1. YOUR RIGHTS
According to the General Data Protection Regulation, also known as the GDPR, you have certain rights regarding the processing of your personal data, including:
- The right to be informed about and request access to personal data we process about you,
- The right to request that we change or update your personal data where it is incorrect or incomplete,
- Right to request that we delete your personal data,
- The right to request that we temporarily or permanently suspend the processing of all or some of your personal data,
- The right at any time to object to us processing your personal data for direct marketing purposes,
- The right to request a copy of your personal data in electronic format and the right to transfer this personal data for use in another party's services, and
- The right not to be subject to any decisions based solely on automated decision making, including profiling, where decisions would have a legal effect on you or have a similar effect.
For you to be able to exercise these rights easily and to register how you want us to use your personal data, you may contact us e-mail or letter. We will also gradually add more features that allow you to directly change your settings, give or remove consent, etc. If we send you electronic marketing communications in accordance with your consent or in accordance with what is permitted by applicable law, you may at any time revoke your consent or submit your objection.
If you have any questions about your privacy, your rights or how you exercise them, please contact us via e-mail es.erulle@troppus. If you are dissatisfied with how we use your personal data, you can also contact or submit a complaint to the Swedish Data Protection Authority or your local data protection authority.
2. HOW AND WHY DO WE PROCESS YOUR PERSONAL DATA?
Our aim is to be as transparent as possible regarding how and why we process your personal data. In the list below you can read more detailed information about why we process your personal data, what personal data we process, our legal basis for processing your personal data, and how long we process your personal data for each purpose.
We only process personal data that you have chosen to share with us. Below we describe the categories of personal data that we collect and use about you:
Processing before making a purchase
From the time you place the product in the cart until you make a purchase, however, no more than five (5) days, we process your personal data in order to provide you with our services. The personal data covered is information about your cart, your name, your contact information (e.g. e-mail address, postal address) which you have provided to us when starting a purchase. Our legal basis for processing your personal data is to make it easy for you to purchase the product you have shown interest in by placing them in the cart, answer questions you have asked us or processing is necessary for the performance of our contract with you.
Processing necessary for the purchase and our agreement
To be able to carry out your purchase order and deliver the product, we need to process your personal data. We also need to process your personal data to comply with statutory or other requirements, such as consumer protection laws. Without your personal data, we will not be able to complete your purchase with us.
Your name, contact details, such as email address and delivery address, order information and chosen payment method will be processed 12 months from your order. The processing is necessary for the performance of our contract with you, for us to comply with our return policy and for us to comply with relevant consumer protection laws. In accordance with accounting laws and money laundry legislation information on your invoice such as your purchase history and name will be processed from when you make your purchase and for 7 to 8, years according to Swedish accounting law and for 5-10 years according to money laundry legislation.
Please note that also our payment provider(s) process personal data in order to administrate your payment of the order. Our payment provider(s) is independently responsible for such processing.
Processing in order to communicate news, inspiration and relevant offers to you
If you choose to subscribe to our newsletter, we process your personal data based on your consent. If you have made a purchase, we process your personal data based on our legitimate interest to send direct marketing. We will send newsletters and relevant offers to you on your request. If you have chosen to receive newsletters and relevant offers, we will send those to you until you unsubscribe to our newsletter. If we send you a newsletter based on our legitimate interest, we will send you such marketing for 2 years after your last purchase, unless you object to receiving marketing from us earlier.
3. SHARING OF YOUR PERSONAL INFORMATION
The following personal data is shared with the recipient categories described in the table below if: (a) you expressly grant us your consent to share personal data, or (b) you choose to use the respective function in our services where sharing of certain information is required for the correct use of the function in the services.
|Category of Recipient||Reason for Sharing|
|Service providers and others|
To operate the technical infrastructure, we use service providers to help us communicate as described in (section 2) of this policy. For this purpose, we need to provide the content and the data we possess and process to the hosting, storage, management, and maintenance providers of our services.
To offer you a better service we may use marketing and advertising partners to show you a more tailored content, or to help us understand your use of our services. We may also share personal information with certain marketing and advertising partners to send marketing communications about us.
|Our partners||Your personal data may be shared a with our partners. This includes partners from the cosmetics industry (in pseudonymised format) as well as delivery partners and marketing partners who help us with marketing campaigns.|
|Other users of our services||There may be times when you want us to share certain information about our services with other users of our services. For instance, this might be when you rate our products. Please note that you may make the comments private at any time.|
|Data Protection Authorities and Law Enforcement||When we believe in good faith that it is necessary for us to share your personal data we do so in order to comply with a legal obligation under applicable law, or respond to a valid legal process, such as a search warrant, court order or lawsuit. This also applies to our own or third party's legitimate interests related to national security, law enforcement, litigation, criminal investigations, to protect the safety of any person, or to prevent death or imminent bodily injury, provided that we believe that such interest exceeds your interests or fundamental rights and freedoms that require the protection of your personal information.|
4. STORAGE AND REMOVAL OF PERSONAL DATA
We will only process your personal data for legitimate purpose and as long as it is necessary to provide you with our services. Legitimate purposes are, for instance maintenance of our services, database-based decisions on new functions and solutions, compliance with our legal obligations and resolution of disputes.
Upon your request, we will delete or anonymize your personal data so that they no longer identify you unless we are legally justified or required to maintain certain personal data, including in the following situations:
- if there is an unsolved problem with your purchase, e.g. outstanding payments or claims or disputes that are not resolved, we store necessary personal information until the issue is resolved,
- if it is necessary for our legitimate business interests, e.g. to prevent fraud or to maintain the security of our users, or
- if we have to store personal data for our legal, tax, audit, and accounting obligations, we store the necessary personal data for the period of time that is enforced in applicable law,
5. TRANSFER TO OTHER COUNTRIES
We process your personal data within the EU/EEA. In a few cases, we use suppliers from countries outside of the EU/EEA. However, we do not transfer or share your personal data outside of the EU/EEA.
6. HOW WE PROTECT YOUR PERSONAL DATA
We strive to protect the personal data of our users and take appropriate technical and organisational measures to ensure the security of your personal information. Please note that no system is ever completely secure. If you have any questions about how we share your personal data or if you want the information appropriate safety measures we have, please contact us.
7. AGE LIMIT
Our services and products are not directed to people under 18 years of age. If you are under the age limit, do not use the Services or provide any personal information to us.
We do not knowingly collect personal data from children under the applicable age limit, nor under the age of 13. If you are a custodian of a child under the age limit and are notified that your child has provided us with personal information, please contact us via e-mail es.erulle@troppus. If we become aware that we have collected personal data about a child under 13, we will take reasonable steps to delete the personal data.
9. CONTACT INFORMATION
Ellure AB with Swedish company registration number 559216-1151 is responsible for the processing of your personal data. Please note also that our payment provider(s) process personal data collected through our site upon purchase and are independently responsible for their processing.