PRIVACY POLICY FOR HEMFRID I SVERIGE AB
1 WE VALUE YOUR PERSONAL PRIVACY
1.1 Hemfrid i Sverige AB, corp. reg. no. 556529-8444 (“__Company__”) is committed to ensuring that your personal data is processed in a privacy-secure manner, with an appropriate level of protection, and in accordance with applicable data protection legislation.
1.2 This Privacy Policy describes how we process personal data relating to you as a customer of, or a person in contact with, the Company, and as a visitor to our website.
1.3 If you have any questions regarding the Company’s privacy protection, you are always welcome to contact us. Our contact details are set out below under the heading “Contact Information”.
2 DATA CONTROLLER
2.1 The Company is the data controller for the processing of your personal data and is therefore responsible for ensuring that your data is handled correctly and securely in accordance with applicable legislation.
2.2 We are part of KEYTO Group, which consists of several companies focused on household services, and which maintains a joint customer database administered by KEYTO Group AB (publ), corp. reg. no. 559328-3392. For certain types of processing, the Company is therefore a joint controller together with KEYTO Group AB (publ). This means that, where applicable, your personal data is shared with and processed by KEYTO Group AB (publ) for the joint purposes set out in this Privacy Policy (see below under the heading “To whom does the Company disclose your personal data?”).
2.3 The Company does not offer its services to persons under the age of 16 and therefore does not collect personal data from persons under the age of 16.
2.4 KEYTO Group has regulated the joint controllership through a written arrangement, to ensure that the processing of your personal data always takes place in a privacy-secure manner. Within the scope of this arrangement, KEYTO Group AB (publ) is primarily responsible for the operation of IT systems for customer records, invoicing, etc., and for marketing, while the Company is responsible for the handling of personal data in connection with the performance of the agreement with the customer.
2.5 If you have any questions regarding the processing of personal data, or if you wish to exercise your rights as a data subject (see further under the heading “Your rights” below), you may always contact us or KEYTO Group AB (publ) (see contact details below under the heading “Contact Information”).
3 WHAT PERSONAL DATA DOES THE COMPANY PROCESS?
3.1 Personal data means any information of any kind that, directly or indirectly, can be attributed to a living person. In other words, it is information about you and your person. Processing refers to any type of operation performed on personal data, such as the collection, storage, use, adaptation, and transfer of personal data.
3.2 Your personal data is usually collected directly from you, for example via email or through other communication channels, or, where applicable, from the company or organization you represent. The Company may also receive personal data about you from other companies within KEYTO Group or from cooperation partners. Where necessary, the Company may use external information services to supplement existing information, for example position and contact information.
3.3 Customers (private individuals)
The Company may collect and process the following information in order to contact you and fulfil its obligations towards you as a customer:
- Contact information, such as name, personal identity number, address, telephone number and email address, and, where applicable, contact details for close relatives.
- Residential information, such as address, door code, keys (where access to the home is provided), number of rooms and windows, pets, etc.
- Information you provide to the Company by email, through our social media channels or through other communication channels.
- Information from customer surveys and customer evaluations.
- Order and booking information, and deduction information: purchase and transaction history and payment information, such as bank details, account number and, where applicable, IBAN, SWIFT, etc.
- Invoicing information: invoicing instructions and information appearing on invoices.
- Information regarding complaints and warranty matters.
- Information regarding telephone conversations with the Company’s switchboard or customer service.
Subject to your explicit consent, the Company may also process sensitive personal data, for example health-related information (including allergies or disabilities) about you or your close relatives. Such processing takes place only to the extent required in order to adapt our services to your needs.
3.4 Company representatives of, for example, customers, suppliers and cooperation partners
The Company may collect and process the following information about you that the Company needs in order to contact you as a representative of a company or organisation:
- Personal and contact information, such as name, address, telephone number, email address, title, position and employer.
- Information that you, as a company representative, provide to the Company by email, through our social media channels or through other communication channels.
- Where applicable, information regarding telephone conversations with the Company’s telephone exchange or customer service.
- Where applicable, information regarding dietary preferences, any allergies and/or disabilities (for example in connection with company events or meetings).
