Integrity Policy and GDPR

Integrity policy forwebshop terribletwins.se

We are careful in handling all your details with integrity. We aim to hold the highest level of database security. This integrity policy explains how we collect and use your personal data. It also describes your rights and how you can enforce them.

It is important to us that you take note of our integrity policy and feel safe when you shop with us and how we process your personal data. You are always welcome to contact us with any questions.

What is a personal data and what is a processing of personal data?

Personal data is any kind of information that can be directly or indirectly attributed to a natural person who is alive. This means that, for example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (eg IP numbers) are personal data in such cases where they can be linked to natural persons.

Processing of personal data is everything that happens with the personal data. Every action taken with personal data constitutes a processing of data, regardless of whether it is performed automatically or manually. Common treatments include collection, registration, organisation, structuring, storage, processing, transfer and deletion.

Who is responsible for the personal data we collect?

Terrible Twins AB, org. company ID 556711-9283, at address Stationsvägen 4, 793 41 Insjön, is responsible for personal data for the company’s processing of personal data.

What personal information do we collect about you as a customer and for what purpose (why)?

Purpose Processing Categories of Personal Data
In order to handle orders and purchases
  • Delivery (incl. notification and contacts regarding delivery).
  • Identification and age control.
  • Handling of payment (incl. in some cases analysis of possible payment solution which may include a check against payment history and collection of credit information from credit information companies).
  • Handling of complaints and warranty matters.
  • Name.
  • Social security number.
  • Contact information (eg address, e-mail, telephone number).
  • Payment history.
  • Payment information.
  • Credit reporting companies from credit reporting companies.
  • Purchase information (eg which item has been ordered or whether the item is to be delivered to another address).
Legal ground Fulfillment of the purchase agreement. This collection of your personal information is required for us to be able to fulfill our obligations under the purchase agreement. If the information is not provided, our commitments cannot be fulfilled and we are therefore forced to deny you the purchase.
Storage period Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter in order to be able to handle any complaints and warranty matters.

Purpose Processing Categories of Personal Data
In order to fulfill the company’s legal obligations.
  • Necessary handling of fulfillment of the company’s legal obligations according to legal requirements, judgments or government decisions (eg the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require the production of communication and information to the public and customers about product alarms and product recalls in the event of a defective or hazardous product).
  • Name.
  • Social security number.
  • Contact information (eg address, e-mail and telephone number).
  • Payment history.
  • Payment information.
  • Your correspondence.
  • Information about time of purchase, place of purchase, possible error or complaint.
Legal ground Legal obligation. This collection of your personal data is required by law. If the information cannot be provided, our legal obligation cannot be fulfilled and we are therefore forced to deny you the purchase.
Storage period Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter.

Purpose Processing Categories of Personal Data
In order to handle customer service
errands.
  • Communication and answering any questions to customer service (by phone or in digital channels, including social media and chat).
  • Identification.
  • Investigation of any complaints and support matters (including technical support).
  • Name.
  • Social security number.
  • Contact information (eg address, e-mail and telephone number).
  • Your correspondence.
  • Information about time of purchase, place of purchase, possible error or complaint.
  • Technical information about your equipment.
  • Health data (eg allergic reactions and health conditions you report).
Legal ground Legitimate interest The processing is necessary to satisfy our and your legitimate interest in handling customer service matters.
Storage period Until the customer service case has been closed.

Purpose Processing Categories of Personal Data
In order to better evaluate, develop and improve our services, products and systems for our customer group.
  • Adapting services to become more user-friendly (eg changing the user interface to simplify the flow of information or to highlight functions that are often used by customers in our digital channels).
  • Production of data for the purpose of improving goods and logistics flows (eg by being able to forecast purchases, inventories and deliveries).
  • Production of data to develop and improve our range.
  • Production of data to develop and improve our resource efficiency from an environmental and sustainability perspective (eg by streamlining purchasing and planning deliveries).
  • Production of documentation for the purpose of planning new and possible de-establishments of stores or warehouses.
  • Give our customers the opportunity to influence our range.
  • Production of data to improve IT systems in order to generally increase security for the company and our visitors / customers.

Based on the information we collect (eg purchase history, age and gender), we make an analysis that can result in you being sorted into a customer group (customer segment), but the analysis is never done at the individual level.

  • Age.
  • Gender.
  • Place of residence.
  • Correspondence and feedback regarding our services and products.
  • Purchase and user-generated data (eg click and visit history).
  • Technical data concerning the devices used and their settings (eg language setting, IP address, browser settings, time zone, operating system, screen resolution and platform).
  • Information about how you have interacted with us, ie how you have used the service, login method, where and how long different pages have been visited, response times, download errors, how to reach and leave the service, etc.
Legal ground Legitimate interest Processing of data is necessary to satisfy our and our customers’ legitimate interest in evaluating, developing and improving our services, products and systems.
Storage period From collection and for a period of 36 months thereafter.

