WHICH PERSONAL DATA DO WE PROCESS?
We collect personal information when you (i) buy packing cubes, packing bags, and other goods, (ii) register for news, invitations and offers, (iii) request support and (iv) use our website. Such personal information includes name, e-mail address, telephone number, delivery address, payment information, IP address, website use and other information that you voluntarily provide to us.
PURPOSE, LEGAL BASIS AND STORAGE PERIOD
We will use your personal information for the purpose, and on the legal grounds set out below. We do not use your personal information for any purpose that is inconsistent with the purposes below. Furthermore, we only use your personal data during the period specified under "Storage period"; after this period, your personal data will be deleted.
Categories of personal data: Identity (first and last name), delivery / billing address, telephone number, e-mail address, order information, payment details, payment history, credit card information and reference number for the payment.
Storage period: We process your personal data during the validity of our agreement (including the three-year warranty period), and then delete your personal data. The storage period also applies to purchases that could not be completed due to some money in your account. For our statutory obligation to save data for accounting purposes, we will save your personal data for 7 years.
If you buy a gift card, we process your personal information in accordance with what is described under "buy" above. If you receive a gift card (or other product) purchased by someone else, we process your personal information as described below.
Purpose of processing: When you receive a gift card, we process your personal data in order to fulfill our contractual obligations to the person who bought the gift card and to enable you to use your gift card to purchase our products.
Categories of personal information: E-mail address (only for electronic gift cards), delivery address and telephone number (only for physical gift cards), first and last name (optional for those who buy the gift card) and personal greeting (optional for those who buy the gift card).
Legal basis for the processing: The processing is necessary for (i) our legitimate interest in fulfilling our agreement with the buyer and (ii) our and your legitimate interest in enabling you to make purchases with your gift card.
Storage period: We process your personal data during the validity period of the gift card and will then delete your personal data. The validity period for gift cards varies, you can find information about the validity period for your gift card on the gift card.
Purpose of processing: When you register for news, invitations and offers (direct marketing), we process your personal data in order to provide the services you request. Our direct marketing is based on profiling, which means that we adapt the information you receive from us based on certain factors. We use the following types of personal information to compile a profile: your gender, your position, your previous purchases, your behavior on our website and / or your previous behavior when you have received direct marketing directly from us.
Categories of personal data: The personal data collected in connection with a purchase (see "purchase" above), e-mail address, location or Organista's website that you use to register for marketing communication, communication sent to you, order history, the e- emails you have clicked on and your interactions with our website if you have followed a link in some emails that have been sent to you.
Legal basis for the treatment: The treatment is required for our legitimate interest in maintaining good customer relations.
Storage period: If you decline or unsubscribe from our marketing (including profiling), we will no longer process your personal data for this purpose. We also delete your personal data if there is no other legal basis for retaining your data (for example, a valid purchase agreement). We will also delete your personal information if you have not actively interacted with any of our thirty (30) month direct marketing communications.
COMPETITIONS AND EVENTS
Purpose of the processing: If you participate in a competition, a lottery or an event organized by us, we process your personal data to be able to communicate with you (i) before or after participation in the competition, lottery or event (ii) to be able to identify or verify age, or (iii) nominate a winner and distribute the benefit or prize in question.
Categories of personal information: Depending on the type of competition, lottery or event you participate in, we may collect your name, e-mail address, place and date of birth, as well as the delivery address for the purpose of delivering the current benefit or prize. More details about exactly what information we collect will be issued in connection with each such competition, lottery or event.
Legal basis for processing: Personal data is needed for our legitimate interest in administering your participation in connection with competitions, lotteries or events.
Storage period: We save your personal data only during the competition, lottery or event (and for a possible evaluation of it/it).
Purpose of the processing: When you request support via our live chat or our other support channels, we process your personal data in order to be able to help you with the current case.
Categories of personal data: Your name, e-mail address and other contact information, order details, amount of purchase, purchase history, place of purchase, invoice, payment method, our correspondence with you, technical information about devices and operating systems used. At your initiative, we may also process personal information such as ID, bank account information, workplace, telephone number, health information (such as allergic reactions or other information you provide us with), photos attached by you or social status, if you mention it in our dialogue.
Legal basis for the processing: If we perform this service due to our agreement with you, we consider the processing of your personal data necessary to fulfill the agreement with you. In other cases, we consider the processing of your personal data in the above context to be based on our legitimate interest in providing you with the best possible customer service.
Storage period: We will delete your information within three years after the relevant case has been finally resolved, in addition to sensitive information (such as ID, bank account information, health information (such as allergic reactions or other health information that you provide us with), photos attached of you, social status, if you mention it in our dialogue) which is deleted immediately after your case is closed.
CUSTOMERS 'EXPERIENCE SURVEYS
Purpose of the treatment: If you have made a purchase from us, we are interested in hearing about your experience of our website, product, our service and other experiences you had when you interacted with us. For this reason, you can receive an email from us where you are offered to answer some questions and give us feedback. You can also choose if you want us to contact you, based on the feedback you have given us. Participation in the survey is voluntary.
Categories of personal data: e-mail address, order number, which products were purchased, gender (optional) and age (optional).
Legal basis for the processing: The surveys are part of our work with customer service and to ensure that our customers had the best experience and for this reason we believe that we have a legitimate interest in the processing of your personal data. If we offer additional service based on your feedback on purchased products, it will be based on our purchase agreement with you.
