SKEDVI BRÖD
PRIVACY POLICY
THIS PRIVACY POLICY EXPLAINS how we collect and use your personal information. It also describes your rights and how you can exercise them.
It is important that you read and understand the Privacy Policy and feel safe with how we process your personal data. You are always welcome to contact us in case you have any questions.
WHO, WHAT AND WHICH?
What are personal data? And what does processing of personal data involve?
Personal data means all types of information which can be attributed directly or indirectly to a living natural person. For example, images or photographs that are processed on computers might be personal data even if no names are given. Encrypted information and different types of electronic identities (e.g. IP addresses) constitute personal data if they can be connected to natural persons.
Processing is the only thing that happens to personal data. Every action taken with personal data constitutes processing, regardless of whether it is carried out as an automated process or not. Examples of common forms of processing are collection, registration, organisation, structuring, handling, transmission and erasure.
IP-ADDRESS
An IP address is a unique sequence of numbers which identifies computers on a network such that an IP address can be easily used to locate a device or origin of an internet message.
Source: ip.nu
Who is responsible for the personal data we collect?
SKEDVI BRÖD, org.no. 556954-0569, address Landsvägen 38, 783 92 Stora Skedvi, is the controller responsible for the company’s processing of personal data.
What personal data do we collect about you as a costumer, and why?
Below, we describe the different purposes we collect personal data for, the processing we carry out and what categories of data are collected, as well as the legal basis for such and the retention period we have.
1 Why:
To be able to process a booking/purchase
Processing:
Delivery (including notification and contact regarding delivery). Handling of payment (including analysis of possible payment options, which may include running checks against payment history and collecting credit information).
Personal data:
Name.
Contact details (e.g. address, e-mail and telephone number).
Payment history. Payment information. Purchase information (e.g. which items have been ordered or whether items are to be delivered to a different address).
LEGAL BASIS: Performance of purchase contract. We must collect these personal data so that we can fulfil our obligations according to the purchase contract. If data are not provided, the obligation cannot be fulfilled and we will be forced to cancel your purchase. | ||
RETENTION PERIOD: Until your purchase is complete (including delivery and payment) and for a period of 5 years thereafter for the purposes of being able to handle any complaints or warranty issues, and to give recurring offers. |
2 Why:
To be able to fulfil the company’s legal obligations.
Processing:
Necessary in order to fulfil the company’s legal obligations according to the law, a court judgement or a decision of a public authority (e.g. Swedish Accounting Act (Bokföringslagen), Swedish Money-Laundering Act (Penningtvättslagen) or regulations on product liability and product safety, which may require us to communicate with and provide information to the general public and customers regarding product warnings and product recalls, e.g. in case of a defect or a hazardous product).
Personal data:
Name.
Contact details (e.g. address, e-mail and telephone number).
Payment history. Payment information. Purchase information (e.g. time, place and any errors/complaints).
Your correspondence.
LEGAL BASIS: Legal obligation. We are required by law to collect this personal data from you. If data are not provided, our legal obligation cannot be fulfilled and we will be forced to cancel your purchase. | ||
RETENTION PERIOD: Until your purchase is complete (including delivery and payment) and for a period of 7 years thereafter for the purposes of being able to handle any complaints or warranty issues, and to give recurring offers. |
3 Why:
To be able to handle customer service issues.
Processing:
Communication and answering any questions sent to customer service (by phone or digital channels, including social media). Identification.
Investigation of any complaints and support issues (including technical support).
Personal data:
Name.
Personal ID no. (personnummer).
Contact details (e.g. address, e-mail and telephone number).
Your correspondence.
Purchase information (e.g. time, place and any errors/complaints). Technical device information. Health data (e.g. allergies, health conditions which you suffer from).
LEGAL BASIS: Legal obligation. We are required by law to collect this personal data from you. If data are not provided, our legal obligation cannot be fulfilled and we will be forced to cancel your purchase. | ||
RETENTION PERIOD: Until your purchase is complete (including delivery and payment) and for a period of 7 years thereafter for the purposes of being able to handle any complaints or warranty issues, and to give recurring offers. |
4 Why:
To be able to process bookings of services.
Processing:
Receipt of bookings, re-bookings and cancellations. Sending booking confirmations.
Communication regarding the booking.
Personal data:
Name.
Contact details (e-mail and telephone number).
Any notes you yourself choose to provide.
LEGAL BASIS: Legitimate interest. Processing is necessary in order to protect our and your legitimate interest in handling the customer service issue. | ||
RETENTION PERIOD: Until the customer service issue has been resolved and for a period of 5 years thereafter for the purposes of being able to handle any complaints or warranty issues, and to give recurring offers. |
5 Why:
To be able to carry out and handle participation in competitions and/or events.
Processing:
Communication before and after participation in a competition or event (e.g. confirmation of registration, questions or judging).
