Updated 6 Nov 2019
We reserve the right to change this policy at any given time. It’s advised to visit this page if you want to make sure that you are up to date with the latest changes.
The terms “We”, “us” and “our” are used interchangeably in the document and are referring to Tallbiten AB. Whenever “You” is used it is referring to the customer.
On May 25, 2018, the General Data Protection Regulation (GDPR) came into force. It applies in all EU countries and replaces the Data Protection Directive (95/46 / EC), implemented in Sweden as the Personal Data Act (PUL).
GDPR imposes stricter rules on how personal data is collected, stored and managed. It’s also a requirement for transparency regarding the collected. Individuals have now the opportunity to demand to know what data is stored and also to erase it.
You can read more about GDPR here https://gdpr.eu/what-is-gdpr/.
What rights you have over your data
By GDPR, you have a number of rights when it comes to your personal data, for instance:
- You have the right to obtain access to your information.
- You have the right to get your information corrected if it’s inaccurate or incomplete.
- You have the right to be forgotten. This means that you can request the deletion or removal of your information if there’s no strong reason for us to keep it.
- You have the right to block further use of your information.
- You have the right to be given and to use your personal data elsewhere.
- You have the right to object to certain types of processing, e.g. you have the right to object to your personal data being used for direct marketing.
- You have the right to file a complaint about the way we handle or process your personal data. Any complaint shall be filed to the Swedish government agency tasked to protect the individual’s privacy in the information society, the Swedish Data Protection Authority (https://www.datainspektionen.se).
- You have the right to withdraw any previous consent that you have at any time given to your personal data.
You can read more about your rights here https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/the-data-subjects-rights/.
What personal data we collect and why we collect it
To summarize, Fatimasnature is only storing the information that is needed in order for you to be able to shop in the Fatimasnature online store. The information stored is the minimum information needed to deliver an order.
The following information is needed:
- When you are paying for an order on your name and credit carder number is needed in order for our partner Stripe to handle the payment securely through a secure server.
- We need to know what you have ordered, your name, address and phone number to contact you with information regarding the delivery. This information is also sent to PostNord in order for them to be able to handle the shipment.
- Some of the above information is also included in the invoice that is needed for bookkeeping.
Where is your data stored and handled?
Your data is stored and handled in the following locations:
Fatimasnature online store uses a plugin called Woocommerce to manage the website store. It stores all information about your orders and sends you emails about the status of the order. In order to do this the customer information that you entered when placing an order (products, name, address and phone number) is stored in Woocommerce. Woocommerce also stores your IP-address. The IP-address is collected by Woocommerce for fraud prevention (for example, if a customer’s IP address doesn’t match the billing country). All this information will be deleted when the guarantee period described in the terms and conditions has passed. This will take 36 months from when you have have received the product. Your data might be deleted sooner if your order has not been delivered for some reason. Then there will be no reason for us to keep the data.
Stripe (https://stripe.com/) is handling all payments by credit card securely through a secure server. If you would like to make a data subject access request from Stripe you need to contact them directly by sending an email to firstname.lastname@example.org.
This is a macOS Mail client. When you are sending an email to email@example.com or entering a message in the contact form they are sent to the macOS Mail client. These emails will be deleted after 6 months.
Loopia is hosting the site and all email and the information entered in the contact form goes through Loopia’s email server.
Your name and address are sent to PostNord (https://www.postnord.se) so that the order can be shipped to you. If you would like to make a data subject access request from PostNord you need to contact them directly by sending an email to firstname.lastname@example.org.
The invoices containing your name and address are stored in 7 years in accordance with Swedish law (the Book-keeping Act of 1999 (bokföringslagen)).
Bookkeeping is managed by ett.red.skap AB (http://www.ettredskap.se).
Who do we share your data with?
We do not share or pass any of your personal information to anyone. The only exception to this is if we required to do so by law.
How do I access or delete my data?
If you have placed an order in the Fatimasnature online store you can request to receive an exported file of the personal data we hold about you. It’s not possible for us to erase any personal data we hold about you. Since the data is required by law for administrative purposes.
We provide this information and service free of charge, but if there are excessive/repeated requests we may charge a fee to cover our administrative costs.
We’ll respond as soon as we can. This will most often be within one month from when we receive your request. If the request takes longer, we will let you know.
A cookie is a small data file that is stored on your computer. The purpose of a computer cookie is to help the website keep track of your visits and activity. For instance, cookies can be used to keep track of the items in a user’s shopping cart as they explore the site. If there were no cookies, the shopping cart would reset to zero whenever the user leaves the shopping cart to explore other parts of the site.
The following plugins are using cookies on the Fatimasnature website:
A plugin that manages the store. Cookies are used to store products in the shopping cart. More information about the Woocommerce cookies can be found here https://docs.woocommerce.com/document/woocommerce-cookies/.
An analytics plugin. More information about the Jetpack cookies can be found here: https://jetpack.com/2018/05/25/jetpack-gdpr/.
This plugin displays the Fatimasnature Instagram feed. Cookies are used to handle the connection from the Instagram Feed API against Instagram API. More information can be found here https://smashballoon.com/gdpr-and-our-plugins/.