your personal data outside the EU/EEA, we do so based on the European Commission's Standard Contractual Clauses (Article 46(1)(c) of the GDPR), Module Two. You can access the European Commission's Standard Contractual Clauses here.]  


Purpose: Administer right of withdrawal, claims, or other requests

Processing activities carried out:
Handle any right of withdrawal, claims, or other requests.

Personal data processed:

  • Name

  • Contact information (postal address, email address, and phone number)

  • Information from our communication with you regarding your request (e.g., information about the specific order)

Legal basis:
Legal obligation (Article 6(1)(c) of the GDPR) and Legitimate interest (Article 6(1)(f) of the GDPR)

Processing is necessary for us to comply with consumer protection legislation and fulfill a legal obligation. We also have a legitimate interest in defending ourselves against or initiating any potential legal claims.

If you do not provide your personal data, we cannot administer your request. 


Storage period: Your personal data is retained for 6 months from the completion of the matter.

Recipients of your personal data: Your personal data is shared with our IT providers as data processors.

Transfer outside the EU/EEA: [By sharing your personal data with our IT providers, this personal data will be transferred to [specify country outside the EU/EEA]. When we transfer your personal data outside the EU/EEA, we do so based on the European Commission's Standard Contractual Clauses (Article 46(1)(c) of the GDPR), Module Two. You can access the European Commission's Standard Contractual Clauses here.]  


Purpose: Compliance with accounting legislation

Processing activities carried out: 
Comply with accounting legislation by recording, bookkeeping, and archiving your payments and other transactions between us and you.

Personal data processed:

  • Payment history, transactions, and other materials that constitute accounting records.

Legal basis:
Legal obligation (Article 6(1)(c) of the GDPR)

The processing is necessary to comply with a mandatory law, i.e., the Accounting Act.


Storage period: The personal data is stored for seven to eight years in accordance with the Accounting Act (end of the seventh accounting year).

Recipients of your personal data: We share your personal data with our IT providers as data processors.

Transfer outside the EU/EEA: [By sharing your personal data with our IT providers, this personal data will be transferred to [specify country outside the EU/EEA]. When we transfer your personal data outside the EU/EEA, we do so based on the European Commission's Standard Contractual Clauses (Article 46(1)(c) of the GDPR), Module Two. You can access the European Commission's Standard Contractual Clauses here.]  


Purpose: Send a request for you to review your purchase

Processing activities carried out:
Send requests to participate in surveys about our products and your purchasing experience and handle the responses you provide in the survey. To do this, we use the survey service Trustpilot. 

Share information about you as a customer with Trustpilot to administer your evaluation and publish it on our website.

Compile statistics from the results of our surveys.

Your reviews are published on our website. You can choose whether or not to provide your name.

Personal data processed:

  • Name

  • Email address

  • Information you provide in the survey in free text

Legal basis:
Legitimate interest (Article 6(1)(f) of the GDPR)*

The processing is justified by our legitimate interest in being able to contact you with a request to evaluate our service in order to improve our products and offerings.


Storage period: The personal data is stored for 1 year after the completed purchase. However, we will cease the processing of your personal data earlier if you object to our processing.

Recipients of your personal data: We share your personal data with Trustpilot A/S. Trustpilot processes personal data as our data processor.

Transfer outside the EU/EEA: [By sharing your personal data with Trustpilot, this personal data will be transferred to the USA. When we transfer your personal data outside the EU/EEA, we do so based on the European Commission's Standard Contractual Clauses (Article 46(1)(c) of the GDPR), Module Two. You can access the European Commission's Standard Contractual Clauses here.]


If you subscribe to our newsletter

This table describes how we process your personal data if you choose to subscribe to our newsletter. We obtain your personal data from you when you make a purchase or choose to provide your email address when subscribing to our newsletter.


Purpose: Send newsletters

Processing activities carried out:
Send newsletters via email

Personal data processed:

  • Email address

  • Phone number

  • Address information

  • Information about your order

Legal basis:
Consent (Article 6(1)(a) of the GDPR)

We obtain your consent to send newsletters. You can object to marketing and withdraw your consent at any time.


