What information can you find here?
Who is responsible for processing your personal data?
Your personal data
What is personal data?
Personal data is any information that can be traced back to you and identify you as an individual. For example, it may include your name, social security number, address, telephone number, e-mail address or IP address.
What personal data is processed by Nordiska Galleriet?
Which of your personal data we process depends on which of our services you use and what information you choose to share with us. We may process the following personal data you provide to us in connection with the provision of our services:
Contact and delivery details, such as name, address, telephone number and e-mail address
Payment details, such as type of payment method
Personal number (only if you join 'my pages')
My Pages login details such as name, phone number and email address
Online order information, including contact details, order history, limited payment details and more
Device data, such as IP address and operating system
Information about how you use our services, such as site visit patterns
Feedback and reviews, such as product reviews
Moving images, such as camera surveillance inside or outside our stores
Other personal data, such as information you provide when communicating with us
In addition to the information you provide to us, we may in some cases receive personal data about you from other sources. For example, when you log in to 'my pages' via Facebook or Google, we receive profile information (name and email) from these providers. When you visit our website and 'my pages', some personal data may also be collected automatically from your mobile device or computer through the use of so-called cookies. You can read more about cookies in the section "What are coockies and hos are they used?".
How and why is your personal data processed?
In order for us to offer our products and services and otherwise conduct our business, we need to process your personal data. We process your personal data in order to:
Managing and delivering purchases – We process your contact and delivery details to deliver goods to you that you order on the website or buy in our stores. The processing is necessary for the performance of our obligations under our Terms and Conditions of Purchase, which you have entered into with us.
Completing purchases in our stores – We process payment information and other personal data to the extent necessary to complete purchases and to process your claims, returns and refunds in our stores.
Provide customer support and handle returns – We process contact details and other information you provide in communications with us to provide customer support. The processing is necessary for the performance of our obligations under our Terms of Purchase, which you have entered into with us. If you are not a customer of ours, the processing is based on our legitimate interest in providing information about our products and services to potential customers.
Give you access to 'my pages' – We process your login details, your personal identity number and information about your device to give you access to your customer profile where you can see your previous orders, place product reviews and leave ratings. The processing is based on consent and you can withdraw your consent for the processing at any time by requesting the deletion of your customer data.
Provide you with access to our website – We process information about your device and IP address to provide secure access to our website. The processing is based on our legitimate interest to provide a secure and functioning website to provide our services and products.
Request customer reviews – We process your email address and order information to request customer reviews regarding completed purchases. The processing is based on our legitimate interest to monitor customer satisfaction.
Develop our products and offers – We process information you provide in customer reviews, information about your device and how you use our website in order to develop and improve the online shopping experience and the website's features and content. The processing is based on your consent.
Sending newsletters – We process your email address and order information to send newsletters via email about updates and offers. The processing is based on our legitimate interest to market our services to existing customers. If you are not a customer of ours, the processing will only take place if you have consented to receive newsletters. You can unsubscribe from newsletters at any time by clicking on the unsubscribe link in the email.
CCTV – We process your personal data through video recording from CCTV inside and/or outside our stores. The processing is based on our legitimate interest in preventing, deterring and investigating crime and increasing the safety of our visitors.
Bookkeeping – We process your order data for our bookkeeping purposes. The processing is based on our legal obligation to keep accounting data under the Accounting Act.
In addition to the above purposes, your personal data may be processed to comply with legal requirements or to protect our rights and property and to prevent fraud or other unlawful activity that may harm us or our customers.
How long is your personal data stored?
Your data is only stored for as long as is justified by the underlying purpose of the processing. The length of time we keep your personal data may therefore vary. As a general rule, we only store personal data relating to active customers or when there are legal requirements or other compelling reasons for storage. An active customer is one who has made a purchase with us or logged into your member account within the last 24 months. Please note that we are required by law to retain certain personal data, such as accounting information, even after you are no longer an active customer.
Who can access your personal data?
Your personal data may be transferred to or shared with selected companies that provide various types of services to Nordiska Galleriet. We use subcontractors and third-party providers to, for example, develop and provide the website and other IT solutions, deliver goods, provide secure payment methods, maintain the security of our business and keep visitors safe, and to market our services and products. In order for these suppliers to perform their work, we may need to share personal data with them.
