Privacy Policy

1. Introduction

This privacy policy ("Policy") describes how Stella & Zoe, company number 891020-xxxx ("we", "our" and "us"), with address Diklekärrsvägen 4 in Gothenburg, processes personal data.

We protect your personal integrity and are concerned that you should feel safe with our processing of your personal data. In this Policy, we have therefore collected information about how we process the personal data you provided to us in connection with your use of our services and the personal data we otherwise gained access to. Regardless of whether you as a customer have used our services in Sweden, Norway or Finland, we are the ones who process your personal data in the capacity of data controller. This means that we have an obligation to ensure that the processing takes place in accordance with this Policy and at any time applicable personal data legislation.

The Policy describes which categories of personal data we process, for which purposes we process the data and on which legal basis we support the processing. We also explain where we have obtained the data, who can have access to and process it, the principles for thinning, which third parties we may share the personal data with, where the personal data is processed and your rights as a registered person in the form of the right to information, correction and deletion, etc. We ask you to read the Policy carefully and familiarize yourself with its content, as it is applied in all our processing of personal data.

It may be useful for you to consider that this Policy only applies to our website and mobile application, which means that when you are linked from our website or mobile application to another website, the privacy policy of the other website applies. We therefore take no responsibility for other websites' processing of your personal data.

It may happen that we sometimes need to update or change the Policy. If this happens, we will inform you in an appropriate way and ask you to take note of the changes made. You can always find the latest version of the Policy on our website.

We hope that the Policy answers your questions regarding our processing of and the protection of your personal data. If you have further questions or concerns, you are always welcome to contact us at the address above or via info@stella-zoe.com

2. How we process your personal data

This section describes which categories of personal data we process, for which purposes we process them, which processing is carried out, on which legal basis we support the processing and for which time the data is stored.

2.1 From where do we collect personal data?

We process personal data that you provide to us when you e.g. create a user account with us, purchase goods via our website, initiate a customer service case or sign up for our newsletter.

We also process personal data that we obtain from our payment service provider (a so-called third party) in connection with your making a purchase with us, personal data that we receive from public registers and personal data that is generated when you use our services online or via our mobile application, such as your IP address and browser settings etc

2.2 What personal data do we process and why?

A. To administer user accounts

Purpose

- To be able to create and administer user accounts, including among other things to grant authorization to log into your user account, offer you functions that make it easier for you to use our services (including placing orders and purchasing goods) and display your order history.

Treatments performed

- Collection and storage of personal data in our business systems, backup systems and other online storage spaces.

Categories of personal data

- User name.

– Email address.

– Customer type (private person/company).

- If applicable, name, telephone number and country.

- Password.

– User account creation date.

– Order information, e.g. information about ordered goods (such information is also processed when you place an order and are not logged in via your user account).

– Payment, purchase and order history.

Legal basis: For active customers: The processing is necessary for the fulfillment of contracts for the purchase of goods from us.

For non-active customers: Balance of interests. The processing is based on our legitimate interest in administering user accounts and providing our services.

Retention period: Three (3) years from the creation of the user account or your last purchase after which your user account will be terminated and your data de-identified or deleted. If your user account is terminated at your own initiative, your data will be de-identified or deleted within thirty (30) days of the request.

B. To handle orders/purchases etc

Purpose

- To be able to manage your orders/purchases (including sending order confirmations, notifying deliveries, delivering your ordered/purchased goods and managing contacts in connection with delayed deliveries).

- To be able to handle your complaints, claims and warranty matters regarding ordered/purchased goods.

- To be able to carry out invoicing.

- To be able to prevent abuse of our, our suppliers' or partners' services or to prevent, prevent and investigate crimes.

- To be able to establish your placed orders (by order number or social security number).

- To be able to ensure our operational security and our ability to restore the system.

Treatments performed

- Collection and storage of personal data in our business systems, backup systems and other online storage spaces.

- Sending order confirmations, notification of delivery and correspondence in connection with delayed delivery.

- Transfer of personal data to forwarders and transport companies.

