PRIVACY POLICY
1. General
This policy relates to privacy and describes how Tinted AB collects, discloses and stores your personal data. The Privacy Policy applies when Tinted provides services and products, such as when you shop with us at www.tintedobjects.com, contact our customer service, visit our website or create a customer account.
2. Controller
Tinted is responsible for ensuring that our processing of your personal data is carried out in accordance with applicable legislation. Tinted AB
VAT.no. SE559385593401
Hedeforsvägen 9
443 61 Stenkullen
Sweden
Email: dpo@tintedobjects.com
3. When do we process personal data?
When you visit our website, shop with us, subscribe to our newsletter, create a customer account or contact our customer service via email or social media, we need to collect and process your personal data. We collect this information in order to provide the expected service and functionality and to fulfil our part of e.g. a purchase agreement.
4. When can we process your personal data?
We are not allowed to collect, process, use or store personal data without a valid lawful basis. Lawfulness may be derived from the following basis:
Consent: When you give us your consent, we will process your personal data for the specific purpose you have consented to. This basis is for example used when you request us to send you one of our newsletters.
Contract: When making products and services available to you we will process your personal data necessary for fulfilment of a contract (such as purchase agreement) with you and to fulfil any obligations derived from that contract.
Legitimate Interest: We may process your personal information when necessary for our legitimate interests and when these interests do not outweigh your own rights and interests. This covers processing for purposes such as our customer service support, improving or developing our products and services; and security purposes including fraud prevention.
Legal requirement: Whenever the processing of your personal data is necessary for us to fulfil our legal obligations. For each specific purpose of processing of personal data, we will inform you about which of the above lawful basis that will apply.
5. What personal data do we process?
Our data policy means that we store and process as little of your data as possible. This means that we only use the data that is necessary to process your order and maintain communication with you. The personal data we collect for you as a customer is as follows:
Name
Address (delivery and billing address)
Email address
Telephone number
Purchase history
Personal data that you provide when contacting Tinted, e.g. via customer service or social media
When you visit our website, we save the following data for administrative and technical reasons:
Type and version of the browser used
Date and time of your visit
IP address
This data will be anonymized and used for statistical purposes and to improve our e-commerce platform. The anonymized data is separated from your personal data, stored in a secure system and cannot be linked to a specific person. This means that your personal data will always remain protected
6. Summary of personal data processing
PURPOSE: ACCOUNT REGISTRATION AND MANAGEMENT WHEN CREATING AN ACCOUNT
For example: Provide access to login to customer account and provide access to order history.
Legal basis: Fulfilment of contract.
Retention period: 3 years from last purchase.
Type of personal data:
Name, address, email, telephone number
Order information
Delivery information
Payment information
PURPOSE: MANAGING ORDERS INCLUDING NOTIFICATIONS
For example: To deliver, offer payment and shipping options, handle complaints and guarantees.
Legal basis: Fulfilment of contract
Retention period: We do not store or process your personal data longer than necessary for you to receive your order, see below how we handle legal requirements and customer services.
Type of personal data:
Name, address, email, telephone number
Order information
Delivery information
Payment information
Purpose: CUSTOMER SERVICE
For example: To deal with customer queries.
Legal basis: Legitimate interest.
Retention period: 3 years from the last interaction.
Type of personal data:
Name, address, email, telephone number
Order information
Delivery information
Payment information
Other personal data provided when contacting us
PURPOSE: FULFILMENT OF LEGAL REQUIREMENTS
Examples: Warranty commitments, consumer legislation, product safety, accounting.
Legal basis: Fulfilment of legal obligation.
Retention period: Differs depending on requirements. Bookkeeping, for example is 7 years.
Type of personal data:
Name, address, email, telephone number
Order information
Delivery information
Payment information
PURPOSE: MARKETING OF PRODUCTS AND SERVICES, AND ANALYSIS OF THE CUSTOMER BASE IN GENERAL
Example: Sending relevant offers and news via email, SMS, or push notifications regarding similar products and services, displaying product recommendations, running campaigns and events towards specific customer segments.
Legal basis: Legitimate interest.
Retention period: 3 years from the last interaction.
Type of personal data:
Name, address, email, telephone number
Order information
Events
Competitions
PURPOSE: MARKETING OF PRODUCTS AND SERVICES ONLINE
Example: Displaying product recommendations, running campaigns and events towards specific customer segments, showing marketing campaigns via partner networks.
We collaborate with advertising partners such as: Meta, Google, Pinterest, Tiktok, Snapchat and LinkedIn to advertise on social media platforms. In some cases we share data with our partners and marketing agencies to fulfil marketing services, see point 9 for more information.
The social media platforms we are using are fully responsible for their part of handling your personal data and to follow applicable laws. Please see their privacy policies.
Legal basis: Legitimate interest.
Type of personal data:
Name, address, email, telephone number
Order information
Delivery information
IP number
Personal information from filling out a competition form or entering a competition.
