INTEGRITY POLICY
1 INTRODUCTION
1.1. This Privacy Policy contains information on how Purenordic AB (Org. No .: 559078– 5746) (hereinafter referred to as "Pure Nordic", "We", "Us", "Our", "Our"), collection, use and treatment of personal data, with which we may share personal data and the data subjects' rights in relation to their personal data.
1.2. We have created this Privacy Policy to ensure that we process personal data in accordance with the General Data Protection Regulation ("GDPR") (according to the principle of liability).
1.3. The integrity of our customers and visitors to the website is very important to us and we are obliged to protect it. This Privacy Policy covers all processing of personal data, in both structured and unstructured data.
1.4. We may update this Privacy Policy to ensure that the information is up to date and accurate and in accordance with our processing of personal data. Updates are made by publishing a new version on our website www.purenordic.one (the "Website") which is available to the public.
1.5. By contacting us and / or entering into agreements with us regarding our services and / or products, personal data may be processed in accordance with the provisions of this Privacy Policy and in accordance with the GDPR.
2 Definitions
2.1. Concepts and definitions in this Privacy Policy shall have the same meaning as in the GDPR. This includes the following:
Personal information:
Personal data processing: A measure or combination of measures concerning personal data. For example, collection, registration, storage,
organization, structuring, etc.
Registered: The natural person who, directly or indirectly, can be identified through the personal data.
Any information relating to an identified or identifiable natural person. Examples of common personal data are social security numbers,
name, address, telephone number and e-mail address. Tasks
attributable to a legal person does not constitute personal data
(For example, organization number, visiting address, etc.).
3. PERSONAL DATA MANAGER AND CONTACT PERSON
3.1. Purenordic AB is responsible for personal data for the processing carried out by Pure Nordic or on behalf of Pure Nordic and is responsible for ensuring that the processing takes place in accordance with this Privacy Policy and GDPR (according to the principle of liability).
Pure Nordic contact person for personal data matters:
Name: Anett Sellin.
Email: info@purenordic.one.
4. LEGAL BASIS FOR PROCESSING PERSONAL DATA
4.1. According to the principle of legality, correctness and transparency in the GDPR, a so-called legal basis is required for processing personal data. The processing of personal data that we carry out is based primarily on four (4) legal bases: Agreement, Legal obligation Consent and Balance of interests. The following is a description of the legal bases:
4.2. Agreement: Through this legal basis, we have the right to process personal data in order to be able to fulfill contractual obligations. For example, we need to process the customer's address to enable the delivery of purchased products to the address and to otherwise fulfill our contractual obligations. We strive to process personal data primarily on the basis of this legal basis.
4.3. Legal obligation: We process personal data when we have a legal obligation to do so. For example, we have a legal obligation under the Accounting Act (1999: 1078) to process and store personal data. Accounting documents that contain personal data will be stored for as long as the Accounting Act (1999: 1078) requires, as we have a legal obligation to comply with the provisions of the law. When we process personal data on the basis of this legal basis, only the necessary personal data are processed in order for us to fulfill our legal obligations (according to the principle of storage minimization).
4.4. Consent: If the registered person has given his express consent to a certain processing, through an actively given consent, we can process the personal data on the basis of the legal basis consent. For example, this can be done by the registered person actively ticking a box for approval of the processing of personal data in connection with us being contacted via a contact form on the Website. If the data subject withdraws the consent, the processing shall cease. However, this applies provided that the personal data in question is not necessary for us to process, for example in order for us to fulfill our obligations under agreements or legal obligations set out in applicable law.
4.5. Balance of interests: This legal basis can be used for direct marketing of our services and / or products, by using personal data that appears on, for example, invoices or in order confirmations for marketing. However, we never process sensitive personal data with the support of Balancing of Interests as a legal basis. If the registered person does not wish to receive direct marketing, we will stop processing. We may process personal data to, for example, demand payment for a overdue claim, report a debt or protect our rights and property and to prevent fraud, by balancing interests due to legitimate interest.
5. WHICH PERSONAL DATA PURE NORDIC PROCESSES
5.1. According to the principle of purpose limitation and data minimization, we strive to only process personal data that is necessary, adequate and relevant for each individual purpose. If we want to register more personal data than necessary, we must obtain the data subject's prior approval for such processing.
5.2. We mainly process the following personal information: First name, last name, social security number, telephone number, address information, e-mail address, payment and account information as well as other information-related information for each purchase and transaction made via our website, which contains personal information.