Purpose Processing Categories of Personal Data
In order to be able to prevent misuse of a service or to prevent, prevent and investigate crimes against the company.
  • Prevention and investigation of possible fraud or other violations of the law (eg incident reporting in stores).
  • Prevention of spam, phishing, harassment, attempted illegal login to user accounts or other actions that are prohibited by law or our terms of purchase or service.
  • Protection and improvement of our IT environment against attacks and intrusions.
  • Social security number.
  • CCTV recordings.
  • Purchase and user-generating data (eg click and visit history).
  • Technical data regarding devices used and their settings (eg language settings, IP address, browser settings, time zone, operating system, screen resolution and platform).
  • Information on how our digital services are used.
Legal ground Fulfillment of legal obligation (if any) or legitimate interest If there is no legal obligation, the processing is necessary to satisfy our legitimate interest in preventing misuse of a service or to prevent, prevent and investigate crimes against the company.
Storage periodFrom collection and for a period of 36 months thereafter.

From which sources do we collect your personal information?

In addition to the information you provide to us or that we collect from you based on your purchases and how you use our services, we may also collect personal information from someone else (so-called third party). The information we collect from third parties is as follows:

  1. Address information from public registers to be sure that we have the correct address information for you.
  2. Credit rating information from credit rating agencies, banks or information companies.
  3. Information from social media for marketing purposes (eg by publishing published images as a stylistic advice or for anti-fraud purposes).

With whom can we share your personal data?

Personal data assistants In cases where it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called personal data assistants for us. A personal data assistant is a company that processes the information on our behalf and according to our instructions. We have personal data assistants who help us with:

  1. Transport (logistics companies and freight forwarders).
  2. Payment solutions (card redeeming companies, banks and other payment service providers).
  3. Marketing (print and distribution, social media, media agencies or advertising agencies).
  4. IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions.

When your personal data is shared with personal data assistants, it is only for purposes that are consistent with the purposes for which we have collected the information (eg to be able to fulfill our obligations under the purchase agreement or the loyalty program’s membership terms). We check all personal data assistants to ensure that they can provide adequate guarantees regarding the security and confidentiality of personal data. We have written agreements with all personal data assistants through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding international transfer of personal data.

Companies that are independently responsible for personal data We also share your personal data with certain companies that are independently responsible for personal data. The fact that the company is independently responsible for personal data means that we are not in control of how the information provided to the company is to be processed.

Independent personal data controllers with whom we share your personal data are:

  1. State authorities (police, tax authorities or other authorities) if we are obliged to do so by law or in case of suspicion of crime.
  2. Companies that handle general goods transport (logistics companies and freight forwarders).
  3. Companies that offer payment solutions (card redeeming companies, banks and other payment service providers).

When your personal data is shared with a company that is independently responsible for personal data, that company’s privacy policy and personal data management apply.

Where do we process your personal data?

We always strive for your personal data to be processed within the EU / EEA and all our own IT systems are located within the EU / EEA. For systemic support and maintenance, however, we may have to transfer the information to a country outside the EU / EEA, for example if we share your personal data with a personal data assistant who, either himself or through a subcontractor is established or stores information in a country outside the EU / EES. In these cases, the assistant may only take part in the information that is relevant to the purpose (eg log files).

Regardless of the country in which your personal data is processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as within the EU / EEA. In cases where personal data is processed outside the EU / EEA, the level of protection is guaranteed through a decision by the European Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate protection measures. Examples of appropriate protection measures are an approved code of conduct in the recipient country, standard contract clauses, binding internal company rules or the Privacy Shield. If you would like a copy of the protective measures that have been taken or information on where these have been made available, you are welcome to contact us.

How long do we store your personal information?

We never store your personal information for longer than is necessary for each purpose. See more about the specific storage periods under each purpose. See more about the specific storage periods under each purpose.

What are your legal consumer rights?

Right of access (so-called register extract) We are always open and transparent with how we process your personal data and if you want to gain a deeper insight into which personal data we process about you, you can request access to the data (the information is provided in the form of a register extracts stating the purpose, categories of personal data, categories of recipients, storage periods, information on where the information was collected and the existence of automated decision-making).

Keep in mind that if we receive a request for access, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person.

Right to correction You can request that your personal information be corrected if the information is incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data.

