PROCESSING OF PERSONAL DATA
We care about your privacy, and it is important to us that you feel secure about how we process your personal data.
We undertake to respect and protect your personal data and your privacy in compliance with existing data protection legislation, industry rules and other relevant standards. To give you a better understanding of how we process data about you, we outline our basic principles for processing personal data below. These principles represent the information you are entitled to receive when we collect your personal data.
Where the information text refers to the word ‘Hövding’, this does not mean the company. It means our product, the helmet, the Hövding.
Hövding Sverige AB (publ) (‘We’, ‘Us’, ‘Our’), corporate identity no. 556708-0303, Bergsgatan 33, 214 22 Malmö, Sweden, is the controller for the processing of your personal data when you make a purchase or submit a notice of nonconformity or contact us in any other context.
How and why does Hövding process personal data and which personal data does it process?
Purchase via hovding.se
On our website, we offer you the opportunity to buy Hövdings, supplementary products and services. When you make a purchase, you provide your name, your contact details, your payment details (such as a credit card number) and your delivery address. The legal basis for processing personal data in connection with purchases is either to perform a contract of sale or a legitimate interest. Contractual performance applies when you, as a consumer, purchase a product, and legitimate interest applies where you represent a legal person.
Warranty and notice of nonconformity
When you submit a notice of nonconformity about a product or when our warranty undertaking applies, you are given the opportunity to provide information about any loss, damage or injury. Information about loss, damage or injury often means health data, and we are not permitted to process health data without your consent. If data needs to be processed based on consent, you will also be made aware of this, as you must actively consent to the processing of sensitive personal data.
Other data, such as name, address, email address, phone number, serial number and the size of your Hövding, is processed in order to handle notice of nonconformity cases or warranty cases. The legal basis for processing personal data in connection with a notice of nonconformity is derived from Swedish consumer law, and for warranty cases it is derived from our terms and conditions of sale and thus the contract of sale between you and us.
Certain information you provide in connection with a notice of nonconformity or warranty for a new Hövding may, with our legitimate interest, be used for product development purposes. Please note here that if you provide sensitive personal data, i.e. data concerning any injury following an accident, such data must be processed with your consent. You are under no obligation to give consent, and you will be made aware of any such processing as soon as it becomes relevant.
When you have purchased our Hövding and are using it, your opinion is important to us. Consequently, we have a legitimate interest in contacting you for market research purposes. The aim of our market research is to develop our products and other services.
You are always able to decide whether you want to participate in our market research or not. We never share your data with any party that has nothing to do with our market research.
While you are our customer, i.e. for as long as you have an interest in being in contact with us (for example via a notice of nonconformity, a warranty or other services), we have a legitimate interest in sending advertising to you, for example by email. You are, of course, permitted to notify us that you do not wish to receive direct marketing, in which case your data will not be used for direct marketing. This legitimate interest lasts for one (1) year after you have ceased to be our customer, provided that you have not notified us that you do not wish to receive direct marketing.
Hövding does not intentionally process data from children or minors and does not carry out any marketing directed at children or minors.
We may use your email address to market ourselves and our products to other potential customers. This is done by transferring your email address to Facebook, for example, which, in turn, offers a service in which your email address is used to identify potential new customers by means of advertising. Please note that we have ensured, via a contract, that your email address is not used for any purpose other than this.
The data that is provided, among other things, via the consent mentioned under Warranty and notice of nonconformity may also be used for marketing purposes. We sometimes identify an interest in republishing all or part of the data in order to create a good story. We will certainly use any sensitive personal data if an accident resulted in injury, but we will always ensure your right to privacy. Consequently, we will naturally contact you first if we want to use your name or other identifiable information.
We have a legitimate interest in processing your personal data in connection with recruitment in order to receive and process applications and evaluate your suitability for the position for which you are applying. With your consent, we may also evaluate your suitability for future positions that may become vacant.
Personal data in connection with recruitment is primarily collected from you, but may be combined with data collected from other sources, for example social media for professional purposes and/or your referees.
If we decide not to employ you, your personal data will be erased as soon as the recruitment process has been completed, except where we have obtained your consent to evaluate your suitability for future positions. Read more below about how to withdraw your consent.
We have a legitimate interest in processing your personal data when you contact us, for various reasons, by email, by phone or using one of our contact forms. The data is stored while the case is active, and is subsequently erased.
Do we share your personal data?
To permit us to meet our obligations under the contract of sale, we share your personal data with suppliers and other partners. These are companies that help us with:
1) delivery and ordering (logistics companies),
2) payment solutions (card acquisition companies, banks and other payment service providers), and
3) marketing. We may share your email address with companies that help us with digital marketing (primarily Facebook).
