Privacy Policy for SPOBIK AB
We at Spobik AB, org. no. 559155-6633 ("Spobik", "we", "us" and "our"), value your privacy. It is therefore a matter of course for us to always strive to protect your personal data in the best possible way. In this privacy policy, we inform you about how we process your personal data and what rights you have.
We also inform you about how we, together with our parent company WS WeSports Group AB (publ), org. no. 559237-3632, process your personal data related to your purchases as joint controllers.
Summary – How do we process your personal data?
Here you can read a summary of how we process your personal data. Further down in this document, you will find more detailed information about our various personal data processing activities. By clicking on the links below, you will be taken directly to the detailed information.
If you make a purchase from us, we process your personal data in order to:
- handle your purchase,
- communicate with you about your purchase,
- handle any questions about your purchase, returns, and other claims in accordance with law and agreements,
- send you a request to review your purchase, and
- prevent, prevent, and investigate potential abuse or fraud.
If you have a user account with us, we process your personal data to:
- create and administer your user account,
- display previous and current purchases,
- remind you of products you have left in your shopping cart, and
- invite you to and hold events for you.
If you visit our website and consent, we analyze how our website is used and show you relevant offers on other pages you visit based on such analysis. In addition, we process your personal data to ensure that the website functions properly and to remember your choices.
If you receive marketing and other mailings from us, we process your personal data to send you newsletters and other marketing, as well as customer satisfaction and market surveys.
If you participate in one of our competitions or if we share your posts on our social media/website , we process your personal data to manage and conduct competitions and share your posts on social media and your images on our website.
If you communicate with us, to protect our legal interests and to comply with legal obligations , we process your personal data to
- communicate with you if you contact us,
- comply with the requirements of the Marketing Act, and
- comply with the rules of the Accounting Act
Your personal data linked to your purchases will be shared with and processed by our parent company WS WeSports Group AB (publ) ("WeSports"). WeSports processes your personal data as joint controllers with us and processes it to perform analyses based on your purchases from us.
You have a number of rights in relation to our processing of your personal data, including the right to object, the right to complain to the Data Protection Authority, the right to withdraw your consent, and the right of access. More information about these and other rights you have can be found at the end of this privacy policy.
Please use our summary above and the table of contents below to click your way to the section you want to know more about. If you have any questions or want to exercise any of your rights, please feel free to contact us.
Information about the processing of your personal data
Data controller and contact details
Where do we collect personal data about you?
What happens if you do not provide us with your personal data?
Who do we share your personal data with?
Sharing and processing of personal data within the WeSports Group
Do we transfer your personal data outside the EU/EEA?
Detailed description of how we process your personal data
How have we balanced our interests when the legal basis is our legitimate interest (balancing of interests (Art. 6.1.f) in the GDPR)?
Consent
What rights do you have when we process your personal data?
Data controllers and contact details
Spobik AB, org. no. 559155-6633, is responsible for the processing of your personal data (data controller) as described in more detail in this privacy policy.
In certain situations, we are joint data controllers with our parent company, WS WeSports Group AB (publ), org. no. 559237-3632. This means that we jointly determine why and how your personal data is to be processed. Read more about the situations in which we are joint data controllers below.
If you have any questions about this processing or if you want to exercise any of your rights as described under the heading What rights do you have when we process your personal data, please contact us by emailing [email protected] or sending a letter to Mogölsvägen 14, 554 75 Jönköping, Sweden.
What happens if you do not provide us with your personal data?
In general, you are not obliged to provide us with your personal data. You will find a description of when you need to provide your personal data in the tables below where the legal basis is stated as "Legal obligation (Art. 6.1 c) of the GDPR)". Even if we do not have a legal obligation to process your personal data, the consequence of not providing certain personal data to us may be that we are unable to enter into a contract with you.
Who do we share your personal data with?
Your personal data is primarily processed by us at Spobik AB. In some cases, we share your personal data with third parties. Below, we summarize the situations in which we generally share your personal data with third parties, and in the tables below, we provide more details on the purposes for which your personal data is shared and with which categories of recipients.
Below, we specify what applies to the sharing and processing of personal data within the WeSports Group.
We always want to be transparent and make you feel secure, so please do not hesitate to contact us if you would like more information about how we share your personal data.
