WHAT PERSONAL DATA DO WE PROCESS?
We collect personal data when you (I)are browsing our website (ii)Placing orders(iii)submit forms (iv)request support. Such personal data will include your name, e-mail address, telephone, delivery address, payment details, IP address, behaviour on the website and other information that you voluntarily provide us.
PURPOSE, LEGAL GROUND AND STORAGE PERIOD
We will only use your personal data for the purposes, and on the legal grounds, as set out below. We will not use your personal data for any purpose that is incompatible with the below purposes. Further, we will only use your personal data during the period as set out under "Storage period", after such which period your personal data will be erased.
Purpose of processing: When you Placing orders, we will process your personal data to fulfil our contractual obligations towards you. Our order form identifies what information you must provide to us, in order for us to complete your orders.
Legal ground for processing: The processing is necessary for us to complete your orders.
Purpose of processing: When you sign up for news, invites and offers (direct marketing), we will process your personal data to provide the services as requested by you. Our direct marketing is based on profiling, which means that we will customize the information that you receive from us based on certain factors. We use the following types of personal data to compile a profile: your gender, your location, your previous purchases, your behaviour on our website, and/or your previous behaviour when receiving direct marketing from us.
Legal ground for processing: The processing is necessary for our legitimate interests to maintain good customer relations.
Storage period: If you opt-opt or unsubscribe from our marketing (including profiling), we will no longer process your personal data for this purpose. We will also erase your personal data, unless there is another legal ground for keeping your data (such as a valid purchase contract)
Purpose of processing: When you request support through our live chat or our other support channels, we will process your personal data to be able to assist you with the relevant matter
Storage period: We will erase your data, within six months after the relevant matter has been finally resolved.
Purpose of processing: When browsing our website, we will process your personal data to improve our website and for marketing purposes.
Legal ground for processing: The processing is necessary for our legitimate interests to improve our website and for retargeting. Please see more under “Cookies”.
Storage period: Please see more under “Cookies”.
Purpose of processing: We will process your personal data for the purposes of carrying out risk analysis, fraud prevention and risk management.
Legal ground for processing: The processing is necessary for our legitimate interests to prevent fraud and to handle risks.
Storage period: We will erase any personal data used for this purpose on a six-month basis, unless there is another legitimate interest for keeping your data. Upon a purchase that has been cancelled due to fraud prevention, we will delete your personal data two years after the unsuccessful purchase.
ANALYSIS OF DATA
Purpose of processing: We will analyse your personal data, in order to compile aggregated tracking data (including to analyse visitors’ use of our sites by tracking information such as page views, traffic flows, search terms and click throughs).
Legal ground for processing: The processing is necessary for our legitimate interest to create statistics over time.
Storage period: We will anonymize all tracking data where this is technically possible. When your personal data has been anonymized, it will no longer be considered personal data under applicable data protection laws.
Opt-out is made possible by contacting firstname.lastname@example.org
Please note that the above storage periods do not apply to the extent national industries is required to retain your personal data (partly or in full) under applicable mandatory law (e.g., accounting laws).
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Only the people who need to process personal data for the purposes mentioned above have access to your personal data. We may need to share your personal data with our group companies. We further may need to allow our suppliers access to your personal data when they perform services on our behalf, mainly to provide support and maintenance of IT systems, storage services and marketing.
You are entitled to the following rights under applicable laws:
The right to access: you may at any time request to access your personal data. Upon request, we will provide a copy of your personal data in a commonly used electronic form.
The right to rectification: You are entitled to obtain rectification of inaccurate personal data and to have incomplete personal data completed.
The right to erasure (“right to be forgotten”): under certain circumstances (including processing on the basis of your consent), you may request us to delete your User Data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
The right to object: to certain processing activities conducted by the us in relation to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to processing of your personal data for direct marketing purposes.
The right to restriction of processing: you may under certain circumstances request from us to restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
The right to data portability: you are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format.
We employ appropriate technical and organizational security measures to help protect your personal data against loss and to guard against access by unauthorized persons. Appropriate security measures we have taken include implementing secure private connections, traceability, disaster recovery and access limitations. We regularly review our security policies and procedures to ensure our systems are secure and protected.