The sharing of personal data described above is entirely in compliance with existing data protection legislation.
Online & profiling
As mentioned under Marketing (above), physical persons (potential customers) may receive advertising via social media and other channels. If you receive such online advertising, this means that you match our profile for potential customers. Profile means gender, age or place of residence, for example. Please note that we do not receive any of your personal data in connection with online advertising. Therefore, we cannot know whether you will receive or have received online advertising. Therefore, it is not necessarily the case that you are covered by this information text simply because you match our profile(s). However, to perform our obligation to provide information under existing data protection legislation, we do not want to exclude anything or anyone.
Retailers and partners
If you are an existing or potential retailer and/or partner, we process personal data to maintain or enable a business relationship. The personal data concerns contacts and includes name, phone number, email address, position and delivery address. In addition, we may process the above personal data for development purposes, for example to measure customer satisfaction. We have a legitimate interest in processing the personal data of retailers and partners.
Criteria for how long we store your personal data
The legal basis for and purpose of processing personal data determine how long we store the data. There are often statutory requirements (for example in the Swedish Accounting Act (1999:1078)) to store personal data for a certain maximum period (7-8 years in the Swedish Accounting Act). If there are no such statutory requirements, we store your personal data until we no longer need it.
The storage period is often assessed on a case-by-case basis and determined according to aspects such as the type of data, why the data was collected, for what purpose it was collected and how long you have an interest, as our customer, in our storing your personal data. For example, we store customers’ personal data for direct marketing purposes for up to one year after the customer relationship has ended unless the customer has previously requested not to receive direct marketing. Please note here that a customer relationship ends when the product has been delivered and when there is no longer any reason for there to be contact between us and the customer.
You are welcome to contact us if you have any questions or thoughts about the storage period.
Outside the EU/EEA
In the context of some processing outlined in this information text, data may be transferred to companies outside the EU/EEA. However, the majority of the data, in particular the data that may, in any way, deprive you of your freedoms and rights, remains in Sweden. With the recipients outside the EU/EEA to which we may disclose personal data, we have ensured that your personal data is afforded the protection that we require in accordance with the legally recognised data transfer mechanisms for transfer outside the EU/EEA.
Right of access
You are always entitled to receive confirmation of the personal data we process about you, and to request a copy or extract of the personal data that is processed. Remember that, if we receive a request for access, we may ask for further information to ensure that we disclose data to the right person.
Right to withdraw consent
Where we process your personal data based on consent, you may withdraw your consent at any time by contacting us. You can find our contact details at the foot of this information text. Remember that any processing that has already been performed based on your consent before you withdrew your consent is not affected by your withdrawal of consent.
Right to erasure
You may request erasure of your personal data if it is no longer needed for the purpose for which it was collected or if:
- you withdraw your consent and there is no other legal basis for this purpose,
- you object to our legitimate interest and your grounds for objection carry heavier weight, or if
- your personal data is being processed unlawfully.
We may decline your request for erasure if contractual or other legal obligations prevent us from complying with it. These obligations are imposed by accounting and tax legislation, consumer law legislation or where there is a contract between the parties in which rights and obligations remain in force.
Right to limited processing
You are entitled to request that our processing of your personal data is limited if:
- you dispute that the data is correct (however, only during a time that permits us to check this),
- the processing is unlawful and you oppose erasure of the personal data and instead request limitation of the use of the data,
- you need the personal data to make or defend legal claims although we no longer need the personal data for the purpose of the processing, or
- you have objected to the processing and we have not checked whether our legitimate interest in processing your personal data carries heavier weight than your legitimate grounds for the processing of your personal data to be limited.
Right to object
You may also object to all processing of personal data based on our or a third party’s legitimate interest. For an objection to result in processing ceasing, it is necessary that we are unable to demonstrate that our legitimate interest carries heavier weight than your interest.
You are always entitled to object to our using your personal data for direct marketing, for example by email. You do this by clicking the relevant link in our emails.
Right to data portability
If the processing of your personal data is based on consent or performance of a contract, you are entitled to request that the data you have submitted to us (about you) is transferred to you and/or another controller. This can be done only if it is technically feasible.
Right to rectification
Hövding strives to ensure that all data we process is correct. You are entitled to have incorrect data rectified, for example your name and address. If data is incorrect, it is rectified without delay.
Right to lodge a complaint with a supervisory authority
If you are dissatisfied with how we process your personal data, you are entitled to lodge a complaint with a supervisory authority. We are subject to the supervision of the Swedish Data Protection Authority. For more information, please see www.datainspektionen.se
Phone: 040-23 68 68
Postal address: Bergsgatan 33, 214 22 Malmö, Sweden
Email address: firstname.lastname@example.org