Categories of personal data

- Name.

- User name.

– Social security number.

– Contact details (such as address, delivery address, email address, telephone number and port code).

- Order number.

– Order information, e.g. information about ordered goods.

– Customer type (private person/company).

– Payment, purchase and order history.

Legal basis: The processing is necessary for the fulfillment of contracts for the purchase of goods from us. In other cases, the processing is necessary for us to be able to fulfill a legal obligation or to satisfy our legitimate interest in being able to prevent abuse of our, our suppliers' or partners' services or to prevent, prevent and investigate crime, or so that we can otherwise be able protect legal interests.

Storage period: We store your personal data for as long as it is necessary for us to be able to fulfill our agreement with you, but no longer than three (3) years from your last purchase. If, in accordance with, for example, the Accounting Act, we are obliged to save the data for a longer period of time, we may do this, the data will then be saved for a maximum of seven (7) years after the end of the calendar year in which the financial year ended.

C. To handle customer service issues, etc

Purpose

- To be able to communicate with you and answer the questions you ask us via e-mail, phone, our chat function or Facebook.

- To be able to ensure your identity.

- To be able to prevent abuse of our, our suppliers' or partners' services or to prevent, prevent and investigate crimes.

- To be able to establish your placed orders (by order number or social security number).

- To be able to handle your complaints, claims and warranty matters regarding ordered/purchased goods.

Treatments performed

- Collection and storage of personal data in our business systems, backup systems and other online storage spaces.

Categories of personal data

- Name.

– Username and password (e.g. for support in case of login problems).

– Social security number.

– Contact details (such as address, email address and telephone number).

- Order number.

– Order history, e.g. information about ordered goods.

– Customer type (private person/company).

- Photographs that you sent to customer service.

- Your correspondence with us.

- Health data when you provide it to us and it is necessary to handle your customer service case. It can e.g. concern information about an allergic reaction and/or health condition. We never request health data from you, but only process such data if you have provided it to us on your own initiative.

Legal basis: The processing is based on our legitimate interest in helping you if you have questions or complaints about purchased goods or problems with the use of our services. In other cases, the processing is necessary to satisfy our legitimate interest in being able to prevent abuse of our, our suppliers' or partners' services or to prevent, prevent and investigate crime, or for us to otherwise be able to safeguard legal interests.

Storage period: We store your personal data only for as long as it is needed to handle your customer service case, but no longer than one (1) year from the time your case is closed. If the information is needed to be able to handle your complaints, claims and warranty matters regarding ordered/purchased goods, they may be saved for longer, however at most three (3) years from the purchase to which the information relates.

D. To market our products and services, etc

Purpose

- To be able to send direct marketing (such as newsletters) via post, email, SMS, social media or other similar electronic channels of communication.

– To be able to carry out targeted marketing campaigns (such as personalized offers, benefits or gifts).

- To be able to analyze your buying habits in order to provide you with relevant information and marketing.

Treatments performed

- Collection and storage of submitted personal data in our business systems, backup systems and other online storage spaces.

- Transfer of data to third-party providers for e.g. direct marketing mailings and targeted marketing campaigns.

Categories of personal data

- Name.

- Address.

– Email address.

– Mobile number.

- Gender.

- Date of birth.

- Name day.

– Purchase and order history.

– Search history

Legal basis: Balancing of interests. Our legitimate interest in being able to market our products and services and conduct customer surveys.

Storage period: For active customers: We store your personal data for marketing purposes as long as the customer relationship lasts or until you request that the marketing cease, but no longer than one (1) year after your last purchase.

For people who signed up to receive newsletters/marketing mailings: We store your personal data for marketing purposes until you request that the marketing cease.

Based on the information we collect about you and your purchases as well as other customers with similar purchasing behavior, we perform an analysis on an individual level. The analysis will form the basis of the targeted offers, for example within specific product categories, that you may receive. Different customers can therefore receive different benefits and offers, for example you who buy products with organic labeling can get extra offers on organic products.

