The privacy of data is of great importance to Gul&Blå AB and we want to be open and transparent with our handling of your personal data. We therefore have a policy that determines how your personal data is processed and protected.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
The Swedish company Gul&Blå AB is responsible for the personal data you send to us and is responsible for your personal data in accordance with applicable data protection regulations.
Business Directory: Bolagsverket
Organisation number: 556751-5464
Authorized represenative Viktor Ottenback
VAT registration: SE556751546401
WHAT PERSONAL INFORMATION DO WE PROCESS?
We collect personal information when you (i) buy goods (ii) register for news (iii) request support and (iv) use our site. Such personal information includes name, e-mail address, phone number, delivery address, payment details, IP address, website usage and other information that you voluntarily submit to us.
objectives, legal basis and storage period
We will solely use your personal data for the purposes and on the legal grounds stated below. We do not use your personal data for any purpose that is not consistent with the listed below. Furthermore, we only use your personal data during the period specified under “Storage period”, after this period your personal data will be removed.
Purpose of the treatment: When buying goods, we treat your personal data in order to fulfill our contractual obligations to you (see the terms of purchase). Our purchase form states what information you need to provide us with in order to be able to complete your purchase.
Legal basis for the treatment: The treatment is required in order for us to be able to fulfill our agreement with you (i.e. the buying terms).
Storage period: We process your personal information during the term of our agreement (including the two-year warranty period), and then remove your personal information. The storage period also applies to purchases that have not been completed due to money shortage on your account.
Purpose of the treatment: When you sign up for news (direct marketing) we treat your personal information in order to provide the services you request. Our direct marketing is based on profiling, which means that we adapt the information you receive from us based on certain factors. We use the following types of personal data to compile a profile: your previous purchases, your behavior on our site and/or your past behavior when you have received direct marketing from us.
Legal basis for the treatment: The treatment is required for our legitimate interest in maintaining good customer relations.
Storage period: If you refuse or unsubscribe from our marketing, we will no longer process your personal information for this purpose. We also remove your personal data if there is no other legal basis for maintaining your information (i.e. a valid purchase agreement).
Purpose of the treatment: When you request support via our live chat or our other support channels, we process your personal data in order to help you with the current case.
Legal basis for the treatment: The treatment is required in order for us to be able to fulfill our agreement with you (i.e. the conditions of use).
Storage period: We will remove your information within six months after the relevant case has received a final solution.
Purpose of the treatment: If you started a purchase on our website and in connection therewith stated your e-mail address but did not complete the final step in the purchase process, we will send you an e-mail with a link to your shopping cart in order to remind you about your unfinished purchase.
Legal basis for the treatment: The treatment is required for our and your legitimate interest in reminding you of your unfinished purchase.
Storage period: We will remove your information within one month from the checkout reminder, unless there is another legal basis for maintaining your information (such as a valid purchase agreement).
Purpose of the treatment: When you use our website, we treat your personal data with the aim of improving our site and for marketing purposes.
Storage period: More information is available LINK TO COOKIES
PREVENTION OF FRAUD
Purpose of the treatment: We treat your personal data in order to carry out risk analyzes, prevent fraud and manage risks.
Legal basis for treatment: Treatment is necessary for our legitimate interest in preventing fraud and managing risks.
Storage period: We will remove all personal data used for this purpose at six-month intervals, unless there is any other legitimate interest in retaining your information. In the case of purchases that have been canceled for the purpose of preventing fraud, we will remove your personal data two years after the purchase could not be carried out.
Purpose of processing: We analyze your personal information in order to compile aggregated tracking data (including site visitor analysis of our sites by tracking information such as page views, traffic flows, search terms, and clicks).
Legal basis for the treatment: The treatment is required for our legitimate interest in producing statistics over time.
Storage period: We anonymize all tracking data if technically possible. When your personal data has been anonymized, they are no longer counted as personal data according to applicable data protection legislation.
Note that the above storage periods do not apply to the extent that Gul&Blå is required to save your personal data (in whole or in part) according to applicable mandatory legislation (for example, accounting laws).
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Only the persons who need to process the personal data for the purposes mentioned above have access to your personal data. We may also need to allow our suppliers to access your personal data when they perform services on our behalf, primarily when they deliver the goods you purchased from us or provide support and maintenance of IT systems, storage services and marketing.
The information we collect from you is stored in the European Economic Area (EU/EEA), but can also be transferred and processed in a country outside the EU/EEA. All such transfer of your personal data takes place in accordance with applicable legislation.
In the case of data transfers outside of EU/EEA in areas lacking regulation of EU/EEA standard, Gul&Blå will apply contract clauses of standard type according to the European Commission.
You have the following rights under applicable law:
· Right to access: You can request access to your personal data at any time. Upon request, we provide you with a copy of your personal data in a commonly used electronic format.
· Right to correction: You have the right to get incorrect personal data corrected and to have incomplete personal information supplemented.
· Right to removal ("right to be forgotten"): Under certain circumstances (including treatment based on your consent), you may request that we remove your user information. Note that this right is not unconditional. Therefore, an attempt to invoke the right may not lead to any action on our part.
· Right to object: To certain treatment activities that are performed by us and which are related to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to the processing of your personal data for direct marketing purposes.
· Right to limitation of treatment: In certain circumstances you may request that the processing of your personal data to be limited. Note that this right is not unconditional. Therefore, an attempt to invoke the right may not lead to any action on our part.
· Right to data portability: You have the right to receive your personal data (or to have your personal data transferred directly to another person responsible for personal data) in a structured, generally used and machine-readable format.
Finally, you also have the right to lodge a complaint with the supervisory authority in Sweden, which is currently the Data Inspection.
We use appropriate technical and organizational security measures to protect your personal data from loss and to protect against access by unauthorized persons. Appropriate security measures we have taken include the introduction of secure private connections, traceability, disaster recovery, and access restrictions. We regularly review our safety principles and procedures in order to ensure that our systems are kept safe and secure.
CHANGES IN THIS POLICY
This policy was updated March 9 , 2021.