3.5 Potential customers, suppliers and cooperation partners
The Company may collect and store the following information about you in your capacity as a potential customer, supplier or cooperation partner of the Company, or as a company representative of a company that is a potential customer, supplier or cooperation partner of the Company.
- Personal and contact information, such as name, address, telephone number, email address, title, position and employer.
3.6 Visitors to the Company’s website
In connection with your visit to the Company’s website, we collect the following information about you that the Company needs in order to improve, streamline, simplify and develop our website.
- Technical information, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographical location, operating system, and other information from cookies or similar mechanisms (device information).
4 VOUR PROCESSING OF YOUR PERSONAL DATA
The purposes for which we intend to process your personal data, and the legal basis on which we rely for each processing, are set out in the tables below.
4.1 Customers, suppliers and cooperation partners (including company representatives thereof)
| Purpose | Legal basis |
|---|---|
| To maintain contact with a customer, a representative of the customer, a supplier or a cooperation partner. | Processing is necessary for the Company’s legitimate interest in maintaining contact with you for the purpose of performing the agreement with the customer, the supplier or the cooperation partner, i.e. the company you represent as a company representative (legitimate interest). |
| To comply with statutory requirements, such as security requirements and accounting requirements. | Processing is necessary in order to fulfil the Company’s legal obligations. |
| To enable marketing and communications regarding the Company’s brand and the Company’s products and services (e.g. dispatch of newsletters and other marketing material, invitations to the Company’s events, etc.). | Processing is necessary in order to enable the marketing of our brand, products or services to you as a customer or to the company you represent as a company representative. As a legal basis for such processing, we rely on either consent or legitimate interest. |
| To handle orders and deliveries, provide the services you have ordered, and administer our agreement with you or the company you represent. | Processing is necessary in order to perform the agreement with the customer. Where personal data is processed concerning persons other than customers (such as relatives, cohabitants or contact persons at corporate customers), such processing is based on legitimate interest. Sensitive personal data is processed only on the basis of your explicit consent. |
| To carry out surveys concerning the Company’s products and customers’ purchasing experience. | Processing is necessary for the Company’s legitimate interest in evaluating, developing and improving its brand, products, and marketing (legitimate interest). |
| To ensure payment and to analyse purchase history for the purpose of offering customers appropriate products and marketing. | Processing is necessary in order to perform the agreement with the customer. Processing is also necessary for the Company’s legitimate interest in offering its customers relevant marketing, taking into account the customer’s previous purchases (legitimate interest). |
| To receive payment from customers in connection with the purchase of the Company’s or KEYTO Group’s products and services. | Processing is necessary in order to perform the agreement with the customer. |
| To respond to and compensate customers in the event of complaints and warranty matters. KEYTO Group may also communicate with you and administer your customer matter (such as RUT-deduction applications). | Processing is necessary in order to perform the agreement with the customer. Processing in connection with communications and the handling of customer matters, for example in connection with complaints and RUT-deduction applications. |
4.2 Visitors to our website
| Purpose | Legal basis |
|---|---|
| To ensure the operation of the Company’s website and application. To develop the Company’s website in order to better adapt it based on how the website is used. | Processing is necessary for the Company’s legitimate interest in improving, streamlining, simplifying and developing its website, and for the purpose of attracting further customers/cooperation partners and increasing the proportion of returning customers/cooperation partners (legitimate interest). |
5 How long do we retain your personal data?
5.1 Your personal data is retained for as long as there is a need to retain it in order to fulfil the purposes for which the data was collected in accordance with this Privacy Policy. Thereafter, your data will be erased.
5.2 Certain personal data will, for the purpose of complying with applicable accounting legislation, be retained for seven years, counted from the end of the calendar year in which the financial year to which the information relates was closed.
5.3 Contact details for company representatives are retained for as long as the Company considers the information to be necessary in order to maintain the relationship with the company/organization. Erasure shall take place when the Company becomes aware that the information is no longer adequate or relevant for the purpose, or upon request from the contact persons.
5.4 For more detailed information regarding how long the Company retains specific personal data, please contact us. Contact details are set out in the section “Contact Information” below.
