Privacy Policy

Privacy Policy

  1. General information about personal data

Garphyttan.com (“Garphyttan”, “we”, “us” or “our”) strives to always protect your privacy and personal data in the best possible way. The purpose of this policy is, among other things, to help you understand what personal data Lesicones.com collects and how we use your personal data.

We always try to be as clear as possible about how we process your personal data. Do you still have questions about how we process your data after reading this policy? Feel free to contact us at customercare@garphyttan.com

 

  1. Changes to the policy

We work continuously to ensure that your personal data is handled in the best possible way. We reserve the right to make changes to this privacy policy. All changes will be published on the Website.

 

  1. Who is responsible for the personal data we collect?

Garphyttan Original AB, organization number 559489-6655 is the data controller for the processing of your personal data.

 

  1. What personal data do we collect about you and why do we collect it (purpose)?

The personal data we have collected about you is used for different purposes. In this section we explain:

 

Why we use your personal data.

What processing operations we carry out to fulfill the purpose.

What personal data is used to fulfill the purpose.

The legal basis on which we base the processing.

How long we keep your data.

 

4.1 Purpose – To be able to handle online orders/purchases Categories of personal data stored and processed for this purpose:

 

Name

Personal identification number

Contact details (e.g. residential or delivery address, email and mobile number)

Payment history

Payment information

Purchase information (e.g. which item has been ordered or if the item is to be delivered to a different address)

Examples of processing operations:

 

We deliver your product or service (including communicating with you about your delivery).

We confirm your identity and age.

We administer your payment (this also includes analyzing what payment solutions we can offer you by checking against your payment history or obtaining credit information from credit reference agencies).

We check your address against external sources, such as Waley, Ratsit or similar.

We administer and communicate with you in the event of a complaint and warranty issues related to your purchase.

 

Legal basis: The processing is necessary in order to fulfill our obligations in the purchase agreement (terms of purchase) that we have entered into with you. Your personal identity number is processed on the basis of the importance of secure identification. Personal data is processed in connection with orders on behalf of or at the request of payment and credit companies and for the purpose of credit information.

 

Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 3 years thereafter in order to be able to handle any complaints and warranty matters.

 

4.2 Purpose: In order to market us and our products and services

 

Categories of personal data stored and processed for this purpose:

 

Email address, used as the primary means of communication.

Delivery address and telephone number, used as secondary communication channels.

Order history, birthday and gender, which is used to tailor our communications and offers to you and thus make them better and more relevant to you.

Personal data collected through cookies (non-personal information).

 

Examples of processing operations:

We show you relevant product recommendations, send you interest-based articles, suggest shopping lists or other similar actions.

 

We facilitate your use of our services, e.g. by saving your shopping lists/purchase lists or your chosen payment method to make your future purchases smoother or reminding you of forgotten/abandoned shopping carts.

 

We send direct marketing via email, text message, social media or other similar digital channels and post.

 

We send you offers from partners.

We run customized campaigns/send offers to you based on your purchase history.

We run general promotions or send general offers and invitations to events.

For this purpose, we perform analytics based on your or other members’ data.

Read more about this under the heading “analyses, statistics and other data we use”.

 

Legal basis: Legitimate interest. The processing is necessary for our legitimate interest in being able to market our company and our products and services if you have previously purchased a product from us or created a user account but not completed the purchase. If you are not our customer, we will ask for your prior consent, e.g. when you sign up for our newsletter.

Please remember that you can contact us at any time to object to our direct marketing. All our newsletters include an unsubscribe button. You can reach us at customercare@garphyttan.com

Retention period: No later than 2 years after your last activity (e.g. when you last made a purchase, opened and clicked on a link in our newsletter or logged into your user account).

 

4.3 Purpose – To fulfill the legal obligations of the company

Categories of personal data stored and processed for this purpose:

 

Name

Contact details (e.g. address, email and phone number)

Payment history

Payment information

Your correspondence

Information about time of purchase, place of purchase, any errors/complaints

Examples of processing operations:

 

We may need to process your personal data to comply with legal obligations, as required by laws, judgments or government decisions. These requirements may relate to our product liability or the safety of our products. In these cases, we may need to produce general communications and information or specific information to you about product alerts and recalls. The requirements may also relate to our obligations under the Accounting Act or the Money Laundering Act.

