X

Följ vår resa

Följ vårt nyhetsbrev för att bli den första som får Brittfurn inspiration, nyheter och erbjudanden!

Din mailadress kommer inte användas för några andra syften eller delas med någon tredje part.

Loader
0
0

TIETOSUOJASELOSTE 

Valid from: 2018-05-25

At Brittfurn we cherish your private data and will always strive for the highest protection which reflects the General Data Protection Regulation (GDPR). This privacy policy addresses the ways we collect and use your personal data/information. The policy also explains your rights, as well as how you as customer can claim these. We therefore urge you to take part of our privacy policy, so that you can feel comfortable in how Brittfurn uses your personal and private data. Would eventual questions arise, you're welcome to contact us at info@brittfurn.se. With help of the list of contents below you can easily navigate to the right chapter.

  1. What is personal data and what is considered as a handling of personal data?

  2. Who is responsible for all the personal data we collect?

  3. What kind of personal data do we collect about you as a customer/user and for what purpose?

  4. From which sources do we collect your personal data?

  5. With whom could we share your personal data?

  6. Where do we store you personal data?

  7. How long do we save your personal data?

  8. What rights do you have as a registered user?

  9. How do we manage your social identity number?

  10. What are cookies and how do we use it?

  11. Can you control the use of cookies?

  12. How is your personal data protected?

  13. What does it entail that the Data Inspection Board is a regulator?

1. WHAT IS PERSONAL DATA AND WHAT IS CONSIDERED AS A HANDLING OF PERSONAL DATA?

Personal data is a a type of information which, directly or indirectly, can be attributed to a physical alive person. Encrypted information and different electronic identities (e.g. IP-numbers) are also considered as personal data if they can be attributed to physical alive persons.

Handling of personal data is everything that happens to the personal data. In other words, each action which uses personal data constitutes a handling of personal data, whether the action is performed manually or automatically. Examples on common handlings are; collection, registration, organisation, structuring, storage, processing, transmission and deletion.

2. WHO IS RESPONSIBLE FOR ALL THE PERSONAL DATA WE COLLECT?

Brittfurn AB, corporate identity number: 556671–3201, with the address Sturegatan 20, 114 36 Stockholm, Sweden is responsible for the collection and handling of customers' and users' personal data.

3. WHAT KIND OF PERSONAL DATA DO WE COLLECT ABOUT YOU AS A CUSTOMER/USER AND FOR WHAT PURPOSE?


3.1

Purpose

In order to handle orders/purchases.

Executed handlings

  • Delivery (including notifications and contacts concerning the delivery).

  • Identification.

  • Handling of payment (including analyses of possible payment solutions, which could entail a control of payment history and gathering of credit history from Klarna & DIBS).

  • Handling of reclaim and warranty errands.

Categories of personal data

  • Name

  • Contact information (e.g. address, e-mail and phone number).

  • Payment history.

  • Payment information.

  • Credit history from credit bureaus.

  • Purchase information (e.g. which goods have been ordered or if the goods are to be delivered to a different address).

Legal ground

Fullfillment of the purchase agreement. This collection of personal data is needed in order for us to complete our commitments according to the purchase agreement. If the data isn't given, we cannot commit to this fullfillment and are thus forced to deny you the purchase.


Storage period

Until the purchase has been executed (including delivery and payment) and for a time of 36 months afterwards, in order to handle eventual reclaim and warranty errands.


3.2

Purpose

In order to handle bookings of our services (e.g. interior service).

Executed handlings

  • Receiving of bookings, rebookings and cancellations.

  • Mailing of booking confirmations.

  • Communication concerning the booking.

Categories of personal data

  • Name.

  • Contact information (e-mail and phone number).

  • Eventual notes which you decide leave behind.

Legal ground

Fullfillment of service agreement. This collection of personal data is needed in order for us to complete our commitments according to the service agreement. If the data isn't given, we cannot commit to this fullfillment and are thus forced to deny you the service.

Storage period

Until the service has been completed.


3.3

Purpose

In order to fulfill the company's legal obligations.

Executed handlings

  • Necessary handling for complying with the company's legal obligations according to legal requirements, rulings and administrative decisions (e.g. the Accounting Law, Money Laundering Law or rules about product liability and product safety, which could require the production of communication and information to the public and customers about product alarms and revocations when for example dealing with; defects or insanitary goods).

Categories of personal data

  • Name

  • Contact information (e.g. address, e-mail and phone number).