Identification and verification of age. Choosing winners and awarding any prizes (e.g. cash prizes or travel bookings).
Personal data:
Name.
Personal ID no. (personnummer) or age.
Contact details (e.g. address, e-mail and telephone number).
Information submitted during a competition or judging of an event.
LEGAL BASIS: Performance of service agreement. We must collect these personal data so that we can fulfil our obligations according to the service agreement. If data are not provided, the obligation cannot be fulfilled and we will be forced to cancel the service. | ||
RETENTION PERIOD: Until the service has been rendered and for a period of 7 years thereafter for the purposes of being able to handle any complaints or warranty issues, and to give recurring offers. |
6 Why:
To be able to prohibit misuse of a service, or to prohibit, prevent or investigate offences committed against the company.
Processing:
Prevention and investigation of any fraud or other breaches of law (e.g. incident reporting in the system). Prevention of spam, phishing, harassment, unlawful attempts to log in to user accounts or other actions which are prohibited by law or our terms and conditions of purchase.
Protection and improvement of our IT environment with respect to attacks
Personal data:
Name.
Personal ID no. (personnummer) or age. Contact details (e.g. address, e-mail and telephone number).
Purchase and user-generated data (e.g. click history and visit history).
Technical data relating to devices that are used and their settings (e.g. language settings, IP address, web browser settings, time zone, operating system, screen resolution and platform).
Information on how our digital services are used. a
LEGAL BASIS: Legitimate interest. Processing is necessary in order to protect our and your legitimate interest in handling your participation in competitions and/or events. | ||
RETENTION PERIOD: During the competition/event (including any judging) and for a period of one year thereafter for the purpose of being able to handle any offers. |
7 Why:
To be able to handle your benefits and loyalty offerings.
Processing:
Creating your personal offers, personalised news, product recommendations, inspiration and event invites. Analysing the data we collect for this purpose.
For example, we look at your age, gender, place of residence, stated preferences (regarding products and communication channels) and results of customer satisfaction or market surveys. Analysing the data we collect for this purpose. Based on the data we collect (e.g. age, gender and stated preferences), we conduct an analysis at an individual level which may result in you being assigned to a customer group (so-called customer segment). Insights from this analysis are used as a basis for your personal offers and personalised benefits etc.
Personal data:
Name.
Age. Gender.
Contact details (e.g. address, e-mail and telephone number).
Place of residence.
Stated customer preference regarding products and services.
LEGAL BASIS: Fulfilment of legal obligation (where such exists), or legitimate interest. If no legal obligation exists, processing is necessary in order to protect our legitimate interests in prohibiting misuse of a service, or to prohibit, prevent and investigate offences committed against the company. | ||
RETENTION PERIOD: From time of collection and for a period of 5 years thereafter. |
8 Why:
To be able to evaluate, develop and improve our products, services and system for our
Processing:
Adapting services to be more user-friendly (e.g. modifying the user interface to simplify the flow of information or highlight functions that are used frequently).
Producing documentation for developing and improving our product range and documentation for developing and improving
Personal data:
Age.
Gender.
Place of residence.
Correspondence and feedback (regarding our products and services.)
LEGAL BASIS: Legitimate interest. Processing is necessary in order to protect our and our customers’ legitimate interest in evaluating, developing and improving our products, services and system. | ||
RETENTION PERIOD: From time of collection and for a period of 5 years thereafter. |
Who might we share your personal data with?Processor:
In the event that such is necessary for us to be able to offer our services, we share your personal data with companies that act as so-called data processors for us. A processor is a company which processes information on our behalf and according to our instructions. We have processors who help us with:
- Payment solutions (credit card processing companies, banks and other payment
service providers). - Marketing (printing and distribution, social media, media agencies or advertising agencies).
- IT services (companies which take care of the necessary operation, technical
support and maintenance of our IT solutions).
When your personal data are shared with processors, this is done solely for purposes that are compatible with the purposes for which we collected information (i.e. to be able to fulfil our obligations according to the purchase agreement or the loyalty programme’s terms and conditions of membership). We verify all processors in order to ensure that they can provide sufficient guarantees regarding security and confidentiality of personal data. We have written agreements in place with all processors, in which they guarantee the security of the personal data being processed and undertake to comply with our security requirements and restrictions and requirements regarding international transmissions of personal data.Where do we process your personal data?We strive to always process your personal data within the EU/EEA and for all of our own IT systems to be located within the EU/EEA. However, in case of system support and maintenance, we may be forced to send information to a country outside of the EU/EEA, e.g. if we share your personal data with a processor who, either themselves or via a sub-contractor, is established or stores information in a country outside of the EU/EEA. In such case, the processor may only have access to the information that is relevant for the purpose (e.g. logfiles).Regardless of which country your personal data are processed in, we take all reasonable legal, technical and organisational measure to ensure that the level of security is the same as within the EU/EEA. In the event that personal data are processed outside of the EU/EEA, the level of protection is guaranteed either by an adequacy decision from the EU Commission regarding whether the country in question provides an adequate level of protection, or by applying so-called appropriate protective measures.What rights do you have as a data subject?
