Lindex Privacy Policy

Transcription

1 Lindex Privacy Policy Your integrity is important to us. Our Personal Data Processing Policy describes, among other things, what data we collect, the purpose for which it is collected, how you can control your own data and how to contact us. Personal data controller AB Lindex ( ,"Lindex", Box 233, Göteborg) is the personal data controller for the processing of personal data at Lindex. The personal data manager is responsible for ensuring that Lindex processes the data according to current legislation. What personal data is collected about you as a customer and why? This section describes the purposes for which we process personal data, what categories of personal data are processed, and the legal basis upon which the processing is carried out for you as a customer at Lindex. 1) In order to handle orders/purchases Deliver ordered/purchased products or services (including notification of delivery or contact regarding delivery). Be able to carry out identification and age verification. Manage payments (including analysing which payment solutions should be offered). Address verification against external sources, such as SPAR. Manage return, complaint and warranty issues. Payment information (e.g. transaction reference, transaction date. More card number). Personal ID number Customer number Payment history Order information, e.g. what product has been ordered or if it is to be delivered to another address. Legal basis: Fulfilment of purchase agreement Until the purchase has been completed and for a period of 36 months thereafter. When it comes to customers who shop without logging in, we will keep your personal information for 6 months after the last purchase. 2) In order to manage and administer your user account Provide authorization for logging in Be able to carry out identification and age verification. Maintain correct and updated information Enable following of purchase history Manage your settings and information about payment history and payment options. Facilitate the saving of shopping lists, make suggestions for shopping lists or similar measures that simplify things for you. Analyses are carried out in order to enable this. 1 (10)

2 Username and password. Purchase history Technical information about your computer, mobile phone and other devices you use and their settings. Payment history Personal ID number Customer number Address information from external sources, such as SPAR. Legal basis: For members of More at Lindex: Fulfilment of the loyalty program membership agreement Registered customers - legitimate interest. The processing is necessary in order to satisfy your and our interest in managing and administering your user account. As long as you have an active account or More at Lindex membership. If you have not made any purchases in the last 36 months, the data will be removed. 3) To be able to market products and services View relevant product recommendations, suggest shopping lists, remind about forgotten/abandoned digital shopping carts, or save shopping lists to simplify future purchases or similar measures. Send direct marketing via , text messages, social media and similar electronic channels for communication as well as mail, including promotions from partners to existing customers outside our loyalty program. For example, by executing campaigns or sending offers and invitations for events to: all customers, a particular customer segment (e.g. women/men between 30 and 40 in Sweden), or individual customers. Age Place of residence Information on how the customer uses the company's web sites and other digital channels. Information about completed purchases. User generated data (e.g., clicking and visiting history). In order to understand what kind of marketing or direct marketing should be used, we analyse: How web sites and other digital channels are used (for example, which web pages and sections of web pages have been visited and what searches have been made). Purchase history Age and place of residence. Results from customer satisfaction or marketing studies. Legal basis: For members of More at Lindex: Fulfilment of the loyalty program membership agreement Processing is necessary in order for us to meet our commitments in the loyalty program membership agreement. Registered and unregistered customers - legitimate interest Recipients of newsletters and website visitors - legitimate interest. 2 (10)

3 The processing is necessary to satisfy your and our interest in being able to market products and services. As long as we think you benefit from our communication and you have not chosen to actively withdraw your consent. 4) To be able to carry out and manage participation in competitions and events Communicate with participants in a competition. Communicate with participants before and after an event (e.g. confirmation of notifications, questions or evaluations). Be able to carry out identification and age verification. Select winners and convey prizes. Personal identification number or age. Details submitted as part of a competition submission. Details submitted as part of an evaluation of an event Legal basis: Legitimate interest. The processing is necessary to satisfy your and our interest in being able to carry out the manage competitions and events. As long as necessary to complete the competition / event (including any evaluation). 5) To manage the booking of services (e.g. personal shopping or similar) Manage bookings, re-bookings and cancellations. Be able to communicate about the booking and remind you of the service. Contact information ( , phone number). Information you choose to provide that enables the service provider to prepare the service. Legal basis: Fulfilment of the service agreement. The processing is necessary in order for us to meet our commitments. As long as it is necessary to provide our services and for a period of 36 months thereafter. 6) To be able to manage customer service cases Communicate with the customer and respond to inquiries submitted to customer service through phone or digital channels (including social media). Enable identification. Investigate complaints and support cases (including technical support). 3 (10)