In order for us to have functioning IT systems and conduct our business efficiently, our IT suppliers will process your personal data. These IT suppliers process personal data on our behalf in their capacity as our personal data processors and are generally used for all the purposes listed in the tables below. They are therefore not listed in the tables.
- In order to process your purchases from us, we share your personal data with the payment service provider and the carrier who process your payment and delivery. These recipients are independently responsible for the processing of your personal data. Which payment service providers and carriers process your personal data is determined by the choice you make at checkout when making a purchase. To manage your reviews, we also share your personal data with Lipscore, which processes it in its capacity as our personal data processor.
- If you visit our website and give your consent, your personal data will be processed by the analytics and marketing services we use, such as Google, Microsoft, LinkedIn, and/or Meta (Facebook and Instagram). These recipients process personal data on our behalf as our data processors, but also process your personal data as independent data controllers. These suppliers will inform you separately about the personal data processing for which they are responsible.
- In order to market ourselves effectively, we use suppliers who help us with our marketing, such as sending out newsletters. These suppliers process personal data on our behalf as our data processors.
- If we share your posts on our channels or you contact us via social media, we share your personal data with the relevant social media platform where your posts are shared, e.g. Instagram or Facebook. These social media platforms are independent data controllers for their processing of your personal data.
Sharing and processing of personal data within the WeSports Group
We are a company within the WeSports Group, which consists of several companies focused on sports and outdoor activities, including our parent company WS WeSports Group AB (publ) ("WeSports"). Below, we describe how we share and process your personal data within the WeSports Group.
When you make a purchase from us, we share personal data related to your purchase (such as what items you have purchased and your purchase history) with WeSports, which processes this personal data as a joint controller with us. This means that we, together with WeSports, determine how and why your personal data is processed in this case.
We process your personal data together with WeSports in order to analyze your purchases and to identify which products and areas you are particularly interested in. We will limit the information we share with each other and process it at as aggregate a level as possible.
We process your personal data based on the legal basis of balancing interests, where we have assessed that the processing is necessary for purposes related to our legitimate interest in being able to analyze purchasing patterns in order to provide you with customized offers. We only store your personal data for this purpose for 36 months.
We will then use the information we obtain from the analysis to tailor our marketing to you in, for example, our newsletters, if you receive these from us. In our tailored marketing, we will also inform you about offers and other products you may be interested in from other companies within the WeSports Group. However, the processing we perform when we send you marketing is done as an independent data controller, and you will not receive mailings from WeSports or other companies within the WeSports Group.
WeSports will also share your personal data with its respective IT suppliers who need to process personal data in order for WeSports to have functioning IT systems and conduct its business in an efficient manner. These IT suppliers process personal data in their capacity as WeSports' personal data processors.
If you have any questions about the processing we carry out jointly with WeSports, please feel free to contact us using the contact details above.
You can read more about how we process your personal data as independent data controllers if you receive marketing and other mailings from us in the table below.
Do we transfer your personal data outside the EU/EEA?
As a general rule, we and our data processors process your personal data within the EU/EEA. In some cases, however, your personal data will be transferred outside the EU/EEA. When we use services from Google, Meta, or LinkedIn, your personal data is transferred to the United States. These transfers are made on the basis of an adequacy decision by the European Commission pursuant to Article 45 of the GDPR, known as the EU-US Data Privacy Framework. This means that the European Commission has assessed that the US has an adequate level of protection for the activities certified under the EU-US Data Privacy Framework. You can find Google's, Meta's, and LinkedIn's respective certifications here by searching for each company.
In some cases, we use service providers who in turn transfer your personal data outside the EU/EEA to a country that does not have an adequacy decision or where the service provider is not certified under the EU-US Data Privacy Framework. Our suppliers will then transfer your personal data in accordance with the EU Commission's standard contractual clauses (Art. 46.2 (c) of the GDPR). In these standard contractual clauses, different modules can be used depending on the role of the party transferring the personal data and the role of the party receiving the personal data. Most often, module 3 of the standard contractual clauses will be used (data processor to data processor) and otherwise module 1 (data controller to data controller) or module 2 (data controller to data processor). You can find the standard contractual clauses here. In cases where legislation or similar in the country outside the EU/EEA in which the recipient of the personal data operates affects how the standard contractual clauses are intended to function, we/our suppliers will take additional protective measures to ensure adequate protection of your personal data.