 

Legal basis: Legal obligation. This processing of your personal data is required by relevant law. For example, the following personal data is processed on the basis that it is necessary to fulfill our accounting obligation under the Accounting Act (1999:1078):

 

Your name

Delivery address

Invoice number

Nature and quantity of the goods

Storage period: For the time necessary to fulfill the relevant legal obligation or in accordance with applicable legal requirements. For example, there are requirements in the Accounting Act that the above data must be saved for 7 years. Another example is product liability cases where the retention period corresponds to the maximum warranty/claims period of 3 years.

 

4.4 Purpose: To be able to handle customer service cases Categories of personal data stored and processed for this purpose:

 

Name

Contact details (e.g. address, e-mail and telephone number)

Your correspondence

Information about the time of purchase, place of purchase, any error/complaint

User data for your user account

Examples of processing operations:

 

We communicate with you and answer your questions that you send to us by phone or in digital channels.

We confirm your identity (if necessary).

We investigate your complaints and support cases. For example, a support case may concern technical support.

Legal basis: Legitimate interest. The processing is necessary for the purposes of our legitimate interest and yours in dealing with customer service matters.

 

Retention period: 12 months at the latest after the customer service case has been closed.

 

4.5 Purposes To evaluate, develop and improve our services, products and systems

 

Categories of personal data stored and processed for this purpose:

 

Age

Gender

Place of residence

Correspondence and feedback regarding our services and products.

Purchase and user-generated data (e.g. click and visit history)

Technical data relating to devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform)

Information on how you have interacted with us, i.e. how you have used the service, login method, where and how long different pages were visited, response times, download errors, how you access and leave the service, etc.

Personal data collected through cookies (not personal information). Read our cookie policy under managing cookies.

 

Examples of processing operations:

We make our services more user-friendly.

 

We produce data to improve our business by evaluating, streamlining and planning the establishment of new stores and warehouses, purchasing, warehousing and deliveries or developing our product range.

 

We give you and other customers the opportunity to influence our range, for example through customer and market research.

 

We produce evidence to improve IT systems to improve security for the company and for visitors/customers in general.

 

Read more about this under the heading “analyses, statistics and other data we use”.

 Legal basis: Legitimate interest. The processing is necessary to meet our and our customers’ legitimate interest in evaluating, developing and improving our services, products and systems.

 

Retention period: For this purpose, it is difficult for us to specify in advance how long your personal data will be stored. Instead, we have implemented procedures to continuously check whether your personal data is still necessary for this purpose. Personal data that we have not used for a period of 12 months will be deleted because we then no longer consider your personal data necessary. Of course, we take measures to protect your privacy. When we perform analysis based on your personal data, our employee performing the analysis will not know that the personal data belongs to you, even if we could make the connection to you based on data we have in another system.

 

4.6 Purposes – To be able to prevent misuse of a service or to prevent, prevent and investigate crimes against the company

 

Categories of personal data stored and processed for this purpose

 

Personal identification number

Name

Purchase and user-generated data (e.g. click and visit history)

Technical data regarding devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform)

Data on how our digital services are used

Any correspondence

Examples of processing operations:

 

We investigate and prevent fraud or other breaches of law.

We take measures to prevent spam, phishing, harassment, attempts to illegally log into user accounts or other actions prohibited by our Terms of Use.

We take measures to protect and improve our IT environment against attacks and intrusions.

Legal basis: Our legitimate interest to prevent misuse of a service or to prevent, deter and investigate crimes against the company.

 

Retention period: From collection and for a period of (at most) 12 months thereafter. If we suspect misuse of a service or that a crime has been committed, we will retain the data for the time necessary to establish, exercise or defend our (or third parties’) legal claims.