Right of access to so-called register extractsWe are always open and transparent with how we process your personal data and in the event that you would like a deeper insight into what personal data we process about you specifically, you can request access to these data (information is provided in the form of a register extract indicating purpose, categories of personal data, categories of recipient,
retention periods, information on where the information has been collected from and the use of automated decision-making).
Remember that in the event that we receive a request for access, we may ask for further information in order to ensure effective handling of your request and to ensure that information is being provided to the right person.
Right to rectification
You can request that your personal data be rectified if the data are incorrect. Within the scope of the purpose indicated, you also have the right to supplement any incomplete personal data.
Right to restriction of processing
You have the right to request that our processing of your personal data be restricted. If you are contesting the correctness of the personal data we are processing, you may request restriction of processing for such time as we require to verify to what extent the personal data are correct or incorrect. If we no longer require the personal data for specific purposes but you, on the other hand, do require your data to be able to establish, exercise or defend legal claims, you may request that we restrict our data processing. This means that you may request that we do not erase your data. If you have objected to a balancing of the legitimate interest we have established as our legal basis for a purpose, you may request restriction of processing for such time as we require to verify to what extent our legitimate interests outweigh your interests in having your data erased.If processing has been restricted according to any of the situations above, we may only process data, besides storage of the data themselves, in order to establish, exercise or defend legal claims, to protect the rights of others, or in the event that you have provided your consent.
Right to erasure
You can request erasure of the personal data we process about you if:
— The data are no longer required for the purposes for which they were collected or processed.
— You object to a balancing of interests we have undertaken based on a legitimate
interest and your grounds for objection outweigh our legitimate interest.
— You object to processing for direct marketing purposes.
— The personal data are being processed in an unlawful manner.
— The personal data must be erased in order to fulfil a legal obligation which we are subject to.
— Personal data have been collected about a child (under 13 years of age) who you are the legal guardian of and these data were collected in connection with offering information society services (e.g. social media).Remember that we may be entitled to deny your request in the event that legal obligations prohibit us from immediately erasing certain personal data. These obligations arise from accounting and tax legislation, banking and money-laundering legislation, and also consumer rights legislation.It may also happen that the processing is necessary in order that we can establish, exercise or defend legal claims. If we are prevented from granting your request for erasure, we will instead block your personal data from being used for purposes other than the purpose that is preventing the requested erasure.
Right to data portability
If our right to process your personal information is based either on your consent or on the performance of a contract with you, you have the right to request to have the data that relate to you and that you have provided to us transferred to another controller (so-called data portability). Data portability requires that this transfer is technically feasible, and it may be automated.
Right to object to certain types of processing
You always have the right to opt out of direct marketing and to object to all processing of personal data that is based on a balancing of interests.
Legitimate interest In the event that we use a balancing of interests as legal grounds for a purpose, you have the option of objecting to the processing. To be able to continue to process your personal data after such an objection, we must be able to demonstrate compelling legitimate grounds for the processing in question that outweigh your interests, rights or freedoms. Failing this, we may only process the data in order to establish, exercise or defend legal claims.
Direct marketing (including analyses performed for the purposes of direct marketing). You have the option of objecting to your personal data being processed for direct marketing. Your objection also covers analyses of personal data (so-called profiling) that is performed for direct marketing purposes. Direct marketing means all types of marketing outreach activities (e.g. by post, e-mail and text message).Marketing activities where you as a customer have actively chosen to use one of our services or otherwise sought us out in order to learn more about our services do not constitute direct marketing (e.g. product recommendations or other functions and offers on My Page).If you object to direct marketing, we will stop processing your personal data for this purpose, and will equally cease all types of direct marketing activities. Remember that you always have the option of determining which channels we use for mailers and personal offers.How are your personal data protected?We use IT systems to protect the confidentiality and integrity of and access to personal data. We have taken special security measures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage).
Only those persons who actually need to process your personal data in order that we can fulfil our specified purposes have access to your data.What does it mean that the Swedish authority for privacy protection
(datainspektionen) is the supervisory authority?The Swedish Authority for Privacy Protection is responsible for monitoring application of the law and ensures that a person who believes a company is handling personal data in an incorrect manner can lodge a claim with the Authority for Privacy Protection.What is the easiest way to contact us if you have questions about data
protection?Because we take data protection very seriously, we have prioritised it as an issue. If you have questions regarding data protection, you can always contact us at info@skedvibrod.se. We may amend our Privacy Policy. The latest version of our Privacy Policy can always be found here on our website.Privacy policy updated latest 2022-05-05