If you would like more detailed information about the transfer of personal data outside the EU/EEA, please contact us.
D etailed description of how we process your personal data
Below, you can read more in detail about the purposes of our various processing activities, the categories of personal data we process, the legal grounds for processing, storage periods, when you need to provide us with personal data, and the recipients of your personal data.
If you make a purchase from us
When you make a purchase from us via our website or store, we process your personal data. We also process your personal data if you have made a purchase in one of our stores, e.g. to handle a return or send a receipt by email. The purposes for which we process your personal data are set out in the tables below.
We collect your personal data from you at checkout when you make your purchase or when you contact us.
In general, you are not obliged to provide us with your personal data. However, if you do not provide us with certain personal data, it will not be possible for us to enter into an agreement with you.
|
Managing your purchase
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Receiving and registering your personal data in order to receive, register, and process your order
Send order confirmation and/or receipt via email
Send delivery information via email and deliver your order
Share your personal data with payment service providers and carriers
|
• Name
• Contact details (address, email, and phone number)
• Social security number
• Order information, which item(s) you have ordered
• Payment information
• If you have made a purchase in one of our stores, we also process other information that you have provided during the purchase in the store, for example to our sales staff or as stated on your digital receipt
|
Performance of a contract for purchase/service (Art. 6.1 b of the GDPR)
The processing is necessary for us to fulfill the agreement regarding your purchase. If the personal data is not provided, you will not be able to make a purchase from us.
The processing of your personal identification number is necessary in order to securely identify you and verify your age.
|
|
Storage period: The personal data linked to your purchase will be processed by us for the time required to administer and handle your order so that you can receive the goods you have ordered, but for no longer than 36 months.
After that, we will process information about your purchase so that we can smoothly and in accordance with applicable consumer regulations handle any questions about your purchase, right of withdrawal, open purchase, warranties, and complaints. You can read more about this in the table below.
Your personal data may also be included in accounting records, which we store in accordance with our obligations under the Accounting Act. See more about our processing of your personal data for this purpose below.
|
|
Recipients of your personal data: We share your personal data with the payment service provider and the carrier you choose. These recipients are independently responsible for the processing of your personal data. Which payment service providers and carriers process your personal data is determined by the choice you make at checkout when purchasing.
We will share your name, address, and contact details with the carrier you choose at checkout in order to deliver your products. The carriers we use are independent data controllers for the processing of your personal data.
|
|
Communicating with you about your purchase
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
To communicate with you about your purchase when necessary, e.g. if the product you ordered is out of stock or to notify you of any product recalls
|
• Name
• Email
• Order information, which item(s) you have ordered
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to communicate with you about your purchase if necessary.
|
|
Storage period: The personal data linked to your purchase will be processed by us for this purpose for
36 months.
|
|
Handling any questions about your purchase on our website or in store, as well as returns and other claims in accordance with applicable consumer regulations and our agreement
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Handle any questions, as well as the right of withdrawal, returns, warranties, and complaints in a smooth manner and in accordance with applicable consumer regulations and our agreement with you.
If you have questions about your purchase, want to exercise your right of withdrawal, complain about a product, or otherwise exercise any of your rights under applicable consumer law or our agreement with you, we process your personal data to help you and comply with applicable law and the terms of our agreement. For example, we may need to look up your order, your contact details, and your payment information in order for you to exercise your right of withdrawal or complain about a product.
Read more about how we process your personal data to communicate with you if you contact us here.
|
• Name
• Contact details (address, email address, and phone number)
• Personal identification number
• Order information, which item(s) you have ordered
• Information that you choose to provide to us, such as information about defective goods and information that we have collected in connection with a return or warranty claim
|
Performance of a contract (Art. 6.1 b of the GDPR)
The processing is necessary for us to fulfill the agreement regarding your purchase. If you do not provide us with your personal data, we will not be able to help you with, for example, a warranty case.
Legal obligation (Art. 6.1 c of the GDPR)
The processing is necessary for us to be able to act in accordance with consumer law, such as the Consumer Purchases Act (2022:260) and the Distance Contracts Act (2005:59), and thus comply with a legal obligation we have.
Balancing of interests (Art. 6.1 f of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to handle your questions, complaints, and other requests in an efficient and customer-friendly manner.