4 Your correspondence Information about purchase date, place of purchase, or product defects/complaints. User information for My Pages, for example, when having login problems. Technical details for your equipment required for support cases. Personal ID number Legal basis: Legitimate interest. The processing is necessary to satisfy your and our interest in being able to manage customer service cases. Correspondence in customer service cases is saved for 36 months. 7) In order to fulfil legal obligations (e.g. In terms of the requirements of the Swedish Accounting Law, Product Liability and Product Safety and Personal Data Protection in IT Systems) To fulfil legal obligations, as required by laws, judgements or administrative decisions. Such requirements may refer to product liability and product safety requirements such as providing communication and information to the public and customers regarding product alarms and product recalls, for example in case of a defect or health hazard, or if it is required by the Accounting Act or the Money Laundering Act and is attributable to a single individual. The categories of personal data that may be processed are: Your correspondence Information about purchase date, place of purchase, defects/complaints for the product. User information for My Pages. Personal ID number Payment information Legal basis: Legal obligations. Personal data is stored for as long as required to fulfill the respective legal obligations. 8) To evaluate, develop and improve our services, products and systems for the customer community as a whole Make services more user-friendly, such as changing the user interface to simplify the information flow or to highlight features commonly used in our digital channels. Develop supporting documentation in order to improve product and logistical flows, e.g. by forecasting purchases, inventory and deliveries. Develop supporting documentation in order to develop and improve our product range. Develop supporting documentation in order to develop and improve our resource efficiency from an environmental and sustainability perspective, e.g. by streamlining purchasing and planning of deliveries. Develop supporting documentation in order to plan new establishments of stores and warehouses. Give you the opportunity to influence the range we provide. 4 (10)

5 Develop supporting documentation in order to improve our IT systems so as to increase the security of our visitors and customers in general. Purchasing and user generated data (e.g. clicking and visiting history). Age Place of residence Your correspondence and feedback with regard to our service and products. Technical data relating to devices used and settings, such as language settings, IP address, browser settings, time zone, operating system, screen resolution and platform. Information about how you interact with the company, i.e. in what way services were used, the login method, where and how long different pages were visited, response times, download errors, how services can be reached and when the service was left, etc. For these purposes we perform general analyses in aggregated form, i.e. not at the individual level, regarding: How our web sites and other digital channels are used (for example, what pages or parts of pages have been visited and what searches have been made). Purchase history Age Geographic and/or demographic location. Feedback regarding our services and products and results from customer satisfaction or marketing studies. Data from customers' devices and technical settings. Legal basis: Legitimate interest. The processing is necessary to meet our and your legitimate interest in evaluating, developing and improving our services, products and systems. From the collection and for a time of 36 months thereafter. 9) In order to prevent abuse of a service or to investigate and prevent crimes against the company Investigate or prevent fraud or other offences by e.g. incident reporting in stores. Prevent spam, phishing, harassment, unauthorized logins to user accounts or other prohibited actions. Protect and improve our IT environment against attacks and intrusions. Purchasing and user generated data (e.g. clicking and visiting history). Personal ID number Video recordings from surveillance cameras. Data relating to devices used by the customer and settings, such as language settings, IP address, browser settings, time zone, operating system, screen resolution and platform. Information about how our digital services are used. Legal basis: Legal obligations if such exist or, alternately, legitimate interest (if no legal obligations exist) if the processing is necessary to satisfy our legitimate interest in preventing abuse of a service or investigating and preventing crimes against the company. As long as it is necessary to prevent and / or report fraud and other offenses. Video recordings are saved in accordance with local laws or max 30 days. 5 (10)

6 What personal data is collected about you as a member of More at Lindex and why? This section describes the purposes for which we process personal data for you as a member More at Lindex, what categories of personal data are processed and the legal grounds on which the processing is done. 10) To be able to provide benefits and offers to you as a member of More at Lindex Offer benefits, discounts, general and personal offers, invitations to events or gifts or other direct marketing. Carry out analyses of the data that the company collects for the same purpose, e.g. how the member uses the company's web pages and other digital channels (such as what web pages and sections of web pages the member visited and what searches the member made), purchasing history, age, place of residence, stated preferences (e.g. range) and other settings for the company's digital services as well as results from customer satisfaction or market research. Based on analyses, our members can be divided into different customer groups in order to provide different groups (segments) different offers, benefits and discounts based on purchasing history, specified preferences, age, place of residence, market research. The analysis is carried out on an individual level in order to be able to provide personal offers, benefits and communication. Username Customer number Place of residence Purchase history User generated data (e.g., clicking and visiting history). Stated customer choices with regard to products and services. Technical information about your computer, mobile phone and other devices that you use and their settings, e.g. language settings. Location information from mobile devices, e.g. mobile phones or tablets. Legal basis: Fulfilment of the loyalty program membership agreement Processing is necessary in order for us to meet our commitments in the loyalty program membership agreement. Until the membership ends. Your membership is considered inactive if you have not registered a purchase in the last 36 months, and your membership will end and your information will be deleted. You are entitled to terminate your membership at any time and your information will be deleted. 11) To be able to provide a personally adapted experience of our services Provide personally adapted content, e.g. by showing relevant product recommendations, give suggestions for shopping lists, or other similar measures that aim to simplify things for you. Simplify your use of the company services, e.g. by saving shopping lists or chosen methods of payment in order to facilitate future purchases or remind you of forgotten or abandoned digital shopping carts. 6 (10)

