Privacy policy
Version 1.3
1. Introduction
This privacy policy (the "Policy") describes how Convini Sverige AB, org. no. 556167-3665 ("we", "our" and "us"), with address Box 1072, 171 22 SOLNA, processes personal data.
We care about your personal integrity and want you to feel safe with the processing of your personal data. In this Policy, we have therefore gathered information about how we process the personal data that you have provided to us in connection with your use of our services and the personal data we have otherwise gained access to. When you use our services, we process your personal data as a data controller. This means that we have an obligation to ensure that the processing takes place in accordance with this Policy and the personal data legislation in force at any given time.
The Policy describes the categories of personal data that we process, the purposes for which we process the data and the legal basis for the processing. We also explain how the data has been obtained, who can access and process it, the principles for deletion, which third parties we may share the personal data with, where the personal data is processed and your rights as a data subject in the form of the right to information, correction and deletion, etc. We ask you to carefully read the Policy and familiarize yourself with the content as it is applied in all our processing of personal data.
From time to time, we may need to update or change the Policy. The latest version of the Policy can always be found on our website. We hope that this Policy answers your questions about our processing and protection of your personal data. If you have any further questions or concerns, you are always welcome to contact us through dataskydd@convini.se.
2. How we process your personal data
This section describes the categories of personal data we process, the purposes for which we process them, the processing operations carried out, the legal basis on which the processing is based, and the period for which the data is retained.
2.1 Where do we collect personal data from?
We process personal data that you provide to us when you e.g. create a user account with us, initiate a customer service case or sign up for our newsletter.
We also process personal data that we obtain from our service provider (a so-called third party) when you register as a customer with us, personal data we receive from the Swedish Tax Agency's SPAR registry and personal data generated when you use our services online, such as your IP address and browser settings, etc.
2.2 What personal data do we process and why?
A. To manage user accounts
| Purpose | Data processing activities | Categories of personal data |
| To be able to create and administer user accounts, including, inter alia, to provide authorization to log in to your user account and offer you features that facilitate your use of our services and purchase of goods. | The collection and storage of personal data in our business systems, backup systems and other online storage spaces. |
- Name, address, phone number. - Social security number. - E-mail address. - Customer type (private individual/company) - Passwords. - User account creation date |
| Legal basis: For active customers: the processing is necessary for the fulfillment of a contract for the purchase of goods from us. For non-active customers: The processing is based on our legitimate interest in administering user accounts and providing our services. | ||
| Storage time: We store your personal data as long as the account is active with us in order to fulfill our agreement to allow you to make new purchases. If the account is terminated, the user account and your data will be anonymized or deleted within 90 days of your request or when your purchases have been paid in full. The account will automatically be terminated in case of being inactive for 18 months. | ||
B. To manage purchases, etc.
| Purpose | Data processing activities | Categories of personal data |
|
- To be able to manage your purchases. - To handle your complaints, claims and warranty issues regarding purchased goods. - In order to perform invoicing. - To manage your product requests. - To ensure our operational security and our ability to restore the system and data. |
- Collection and storage of personal data in our business systems, backup systems and other online storage facilities. - Sending purchase statements, notification of payments and communications in connection with the use of our services. |
- Name. - Convini card number (if applicable). - Social security number. - Contact details (such as address, email address and telephone number). - Customer type (private individual/company). - Payment, purchase and transaction details. |
| Legal basis: The processing is necessary for the fulfillment of contracts for the purchase of goods from us. | ||
| Storage time: We store your personal data as long as the account is active with us in order to fulfill our agreement to allow you to make new purchases. If the account is terminated, the user account and your data will be anonymized or deleted within 90 days of your request or when your purchases have been paid in full. The account will automatically be terminated in case of being inactive for 18 months. | ||