PURPOSE: DEVELOPMENT OF THE COMPANY'S SERVICES AND PRODUCTS
Examples: User experience analysis, assortment analysis
Legal basis: Legitimate interest
Type of personal data:
Information is
anonymized.
Events
Competitions
PURPOSE: PREVENTION OF MISUSE OF SERVICES AND PREVENTION OF CRIME
Example: Prevent fraud, prevent unauthorized access to accounts
Legal basis: Legitimate interest.
Retention period: As long as required by applicable law.
Type of personal data:
Name, address, email, telephone number
Order information
Delivery information
7. How long is my personal data stored?
Tinted only saves personal data for as long as it is justified by the purpose. How long this is may vary depending on the type of personal data and purpose. See section 6 for more details.
8. How is my personal data protected?
Tinted has taken all the necessary security measures to protect your personal data and you can feel completely safe when you provide us with personal data. We prevent unauthorized access, disclosure and alteration, for instance by storing personal data in databases protected by access control and firewalls. When communicating about your personal data to partners, personal data protection agreements are always in place and communications are encrypted.
9. Is my personal data disclosed to anyone?
Tinted only discloses your personal data to necessary partners or group companies with data processing agreements. Examples of partners are companies that perform services on behalf of Tinted in areas such as delivery, payment and communication. These partners only process your personal data for the purpose of ensuring that we fulfil our responsibilities under a legal obligation, fulfilment of a purchase agreement or consent. We may pass on data to our suppliers, for example in connection with a complaint. The information is processed in accordance with the privacy policy of our partners and in accordance with our supplier agreements.
Tinted may also disclose your personal data if required to do so by law or governmental authority, in order to safeguard Tinted's legal interests, or to detect or prevent fraud or other security issues. If any of Tinted's suppliers or partners are located outside the EU/EEA, Tinted may transfer your personal data there. If personal data is transferred to any country outside the EU/EEA, Tinted will take the necessary steps to transfer personal data to countries outside the EU/EEA in a lawful manner. In the absence of permission to sell your personal data to third parties, this will not happen.
10. What rights do I have?
You can always contact us if you want to be informed about what personal data we hold about you, or if you want to correct inaccuracies or delete data. We will also, at your request or on our own initiative, correct, de-identify, delete or complete data that is found to be inaccurate or incomplete. You also have the right to request the following:
Access to your personal data:
This means that you have the right to request an extract from the register of the processing that we carry out on your personal data. You also have the right to obtain a copy of the personal data being processed. You have the right to obtain from Tinted, by means of a signed written request, an extract from the register of the personal data held about you, the purposes of the processing and the recipients to whom the data has been or is to be disclosed. You also have the right to obtain information in the register extract about the source of the data if the personal data has not been collected from you, the existence of automated decision-making (including profiling) and the envisaged period for which the data will be stored or the criteria used to determine this period. Furthermore, you have the right to be informed of your other rights as set out in this paragraph in the extract from the register.
Correction of your personal data:
At your request, we will correct as quickly as possible any inaccurate or incomplete data we process about you. However, we are not able to change personal data on existing orders.
Erasing your personal data:
At your request, we will delete the personal data we process about you if it is no longer needed for the purposes for which it was collected. If there are legal requirements for the processing of your personal data, we will stop processing the data for purposes other than compliance with the law, such as accounting and tax legislation.
Restrictions to processing of your personal data:
At your request, we will limit our processing of your personal data to certain specific purposes. You have the right to data portability, which means that under certain conditions you have the right to obtain and transfer your personal data in a structured and public format to another controller.
You have the right to object to the processing of personal data carried out for the purpose of balancing interests. If you object to such processing, we will only continue to process the personal data if there are legitimate grounds for the processing that outweigh your interests.
In case of processing for direct marketing purposes, you always have the right to object to such processing by sending an email to dpo@tintedobjects.com. Once we receive your objection, we will stop processing your personal data for such marketing purposes. There is also always the option to opt out of further marketing in any of our mailings.
You also have the right to lodge any complaints regarding the processing of your personal data with the Swedish Authority for Privacy Protection.
11. Cookies
Tinted uses cookies on the website, more on that can be found in our cookie policy.
12. Changes to the privacy policy
We reserve the right to change our privacy policy if new technology makes this necessary. Please make sure you have read the most up-to-date version. If we change any fundamental paragraphs of this privacy statement, we will post information about this on our website.
13. Contact details
All interested parties and visitors to our website can reach us with questions about data protection at the following address:
Tinted AB
VAT.no. SE559385593401
Hedeforsvägen 9
443 61 Stenkullen
Sweden
Integritetsskyddsmyndigheten, IMY
Box 8114 104 20 Stockholm Sweden Phone: 08-657 61 00 Email: imy@imy.se
Last updated: 15/03/2023 Version 0.1