5.3. Information that we receive when a person creates their profile on the Website and provides and registers information about themselves.
5.4. We also receive information that a person has signed up for a subscription to our e-mails and / or our newsletters.
5.5. Some information to be retrieved automatically:
• information about visitors' use of the Website.
• technical data, which may include the URL through which the visitor gets
access to our Website, the visitor's IP address, unique device ID, information about network and computer performance, type of browser, language and information about identification and operating system.
• location information and user information provided through third-party services such as Google Analytics.
5.6. We use cookies and similar technology to collect the above information. More information about the use of cookies can be found on our Website: www.purenordic.one/cookiepolicy.
6. PURPOSE OF THE PROCESSING OF PERSONAL DATA
6.1. According to the GDPR and the principle of purpose limitation, personal data controllers may only collect personal data for special, explicitly stated and justified purposes. We process personal data primarily for the purpose of:
• Fulfill contractual obligations, such as delivering purchased products to the buyer, sending invoices, payment reminders and registering payments received (Legal basis: Agreement).
• Enable contact with Customers, suppliers, partners and other stakeholders (Legal basis: Balancing of interests with support in a legitimate interest).
• Send out newsletters or marketing communications relating to our business or third party companies that we believe may be of interest to you (direct marketing) (Legal basis: Balancing of interests with support in a legitimate interest).
• Develop more accurate marketing materials, improve services, products and services, for example by providing third parties (Google Analytics, Adwords, etc.) with statistical information about our users to analyze our business and the use of the website, offer good service (Legal basis: Balancing of interests with support in a legitimate interest).
• Keep our website secure, monitor compliance with the terms of use of our website and prevent fraud (Legal basis: Balance of interests based on legitimate interest).
• Perform customer and market analyzes, follow up internal routines and policies, handle inquiries and complaints made by or about registered regarding our website (Legal basis: Balance of interests with support in a legitimate interest).
• Handle necessary administrative matters and fulfill legal obligations according to law (Legal basis: Legal obligation).
7. HOW PURE NORDIC COLLECTS PERSONAL DATA
7.1. We gain access to personal data by:
• Purchase agreements are entered into regarding our services and / or products.
• Personal information is provided to us in connection with us being contacted by telephone, e-
mail or contact form from the Website.
• Personal information is registered when visiting the Website and when registering with ours
newsletter.
• We collect personal data from public registers, for example www.allabolag.se.
7.2. We process all personal data carefully and do not share personal data with unauthorized persons. Our starting point is not to disclose personal data to anyone else without the prior consent of the data subject or if it is not necessary for us to fulfill our legal or contractual obligations.
8. WHERE THE PERSONAL DATA IS STORED
8.1. We strive to store all personal data in Sweden and within the EU (according to the principle of integrity and confidentiality). Information we collect may be stored, processed in and transferred between any of the countries in which we operate to enable us to use the information in accordance with this Privacy Policy. In cases where personal data is stored in a country outside the EU, we must ensure that such storage location complies with the provisions of the GDPR. Any physical documents, such as contracts or receipts, are stored out of the reach of unauthorized persons.
8.2. We take the necessary technical and organizational precautions that prevent the loss, misuse or alteration of personal data. We store personal information on our secure (password and firewall protected) servers.
8.3. Registered users of our Website are responsible for keeping their password as a user of the Website confidential. If a password is suspected, the user must immediately change their password.
8.4. We work with certain subcontractors in our business and may share personal information with such assistants, such as banks, business systems, accounting firms, suppliers, courier companies, mail providers and others.
9. WHOM PERSONAL DATA CAN BE SHARED TO
9.1. Except as set forth in this Privacy Policy, we will not share your personal information with third parties. We may disclose personal information to any of our employees, salaried employees, insurers, professional advisers, agents, suppliers or subcontractors if necessary for the purposes set out in this Privacy Policy.
9.2. We may share personal information with relevant authorities in the event of non-payment, breach of contract or if it otherwise follows from government decisions or legislation. We may disclose personal information to the extent we are required to do so by law, in connection with ongoing or future legal proceedings and to establish, exercise or defend our legal rights (including providing information to others for the purpose of preventing and reducing fraud). and credit risk).
9.3. We work with subcontractors as part of the delivery of our services and products that we provide. These subcontractors act in the role of sub-assistants and through these, certain personal data may be processed on behalf of us. This means that we may disclose personal information to such sub-assistant, to fulfill our obligations under agreements, applicable law, requirements of authorities, to safeguard our legal interests or to detect and prevent technical or security problems.