Please note that you as a customer always have the right to object to your data being used for direct marketing purposes. For more information about your rights, see section 2.4 below.

E. To evaluate, develop and improve our services, etc

Purpose

- To be able to evaluate the use of, develop and improve our services and our website and mobile application.

- To be able to carry out customer surveys.

Treatments performed

- Analyzes in aggregated form of the technical information provided when visiting the website and mobile application, regarding e.g. how our customers use our websites, our mobile application and other digital channels (including which pages or parts of pages have been visited, how visitors reach and leave the service and which searches visitors have made on our pages and via our mobile application).

- Transfer of data to third-party providers for conducting customer surveys.

Categories of personal data

- Technical information regarding devices (e.g. mobile, computer or tablet) used when visiting our website and mobile application (e.g. IP address) and statistics on how you have interacted with us, i.e. how you have used our website and mobile application.

– Results from customer or market research including feedback from individual customers.

– Email address (for conducting customer surveys).

Legal basis: Balancing of interests. The processing is based on our legitimate interest in being able to evaluate the use of and improve our services and our website and our mobile application.

Storage time: The technical information about how visitors interact on our website and mobile application is stored for a maximum of ninety (90) days from the visit.

2.3 Direct Marketing

We may use your personal data for direct marketing via electronic means if you have previously shopped with us or if you have consented to such marketing. Direct marketing refers to all types of outreach marketing measures, e.g. dispatch via e-mail and SMS. You have the right to object free of charge to your data being used for such purposes, and every mailing from us for marketing purposes contains an option to deregister, so-called opt-out. If you choose to unsubscribe from further mailings, we will make a note in our business systems that we will cease to direct marketing to you.

3. The protection of your personal data

We have taken a number of security measures to ensure that our processing of personal data takes place in a secure manner and to protect the personal data we process against illegal access, unauthorized processing and abuse. For example. access to the systems in which the personal data is stored is limited to our employees and service providers who need to access the data within the scope of their duties. These are also informed about the importance of maintaining the security of the personal data. We also continuously monitor our systems to detect vulnerabilities and to protect your personal data.

4. Who can we share your personal data with?

In order for us to be able to offer our services and send out marketing, we share your personal data with third parties. For this, the following applies.

a) Service providers that we use in certain parts of the business, including the processing of personal data; We share personal data with these suppliers mainly for IT operational services (such as data storage, support, maintenance and development), communication services, and marketing services such as conducting customer surveys and administering marketing mailings.
b) Suppliers and partners in payment services, transport services, warehouse management, delivery planning and delivery information services; We share personal data with these suppliers and partners in order to be able to deliver your ordered/purchased goods, but also to prevent misuse of our, these suppliers' and partners' services or to prevent, prevent and investigate crime.
c) IT security providers; We share personal data with IT security providers when this is necessary by law, to protect you or our customers and partners or to protect our services.
d) Advisers and potential purchasers of our business; If all or parts of Stella & Zoe's operations are sold or integrated with other operations, your personal data may be provided to our advisors as well as any buyer and their advisors.
e) State authorities (such as the Police, the Tax Agency and other authorities); We share personal data with authorities if we are required to do so by law or if a crime is suspected.

Most of the third parties with whom we share personal data according to above are, in relation to us, so-called personal data processors. These may only process the transmitted data on our behalf and in accordance with our express instructions. We only transfer your personal data to such personal data processors for purposes that are compatible with the purposes for which we have collected the data and we ensure through written agreements with the personal data processors that they undertake to comply with our security requirements and restrictions as well as requirements regarding the international transfer of personal data.

Authorities and in some cases also companies to which we transfer personal data according to above may be independently responsible for personal data for the transferred data. When your personal data is transferred to someone who is an independent personal data controller, we do not control how the data is then processed, but the responsibility for this then falls on the authority or the company to which the transfer took place, involving i.a. that that authority or company is obliged to inform you about its processing of your personal data and to ensure that the processing is lawful.