7 Carry out analyses of the information that we collect so as to be able to divide our members into different customer groups in order to provide different offers, benefits and discounts to different groups based on purchasing history, specified preferences, age, place of residence, market research. The analysis is carried out on an individual level in order to be able to provide personal offers, benefits and communication. Age Place of residence Purchase history. User generated data (e.g., clicking and visiting history). Stated customer choices with regard to products and services. Technical information about the computer, mobile phone and other devices that the member uses and their settings, e.g. language settings. Location information from the member's mobile devices, e.g. mobile phones or tablets. In order to fulfil its commitments, the company carries out certain analyses pertaining to e.g. How web sites and other digital channels are used (for example, which sites and sections of sites have been visited and what searches have been made). Purchase history Age Place of residence Stated preferences (e.g. regarding products and services, interests and behaviours). Language and other settings in digital services. Results from customer satisfaction or marketing studies. Legal basis: Fulfilment of the loyalty program membership agreement. Processing is necessary in order for us to meet our commitments in the loyalty program membership agreement. Until the membership ends. Your membership is considered inactive if you have not registered a purchase in the last 36 months, and your membership will end and your information will be deleted. You are entitled to terminate your membership at any time and your information will be deleted. Sharing and transferring personal data Personal data may also be transferred for necessary processing to other companies that the Lindex Group collaborates with, for example in case of marketing (print and distribution, media agencies, etc.), distribution and transportation, payment solutions and IT services. When your personal data are shared with Lindex' partners, the data shall be processed according to Lindex' instructions and for Lindex' account, and only for purposes compatible with the purposes for which Lindex has collected the data. In addition, Lindex may be legally obliged to provide information to government authorities (e.g. the police and tax authorities). Lindex may also provide personal data to companies that provide payment solutions (e.g. payment service providers and banks) and enterprises that provide general goods transportation (e.g., logistics companies and freight forwarders). In such cases, the partners shall process the data as independent personal data managers in accordance with their own privacy policies and management instructions. Lindex strives to process personal data within the EU/EEA and collaborate with partners and suppliers who process personal data within the EU/EEA. If not possible, processing of personal data may occur outside the EU/EEA in countries that are considered to have an adequate level of protection in accordance with the EU Commission's decision, or through the use of appropriate safeguards, such as standard contract clauses, binding internal company rules or US Privacy Shield. The countries where Lindex' partners 7 (10)

8 process personal data outside the EU/EEA are the US and India. Regardless of the country in which personal data is processed, Lindex takes reasonable technical, legal and organisational measures to ensure that the level of protection is the same as in the EU/EEA. You will have access to the standard contractual clauses and more information about these by clicking here. Storing personal data The processing complies with legal requirements, which means that personal details are not retained for longer than essential for the purpose of the processing. In practical terms, this means that information is removed when it is no longer relevant or necessary for analyses or direct marketing or the purposes for which it was collected. For marketing purposes, we do not use information about purchase transactions which is more than 3 years old. All handling of personal data will however be subject to a high level of security and secrecy. Your rights and options Right to access: We want to be open and transparent about how we process your information, and if you want to find out more about the personal data that are being processed, you have the right to request access to your data, which we will provide to you in the form of a so-called "registry" (purpose, categories of personal data, categories of recipients of personal data, storage periods or criteria for determining storage periods, information about where information was collected). If we receive a request for access, we may ask for additional information to ascertain what information you wish to access and that we disclose it to the right person. Right to rectification: You always have the right to demand that your personal data are corrected if they are incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data. You who are a member of More at Lindex, or have created an account in the Lindex app or at lindex.com may, if you want, also update your information at My Pages or My Profile. Right to erasure: You have the right to demand that personal data that we are processing are deleted if: The data are no longer necessary in relation to the purpose for which it was collected or processed. You have withdrawn the consent on which the processing is based and there are no other legal grounds for the processing. You object to a balancing of interests that we have done and there is no legitimate interest for Lindex that outweighs your interest. You object to processing for purposes of direct marketing. The personal data are processed in an illegal fashion. The personal data must be deleted in order to comply with a legal obligation that pertains to us The personal data have been collected from a child (under 13 years) for which you have parental responsibility in connection with IT-services, e.g. social media. There may be reasons for us not to grant your request for erasure if there are legal obligations that prevent us from doing so. This may be the case if the processing is necessary in order to exercise our right to freedom of expression and information, to fulfil a legal obligation to which we are subject or to determine, enforce or defend legal claims. 8 (10)

