Privacy Policy
Valid from 24/05 2018
Table of Contents
1. Introduction
2 What is personal data and what does the processing of personal data mean?
3. To whom does this policy apply?
4. To which areas does this policy apply?
5. What does it mean to be a personal data controller?
6. Caroline Svedbom as personal data controller
7. Why may we process personal data?
8. What personal data do we process and why?
9. How long do we generally store personal data?
10. Our measures to protect personal data
11. When do we share personal data?
12. Your rights
13. Cookies
14. Changes to this Policy
1. Introduction
Thank you for choosing us and a special thank you for taking the time to carefully read this Privacy Policy. We want to start with a brief summary explaining why we have created this policy. Our basic goals are to
Give you a brief introduction to personal data and our various roles in this context
Explain why we process certain types of personal information
Make sure you understand what information we collect and what we actually do with said information;
Show you how we work to protect your rights and privacy.
Our goal is that after reading this policy you should feel safe that your privacy is respected and that your personal data is processed correctly. We therefore also work continuously to ensure that our processing of personal data is fully in accordance with current legislation, in particular the General Data Protection Regulation (GDPR) which will enter into force on 25 May 2018.
2. What is personal data and what does the processing of personal data mean?
2.1 Personal data consists of all information that can be directly, or indirectly together with other information, linked to a living (physical) person. A non-exhaustive list of examples of personal data consists of i.a.
name
Social security number
Email address
IP address
Credit card number
2.2 The processing of personal data includes any action connected to the use of the personal data, regardless of whether such action is performed automatically or not. This means that, among other things, the following measures are included:
Collection
Registration
Use
Change
Storage
Deletion
3. To whom does this policy apply?
This privacy policy shall primarily be applicable to people who buy our beautiful jewelry online, ours in our store in Sturegalleria in Stockholm, and from whom we collect and process personal data ("Data subjects"). Different parts of this privacy policy may also be relevant to you depending on your relationship with us. Overall, this policy is relevant to people who
are our customers
visit our website or our social media platforms
otherwise communicate with us, for example through our customer service
By accepting this privacy policy, you consent to our processing of your personal data in accordance with this privacy policy.
4. For which areas is this policy applicable?
This privacy policy regulates how we can collect and process personal data in order to continue to deliver and develop our services.
5. What does it mean to be a personal data controller?
A personal data controller is a legal person or other entity that determines the purpose and means for the processing of personal data. A company is a data controller in respect of personal data it holds for its own benefit in respect of its employees, customers, partners, users and others.
6. Mother Earth Design as data controller
We, Moder Jord Design (Org. 870530-410601) are responsible for personal data and therefore responsible in accordance with applicable legislation, for the processing that takes place with your personal data, within the framework of our services.
7. Why may we process personal data?
7.1 In order for us to be permitted to process personal data, there must always be support for said processing within the GDPR, a so-called legal basis. Such legal basis may include:
Consent from the registered
That the processing of personal data is necessary to fulfill the terms of an agreement with the data subject, for example in connection with the use of the Services
To comply with a legal obligation, for example to store certain information due to legislation on certain accounting standards and practices. This may also be the case when dealing with requests for opt-out settings relating to your rights as a data subject in accordance with the GDPR.
A balancing of interests when we have a legitimate interest in using your data, for example for statistical purposes and to market our services as well as to secure payment and prevent fraud
7.2 It may happen that the same personal data is processed both through support in terms of fulfilling an agreement and in terms of specific consent or in terms of processing that specific data is necessary to fulfill other legal obligations. This means that even if you can withdraw your consent and the processing based on said consent ends, specific personal data may remain with us for various reasons.
8. What personal data do we process and why?
In this section, we explain how your personal data is used so that we can provide you with high-quality experiences, services and offers.
8.1 When you buy our jewelery online or in our store in Sturegallerian, Stockholm
When you buy our jewelry in our store or at carolinesvedbom.com/wp, we handle the following personal data that you personally provide to us:
Your name and contact details (phone number, email)
Your credit card number and bank information
8.1.1 We process your personal data in order to:
identify you as an individual
charge you for the services and products you have purchased
to detect and prevent fraud in connection with bank card payments
manage and deliver what you have purchased in accordance with our terms
notify you (via e-mail or similar) regarding information related to purchases
market our services and products, for example via e-mail
produce statistics on purchases and usage, to improve our services
8.1.2 Legal basis for the processing
We process your personal data based on:
performance of a contract when we provide our services;
based on a balancing of interests when we have a legitimate interest in using your data for statistical purposes and to market our services, as well as to secure payments and prevent fraud and
based on a legal obligation to handle requests for opt-out settings regarding your rights in accordance with the GDPR
8.1.3 Storage period
We save data about you for up to 12 months after termination of your user account, among other things to provide information about any complaints.
8.2 When you communicate with us
You can choose to communicate with us in many different ways, for example via social media and by email with our customer service.
