1. Personal data representative
Mille Notti (Mille Notti AB, Org. Nr. 556428-2738, Södra Fisktorpsvägen 30, 114 33 Stockholm, firstname.lastname@example.org, telephone number: 08 – 700 00 01 is personally responsible for the personal data processing described in this policy. We apply applicable privacy laws at all times. You are always welcome to contact us if you have questions or concerns about our processing of your personal information.
2. Definition of personal data
Personal data concerns all kinds of information that can be directly or indirectly attributed to a physical person who is alive at that time, for example name, national identification number, address, email address, telephone number and IP number.
3. Data that is processed, and the purpose, or aim, of this processing
When you buy a product from our web shop, we collect only the personal information from you that are necessary for us in order to comply with the purchase agreement you have chosen to execute with us, for example, in order to be able to deliver goods to you. The information we collect is personal name, address, phone number, email address and IP number.
- Permanent cookies that remain on the visitor's computer for a specified time.
- Session cookies, which are stored temporarily in the computer's memory while a visitor is on a webpage. Session cookies disappear when you close your browser.
In your personal contacts with us, for example, contacts with our store staff or our customer service, we collect the personal information from you that are necessary for us to handle your case e.g. a request or complaint. The information we process is your name, phone number and e-mail address.
If you have chosen to subscribe to our electronic newsletter, we will collect your name and e-mail address. We do this for the purpose of sending out the newsletter as per your request.
As a customer of ours, we will also process the e-mail address you provided to us in connection with your purchase in order to communicate information about our products and business (direct marketing).
4. Legal background
The personal data processing that happens before and during your purchase is processed on the basis of legally enforceable legal agreements. The processing is necessary in order for us to fulfill the obligations and requirements we are subject to under our (purchase) agreement executed with you. Certain personal data processing that is completed after your purchase, such as when you contact our store staff or customer service with questions about your completed purchase, a complaint, or similar matter, is undertaken in part based on our purchase agreement, and in part in accordance with the consumer and purchaser rights legislation by which we must comply.
In the event that you contact our shop staff or customer service with general questions about our products or activities in the absence of any prior orders (i.e., before any intention to enter into an agreement), we process your personal information based on our legitimate interest to assist you with those questions you might have. After careful consideration and in light of contact by you with questions, we find that your interests or fundamental rights and freedoms in the given context do not outweigh our interest in providing you with the assistance you request.
In the event that you, as a non-existing customer, indicate that you want to subscribe to our newsletter, we will process your personal information based on legal agreements constituting the relevant legal basis. We process your personal information in order that we can meet our obligations - i.e. send out the newsletter at your request on a continual basis. You can cancel your subscription at any time by using the link contained in the newsletter or by contacting us by e-mail (email@example.com) or, also, call us (08 – 700 00 01).
The data processing that is done in order to analyse and evaluate our digital platform is based on a weighing of interests according to which we intend to develop and improve our business. We believe that our interest in this context outweighs your interests in the protection of personal data.
The personal data processing that takes place in order for us to communicate information about our products and our business to you as a customer is based on legitimate interest as per a coherent legal foundation. We estimate that we have a legitimate interest in communicating such information to you in view of the fact that you have previously shown interest in our products. We believe that our interest in this context outweighs your interests in the protection of personal data. If you do not wish to receive direct marketing of this nature, you will of course be able to oppose such treatment both in connection with the purchase and afterwards.
5. Transfer of personal data to third parties and use of personal data assistants
In order for us to be able to carry out your purchase and otherwise have a well-functioning business, it is necessary for us to share your personal information with various actors. These actors need access to your data in order to perform tasks for us, such as delivery of an item you have ordered. However, they may not process your personal information for any purpose other than those specified in this policy.
In cases where personal data is transferred to our supplier, it means that it processes personal data on our behalf. In these cases we have signed a so-called personal information agreement with the supplier. Such an agreement means that the supplier handles personal information on our behalf and in accordance with our instructions and is committed to complying with the legal framework for the processing of personal data at all times. The purpose of the Personal Disclosure Agreement is that your personal data should be as secure with our suppliers as it is with us.
Other actors (third parties) who may be aware of your information include Klarna, for billing your purchase, our business partner, BBO, which we use for market optimisation and for social media marketing of our company. For shipping goods from our web shop, we use various shipping companies.
6. Storage and deletion of personal data
Your personal information is stored on the servers of our trusted partner, Jetshop, whose servers are located in Stockholm.
The personal data processed to comply with the purchase agreement we have executed with you may be processed for the period of up to two years. This is the time during which you have the right to advertise a product you have purchased from us. After two years, only personal data contained in financial statements will be processed because we are required to keep accounting records (i.e., material relating to our accounting and current accounts) for up to seven years after the end of the given financial year.
If you subscribe to our newsletter, we will process your personal information for this purpose as long as you subscribe to the newsletter. If you no longer wish to receive the newsletter, we will discontinue processing those details. You can unsubscribe at any time by following the link contained in the newsletter, or by emailing firstname.lastname@example.org. In such case, you will not receive any future mail from us, unless you choose to start subscribing again.
The personal data processing that takes place in order to market our products and our business to you as a former customer is processed for up to two years after the last customer contact. You may at any time choose to opt out of receiving marketing notices from us by following the link contained in the newsletter, or by sending an email to email@example.com. We will then stop processing said details for marketing purposes.
The personal data processing in order to analyse and evaluate our digital platform is processed for a period of 36 months.
7. Your rights
The fact that we process your personal information means that you necessarily have multiple rights in relation thereto:
- You are entitled to receive free information about the personal information we are processing about you by requesting a so-called extract of records/registry extract.
- You are entitled to request that we correct incorrect information (correction).
- You are entitled to request that we remove personal information that is no longer required or needed for processing (deletion).
- You have the right to request that we to some extent or in some way discontinue processing (restriction).
- You are entitled to receive the information we process about you in a structured, widely-used and machine-readable format, if you wish to transfer them to any other party (data portability).
A request for a registry extract should be sent to us via physical letter or by email, contact details available in point 10 herein below. Please enter your full name, social security number, national identification number and telephone number and sign the request. Once we have received your request, it will be handled without delay. Registry extracts will be sent exclusively to your registered mailing address. This is to ensure that you personally did request the extract and that you receive it.
Other rights are exercised by contacting us by telephone (08-700 00 01) or by email (firstname.lastname@example.org).
Information about corrections, restrictions and requests for deletion of your personal data will also be conveyed to third parties who have shared the information via us in order for them to act according to your request.
8. Protective measures
We undertake to ensure that your personal information remains safely stored. Your personal information is therefore kept in an encrypted format so that unauthorised persons cannot gain access to them.
10. Contact information for personal data controller
Mille Notti AB, Org. No. 556428-2738, is the personal data responsible agent and is thus also responsible for processing the personal data collected about you. In case of requests, the personal data responsible agent can be reached via the contact details found below.
11. Complaints/Data Inspection
If you have complaints about our processing of your personal data, you are entitled at all times to file a complaint with the Data Inspectorate (E-mail: email@example.com, Telephone number: 08-657 61 00, Home page: www.datainspektionen.se)
If you are dissatisfied with the processing of your personal data, you may also contact us and request that we make a correction thereof.