  • Payment history.

  • Payment information.

  • Your correspondence.

  • Information about time of purchase, place of purchase, eventual errors/complaints.

Legal ground

Legal obligation. This collection of personal data is required by the law. If the data isn't given, we cannot commit to our legal obligations and are thus forced to deny your purchase.

Storage period

Until the purchase has been executed (including delivery and payment) and for a time of 36 months afterwards.


3.4

Purpose

In order to handle customer service errands.

Executed handlings

  • Communication and answering eventual questions to our customer service (via phone, mail or in digital channels including sociala media).

  • Identification.

  • Investigating eventual complaints and support errand (including technical support).

Categories of personal data

  • Name.

  • Contact information (e.g. address, e-mail and phone number).

  • Your correspondence.

  • Information about time of purchase, place of purchase, eventual errors/complaints.

  • Technical information about your devices.

  • Health data (e.g. allergic reactions and health conditions you've informed us about).

Legal ground

Legitimate interests. Handling is necessary in order for us to accomodate our and your legitimate interests of processing our customer service errands.

Storage period

Until the customer service errand has been completed.


3.5

Purpose

In order to evaluate, develop and improve our services, products and system for the customer collective in general.

Executed handlings

  • Adaptation of our services to be more user-friendly (e.g. change the user interface to allow for a easier flow of information or to emphasise functions which often are used by customers in our digital channels).

  • The production of supporting documents with the purpose to improve our goods and logistic flows (e.g. by predicting

    acquisitions, stock, and deliveries).

  • The production of supporting documents with the purpose to develop and improve our range of products.

  • The production of supporting documents with the purpose to improve resource efficiency seen from an environmental and sustainable perspective (e.g. streamlining acquisitions and planning of deliveries).

  • Give our customers the possibility to affect our range of products.

  • The production of supporting documents with the purpose to improve our IT-system and raise the security for the company and our visitors/users.

  • Analyses on the information we collect for the handling's purpose. Based on the information we collect (e.g. purchase history, age, gender) you'll be sorted in a customer group – so called: customer segment – for which analyses are made on a aggregated level with the help of anonymised or pseudonymised data, i.e. without any connection to you as an individual. Insights gained from these analyses are the foundation for which products are acquired and how we develop our webpage www.brittfurn.se.

Categories of personal data

  • Age.

  • Gender.

  • Place of residence.

  • Correspondence and feedback regarding our services and products.

  • Purchase and user generated data (e.g. click and visitor history).

  • Technical data concerning what devices are used and their settings (e.g. language, IP-address, browser settings, time zone, operative system, screen resolution and platform).

  • Information about how you've interacted with us, i.e. what services you've used, how long you've visited different pages, response times, download errors, how you've reached and exited our service, etc.

Legal ground

Legitimate interests. Handling is necessary in order for us to accomodate our and your legitimate interests of evaluating, developing and improving our services, products and system.

Storage period

From the time of collection and 36 months afterwards.


3.6

Purpose

In order to avoid misuse of a service or to prevent and investigate a crime against the company. 

Executed handlings

  • Prevention and investigation of eventual frauds or other criminal offences (e.g. incident reporting in store).

  • Prevention of spam mail, phishing, harassment attempts to actions which are prohibited according to the law or our Terms of Purchase.

  • Protection and improvement of our IT-environment against attacks and intrusions).

Categories of personal data

  • Video recordings from our CCTV in our store.

  • Purchase and user generated data (e.g. click and visitor history).

  • Technical data concerning what devices are used and their settings (e.g. language, IP-address, browser settings, time zone, operative system, screen resolution and platform).

  • Data about how our digital services are used.

Legal ground

Fullfillment of legal obligation (if any exists) alternatively legitimate intrests. If no legal obligation exists, the handling is necessary to supply for our legitimate interest in preventing the misuse of a service or investigating a crime against the company.

Storage period

From the time of collection and 36 months afterwards.