6 TO WHOM DOES THE COMPANY DISCLOSE YOUR PERSONAL DATA?
6.1 The Company does not disclose personal data to third parties, except in situations where this is required in order to comply with a statutory obligation or to perform the Company’s commitments toward you, customers and/or cooperation partners. Your personal data will not be sold to third parties for advertising purposes.
6.2 The table below sets out situations in which your personal data may be disclosed to third parties.
| Third party | Reason why the personal data is disclosed to the third party |
|---|---|
| KEYTO Group AB (publ) | KEYTO Group AB (publ) is joint data controller with the Company for processing carried out within the scope of KEYTO Group’s joint handling of customer records, invoicing, marketing and similar administrative functions. Certain customer data, such as name, address, contact details and purchase history, is therefore shared between the companies to enable efficient administration, customer follow-up, and targeted marketing within KEYTO Group. |
| Other companies within KEYTO Group | Personal data may also be shared with other companies within KEYTO Group for, among other things, coordinated case handling, marketing, and to enable and streamline cooperation regarding offers, customer service, and delivery. |
| Cloud service providers | Personal data may be disclosed to providers of cloud services, as the Company stores certain information in cloud services. |
| Suppliers and cooperation partners | The Company may disclose your personal data to various suppliers and/or cooperation partners where such suppliers or cooperation partners need your personal data in order to perform their assignments for the Company. |
| Companies providing financing solutions to customers | Where a customer is interested in a financing solution for their purchase, the Company transfers information about the customer to financing companies with which the Company cooperates and which, in turn, enter into agreements and communicate directly with the customer. |
| Authorities | Personal data may be transferred to authorities where this is required in order to fulfil statutory obligations. |
| Divestment | In the event that the Company intends to transfer all or part of its business, personal data may be disclosed to a potential purchaser. |
7 Transfer of personal data to third countries
The Company may transfer your personal data to countries outside the EU/EEA. If your personal data is transferred to a country outside the EU/EEA, the Company will take the necessary measures to ensure that the transfer of the personal data is lawful and that your personal data is processed in a secure manner and with a level of protection corresponding to that within the EU/EEA, for example by entering into the European Commission’s standard contractual clauses with the recipient.
8 Your rights
A summary of your rights under applicable legislation is set out in the table below.
| Right of access | You have the right to access your personal data and to receive a copy of the personal data concerning you that is processed by the Company. |
| Right to rectification | If the personal data that the Company processes about you is inaccurate, incomplete or outdated, you have the right to ask us to rectify it. |
| Right to erasure | You have the right to request that we erase your personal data. If the Company does not have a legal basis for continuing to process the personal data, it shall be erased. |
| Right to object | Under certain circumstances, you have the right to object to the Company’s processing of your personal data. |
| Right to restriction of processing | In certain cases, you have the right to require the Company to restrict the processing of your personal data. This means that the Company may, under certain circumstances, only process the personal data in ways other than by storing it. |
| Right to data portability | Where personal data is processed based on your consent or on the basis of an agreement with you, you have the right to receive your personal data in a machine readable format and to transfer the personal data to another data controller. |
| Right to withdraw consent | If the Company processes your personal data on the basis of your consent, you may withdraw such consent at any time. However, a withdrawal does not affect the lawfulness of the processing of personal data carried out by the Company prior to the withdrawal of consent. |
| Right to file a complaint with a supervisory authority | You have the right to file a complaint about the Company’s processing of your personal data with the Swedish Authority for Privacy Protection (Sw:Integritetsskyddsmyndigheten), Box 8114, 104 20 Stockholm, Sweden. |
9 Protection of your personal data
You shall always be able to feel confident when providing your personal data to us. The Company has therefore taken the security measures required to protect your personal data against unauthorized access, alteration and deletion. We will not disclose your information to any other party, except as expressly set out in this Privacy Policy.
10 If you do not provide your personal data to the company
If you do not provide your personal data to the Company, it is possible that the Company will not be able to fulfil its legal or contractual obligations toward you.
11 CONTACT INFORMATION
If you have any questions regarding this privacy policy, the processing of your personal data, or if you wish to exercise your rights under applicable data protection legislation, you are welcome to contact the Data Protection Officer at KEYTO Group by email integrity.hemfrid@keytogroup.com.