Right to deletion You can request deletion of personal data we process about you if:

  • The data are no longer necessary for the purposes for which they were collected or processed.
  • You object to a balance of interests we have made based on legitimate interest and your reason for objection outweighs our legitimate interest.
  • You object to processing for direct marketing purposes.
  • Personal data is processed illegally.
  • Personal data must be deleted in order to fulfill a legal obligation to which we are subject.
  • The personal data has been collected about a child (under 13 years of age) for whom you have parental responsibility and the collection has taken place in connection with the provision of information society services (eg social media).

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from accounting and tax legislation, banking and money laundering legislation, but also from consumer law legislation. It may also be that the processing is necessary for us to be able to establish, assert or defend legal claims. Should we be prevented from meeting a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.

Right to the restriction You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process is correct, you can request a limited processing for the time we need to check whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you do need them to be able to establish, assert or defend legal claims, you can request limited processing of the data from us. This means that you can request that we not delete your information.

This means that you can request that we not delete your information.

This means that you can request that we not delete your information.

Right to object to a certain type of processing You always have the right to avoid direct marketing and to object to any processing of personal data based on a balance of interests.

Balancing of interests In cases where we use the balancing of interests as a legal basis for a purpose, you have the opportunity to object to the processing. In order to continue to process your personal data after such an objection, we need to be able to show a compelling justified reason for the processing in question that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.

Direct marketing (including analyzes performed for direct marketing purposes): You have the opportunity to object to your personal data being processed for direct marketing. The objection also includes the analyzes of personal data (so-called profiling) that are performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (eg via mail, e-mail and SMS). Marketing measures where you as a customer have actively chosen to use one of our services or otherwise contacted us to find out more about our services do not count as direct marketing (eg product recommendations).

If you object to direct marketing, we will discontinue the processing of your personal data for that purpose as well as discontinue all types of direct marketing measures.

Remember that you always have the opportunity to influence which channels we will use for mailings and personal offers. You can, for example, choose to only receive an offer from us via e-mail, but not an SMS. Remember that you always have the opportunity to influence which channels we will use for mailings and personal offers. You can, for example, choose to only receive an offer from us via e-mail, but not an SMS. In that case, you should not object to the processing of personal data as such, but instead limit our communication channels (by contacting us by e-mail [email protected]).

Right to data portability If our right to process your personal data is based either on your consent or fulfillment of an agreement with you, you have the right to request that the data concerning you and that you have provided to us be transferred to another personal data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically possible and can take place automatically.

How do we handle social security numbers?

We will only process your social security number when it is clearly justified with regard to the purpose, necessary for secure identification or if there is some other notable reason. We always minimise the use of your social security number as much as possible by, if sufficient, using your birth number instead.

What are cookies and how do we use them?

Cookies are small text files consisting of letters and numbers that are sent from our web server and saved on your browser or device. At terribletwins.se we use the following cookies:

  1. Session cookies (a temporary cookie that expires when you close your browser or device).
  2. Permanent cookies (cookies that remain on your computer until you delete them or they expire).
  3. First-party cookies (cookies set by the website you visit). Third-party cookies (cookies set by a third-party website.
  4. Third-party cookies (cookies set by a third-party website. With us, these are primarily used for analysis, eg Google Analytics).
  5. Similar technologies (technologies that store information in your browser or in your device in a way similar to cookies).

The cookies we use normally improve the services we offer. Some of our services need cookies to work properly, while others improve the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings such as language and other information. We also use cookies to be able to direct relevant marketing to you.

Can you control the use of cookies yourself?

Yes, your browser or device allows you to change the settings for the use and scope of cookies. Go to the settings of your browser or device to learn more about how to adjust the settings for cookies. Examples of things you can adjust are blocking all cookies, only accepting first-hand cookies or deleting cookies when you close your browser. Keep in mind that some of our services may not work if you block or delete cookies. You can read more about cookies on the Swedish Post and Telecom Agency’s website, pts.se.

How is your personal data protected?

We use IT systems to protect the confidentiality, integrity and access to personal data. We have taken special security measures to protect your personal data against illegal or unauthorized processing (such as illegal access, loss, destruction or damage). Only those people who actually need to process your personal data in order for us to fulfill our stated purposes have access to them.

What does it mean that the Data Inspectorate is a supervisory authority?

Datainspektionen (datainspektionen.se) is responsible for monitoring the application of the legislation, and anyone who believes that a company handles personal data incorrectly can submit a complaint to Datainspektionen.

How do you contact us with questions about data protection?

You can contact us via e-mail [email protected].

We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. For updates that are crucial to our processing of personal data (eg changes to stated purposes or categories of personal data) or updates that are not crucial for processing but which may be crucial to you, you will receive information on terribletwins.se and via e-mail (if you have entered e-mail) as soon as possible before the updates take effect. When we make information available about updates, we will also explain the meaning of the updates and how they may affect you.

Latest update of the privacy policy: 2020-10-09