Processing activities carried out:
Send personalized newsletters/sms

Personal data processed:

  • Email address

  • Phone number

  • Address information

  • Information about your order

Legal basis:Consent (Article 6(1)(a) of the GDPR)

We obtain your consent to send newsletters. You can object to marketing and withdraw your consent at any time.


Storage period: We send newsletters for [2] years or until you withdraw your consent or unsubscribe from our mailings. 

Recipients of your personal data: For sending our newsletters, we use IT service providers who process your personal data as data processors.

Transfer outside the EU/EEA: [By sharing your personal data with IT service providers, this personal data will be transferred to [specify country outside the EU/EEA]. When we transfer your personal data outside the EU/EEA, we do so based on the European Commission's Standard Contractual Clauses (Article 46(1)(c) of the GDPR), Module Two. You can access the European Commission's Standard Contractual Clauses here.]  


If you participate in one of our contests or if we share your posts on social media

If you participate in a contest with us, we will process your personal data. We obtain your personal data from you through your participation in the contest and from your social media accounts.


To conduct the contest

Processing activities carried out:
Administer your participation in the contest.

Personal data processed:

  • Name, e.g., Instagram username.

  • Your contest entry and other information you provide to us when participating in the contest, e.g., email address.

Legal basis:

Legitimate interest (Article 6(1)(f) of the GDPR).

Our legitimate interest in being able to administer your registration and participation.

Storage period: We store the personal data until the contest is concluded.

Recipients of your personal data: If the contest is conducted on any of our social media channels, the respective social media platform will have access to your personal data.


If you tag us or use our hashtags on social media.


Purpose: To share posts on social media.

Processing activities carried out:

Share your posts on social media. 

If you share content on social media and tag us or use our hashtags, we may send you a request through the analysis and marketing tool Flowbox to use your content in our marketing. If you consent to it, we will share your post on our products in our channels.

Personal data processed:

  • Information from your profile (username and the profile picture you have chosen).

  • Other information contained in the post you created.

Legal basis:

Consent (Article 6(1)(a) of the GDPR).

Your consent, which you provide by using the hashtag #yesmillenotti in response to our request.

Storage period: The posts we share on social media will be stored there until you ask us to remove the post or until the product is no longer sold.

Recipients of your personal data: We share your personal data with Flowbox AB, which processes your personal data as a data processor.

Transfer outside the EU/EEA: [By sharing your personal data with Flowbox, your personal data will be transferred to [specify country outside the EU/EEA]. When we transfer your personal data outside the EU/EEA, we do so in accordance with the European Commission's standard contractual clauses (Article 46(2)(c) of the GDPR), module two. You can access the European Commission's standard contractual clauses here.]


Who has access to your personal data and why?

Your personal data is primarily processed by us at Mille Notti. However, we engage IT service providers to ensure the functioning of our IT systems and to operate our business efficiently. These IT service providers process personal data on our behalf as data processors.

In some cases, we transfer your personal data to companies that act as independent data controllers for the processing of your personal data, such as the carrier you choose when making a purchase from us.

The recipients who process your personal data are indicated in the tables above.

If you make a purchase from us, we share your personal data with:

- Our carrier and packing service process your personal data to send packages and handle any returns. The carrier will provide you with separate information on how they process your personal data.

If you visit our website, we share your personal data with:.

  • Google, Meta, Pinterest, Flowbox and Match2One which we use to provide you and other potential customers with personalized marketing.

  • Google, Meta and Hotjar which analyze the usage of the website and may access your personal data if you use our website.


    If you would like more information on how we share your personal data, please contact us using our contact details.

Legitimate Interests

As mentioned above, we process some of your personal data based on the legitimate interests as the legal basis for the processing. The legitimate interests balancing test involves evaluating that our legitimate interests in carrying out the processing outweigh your interests and fundamental rights in not having your personal data processed. The specific legitimate interests can be found in the tables provided above.

If you would like to know more about how we have conducted these assessments, please contact us using the provided contact details

What rights do you have when we process your personal data?

You have certain rights regarding the processing of your personal data. Below you will find a detailed description of your different rights. To exercise your rights, please contact us using the contact details provided at the beginning of this privacy policy.

Right to Withdraw Consent (Article 7.3 of the GDPR)

You have the right to withdraw your consent at any time for processing based on your consent. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right of Access (Article 15 of the GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us, and, if so, to request access to the personal data and information about:

  • The purposes of the processing.