 

  1. analysis, statistics and other data we use

For certain purposes, we perform analyses and produce data based on the personal data of our customers and members. We do this for the purposes of marketing the company and its products and services and evaluating, developing and improving our services, products and systems.

 

The analysis and development of data can either result in us segmenting our customer database or analyzing specifically how you as a customer experience our company and our services and products (in this case we create a customer profile about you).

 

If we only segment our customer database, this means that we do not gain any greater customer insight about you, but segmentations are about us being able to gain better insight into how different customer groups experience our services and products. In these cases, we use limited customer data such as purchase history, age and residential address. This is the case when we perform analyses and produce data to evaluate, develop and improve our services, products and systems and for parts of our marketing.

 

For other marketing purposes, we use more personal data so that we can adapt our offer to you. Of course, we want you to receive the benefits, offers, ads and other tips that are relevant to you!

 

To ensure that we provide you with relevant content, we need to perform customer-specific analyses based on additional personal data. The data may be related to how you use our websites and other digital channels (e.g. which pages and parts of pages you visited and which searches you made), your purchase and order history, age, place of residence, stated customer preferences (e.g. about products/services, industries), marital status, language and other technical settings, as well as location information from the customer’s mobile devices (e.g. mobile phone or tablet) or results from customer satisfaction or market research. We may also supplement our data with statistical data (i.e. never data linked specifically to you) from other sources (e.g. other companies) to get the best possible picture of your interests and preferences based on the customer group to which you belong.

 

We have great respect for your privacy and we do not want to process your personal data for customer-specific analysis unless you are comfortable with it. However, we hope that you find our benefits, offers and the personalized content we provide to you sufficiently valuable to allow us to continue processing your personal data for these purposes.

 

If you want us to stop customer-specific analysis, you can always object to our marketing to you as a customer (including our customer-specific analysis, i.e. profiling). Unfortunately, exercising your right to object means that you will lose your personalized benefits, offers and content.

 

  1. from which sources do we obtain your personal data?

In addition to the information you provide to us, or that we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else (so-called third parties). The data we collect from third parties is as follows:

 

Address details from public records to make sure we have the correct address details for you.

 

 

 

  1. companies we may disclose your personal data to

Data processors. Your personal data may be shared with entities that process personal data on our behalf in their capacity as data processors. Where your personal data is disclosed, data processing agreements are in place to ensure that our data processors operate in a manner that protects your personal data. We have data processors who help us with:

 

Marketing (e.g. solutions to send you marketing and optimize our offer) IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions or store our personal data). Independent data controllers. In addition, we may also disclose your personal data to other companies that will be independently responsible for their processing of your personal data. We disclose your personal data to the following companies that are independent controllers:

 

Logistics companies and freight forwarders (for the delivery of your order). Payment solution partners (Waley, Stripe and any other companies that help us with our payment solutions). Credit reference agencies (for offering different payment methods) If all or part of our business is sold or integrated with another business, your personal data may be disclosed to our advisers, the potential buyer and its advisers.

 

  1. transfer of personal data to a country outside the EU/EEA

As a general rule, we and our suppliers and partners only process your personal data within the EU/EEA. In cases where personal data is processed outside the EU/EEA, there is either a decision from the Commission that the third country in question ensures an adequate level of protection or appropriate safeguards, in the form of standard contractual clauses, binding internal company rules or Privacy Shield, which ensure that your rights are protected. If you wish to obtain a copy of the safeguards we have put in place or information on where these have been made available, you can do so by contacting us. If you would like to receive a copy of the safeguards that have been put in place or information on where these have been made available, please contact us.

 

  1. How long do we keep your personal data?

We never keep your personal data longer than necessary for the respective purpose. See more about the specific storage periods under each purpose.

 

  1. How is your personal data protected?

We work to keep all the personal data we collect and process secure. To this end, we have put in place a number of security measures.

 

We use SSL protocols, which means that your personal data is private when it is sent to the Website. This is indicated in the URL field by a green lock. By clicking on the green lock you can get more information about this, how it works and see a full list of all cookies on the Website. You should check that SSL is not turned off in your browser settings.

