Data controller (“We”)
Personal information we process
When you visit and browse the Site, we automatically collect data about:
- Your device, your web browser, IP address, time zone, and some of the cookies that are installed on your device.
- Additionally, we collect data about the individual web pages or products that you view, what websites or search terms referred you to the Site, and data about how you interact with the Site. We refer to this automatically-collected information as “Device Data”, and we collect it using the following technologies:
“Cookies” are data files that are stored by your internet browser or your computer, and which often include an anonymous unique identifier. The web pages you browse are then able to recognize some information contained in the cookies stored by your browser. While some cookies are necessary to ensure proper communication with the website (for example to store items in your shopping cart), some cookies may also contain anonymous analytical information about your browsing to display content relevant to you, and may be stored for a longer period of time. For more information about cookies, and how to disable them, visit allaboutcookies.org.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
In addition to Device Data, when you make a purchase or attempt to make a purchase through the Site, we need to collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers and bank details), email address, and a phone number. We are unable to fulfill your order, and you cannot enter into a purchasing agreement with us without providing us with this information. We refer to this information as “Order Data”.
How we process your personal information
By default, we only process the minimal amount of personal data necessary to operate our business properly. We do not collect any sensitive personal data such as data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. Your personal data may be processed either:
by you giving us consent to the processing of your data
to enable performance of a contract between us and you
where the processing is necessary for our legitimate business interests (such as for example the development of our business, providing information about our business to potential customers, identifying fraudulent claims, or the improvement of the customer experience on the Site)
For what purpose do we process your personal data?
We use the non-directly identifiable Device Data to screen for potential risk and fraud (particularly your IP address), and more generally to improve and optimize our Site (for example, by analyzing how our customers browse and interact with the Site, or to assess the success of our marketing and advertising campaigns). Additionally, we use the Device Data that we collect for advertising and retargeting, in order to optimize the user experience on the Site.
We use the Order Data that we collect generally to fulfill any orders placed through the Site (including processing your payment data, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Data to:
communicate with you
screen our orders for potential risk or fraud
when in line with the preferences you have shared with us, provide you with data or advertising relating to our products or services.
Sharing your personal information
We share your Personal Data with third parties to make sure that we can sell our products properly, and that shopping is a comfortable experience for you. We use Shopify to power our online store—you can read more about how Shopify uses your Personal Data here: shopify.com/legal/privacy.
We use Klaviyo to maintain subscriptions to our newsletters – you can read more about how Klaviyo uses your data here: https://www.klaviyo.com/legal/privacy-policy.
We also use Google Analytics to help us understand how our customers use the Site — you can read more about how Google uses your Personal Data here: google.com/intl/en/policies/privacy and you can also opt out of Google Analytics here: tools.google.com/dlpage/gaoptout.
In order to process payments, we need to share some of your personal data with our payment solutions providers, such as PayPal and Braintree. Furthermore, we share your personal data with our logistics and warehouse operators to ensure the proper delivery of the products ordered.
Finally, we may also share your Personal Data to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful requests for data we receive, or to otherwise protect our rights.
Transfer of data to a third country
While all of our servers are hosted within the EU, due to the nature of the services we are using to power our site, your personal data may be transferred outside of the EU - namely to Canada and into the US.
Behavioral advertising and opt-out links
As described above, we may use your Personal Data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising/communication by using the links below:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: optout.aboutads.info.
Managing your cookies
After you give us consent to store cookies on your device, this information will be stored for when you browse the Site next time.
You can withdraw this consent at any time by deleting cookies for each of the browsers, that you use (such as Google Chrome, Mozilla Firefox, Safari, Internet Explorer, or Microsoft Edge).
Do not track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you additionally have the following rights:
The right to access the personal data we hold about you
The right to receive your data in a portable and structured format. Please note, that we may apply a reasonable fee for any copies of your data after the first one that we provide you with
The right to have your data kept accurate and have it corrected on request
The right to have your data erased, in cases where it is no longer necessary for the purpose for which we collected it, or if you believe we have collected it unlawfully. You might also have your data erased in cases when you gave your consent for its processing, and you withdraw such consent, or if you use your right to object (see further). Please note, that in some situations we might not be able to erase your data because of legal regulations which require us to keep copies of it. We will notify you about such rules at the time of your request.
The right to have processing restricted (apart from storage), in cases where for example you request a correction of the data
The right to object to processing, if it is carried out based on our legitimate interest (for example in cases of direct marketing)
The right to withdraw consent at any time, when the processing is based on you giving us consent to process your personal data
The right to lodge a complaint with the relevant supervisory authority. The Swedish Data Protection Authority (DPA) / Datainspektionen is available for contact at datainspektionen.se/in-english/contact-us. However, we would appreciate if you contacted us beforehand to see if we can help you resolve your concerns as well.
In cases where we don’t have the data directly from you, the right to know where the personal data has been collected from.
We will communicate any requests to correct or erase personal data to each of the third parties we have shared it with, and you have the right to be informed about these third parties, should you request it. You may exercise all the above-mentioned rights by writing to us on the contact information below, and we will do our best to reply to you without any unnecessary delay, however at the latest within one month from such request.
Automated decision making
In general, we do not carry out automated decision-making, including profiling, that produces legal effects with regard to you. We do, however, need to automatically modify some aspects of our offers (such as the VAT, for example) based on your location, in order to comply with laws in different countries.
We will maintain your Order Information only for as long as it is necessary to comply with legal obligations in the respective countries. We will maintain other types of data unless or until you ask us to delete it.
In case of a data breach, we inform the necessary authority without unnecessary delay, at the latest within 72 hours of becoming aware of it, as well as to you in case such breach could result in a high risk to your rights and freedoms. We will also document and maintain records of any such breach.
The Site is not intended for individuals under the age of 18, and we do not knowingly process their personal data.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, or unsubscribe from any of our services please contact us by e-mail at firstname.lastname@example.org or by mail using the details provided below:
Privacy Compliance Officer
Hem Design Studio
111 23 Stockholm