4. FROM WHICH SOURCES DO WE COLLECT YOUR PERSONAL DATA?

Beyond the information you leave to us, the information we collect from you are based on a purchase or from how you use our services. We could also gain personal information from a third party. The type of data we collect from third parties are:

 

  1. Address information from public registers to verify that we have your correct address information.

  2. Information about your credit risk from a credit rating agency, bank or credit reference agency.

5. WITH WHOM COULD WE SHARE YOUR PERSONAL DATA?

Personal data assistants. In the cases where it's necessary for us to provide you certain services, we share your personal data with companies that function as so called personal data assistants for us. A personal data assistant handles the information on our behalf and according to our instructions. We will never sell nor give away your personal data to another company. We have different groups of personal data assistants which help us with:

  1. Transports (logistics companies and freight forwarders).

  2. Payment solutions (card acquiring companies, banks and other payments service providers).

  3. Marketing (print and distribution, social media, media agencies or advertising agencies).

  4. IT-services (companies which handle necessary operations, technical support and maintenance of our IT-solutions).

When your personal data is shared with personal data assistants it only occurs for the objectives that are aligned with the 
purposes for which we've collected the information (e.g. in order to meet our commitments according to our Terms of Purchase). We always audit our personal data assistants to secure that they can provide enough guarantees when it comes to the security and confidentiality of personal data.

Authorities/companies that are independent personal data controllers. We share your personal information with certain authorities and companies that function as autonomous controllers of personal data. Considering that these authorities/companies are independent personal data controllers means that we don't control how the information is handled by these authorities/companies. Examples of personal data controllers are:

 

  1. Governmental authorities (e.g. police, tax office or other authorities) if we are obligated to do so by law or in case of a suspected crime.

  2. Companies that provide general transports of goods (logistics companies and freight forwarders).

  3. Companies that offer payment solutions (card acquiring companies, banks and other payments service providers). When your personal data is shared with a company which functions as an independent personal data controller, the company's privacy policy and handling of personal data applies.

6. WHERE DO WE STORE YOUR PERSONAL DATA?

We always strive to handle your personal data within EU/EEA and that our own IT-system resides within EU/EEA. When referring to system support and maintenance we might be forced to transfer the information to a country outside of EU/EEA, e.g. if we share your personal data with a personal data assistant who, either for themselves or through their suppliers, is established or stores information in a country outside of EU/EEA. The personal data assistant are in these cases only allowed to participate in the parts of the information that are relevant for the purpose (e.g. log files).

Regardless of which country uses your personal data, we will pursue all reasonable legal, technical and organisational measures to assure that the protection level is the same as within EU/EEA. In the cases that personal data is handled outside of EU/EEA, protection levels are either guaranteed by a decision from the EU-commission to assess if the country in question upholds an adequate protection level or through the use of so called appropriate safeguards. Examples of approriate safeguards are: approved code of conduct in the receiving country, standard contractual clauses, binding internal corporate rules or the Privacy Shield.

7. HOW LONG DO WE SAVE YOUR PERSONAL DATA?

We never save your personal data any longer than necessary for each respective purpose. Read more about our specific storage periods for each respective purpose in chapter 3.

8. WHAT RIGHTS DO YOU HAVE AS A REGISTERED USER?

Right to access (extract form). We're always open and transparent with how we use our personal data and if you want to gain a deeper insight on the handling of your personal data, you can always get access to this information per request. Please consider that if we receive a request that we will ask you additional questions to ensure an effective handling of your request as well for a safe transfer of information to the right person.

Right to correction. You can request for the correction of personal data if the information is incorrect. Within the scope for the specified purpose you also have the right to complete eventual incomplete personal data.

 

Right to deletion. You can always require the deletion of all personal data which we handle about you if:

 

  1. The information is no longer necessary for the purpose for which it was collected or handled.

  2. You object a balancing of interests that we've made based on legitimate interest, where your reason for objection weighs more than our legitimate interest.

  3. You object handlings for direct marketing purposes.

  4. Personal data is handled in an illegal way. 

  5. Personal data needs to be erased in order to fullfill a legal obligation we're covered by.

  6. Personal data has been collected about a child (under 13 years) for whom you have parental responsibility for and where the collection of data occured in connection to offers in information society's services (e.g. social media).

Please consider that we have the right to deny your request in the cases where legal obligations obstruct us from immediately erasing certain personal data. These obligations are based on the accounting and tax legislation, bank and money laundering legislation, but also on consumer protection legislation. It might also occur that a certain handling is necessary for the establishment, exercise or defence of legal claims. Would we be unable to meet a certain request of deletion will we instead block the personal data from being used for other purposes than the purposes which impedes the requested deletion.