When you communicate with us, we process information that you personally provide to us, for example:
name and contact details
information about your opinions, questions or matters
8.2.1 We process your personal data to:
answer questions and manage your affairs, for example rectifying deficiencies, handling complaints, questions about your stay
improve our services and the information we provide and post on our website and other communication forums
8.2.2 Legal basis for the processing:
We process your personal data for our, and your, legitimate interest in administering your case (balancing of interests).
8.2.3 Storage period:
We save your personal data for up to 12 months after the case is closed to ensure traceability in your communication with us.
8.3 When you use our website
When you visit our website, we process:
information about how you interact with, and use, our website, for example in connection with the purchase of our jewellery
information about your visits to our website, through cookies. For more information about how we use cookies, see https://carolinesvedbom.com/wp/cookiepolicy
8.3.1 We process your personal data to:
provide our digital services
provide support when you encounter any type of technical problems
maintain, test and improve our digital services
detect and prevent security attacks, such as virus attacks
8.3.2 Legal basis for the processing:
We process your personal data based on:
based on a balance of interests for our legitimate interest in maintaining, testing and improving our digital services.
8.3.3 Period of storage:
We save your personal data for 3 months after you have used our digital channels.
9. How long do we generally store personal data?
Your personal data is only stored during the period that there is a need to store the information in order to fulfill the terms of the agreement. We may store your personal data longer if it is necessary from a legal point of view or to protect our legal interests, for example in the context of legal proceedings in which we are involved.
10. Our measures to protect personal data
10.1 We have ensured that we have taken all necessary and appropriate technical and organizational measures to protect your personal data against loss, misuse or unauthorized access.
10.2 To technically ensure that personal data is processed in a safe and confidential manner, we use digital networks that are protected from intrusion by, for example, encryption, firewalls and password protection. In all cases where a breach may occur, we have created routines to identify, assess and minimize any damage that may occur and report said damage to all concerned parties.
10.3 In order to ensure an adequate level of knowledge regarding the processing of personal data, we will arrange ongoing training efforts regarding the GDPR, both for our employees and the consultants who may be engaged from time to time to perform work for us.
11. When do we share personal data?
11.1 We will not sell, make available or distribute personal data to third parties except as stated in this privacy policy. Within the scope of the Services, personal data may be shared with subcontractors or partners, if this is necessary to fulfill and perform our Services, for example to process your payments. In all cases where we choose to share personal data, we will enter into a data processing agreement to ensure that the recipient of the personal data processes said information in accordance with applicable legislation and to ensure that the recipient has taken the necessary technical and organizational measures to, in a satisfactory manner , be able to protect your rights and freedoms as a registered user.
11.2 In addition, we may share personal data if we are required to do so by law, court order or if withholding such personal data would impede an ongoing legal investigation.
12. Your rights
12.1 We are responsible for your personal data being processed in accordance with current legislation.
12.2 At your request or on our own initiative, we will correct, de-identify, delete or supplement any information found to be incorrect, incomplete or misleading.
12.3 You have the right to demand access to your personal data. This means that you have the right to demand copies of the processing that we have maintained of your personal data. You also have the right to receive a copy of the personal data being processed. You have the right to receive a printout of which personal data is stored about you, the purpose of the storage and processing and to whom the information has been made available, once a year and by written application free of charge. You also have the right, within the transcripts, to receive information about the time period during which the personal data will be stored and which criteria we have used to determine said time period.
12.4 You have the right to correct your personal data. We will, at your request and as quickly as possible, correct the incorrect or incomplete personal data we process about you.
12.5 You have the right to demand deletion of your personal data. This means that you have the right to demand that your personal data is deleted if it is no longer necessary for the purposes for which it was collected. There may be legal requirements that state that we may not immediately delete personal data (for example, in relation to audit and tax-related legislation). We will in all such cases cease the processing for reasons other than to comply with the legislation in the GDPR.
12.6 You have the right to object to all processing of personal data that takes place on a legal basis of balance of interests. If you object to such processing, we will only continue the processing if there are legitimate reasons for the processing that outweigh your interests.
12.7 If you do not want us to process your personal data for direct marketing, you always have the right to object to such processing. This is done either by unsubscribing in each specific email or by sending us an email at info@carolinesvedbom.com Once we have received your objection, we will stop processing personal data for such marketing. You also have the right to report our processing of your personal data to any authority responsible for monitoring the application of the GDPR, for example the Swedish Data Protection Authority. However, we recommend that you contact us first so that we can try to resolve the matter in a more efficient and timely manner.
13. Cookies
When you visit our website, we can also collect information and data about you by using so-called cookies. For more information about how we use cookies, see https://carolinesvedbom.com/pages/cookie-policy
14. Changes to this policy
We reserve the right to make changes to this privacy policy from time to time. The date of the last modification is indicated at the end of this privacy policy. If we make any changes to the Privacy Policy, we will post those changes on our website. You are therefore advised to read this privacy policy regularly to see any changes.