9 Right to restriction: You have the right to demand that our processing of your personal data is limited. Right to object against certain kinds of processing: Legitimate interest: You have the right to object to processing that is based on a legitimate interest of ours if you have personal reasons that relate to the situation. We may however continue to process your information, despite your objection to the processing, if we have compelling legitimate reasons for the processing that outweigh your privacy interest. Direct marketing (including analyses carried out for purposes of direct marketing): You have the possibility to object against the processing of your personal data for direct marketing. The objection also encompasses the analyses of personal data (so-called profiling) which are carried out for purposes of direct marketing. If you object to direct marketing, we will cease processing your personal data for that purpose as well as all types of direct marketing actions. You naturally have the option to solely decline mailings and personal offers in certain channels. You may for example choose to only receive offers from us via , but not text messaging. In that case you should not object to the processing of personal data, since it will then be difficult for us to determine which kind of marketing is relevant for you. If you choose to decline our processing of your personal data for purposes of direct marketing, you will not be able to partake of personal offers from More at Lindex or information from us. You may still remain a member of More at Lindex, and you may partake of points and bonuses from More at Lindex, but you will not receive any personal offers, discounts or other benefits. You may at any time change your settings at My Pages at lindex.com or in the Lindex app. You may also change your choices directly through and text messaging. You are always welcome to contact our customer service to get help adjusting your choices. If you wish to decline receiving push messages in the Lindex app you can do this in the general settings of your device. If you no longer wish to be a member of More at Lindex, please contact our customer service to terminate your membership. Right to data portability: If our right to process your personal data is based on your consent or on the fulfilment of commitments in an agreement with you, you have the right to request to have the data that relate to you and which you have provided to us transferred to another personal data manager (e.g. data port). Regarding cookies Personal data may be collected when you use lindex.com, and then the information about your use and the pages that you visited is stored. This may relate to technical information about your device and Internet connection such as operating system, browser version, IP address, cookies and unique identifiers. When you visit lindex.com where our services are provided, various technologies can be used to recognize you in order to learn more about our users. This may occur directly or through use of third party technology. It may be the use of e.g. cookies. What is a cookie? 9 (10)

10 There are two types of cookies. One type saves a text file over an extended period, but has an expiry date. The purpose of this cookie is, for example, to tell you what is new since your last visit. The other type of cookie is a so-called session cookie, which lacks an expiry date. The text file is temporarily saved for as long as you are surfing on a page, and helps with remembering which language you want to use, for example. As soon as the browser is closed, the text file is deleted. Why do we use cookies? At Lindex.com we use cookies to keep track of the items you've added to your shopping cart. We also use cookies to obtain web statistics. We need these statistics in order to develop lindex.com. The information is not accessible to parties other than AB Lindex. In order to fully use lindex.com you must accept cookies. You can do this via your browser settings. If you do not want to accept cookies you can turn off cookies through your browser's security settings. This will however mean that lindex.com will not function as intended. For further information, please click here. Managing personal identification numbers We only process your personal identification number when it is clearly justified by the purpose, necessary for secure identification or if there are other legitimate reasons. Otherwise we will instead use your customer number if sufficient, in order to minimize the use of personal identification numbers as far as possible. Complaints You are entitled to file a complaint with the Swedish Data Inspection Agency, Contact details To learn more about personal data management or if you have any other questions, you're welcome to contact us at: AB Lindex, Customer Service Box 233, Gothenburg customerservice@lindex.com Telephone number: Lindex is a part of the Stockmann group, which has a Data Protection Officer. You can contact the Group's Data Protection Officer by data protection@stockmann.com, Stockmann plc, Aleksanterinkatu 52 B, Helsinki, Finland, Tel (0) Changes to the policy This privacy policy may be updated to correct interferences or to comply with new legal or technical requirements. The latest updated version of the privacy policy may always be found in this page. In case of considerable changes (e.g. to the purposes for personal data processing or categories of personal data), you will receive information about this via or at lindex.com. Last updated 25/04/ (10)