The GDPR (Data Protection Ordinance) is a new EU regulation that will become valid throughout the EU on 25 May 2018. GDPR replaces the Swedish Personal Data Act (PUL). A lot is the same, but it means that the requirements for how companies and organizations can process your personal data is sharpened.
Responsible part for collecting personal data
Grandpa AB, org. nr. 556643-9328
Personal data is all the information that can be linked directly or indirectly to a living person. This means that the following is considered personal information: name, address, phone number, e-mail address, IP address, photographs etc.
Grandpa stores the personal data that you as a customer leave to Grandpa in connection with an order. This includes name, address, e-mail address, mobile number, credit card details, other means of payment and also personal identification number for credit check on invoice payments. This information is stored in order for us to manage your order, deliver your goods to the desired address, manage payment and any returns, swaps and complaints. If you have accepted to receive Grandpa's newsletter, Grandpa will save your email address. If you have been to any of our stores and entered your email address to receive the receipt digitally, your email address will be stored.
Personal data may be submitted for processing on behalf of Grandpa through a personal data assistant. In such cases, a written agreement will be created to regulate the personal data processing assistant's handling of personal data and the personal data assistant will not be entitled to use the personal data for purposes other than performing the tasks assigned by Grandpa.
Grandpa is processing personal data on the legal basis that it is necessary to comply with the parties' agreement. Grandpa is also entitled to process the customer's address and other contact information for marketing purposes based on a balance of interest, where Grandpa, as long as you do not oppose it, considers that its interest in marketing its products and services exceeds your integrity.
If you subscribe to Grandpas newsletter your e-mail adress will be saved for a year after you have cancelled the subscription, provided no purchased have been made.
Grandpa saves your information as long as required by law, or to fulfill Grandpas commitments to you in the individual case. Your data will never be stored longer than permitted by applicable personal data law.
To the extent that Grandpa by law or government regulations are obliged to save information for a longer period of time than stated above, the information will be saved accordingly. An example of this is the accounting.
Grandpa is processing personal data due to the legal basis that it is necessary to meet the parties agreements. Grandpa is also entitled to process your address and other contactinformation for marketing purposes based on interest, where Grandpa, as long as you do not oppose that processing, considers that its interest to market their products and services contemplates your privacy interests.
Right to information: When you wish, you may request information about the personal information we have saved about you.
Right to correction: If your information is incorrect, incomplete or irrelevant, you may want to have them corrected or deleted.
Right to deletion: You may request us to delete your personal information. We can not delete your data if there is a statutory requirement for storage, such as accounting rules or other legitimate reasons why the data must be saved, such as unpaid debts. However, as a customer, you should know that a request for data removal or limitation of processing of personal data may limit or completely omit your ability to use Grandpas services.
Data Portability: You may ask us to transfer your personal data from our IT environment to another, either to another company or to you. This does not apply to information that the law requires us to keep.
Returning consent: You can revoke your consent to let us use the data for marketing purposes at any time.
Complaint: You may file a complaint with the Data Inspection if you believe that we treat your personal data in violation of the Data Protection Ordinance.
What does the data inspection do and when do you contact them?
The Data Inspection is responsible for monitoring the enforcement of the legislation. Anyone who considers that a company / organization / authority handles personal information incorrectly may file a complaint to the Data Inspection regardless of relationship. Contact information for the Data Inspection can be found at www.datainspektionen.se.