The processing of personal identification numbers is necessary in order to securely identify you and verify your age.
|
|
Storage period: We store your personal data for a maximum of 7 years from your purchase in order to be able to answer questions about your purchase and handle any returns, and to enable you to easily complain about your goods and exercise your right of withdrawal in accordance with applicable consumer protection legislation.
If you contact us with a question and we initiate a case to, for example, handle your return, we will process your personal data for 36 months.
Read more about how long we otherwise process your personal data in our communications when you contact us here.
|
|
Send a request if you want to review your purchase
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Send requests to you to review the product you have purchased
|
• Name
• Email
• Order information, which item(s) you have ordered
|
Balancing of interests (Art. 6.1 f of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to contact you with a request to evaluate us and our products in order to improve our products and our range.
|
|
Publish your review on our website if you have chosen to do so. You can choose whether you want to enter your full name
|
• Name (if you have chosen to provide it)
• Information you provide in your review
|
Consent (Art. 6.1 a of the GDPR)
We obtain your consent to publish your review on our website.
You have the right to withdraw your consent at any time. Your withdrawal of consent does not affect the lawfulness of processing before consent is withdrawn.
|
|
Storage period: We process your personal data in order to send you a request for 30 days after your purchase. However, we will cease processing your personal data earlier if you object to our processing.
We process your review for as long as the product review relates to a product in our range. If a product is discontinued from our range, all reviews written about the product will be deleted.
|
|
Recipients of your personal data: We use Lipscore to conduct surveys and manage your reviews. Lipscore will process your personal data on our behalf in its capacity as our data processor.
|
|
To prevent, detect, and investigate potential abuse or fraud
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Identify deviant purchasing behavior and prevent misuse of our services and fraud
|
• Name
• Email
• Phone
• IP address
• Social security number
• Order information, which item(s) you have ordered
• Return and order history
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in preventing, preventing, and investigating misuse of our products and services.
The processing of personal identification numbers is necessary in order to securely identify you and verify your age.
|
|
Storage period: We process your personal data for this purpose from the time you make a purchase and for up to 7 years thereafter.
|
|
Recipients of your personal data: In the event that we need to seek legal assistance, we will share your personal data with our lawyers. If we discover criminal behavior, we will also share personal data with the police.
|
|
If you have a user account with us
You can choose to create a user account with us via our website. In order to create your user account and fulfill what follows from it, we must process your personal data. If you do not provide us with your personal data, we will not be able to create or administer your user account.
We also process your personal data to send you marketing material. Read more about this under the heading "If you receive marketing and other mailings from us."
|
To create and manage your user account
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Create your account
Enable you to log in to your profile
Communicate with you regarding your profile
Enable you to view and track your current and previous purchases
|
• Personal identification number
• Name
• Purchase and order history
• Contact details (address, email, mobile number)
• Your login details, i.e. username and password
• Your profile settings and preferences
|
Performance of a contract (Art. 6.1 b) of the GDPR)
The processing is necessary to create and administer your user account and thereby fulfill our agreement with you.
If your name, personal identification number, and contact details are not provided, we cannot fulfill our obligations and must therefore deny you a user account.
|
|
Storage period: The data is processed until you terminate your user account.
|
Out
|
Remind you of products you have left in your shopping cart
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Send reminders to you via email that you have left products in your shopping cart on our website without completing the purchase
|
• Email
• Information about products you have left in your shopping cart
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to remind you about products you have left in your shopping cart when this is done to you who have accepted marketing and been given the opportunity to object to direct marketing.
|
|
Storage period: Personal data will be processed by us after you have left products in the shopping cart and you have previously agreed to receive marketing from us.
You can opt out of receiving marketing from us at any time, and we will then stop processing your personal data for marketing purposes. If you opt out of our marketing, your personal data will be stored in our unsubscribe register until further notice.
|
If you visit our website
If you consent, we analyze how our website is used and show you relevant offers on other pages and social media that you visit based on such analysis. In addition, we process your personal data to ensure that the website functions properly and to remember your choices. We explain this in detail in the tables below.
Personal data is collected from your device (e.g., mobile phone, computer, or tablet) when you visit our website. Google also uses information it has previously collected to perform analysis and show you interesting offers from us.