Storage period: We remove your personal data within twelve (12) months after you have participated in the survey, if there is no other legal basis for retaining the personal data (such as a valid purchase agreement or ongoing customer service, please see information under "Support" above ). You can choose to unsubscribe from our customer survey invitations via a link in the invitation email or by contacting firstname.lastname@example.org
Purpose of the processing: When you use our website, we process your personal data for the purpose of improving our website and for marketing purposes.
Categories of personal data: IP address, user-generated information from our cookies (eg clicks, pages displayed, pages visited, time spent, products displayed and clicked on, orders, average value of orders).
Legal basis for the processing: The processing is based on the consent you give us when you accept our performance cookies and targeted cookies (see "Cookies" below). With regard to strictly necessary cookies, our processing is necessary for our legitimate interest in being able to provide you with a functioning website when you visit and use the services on organista.com. See more information under "Cookies".
Storage period: The storage information for our various cookies can be found in our Cookie settings.
Purpose of the processing: We process your personal data for the purpose of performing risk analyzes, preventing fraud and managing risks.
Categories of personal data: Identity (first and last name), delivery / billing address, telephone number, e-mail address, order history, payment history, purchase and user-generated information (clicks and user history), information about how our digital services are used.
Legal basis for the treatment: The treatment is necessary for our legitimate interest in preventing fraud and managing risks.
Retention Period: We remove all personal information used for this purpose at six-month intervals, unless there is any other legitimate interest in retaining your information. In the case of purchases that have been canceled in order to prevent fraud, we will delete your personal data two years after the purchase could not be completed.
Purpose of the processing: We analyze your personal data in order to compile aggregate tracking data (including analyzes of visitors' use of our websites by tracking information such as page views, traffic flows, search terms and clicks) in order to continuously offer a more user-friendly experience.
Categories of personal data: IP address, user-generated information from cookies (eg clicks, pages viewed, pages visited, time spent, products displayed and clicked on, orders, average value of orders), geographical location (country only), correspondence and feedback regarding our products and services, technical information (eg language, IP address, device type, website setting, time zone, operating system, platform information about how you have interacted with us, ie how you have used our services, response time, page errors, how to access and how you leave the website etc.
Legal basis for the processing: The processing is based on the consent you give us when you accept our performance cookies (see "Cookies" below). See more information under "Cookies".
Storage period: The storage period for our performance cookies can be found in our Cookie settings.
TARGETED MESSAGES ON THIRD PARTY PLATFORMS
Purpose of the processing: We use third-party marketing platforms, such as Facebook, Google, YouTube, Instagram, etc. to send messages directed to you, based on your behavior and website usage patterns, at specific times and places on these platforms, to increase the effectiveness of our marketing campaigns. Your personal information is shared with the third party marketing platforms and they will try to match your profile in their database to investigate the optimal time and place (the page you use) to show you marketing from Organista. We also need to analyse the necessary information to understand the effect of our marketing. If you do not agree to the tracking of your information for this purpose, you may still see marketing from Organista on other websites at random.
Categories of personal data: IP address, user-generated information from cookies (eg clicks, pages viewed, pages visited, time spent, products displayed and clicked on, orders, average value of orders), geographical location (country only).
Legal basis for the processing: The processing is based on the consent you give us if you have accepted our targeted cookies (see "Cookies" below).
Storage period: The storage period for our targeted cookies can be found in our Cookie settings.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
Only the persons who need to process the personal data for the purposes mentioned above have access to your personal data. We may also need to allow our suppliers to access your personal data when they perform services on our behalf, primarily when they provide support and maintenance of IT systems, storage services and marketing. All data transmission outside the EU / EEA takes place in accordance with data protection legislation. Our international transfers of personal data (including transfers to our group companies and suppliers outside the EU / EEA) are based on the European Commission's standard contractual clauses. The standard contract clauses can be found here.
We also share your personal information with other personal data controllers. Such data controllers may be authorities (police, tax authorities or other authorities), if we are obliged to share the data by law or in case of suspicion of crime, and shipping companies so that they can handle and deliver your order. When personal data is shared with other personal data controllers, they are responsible for the processing of personal data, and we refer to them for questions or more information about how they handle personal data.
You have the following rights under applicable law:
Right of access: you can request access to your personal data at any time. Upon request, we provide you with a copy of your personal information in a commonly used electronic format.
Right to correction: you have the right to have incorrect personal data corrected and to have incomplete personal data supplemented.
Right of deletion ("right to be forgotten"): in certain circumstances (including processing on the basis of your consent) you may request that we delete your personal data. Please note, however, that this right is not unconditional. Therefore, an attempt to invoke the right may not lead to any action on our part.
Right to object: to certain processing activities performed by us that are related to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to the processing of your personal data for direct marketing purposes.
Right to restrict processing: you may in certain circumstances request that the processing of your personal data be restricted. Please note that this right is not unconditional. Therefore, an attempt to invoke the right may not lead to any action on our part.
Right to data portability: you have the right to receive your personal data (or to have your personal data directly transferred to another personal data controller) in a structured, commonly used and machine-readable format.
Finally, you also have the right to lodge a complaint with the supervisory authority in Sweden, which is currently the Privacy Protection Authority.
We use appropriate technical and organizational security measures to protect your personal data against loss and as protection against access by unauthorized persons. Appropriate security measures we have taken include the introduction of secure private connections, traceability, disaster recovery and access restrictions. We regularly review our security principles and routines in order to ensure that our systems are kept protected and secure.
CHANGES TO THE SITE INSTITUTION POLICY
Organista Official AB
114 46 Stockholm
Last updated: 2021-10-28