5. Where we process your personal data

We aim to always process your personal data within the EU/EEA where all our own IT systems are located. However, it may happen that your personal data is shared with personal data assistants who either themselves or through subcontractors are established or store information in a country outside the EU/EEA. In such case, we will take all reasonable legal, organizational and technical measures necessary to ensure that the level of protection for that processing corresponds to that within the EU/EEA. This will happen either through a decision by the European Commission that the country in question ensures an adequate level of protection or through the use of appropriate safeguards such as standard contractual clauses or approved codes of conduct in our agreements with such personal data processors.

You can read more about which third countries the EU Commission has assessed ensure an adequate level of data protection at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_sv .

6. Your rights as a data subject

This section describes which rights you have as a registered user. You can always assert these rights by contacting info@stella-zoe.com

6.1 The right of access

If you want to receive information about which personal data we process about you, you can request access to the data. The information will then be provided in the form of a register extract that indicates which personal data we process, for which purposes we process it, where the data has been obtained from, which third parties the data has been transferred to and how long the data will be stored. If your request is made in electronic form, the information will be provided in a commonly used electronic format, unless you request otherwise.

6.2 The right to rectification

You have the right to have incorrect information about you corrected without delay. You also have the right to complete incomplete information.

6.3 The right to erasure

You have the right to have your personal data deleted without delay if any of the following occurs:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) you withdraw your consent for processing based on consent and there is no other legal basis for the processing;
c) you object to processing based on a balancing of interests and your reason for objecting outweighs our legitimate interest;
d) the personal data has been processed in an illegal manner;
e) the personal data must be deleted in order for us to fulfill a legal obligation.

6.4 The right to restriction of processing

You have the right to request that the processing of your personal data be restricted if one of the following options is applicable:

a) you dispute the accuracy of the personal data for a period of time that allows us to check whether the data is correct;
b) the processing is illegal and you object to the deletion of the data and instead request a limitation of their use;
c) we no longer need the personal data for the purposes of the processing but you need it to establish, assert or defend legal claims;
d) you have objected to processing based on a balancing of interests and we check whether our legitimate reasons outweigh your legitimate reasons.

If the processing has been restricted in accordance with this point, such personal data for which the restriction of processing shall take place, with the exception of storage, may only be processed to establish, assert or defend legal claims or to protect the rights of third parties or reasons relating to an important public interest for the EU or for an EU member state.

6.5 The right to object to the processing of personal data for direct marketing

You also have the right to object to your personal data being processed for direct marketing. This right to object also includes the analyzes of personal data (so-called profiling) that are carried out for direct marketing purposes.

6.6 The right to data portability

In cases where our processing of personal data is automated and is based on your consent or performance of an agreement, you have the right to request that the data concerning you that you have provided to us be provided to you or transferred to another personal data controller in a structured, generally used and machine-readable format. However, a prerequisite for this is that the transfer is technically possible.

6.7 Withdrawal of Consent

In cases where our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. Such withdrawal of consent does not affect the legality of processing that took place based on your consent before this was withdrawn. If you withdraw your consent, we will no longer process the personal data based on the consent, unless we are obliged for legal reasons to continue processing them. Should it be the case that our legal obligations prevent us from deleting your data, we will instead mark it so that it is no longer actively used in our systems.

You can at any time send an email to info@stella-zoe.com to withdraw your consent. We will respond to your request promptly.

6.8 The Right to File Complaints

If you believe that we are processing your personal data incorrectly, you can, in addition to contacting us, file a complaint with the competent supervisory authority in the country where you reside.

7. The use of cookies

On our website and mobile application, we use so-called cookies to improve your website search (both on our website and mobile application), our services and our website and mobile application. A cookie is a text file that is sent from our web server and saved on your browser or device (e.g. mobile, computer or tablet). We also use cookies for overall analytical information regarding your use of our website and mobile application and to save functional settings. You yourself have the opportunity to change the settings in your browser or device for the use and extent of cookies. Examples of such adjustment are blocking all cookies or deleting cookies when you close your browser or our mobile application.