In order to collect personal data when you visit the website as described below, we use cookies and similar technologies. In our information text about cookies, which you can find on our website, we explain in more detail how this works.
|
Analyzing how our website is used
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Analyzing how you use our website with the help of cookies. We do this to improve the functionality of the website, to customize the website to suit our visitors, and to be able to draw conclusions about our visitors.
To do this, we use analytics services from Google and Microsoft, which means that a random ID is used to distinguish your device from other visitors and to confirm patterns in how our website is used.
We are only interested in how visitors interact with us on an overall level. We at Spobik AB do not know who you are and do not take any measures to find out.
|
• An encrypted version of your IP address that we cannot link to you as an individual
• Information about how you use the website, such as what you click on and how long you stay on the website
• Which area of the country you are using our website from
• How many times you have visited the website, which gives us a basis for calculating the total number of visitors to the website
• Your device/browser, such as your screen resolution
• Other information that Google has about you, such as information about which website or other channel you found us from
• Personal data may be collected via cookies and other tracking technology that is only activated if the user has given separate consent
|
Consent (Art. 6.1 a) of the GDPR)
We obtain your consent when you visit our website. You have the right to withdraw your consent at any time. Your withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can avoid Google Analytics by, for example, downloading and installing this browser program. To avoid cookies, you can also make adjustments to the settings for your browser .
|
|
Storage period: Data at an aggregated level is stored for as long as it is necessary for the purpose. With regard to cookies, until you withdraw your consent or (if consent is not withdrawn) until the cookie session expires.
|
|
Recipients of your personal data: Our analytics services receive your personal data. For more information about Google's and Microsoft's processing of personal data and how long they store your personal data, please refer to their privacy policies, which you can find by clicking on the names.
|
|
Display interesting offers from us on other pages you visit
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Marketing our products or campaigns by displaying offers and new products that we believe are of interest to you. We display marketing tailored specifically to you on other websites and social media that you visit.
We can display offers by using marketing services from, for example, Google, Meta (Facebook and Instagram), Microsoft (Bing), TikTok, and LinkedIn. We do this based on analysis of our website, through cookies or similar technology, as well as information that these parties already have about you.
We tailor the marketing to suit you based on information that the marketing services already have about you and based on your previous browsing history with us. This means that your browsing history is profiled*.
|
• An encrypted version of your IP address that we at Spobik AB cannot link to you as an individual
• Information about how you use the website, such as what you click on and how long you stay on the website
• Which area of the country you are using our website from
• How many times you have visited the website, which gives us a basis for calculating the total number of visitors to the website
• Your device/browser, for example, your screen resolution
• Other information that Google has about you, such as information about which website or other channel you found us from
|
Consent (Art. 6.1 a) of the GDPR)
We obtain your consent when you visit our website. You have the right to withdraw your consent at any time. Your withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can avoid Google Analytics by, for example, downloading and installing this browser add-on: . To avoid cookies, you can also make adjustments to your browser settings.
|
|
Storage period: You will see marketing from us for 36 months after your visit to our website.
|
|
Recipients of your personal data: Your personal data is shared with the analytics services we use. The marketing services we use will continue to process your personal data as independent data controllers. For more information about Google, Meta, Microsoft, Tiktok, and LinkedIn's processing of personal data and how long they store your personal data, please refer to their respective privacy policies. Click on the name to read more.
|
*Profiling: Your personal data is used in what is known as profiling, which is carried out by marketing services in order to show you the offers that they and we believe are best suited to you and to provide you with customized marketing. Profiling is done because otherwise we would not be able to show you relevant offers and marketing, and you would instead see offers that are not relevant to you. You have the right to object to profiling. You can read more about your right to object below, where your rights are explained in detail.
|
For the website to function and remember your choices
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
We use cookies and similar technologies to ensure that the website functions satisfactorily and securely.
Remember your choices on the website, such as your consent.
We and our suppliers do not track how you use the website; this is done automatically through technical functions.
|
• Encrypted IP address that we cannot link to you specifically
• Information about how you use the website
• Information about your choices
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to provide a well-functioning and secure website and remember your choices.
|
|
Offer you a feature to save your favorites in a wish list
|
• Information about which products you have marked as favorites.
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for our legitimate interest in being able to offer you a function for saving products that you have marked as favorites.
|
|
Storage period: Personal data collected using cookies and similar technologies for website functionality is stored for 36 months.