We may also provide necessary information to public authorities, to protect legal interests and obligations or if you have consented to it.
How do we protect your personal data?
We take a number of security measures to protect your personal data from unauthorised access, unauthorised processing and from accidental loss, destruction or damage. Our security measures include, for example, restricting access to your personal data, meaning that access is limited only to staff who need access to the data in order to perform their duties.
Furthermore, we apply a number of technical security measures to protect your personal data against loss, destruction and accidental damage by, among other things, storing backup copies on back-up systems, pseudonymisation and regular security tests.
Where do we process your data?
Your personal data may be processed in a country outside the European Economic Area (EEA). For example, we use IT service providers located in countries outside the EEA. When transferring personal data to a country outside the EEA, we take appropriate legal, technical and organisational security measures to ensure that the personal data is processed according to an equivalent level of protection as within the EEA. Such measures include, inter alia, the inclusion of the European Commission's model clauses together with additional safeguards in the event that the recipient country's data protection regime has not been recognised as ensuring an adequate level of protection for personal data processing.
What are cookies and how are they used?
Cookies are small data files that are stored in your browser (such as Safari and Google Chrome) when you visit different websites. Cookies store device information and information about your use of a specific website. When you visit the same website again, it sends back a copy of the files. Cookies allow websites to remember language choices and login modes or to adapt to what you have done in the past, for example cookies can "remember" products you have looked at previously in an e-commerce store or added to your shopping basket.
Functionality – to allow you to place items in the shopping basket and log in to 'my pages' and to avoid having to enter language and other settings or log in again for each visit
Security – to distinguish you from other users and maintain a secure connection
Analytics – to provide us with statistics on the number of visitors and click patterns on the site
Marketing – to send individualised advertising based on previous searches and visitor patterns on our site and other sites and to create target groups for targeted marketing
Some cookies are necessary for the secure operation of the website and these cookies are automatically installed on your device, based on our legitimate interest in providing a secure website to offer our products and services. Other cookies, such as those used for marketing and analytics, are only stored if you consent to them through our cookie banner on the website. You can withdraw your consent at any time by clicking on the "Cookie Settings" link at the bottom of the website.
Marketing cookies are placed by providers such as Google, Facebook and Instagram and may be used to display targeted marketing on other websites and social media advertising sites. We also use Facebook services to create customer profiles of potential customers based on factors such as age, gender and location. We also use services from Google to analyse how the website is used, for example by creating aggregated data about which sections and products our users click on on our website.
Cookies are stored on your device until their expiry date has passed and they are automatically cleared or until you clear the cookies on your device. Most of the cookies we use on our website are cleared when you leave our site or after 30 days.
You are in control of your personal data and therefore always have the following rights in relation to the personal data we process:
Right of access (extract from the register) – a right to access information about what personal data we process about you
Right to rectification – a right to have inaccurate personal data about you corrected
Right to erasure – a right to have your personal data erased
Right to object – a right to object to the processing of your personal data on the basis of our legitimate interests (balancing of interests)
Right to restricted processing – a right to have the processing of your personal data restricted until inaccurate data has been rectified or other objections have been resolved
Right to information about data collection – a right to obtain information about the sources used to collect your personal data (where the information is not provided by you)
Right to data portability – a right to request the transfer of personal data from one controller to another. This right is limited to data that you have provided to us yourself.
There may be additional requirements or regulations that extend your rights. There are also requirements or provisions that limit your rights. For example, there may be legal obligations that prevent us from disclosing or moving parts of your data, or from blocking or erasing your data.
To exercise any of your rights, please contact us using the contact form.
Contact and communication
Who can you contact if you have questions about the processing of your data?
For questions about our processing of your personal data, you can always contact our service team.
If you believe that your personal data has been processed incorrectly by us, please contact us using the contact details provided above. You also have the right to contact and lodge a complaint with the Data Protection Authority (https://imy.se), which is the supervisory authority responsible for data protection issues.
How will you be informed if this policy is changed or updated?
Aktiebolaget Nordiska Galleriet
114 39 Stockholm
Organization number 556032-3189