Your privacy is important to us and we take responsibility for the personal data that you provide us with. This policy describes how we treat, store and process your personal data when you are a customer of Norrgavel in Sweden and Norway, when you visit our website, register for our customer club or when you are in contact with us in other ways, such as via our customer services.
Responsibility for processing personal data
Norrgavel AB is the data controller responsible for the processing of personal data described in this policy. If you provide personal data to one of partners (e.g. when ordering assembly), our partner will be responsible for your personal data.
If you have any questions or wish to exercise any of your rights, you can reach us at:
Address: Elbegatan 3
Postal address: 211 20 Malmö
Corporate registration number: 556491-3381
How do we obtain your personal data?
Besides you giving us your personal data yourself, or us obtaining it from you when you buy products, use services, contact us or apply for a job with us, we may also obtain your personal data from someone else, known as a third party.
The data we obtain from third parties is as follows:
• Address data from public registers to be certain that we have your correct address.
• Credit rating data from a credit rating institution, bank or credit rating company.
Which personal data do we process?
We may process the following categories of personal data:
• Contact details such as name, address, e-mail address, phone number
• Identity data such as personal identity number, corporate registration number
• Financial data such as bank account number and other banking-related data
• Work-related data such as employment details, applications, CV, personal letters
• Purchase, order and usage history, IP-address and other transaction-related information (such as information provided when contacting customer services).
How do we process your personal data?
We process your personal data mainly to fulfil our obligations towards you. Your personal data will only be processed within the EU/EEA. We work on the assumption that we will not process more personal data than is necessary for the purpose, and we always strive to use the data that is the least sensitive in terms of privacy. The General Data Protection Regulation (GDPR) gives you certain rights. If you wish to exercise your rights or have other questions, please contact us at email@example.com.
Information on how we process personal data is provided below.
When providing and fulfilling agreements regarding services/goods
We process personal data in order to fulfil our agreements and provide services/goods to you. We process personal data for our administration and invoicing of services/goods, to run credit checks, to deal with complaints, to help you when you have questions about your service/product when you contact our customer services and otherwise to protect our rights and fulfil our obligations under our contract with you. The personal data we process in this respect are contact details, identity-related personal data and financial personal data.
We process your personal data in order to be able to perform the statutory obligations incumbent upon us, such as the requirements under the Swedish Bookkeeping Act to archive accounting data. The personal data we process in this respect are contact details, identity-related personal data and financial personal data.
We process personal data to enable us to market our products/services to you and to enable us to send newsletters by email regarding the services/products you are interested in in general and information about the company. We additionally process personal data to enable us to invite you to events that you might be interested in. The personal data we process in this respect are contact details. Marketing mailings may be sent to specific customer segments (such as women aged 25–35). Marketing emails are only sent to people who have consented to receive such emails.
After we have delivered your order and/or your services, we will send out a customer survey by email to find out more about your experience so that we can improve our services. Answering the survey is voluntary and your response is not directly linked to your email address or your purchase. For security reasons, however, we do log information about your device and your IP address.
During recruitment proccesses
We process your personal data when you apply for a vacancy or register your interest in working for us. The company processes your personal data to assess your application and complete the recruitment process. The personal data we process in this respect are contact details and identity-related personal data.
We also process your data in order to analyse the use of our channels and to implement improvements. Data is used to see how customers use our website and other digital channels (e.g. which pages are visited or what searches customers enter). Examples of personal data may be IP address, geographical location, age, town, purchasing and order history and/or results of customer surveys.
What legal basis do we have for processing personal data?
We process your personal data in order to administer and provide the service/product agreed. When we process personal data in order to fulfil requirements such as the Bookkeeping Act or tax legislation, the legal basis for processing is legal obligation.
When we process personal data for marketing, before employment and for analysis, the legal basis is our legitimate interest. This means that we consider that our interest in processing your personal data for these purposes listed above outweighs the invasion of privacy that you are exposed to due to this processing. This assessment has been made especially taking into account the fact that we think this processing will be to your benefit.
Regarding personal data relating to job applications that are not linked to a recruitment process or a completed recruitment process, we will save your personal data for potential future recruitment needs only if you have consented to this.
Norrgavel’s website may contain links to other websites over which Norrgavel does not have control. Norrgavel cannot accept any responsibility for the content of these websites or for their personal data protection but provides these links to help our customers find more information.
How long do we store your personal data for?
We store your personal data for as long as you are a customer of ours and for as long as the data is necessary to fulfil the purposes for which the data were originally collected. Given that Norrgavel takes a long-term approach and that we want our products to live for a long time to come, we save your purchasing and personal data in order to fulfil our obligations and provide you with the best possible service on into the future, e.g. in the event of a complaint, etc. You have the right to have your personal data erased from our systems at your request. Please note that we need to save certain personal data in line with current bookkeeping and tax legislation.
A cookie is a small text-based data file that a web server asks to save in your browser. Because the content of the cookie is generally sent back with every enquiry to the website in question, this means that the server can keep track of the visitor’s preferences, behaviour or identity (where this is known). We use the following cookies on our website:
• Session cookies (a temporary cookie that stops when you close your browser or device).
• Permanent cookies (cookies that stay on your device until you remove them or they expire).
• First-party cookies (cookies that are placed by the website you are visiting).