C. To handle customer service requests, etc.
| Purpose | Data processing activities | Categories of personal data |
|
- To be able to communicate with you and answer the questions you ask us via email, phone, chat function or Facebook. - To be able to verify your identity. - To be able to correct purchases by Convini card number or social security number. - To be able to handle your complaints and warranty cases regarding purchased goods. |
- Collection and storage of personal data in our operational systems, backup systems and other online storage spaces. |
- Name. – Convini card number. (e.g. for support in case of login problems). - Social security number. - Contact details (such as address, email address and phone number). - Purchase history. - Customer type (private individual/company) - Photographs sent by you to customer service. - Your correspondence with us - Health data, if provided by you and if necessary to handle your customer service case. This may include, for example, information about an allergic reaction and/or health condition. This data is provided by you in the context of the customer service case. |
| Legal basis: The processing is based on our legitimate interest to help you if you have questions or complaints about purchased goods or problems with the use of our services. | ||
| Storage time: We store your personal data as long as the account is active with us in order to fulfill our agreement to allow you to make new purchases. If the account is terminated, the user account and your data will be anonymized or deleted within 90 days of your request or when your purchases have been paid in full. The account will automatically be terminated in case of being inactive for 18 months. | ||
D. To promote our products and services, etc.
| Purpose | Data processing activities | Categories of personal data |
|
- To send direct marketing (such as newsletters) by post, email, SMS, social media or other similar electronic communication channels. - To carry out targeted marketing campaigns (such as personalized offers, benefits or gifts). - To analyze your purchasing history in order to provide you with relevant information and marketing. |
- Collection and storage of the personal data provided in our operational systems, backup systems and other online storage facilities. - Transfer of data to third party providers for purposes such as direct marketing mailings and targeted marketing campaigns. |
- Name, address, phone number. - E-mail address. - Gender. - Date of birth. - Purchase and transaction history |
| Legal basis: Our legitimate interest in being able to market our products and services and conduct customer surveys. | ||
| Storage time: For active customers: We store your personal data for marketing purposes for the duration of the customer relationship or until you request the termination of the marketing, but only as long as the account is active. We store your personal data for marketing purposes until you request the termination of the marketing. | ||
Please note that as a customer you always have the right to opt-out of having your data used for direct marketing purposes. We store your personal data for marketing purposes until you request the termination of the marketing.
E. To evaluate, develop and improve our services, etc.
| Purpose | Data processing activities | Categories of personal data |
|
- To evaluate the use of, develop and improve our services and our website. - To conduct customer surveys. |
- Analysis, in aggregated form, of the technical information provided when visiting the website, e.g. how our customers use our web pages and other digital channels (e.g. which pages or parts of pages have been visited, how visitors reach and leave the service and which searches visitors have made on our pages). - Transfer of data to third party providers for the purpose of conducting customer surveys. |
- Technical information relating to devices used when visiting our website (e.g. IP address) and statistics on how you have interacted with us, i.e. how you have used our website. - Results of customer or market research including individual customer feedback. - Email address (for conducting customer surveys). |
| Legal basis: The processing is based on our legitimate interest in being able to evaluate the use of and improve our services and website. | ||
| Storage time: The technical information on how visitors interact on our website is stored for a maximum of ninety (90) days from the visit. | ||
2.3 Processing of social security numbers
When we process the social security number without your consent, this will only be done when it is clearly justified by the purpose, the importance of secure identification or any other significant reason.
2.4 Direct marketing
We may use your personal data for direct marketing by electronic means if you have previously made a purchase from us or if you have consented to such marketing. Direct marketing refers to all types of outreach marketing activities, such as sending emails and text messages. You have the right to object, free of charge, to the use of your data for such purposes and every communication from us for marketing purposes contains an opt-out option. If you choose to unsubscribe from further mailings, we will make a note in our business systems to stop directing marketing to you.
3. The protection of your personal data
We have implemented a number of security measures to ensure that our processing of personal data is secure and to protect the personal data we process against unauthorized access, unauthorized processing and misuse. For example, access to the systems in which personal data is stored is limited to our employees and service providers who need to access the data in the context of their duties. They are also informed of the importance of maintaining the security of the personal data. We also continuously monitor our systems to detect vulnerabilities and to protect your personal data.
4. With whom may we share your personal data?
FTo enable us to provide our services and conduct marketing activities, we share your personal data with third parties. For this purpose, the following applies.
a) Service providers that we use in certain parts of our business, including the processing of personal data; We share personal data with these providers mainly for IT operational services (such as data storage, support, maintenance and development), payment services and marketing services such as conducting customer surveys and administering marketing mailings.
b) Information service providers and partners; We share personal data with these providers and partners in order to deliver your purchased goods.
c) IT security providers; We share personal data with IT security providers when this is necessary by law, to protect you or our customers and partners or to protect our services.
d) Government authorities (such as the police, the Swedish Tax Agency and other authorities); We share personal data with authorities if we are required to do so by law or in case of suspicion of a crime.
