Privacy Policy
1. Introduction
Spagat AB (org.no 559275-7073) cares about your personal privacy and always strives for a high level of data protection. This privacy policy explains how we collect and use personal data. It also describes your rights and how to exercise them.
Important to know:
- Personal data is any information that can directly or indirectly be linked to a living person.
- Processing of personal data is anything done with personal data, such as collection, storage, modification, sharing, and deletion.
2. Data Controller
Spagat AB is the data controller for the processing of your personal data and is responsible for ensuring that processing occurs in accordance with applicable data protection legislation.
Contact information:
Spagat AB
Ekbacksvägen 22
168 69 Bromma
Email: info@spagat.eu
3. When and Why We Process Your Personal Data
| Purpose | Personal Data Processed | Legal Basis | Storage Period |
|---|---|---|---|
| Handle orders and deliveries | Name, address, email, phone number, order information | Performance of contract | 36 months after last purchase |
| Accounting | Name, address, purchase history, payment information | Legal obligation (accounting act) | 7 years |
| Customer service and support | Name, contact details, case history | Legitimate interest | 12 months after case closure |
| Marketing | Name, email, purchase history | Consent/Legitimate interest for existing customers | Until consent is withdrawn |
Specifically About Legitimate Interest
When we use legitimate interest as legal basis, we have conducted a balancing test where we have assessed that our interest in processing the data outweighs your privacy protection interest. This applies, for example, to customer service where we need to be able to help you with your cases.
4. Sharing of Personal Data
4.1 Categories of Recipients
- Payment service providers: Svea, Bankgiro, Swish
- Transport companies: PostNord, Instabox, Schenker, DHL, UPS, FedEx and other countries’ equivalents
- IT services: Mailchimp (newsletter), Google Analytics, Google Ads, Microsoft Ads
4.2 Transfer to Countries Outside EU/EEA
Some of our suppliers, such as Mailchimp and Google, process data outside the EU/EEA. Such transfer occurs with support of EU Commission’s standard contractual clauses and other appropriate safeguards according to GDPR.
5. Your Rights
As a data subject, you have the following rights:
- Right to information – You have the right to know how we process your personal data.
- Right of access – You can request an extract of what data we have about you.
- Right to rectification – You can request that we correct incorrect data about you.
- Right to erasure – You have the right to have your data erased under certain conditions, for example if the data is no longer needed for the purpose.
- Right to restriction – You have the right to request that the processing of your personal data be restricted.
- Right to data portability – You have the right to receive your personal data in a structured format and have it transferred to another controller.
- Right to object – You have the right to object to processing based on legitimate interest.
To exercise your rights, contact us at info@spagat.eu. We will respond to your request without undue delay, at the latest within one month.
Complaints to Supervisory Authority
If you believe our processing of your personal data violates the data protection regulation, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
6. Security
We implement appropriate technical and organizational security measures to protect your personal data:
- SSL/TLS encryption for all data transfer
- Access control and password protection
- Regular backups
- Continuous monitoring of our systems
In Case of Personal Data Breach
If a personal data breach occurs that poses risks to your rights and freedoms, we will report the incident to the Swedish Authority for Privacy Protection within 72 hours. If the incident poses a high risk, we will also inform you directly.
7. Cookies and Analytics Tools
We use cookies and similar technologies to improve your experience on our website. For detailed information, see our separate cookie policy.
Analytics Tools We Use:
- Google Analytics – for visitor statistics
- Google Ads – for marketing
- Microsoft Ads – for marketing
- Google Tag Manager – for tracking code management
You can control the use of cookies through your browser settings. Note that some basic functions on the website may be affected if you choose to block cookies.
8. Changes to the Privacy Policy
We may update this privacy policy. The latest version is always available on our website. For significant changes, we will inform you via email or through a notice on our website before the changes take effect.
Last updated: 2024-11-08