• Third-party cookies (cookies that are placed by a third-party website). On our site, these are mainly used for analysis, such as Google Analytics, Facebook pixel and Hotjar.
• Similar technologies (technologies that store information in your browser or on your device in a way similar to cookies).
Cookies (and other technologies) help us to develop our services to improve your user experience. We gather information about visitors who browse our website using several types of cookies or information gatherers. The types of cookies we use are shown below, along with how we use the information we collect:
Contain information that we must have to enable you to access certain services. One example is us remembering the products you have placed in your basket or how far you have got in the order process. Essential cookies are also used to enable us to provide the live chat function and our payment solution. Essential cookies also help us to identify and track fraud or other attempts to illegally access your data and our services.
Used to make the pages you view load more quickly. They contain general information about how you use our services. This information enables us to adapt our website to your needs so that we can make it as easy as possible for you to use or so that we can analyse our visitor flows.
Used so that we can remember the choices you made when you used our services in the past. For example, you shouldn’t have to choose the country you are in or your language preference every time you visit our website. We also want to make it easier for you to remember the products you are interested in by saving your basket or your favourites.
Marketing and social media
Collect information about your activities and the interest you have shown in Norrgavel’s website, basically what you have clicked on so we can give you relevant offers in other channels, e.g. through ads on social media.
What can you do about cookies?
You can change your settings that govern the use and extent of cookies in your browser at any time. You can choose to block all cookies, only accept certain cookies or to delete all cookies when you close your browser. If you choose to block or delete cookies, this may mean that some services can’t be used or that the website won’t work correctly in every respect.
Who do we share personal data with?
We start out with the assumption that we will not share the personal data of data subjects with external parties unless the data subject has consented to this or unless it is necessary to fulfil our obligations under a contract or by law. Where we share personal data with external service providers (data processors) we make sure that the personal data is processed securely. A data processor is a company that processes the data on our behalf and following our instructions. These companies may only process personal data under the data processing agreement we have entered into with them and in line with the instructions they are given as part of this agreement. They may not use your personal data for their own purposes and they are obliged by law and by the agreement to protect your personal data. A service provider may not share your personal data with a third party or subcontractor without our consent.
We have data processors who provide us with:
• Transport (Shipping and logistics companies)
• Payment solutions (card payment services, banks and other payment service providers)
• Marketing (digital media, media agencies, advertising agencies and print, customer surveys)
• IT services (essential operation such as business systems, e-commerce platforms, technical support, IT solution maintenance)
• Suppliers and brands that use our systems or from whom you have purchased a product via our website or shop (e.g. our external suppliers).
We also share your personal data with some companies that are independent data controllers, which means that they control how the information is to be processed, such as government agencies or companies that offer independent payment solutions or public goods transport.
We may provide necessary information to Swedish government agencies if we are obliged to do so by law. This information may include your personal data. As part of a legal dispute, we may also need to transfer information that may include personal data to other parties in the dispute.
How is your personal data protected?
We protect your personal data through a combination of technical and organisational solutions. We have taken specific security measures to protect your personal data from illegal or unauthorised access. We draw up procedures and working methods to ensure that your personal data is handled safely and securely. Only the people who actually need to process your personal data in order to do their job will have access to it.
As a data subject of ours, you have the following rights:
• You have the right to request access to your personal data where you can see which personal data we hold about you. If we receive a data request from you, we may request supplementary information to make sure we are granting access to the data to the right person. A data access request must be signed by you in writing.
• You have the right to request correction if the data we hold on you is incorrect or incomplete.
• You have the right to have your personal data erased on the following grounds:
– Your personal data are no longer necessary in relation to the purpose for which it was collected or processed.
– Where the data was stored with your consent and you withdraw your consent.
– Where the processing is based on balancing interests and there are no legitimate grounds that weigh more heavily than your interests.
– Where the personal data has been processed illegally.
– Where erasure is required to fulfil a legal obligation.
– Where you object to processing for direct marketing purposes.
The right to have personal data erased does not apply if we have a legal obligation to retain the data (e.g. under the Swedish Bookkeeping Act).
• You have the right to data portability (the right to have your personal data moved) provided that the legal basis is consent or a contract. What you can remove is personal data concerning you, which you yourself provided or which was generated by your actions/activities.
• You have the right to request that the processing of your personal data is restricted. If you request restricted processing of your personal data, this may, however, mean that we are unable to fulfil potential obligations we may have towards you during the time that the restriction applies.
• You have the right to object to the processing of personal data where the legal basis is balancing of interests. For us to be able to continue with relevant processing, we need to be able to demonstrate legitimate grounds for the processing that weigh more heavily than your interests, rights or freedoms. Otherwise, we may only process the data to determine, exercise or defend legal claims.
• You always have the right to object to your personal data being used for direct marketing. If an objection is made to direct marketing, the personal data may no longer be processed for such purposes.
Complaints and supervisory authority
If you think we have processed your personal data incorrectly, please get in touch with us at Norrgavel. The Swedish Authority for Privacy Protection is responsible for supervision under data protection law and anyone who considers that their personal data is being processed incorrectly can submit a complaint to the authority.
We always aim to give you simple and correct information on how we use and process your personal data. At Norrgavel, our customers’ personal privacy is important to us and we are constantly working to improve so that you as a customer feel reassured when you give us your personal details. If you have any questions, please contact our customer services on firstname.lastname@example.org