Right to restriction. You have the right to request that the handling of your personal data is restricted. If you contest that your personal data is handled correctly you can request for a restricted handling during the time we need to assess the matter. If we no longer need the personal data for the defined purposes, but you still need them for the establishment, exercise or defence of legal claims, you can request for a restricted handling of your personal data. This means that you can request that we don't delete your personal data. If you've objected a balancing of interests for a legitimate interest – which've used as a legal foundation for a purpose – you can request for a restricted handling of personal data during the time we need to verify whether our legitimate interests weigh more than your interests; in order to have your personal data deleted. If the handling has been restricted according to one of the aforementioned situations above, we're only allowed to – beyond the actual storage – to handle personal data for the establishment, exercise or defence of legal claims, in order to protect someone other's rights or if you've given your consent.

Right to impose certain handlings. You always have the right to avoid direct marketing and object all handlings of personal data which build on a balancing of interests.

Legitimate interest. In the cases we use a balancing of interests as a legal foundation for a purpose, you have the opportunity to object the handling. In order to continue handling your personal data after such an objection, we need to be able to present compelling legitimate grounds for the actual handling which weigh more than your interests, right or freedoms. In any other case we're only allowed to handle personal data for the establishment, exercise or defence of legal claims.

Direct marketing (including analyses which are executed for direct marketing)
You have the opportunity to object the use of your personal data for direct marketing. The objection even includes the analyses of personal data (so called: profiling) which are executed for direct marketing purposes. With direct marketing we mean all types of outreaching marketing actions (e.g. via mail, e-mail and sms). Marketing actions where you as customer actively have chosen to use one of our services or in any way have looked up information about us and our services are not considered to belong to the category direct marketing (e.g. product recommendations). If you object the use of your personal data for direct marketing, we'll end the handling of your personal data for that purpose as well as terminate all types of direct marketing actions. You always have the opportunity to affect what channels should be used for mailings and personal offers. For example, you can choose to only receive offers by e-mail and not sms. In these cases you shouldn't object against the handling of personal data but rather restrict our communication channels (by contacting us through our customer service).

Right to data portability. If our right to handle your personal data is based on either your consent or a fullfillment of an agreement with you, you have the right to request that your personal data – which you have given to us – to be transfered to a different personal data controller (so called: data portability). A condition for data portability is that the transfer is technically possibly and can be automated.

9. HOW DO WE MANAGE YOUR SOCIAL IDENTITY NUMBER?

We don't use, register nor store our customer's social security numbers at Brittfurn.

10. WHAT ARE COOKIES AND HOW DO WE USE IT?

Cookies are small text files containing letters and numbers that are sent from our web server and saved onto your web browser or device. On www.brittfurn.se we use the following type of cookies:

 

  1. Session cookies: a temporary cookie which ceases to exist after you close down your web browser or device.

  2. Long term cookies: cookies that stay on your computer until you remove them or when they expire.

  3. First part cookies: cookies that are placed by the websites you visit.

  4. Third part cookies: cookies that are placed by third party websites. These type of cookies are first and foremost used for analyses, e.g. Google Analytics.

  5. Similar techniques: Techniques that store information on your web browser or your device in a similar way as cookies.

The cookies we use normally improve the services we offer. Some of our services need cookies in order to function correctly, while others improve the service for you. We use cookies to gain overall analytic information regarding your use of our services, as well as to save functional settings such as preferred language and other information. We even use cookies in order to target relevant marketing to you.

11. CAN YOU CONTROL THE USE OF COOKIES?

Absolutely, your web browser or device gives you the opportunity to change settings for the usage and amount of cookies. Go to your settings in your web browser or device to learn more about how you adjust the settings for your cookies. Examples on what you can adjust are; blocking all cookies, only accepting first party cookies or deleting cookies when you close down your web browser. Bear in mind that some of our services might work if you block or erase cookies. You can read more about cookies in general on the Swedish Post and Telecom Authority's webpage; pts.se.

12. HOW IS YOUR PERSONAL DATA PROTECTED?

We use IT-systems to protect the privacy, integrity and access to personal data. We've taken special security measures against unlawful or unauthorised handlings (e.g. unlawful access, loss, destruction or damage). The persons who actually need your personal data, to fullfill the specified purposes, are the only ones who have access to your information.

13. WHAT DOES IT ENTAIL THAT THE DATA INSPECTION BOARD IS A REGULATOR?

The Data Inspection Board is responsible for the application of GDPR, where anyone who deems that a company handles personal data incorrectly can leave a complaint to the Data Inspection Board.


For further questions please contact us below.

CONTACT US

Ostoskorin

Loppusumma alennuksen jälkeen0€

Kassalle
Läs produktinfo Lägg i moodboard