Most of the third parties with whom we share personal data as described above are, in relation to us, so-called data processors. They may only process the transferred data on our behalf and in accordance with our explicit instructions. We only transfer your personal data to such data processors for purposes that are compatible with the purposes for which we have collected the data, and we ensure through written agreements with the data processors that they undertake to comply with our security requirements and restrictions as well as requirements regarding the international transfer of personal data.
Authorities and companies to which we transfer personal data as described above may be independent controllers of the transferred data. When your personal data is transferred to someone who is an independent data controller, we do not control how the data is then processed, but the responsibility for this then falls on the authority or company to which the transfer has been made, which means, among other things, that the authority or company is obliged to inform you about its processing of your personal data and to ensure that the processing is legal.
5. Where we process your personal data
We aim to always process your personal data within the EU/EEA where all our own IT systems are located. However, it may happen that your personal data is shared with data processors who either themselves or through subcontractors are established or store information in a country outside the EU/EEA. In such cases, we will take all reasonable legal, organizational and technical measures necessary to ensure that the level of protection for that processing is equivalent to that within the EU/EEA.
6. Your rights as a data subject
This section describes your rights as a data subject. You can always enforce these rights by contacting dataskydd@convini.se.
6.1 Right of access
If you wish to receive information about what personal data we process about you, you can request access to the data. The information will then be provided in the form of a register extract indicating what personal data we process, for what purposes we process them, where the data has been obtained from, which third parties the data has been transferred to and how long the data will be stored. If your request is made in electronic form, the information will be provided in a commonly used electronic format, unless you request otherwise.
6.2 Right to rectification
You have the right to have inaccurate data concerning you rectified without delay. You also have the right to have incomplete data completed.
6.3 Right of deletion
You have the right to have your personal data erased without delay if any of the following occurs:
a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
b) you withdraw your consent for processing based on consent and there is no other legal basis for the processing;
c) you object to processing based on a legitimate interest and your reason for objecting outweighs our legitimate interest;
d) the personal data has been processed unlawfully;
e) the personal data must be erased in order to comply with a legal obligation.
6.4 Right to restriction of processing
You have the right to request that the processing of your personal data be restricted if any of the following options apply:
a) you contest the accuracy of the personal data for a period that allows us to verify the accuracy of the data; or
b) the processing is unlawful and you oppose the erasure of the data and request a restriction of their use instead; or
c) we no longer need the personal data for the purposes of the processing but you need them for the establishment, exercise or defense of legal claims;
d) you have objected to processing based on a balance of interests and we check whether our legitimate interests outweigh your legitimate interests.
Where processing has been restricted in accordance with this paragraph, personal data subject to restriction of processing, with the exception of storage, shall only be processed for the establishment, exercise or defence of legal claims or for the protection of the rights of third parties or for reasons of substantial public interest of the EU or of an EU Member State.
6.5 Right to object to the processing of personal data for direct marketing purposes
You also have the right to object to the processing of your personal data for direct marketing purposes. This right to object also covers the analysis of personal data (so-called profiling) carried out for direct marketing purposes.
6.6 Right to data portability
Where our processing of personal data is based on your consent or fulfillment of a contract, you have the right to request that the data that you have provided to us be transferred to another data controller. However, a prerequisite for this is that the transfer is technically possible and that it can be transferred in an automated manner.
6.7 Withdrawal of consent
In cases where our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. Such withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal. If you withdraw your consent, we will no longer process the personal data based on the consent, unless we are legally obliged to continue processing them. Should our legal obligations prevent us from erasing your data, we will instead mark it so that it is no longer actively used in our systems. You can send an email to dataskydd@convini.se at any time to withdraw your consent. We will respond to your request promptly.
6.8 The right to file a complaint
If you believe that we process your personal data incorrectly, you can, in addition to contacting us, file a complaint with the Swedish Data Protection Authority, see www.datainspektionen.se.
7. The use of cookies
On our website we use cookies to improve your website search, our services and our website. A cookie is a text file sent from our web server and stored on your browser or device. We also use cookies for general analytical information regarding your use of our website and to save functional settings. You have the option of changing the settings in your browser for the use and scope of cookies. Examples of such adjustments include blocking all cookies or deleting cookies when you close your browser.
Read more about our use of cookies in our cookie policy.