  • The categories of personal data being processed.

  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations.

  • If possible, the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine this period.

  • The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you, or to object to such processing.

  • The right to lodge a complaint with a supervisory authority.

  • The existence of automated decision-making, including profiling, referred to in Articles 22.1 and 22.4 of the GDPR.

  • If the personal data is transferred to a third country or an international organization, you also have the right to information about the appropriate safeguards pursuant to Article 46 of the GDPR that have been implemented for the transfer.

You have the right to receive a copy of the personal data processed by us. For any additional copies you request, we may charge a reasonable fee based on our administrative costs. If you have requested the information in electronic form, you will receive it in a commonly used electronic format unless you request otherwise.

A request can be made by contacting us using the contact information provided at the beginning of this privacy policy.

Right to rectification (Article 16 of the GDPR)

You have the right to have inaccurate personal data concerning you rectified without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.

We will inform each recipient to whom the personal data has been disclosed about any rectification, unless this proves impossible or involves disproportionate effort. If you would like information about these recipients, please contact us. You can reach us using the contact information provided at the beginning of this privacy policy.

Right to erasure (right to be forgotten) (Article 17 of the GDPR)

You have the right to have your personal data erased by us without undue delay, and we have the obligation to erase your personal data without undue delay if one of the following grounds applies: 

  • The personal data is no longer necessary for the purposes for which it was collected or processed.

  • You withdraw your consent on which the processing is based (pursuant to Article 6.1(a) of the GDPR) and there is no other legal ground for the processing.

  • You object to the processing pursuant to Article 21.1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21.2 of the GDPR.

  • The personal data has been unlawfully processed.

  • The personal data must be erased to comply with a legal obligation in Union or Member State law to which we are subject. 

Please note that our obligation to erase as stated above does not apply to the extent that processing is necessary for the following reasons:

  • Exercising the right of freedom of expression and information

  • To fulfill a legal obligation that requires processing under Union or Member State law to which we are subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in us;

  • For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR, to the extent that your right to erasure is likely to render impossible or seriously impair the achievement of the purposes of that processing; or

  • For the establishment, exercise, or defense of legal claims.

We will notify each recipient to whom the personal data has been disclosed about any erasure carried out in accordance with the above, unless this proves impossible or involves disproportionate effort. If you would like information about these recipients, please contact us using the contact details provided at the beginning of this privacy policy.

Right to Restriction of Processing (Article 18 of the GDPR)

You have the right to request the restriction of processing of your personal data if:

  • ou contest the accuracy of the data (for a period enabling us to verify its accuracy);

  • The processing is unlawful, and you oppose the erasure of the data and request the restriction of its use instead;

  • We no longer need the data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or

  • You have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification of whether our legitimate grounds override your interests.

If processing is restricted as mentioned above, such personal data, with the exception of storage, shall only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Furthermore, we will notify you before the restriction of processing is lifted.

We will notify each recipient to whom the personal data has been disclosed about any restriction of processing carried out in accordance with the above, unless this proves impossible or involves disproportionate effort. If you would like information about these recipients, please contact us using the contact details provided at the beginning of this privacy policy.

Right to data portability (Article 20 of the GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format from us. You also have the right to have your personal data transferred to another data controller, where technically feasible ("data portability"). The right to data portability applies to personal data that you have provided to us in a structured, commonly used, and machine-readable format, and the processing is based on consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on the performance of a contract under Article 6(1)(b) of the GDPR, and the processing is carried out by automated means.

Your right to data portability must not adversely affect the rights and freedoms of others.

Right to object (Article 21 of the GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data based on legitimate interests. In such cases, Mille Notti will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims.

You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to such marketing.

Right to lodge a complaint (Article 77 of the GDPR)

You have the right to lodge a complaint with a supervisory authority (without prejudice to any other administrative or judicial remedy). Such a complaint should preferably be submitted to the authority in the EU/EEA Member State where you have your habitual residence, where you work, or where an alleged infringement of data protection laws and regulations is claimed to have occurred. The competent supervisory authority in Sweden is the Swedish Data Protection Authority (Integritetsskyddsmyndigheten), www.imy.se.


This privacy policy was adopted by Mille Notti on 2023-05-26.