 

We have appropriate anti-virus software, firewalls and encryption to prevent unauthorized access to our network and data. Personal data is backed up.

 

Only authorized personnel who need access to your personal data to perform their duties have access to your personal data. Such tasks are covered by the different purposes for which we store and process personal data. Access to the places where personal data is stored and processed is limited to authorized personnel, who must identify themselves to gain access. Staff have been instructed on the measures they should take to process personal data in a secure manner.

 

In case of any personal data breaches, we will report them to the Data Protection Authority within 72 hours, and inform those concerned when required by applicable law.

 

  1. your rights

When we process your personal data, you have certain rights which we describe in the table below. If you wish to exercise any of your rights, please contact us at customercare@garphyttan.com

 

Your right of access. We aim to be transparent about how we process your data. If you want to gain insight into the personal data processing we do in relation to you, you have the right to request access to your data. If we receive a request for access, we may ask for additional information to ensure that we disclose the data to the right person.

 

Your right to rectification. Garphyttan works to ensure that your personal data is accurate. If any of the personal data you have provided to us needs to be corrected or updated, e.g. if you change your address or mobile number, we ask you to provide correct personal data by sending an email to our customer service. Of course, you have the right to request that your personal data be corrected at any time.

 

 

 

Your right to erasure and restriction. Under certain conditions, you also have the right to request erasure of your personal data or restriction of our processing. Please note that we may have the right to refuse your request if there are legal obligations or other legitimate interests that prevent us from deleting certain personal data. Examples of such legal obligations are requirements in accounting and tax legislation, banking and money laundering legislation or from consumer rights legislation. When it comes to our legitimate interests, we will not delete your personal data if it is necessary for the establishment, exercise or defense of legal claims. If we cannot comply with your request for erasure, we will block the personal data to ensure that your data is not used for any other purposes.

 

Your right to object to our processing (including the right to object to direct marketing and automated decision-making). You have the right to object to our processing (e.g. processing based on our legitimate interests). Your personal data may also not be processed for direct marketing purposes if you object to such processing. The objection also covers the analysis of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing refers to all types of marketing outreach (e.g. by post, email and SMS). Marketing activities where you as a customer have actively chosen to use one of our services or otherwise sought us out to learn more about our services do not count as direct marketing (e.g. product recommendations or other features and offers on My Pages).

 

If you object to our direct marketing, we will stop all forms of mailings to you. If you still want to receive mailings in certain channels, you do not need to object to our direct marketing. In these cases, you can choose to receive offers from us only in the channels of your choice, e.g. via email, but not SMS.

 

You have the right to object to a decision taken by automated processing where it produces legal effects or similarly significantly affects you. This does not apply if, for example, the decision is necessary for the conclusion or performance of a contract with you (such as for credit applications).

 

Your right to withdraw consent. Have you given consent to any processing we carry out? If so, you have the right to withdraw it at any time. Such withdrawal can be limited to only part of the processing. When you withdraw your consent, we will not collect any new data about you for the purpose for which you gave your consent, but we still have the right to process the data we collected about you before you withdrew your consent. If there is no other legal basis for us to keep the data, we will delete it.

 

Your right to data portability. Under certain conditions, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit it to another controller (data portability). This applies to the processing we carry out based on our contract with you or if you have given your consent to a particular processing operation.

 

Your right to lodge a complaint with the supervisory authority. If you have any complaints regarding our processing of your personal data, you have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) or other competent supervisory authority that supervises companies’ processing of personal data.

 

  1. Contact us

If you wish to exercise your rights under the above or otherwise wish to contact us in relation to our processing of your personal data, you can do so by contacting us by email – customercare@garphyttan.com

 

  1. Links

We may provide links on the Website to other websites which are outside our control and vice versa. Although we aim to ensure that we only link to sites that share our views on your privacy and the handling of your personal data, Garphyttan.com is not responsible for the protection or privacy of any information including personal data provided by customers on other sites