9.4. If the ownership of our business changes, we may transfer data subjects' personal data to the new owners so that they can continue to provide the services and / or products. The new owners must continue to comply with the commitments we have made in our Privacy Policy.
9.5. We can share personal data to a country outside the EU / EEA, if any of our assistants are there. However, we do not transfer personal data to a country outside the EU / ESS, unless the transfer meets the requirements of the GDPR. Pure Nordic must notify the data subjects before changes in the sub-assistants take place that significantly affect the data subjects.
9.6. The data subjects have the right to request at any time a complete overview and more detailed information about which sub-assistants are involved in the processing of the data subject's personal data.
9.7. By entering into an agreement with us, it is accepted that we use sub-assistants in the manner described above.
10. HOW LONG THE PERSONAL DATA IS STORED
10.1. According to the GDPR, personal data may not be stored for longer than is necessary to fulfill the purposes for which they were collected.
10.2. Personal data that may no longer be stored is thinned (deleted) at regular intervals, at least once (1) once a year (according to the principle of storage minimization). Follow-up and evaluation of our handling of personal data also takes place annually.
10.3. We store personal data for as long as they are needed and necessary, to fulfill the purposes for which the data was collected. The information may be stored for a longer period of time if it is necessary for us to comply with current legislation. The information may be stored for a certain period of time for backup, archiving, auditing, or to otherwise maintain and improve our services and / or products.
11. RIGHTS OF THE REGISTERED
11.1. According to the GDPR, registered persons have certain rights regarding the processing of their personal data. The registered persons have:
• The right to access their personal data (register extract) and the right to receive confirmation and information about the processing of the data subject's personal data.
• The right to have incorrect personal data corrected.
• The right to have personal data removed.
• The right to demand that the processing of personal data be restricted.
• The right to request that personal data be transferred from us to another company
(data portability).
• The right to object to the processing of personal data.
• The right to submit a complaint to the Data Inspectorate.
• The right to information about possible data breaches and personal data incidents such as
concerns the data subject's personal data.
• The right to oppose the processing of personal data at any time and withdraw
any consent given for the processing of personal data.
11.2. However, some of the rights only apply in certain situations and provided that the personal data is not necessary for Pure Nordic to process. Registered users should contact Pure Nordic's contact person for personal data matters if they request any of the above.
12. SECURITY MEASURES
12.1. We observe and apply various technical and organizational security measures to protect personal data against intrusion, misuse, loss, destruction and other changes that may pose a risk to privacy (according to the principle of privacy and confidentiality). For example, we carry out regular password changes regarding password-protected registers and systems that we use in our work at least once (1) once a year and when necessary. We also consider the seven (7) data protection principles at our processing of personal data and ensures that all staff are aware of the principles and the GDPR in general.
13. COMPLAINTS AND PERSONAL INFORMATION INCIDENTS C
13.1. In the event of any complaints about Pure Nordic's processing of personal data, a report can be made to the Data Inspectorate, which is the supervisory authority, or to Pure Nordic's contact person for personal data matters.
13.2. According to the GDPR, a data breach or other event, which means that we lose control of processed personal data, means a personal data incident. Any personal data incidents must be reported to Pure Nordic's personal data contact person without delay. Pure Nordic documents such incidents internally and reports to the Swedish Data Inspectorate within 72 hours.
COOKIES
According to the Swedish Electronic Communications Act that came into force on 25 July 2003, visitors to a website shall be informed about the use of so-called cookies, and have the option to prevent them from being used.
A cookie is a small text file (usually smaller than 1 kB) that is saved in your computer and stores information. Cookies are used to improve the website for the use, among other purposes.
Our website uses the friendly version of cookies, so-called session cookies. When you are surfing a web page, session cookies are sent between your computer and our server to enable them to exchange information. This might, for example, be what you have placed in your basket, or whether you are logged into My pages.
We do not save any personal data via session cookies. Session cookies are not stored permanently on your computer, instead they disappear when you close your browser.
There are safety settings on most browsers that can de-activate session cookies. Usually you can also remove any session cookies that have already been saved.
If you choose not to accept session cookies on our website, the website will not function satisfactorily.
When visiting this website, your IP address is automatically registered to measure the visit frequency.
Contact Starweb at www.starweb.se for further information about session cookies in the webshop.