If you have a user account and are logged in, your favorites will be stored until you close your user account or until the product you have favorited is no longer available. If you are not logged in, your favorites will only be stored during your current session on the website.
|
|
Recipients of your personal data: Your personal data is processed through the services we use on the website, such as the service that provides our consent solution. We list these services as "necessary" in cookie policy. These services are used to enable us to conduct our business efficiently, and the companies behind the services act as our personal data processors.
|
If you receive marketing and other mailings from us
The tables below describe how we process your personal data if you have chosen to receive marketing and other communications from us. We collect personal data directly from you and through analysis of how you interact with our various marketing communications.
In addition to this, we also use data linked to the analysis of your previous purchases, which we process jointly with our parent company in the WeSports Group. We do this in order to find out which products and areas you are particularly interested in and to be able to provide you with better tailored offers. You can read more about how your data is shared and processed within the WeSports Group above.
|
Sending newsletters and other marketing to you
|
|
What processing we do
|
Personal data processed
|
Legal basis
|
|
Manage and send marketing with offers, benefits, discounts, and information via email, post, and text message
Send personalized product recommendations and communications so that you receive offers and information about goods and services that you are interested in
|
• Name
• Contact details (email, address, mobile number)
For personalized communication, we also process:
• User history (e.g., how you click or search on our website)
• Age, if you have chosen to provide this information to us
• Purchase and order history
• Geographical location if you have chosen to provide this information to us
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in providing you with newsletters and customized offers.
|
|
Develop and improve our newsletters and marketing by analyzing how our customers interact with our newsletters
However, we do not perform such analysis at the individual level and therefore do not look at how you interact with our newsletters.
We will collect your data using cookies and similar technologies. You can read more about our use of cookies here .
|
• Information about how you interact with our newsletters, such as information about whether you open our newsletter and information about what you click on (for the purpose of performing a general analysis of how our customers interact with our newsletters)
• IP address
• Email address
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in developing and improving our newsletters and our marketing .
|
|
Storage period: We process your personal data until you unsubscribe or otherwise ask us to stop sending you direct marketing. You can opt out of receiving marketing from us at any time. If you opt out, your personal data will be stored in our unsubscribe register until further notice.
|
|
Recipients of your personal data: We share your personal data with Rule , which sends our mailings on our behalf in its capacity as our personal data processor.
|
|
To send and analyze customer satisfaction and market surveys
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Sending customer satisfaction and market surveys via email so that you, as a customer, have the opportunity to influence our overall offering and analyze the results of customer satisfaction or market surveys.
|
• Name
• Email
• Age
• The answers you provide in customer satisfaction or market surveys
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to send and analyze customer satisfaction and market surveys in order to enable you to influence our overall offering and for us to improve our offering.
|
|
Storage period: We process your personal data until we have analyzed the results of the current customer satisfaction or market survey (normally 36 months after we have received your response ).
|
If you participate in one of our competitions or if we share your posts on our social media/website
If you participate in one of our competitions or consent to us sharing your posts on social media and/or our website, we will process your personal data. We obtain your personal data from you through your participation in the competition and from your social media accounts.
|
To manage and run competitions
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Communicate with you before and after the competition.
Select winners and communicate results and prizes.
|
• Name
• Contact details (address, email address, mobile number)
• Information you have provided in your competition entry
|
Performance of a contract (Art. 6.1 b) of the GDPR)
The processing is necessary for us to administer your participation in the competition, i.e. our agreement with you regarding your participation in the competition.
You must provide us with your personal data, otherwise we will not be able to administer your participation in the competition.
|
|
Storage period: We process your personal data during the competition and to administer your participation or prize. By participating in an ongoing competition, you consent to our processing of your data. You can withdraw your consent to participate in the competition at any time by contacting us.
|
|
Share your social media posts and your photos on our website
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Share your posts on social media where you have tagged us or used one of our hashtags
|
• Name
• Username on, for example, Instagram • Your content on social media that you have tagged us in, e.g., posts from Instagram
• Your social media content in which you have tagged us, e.g., posts from Instagram
|
Consent (Art. 6.1 a) of the GDPR)
We obtain your consent for the personal data we process for marketing purposes and to share your social media posts.
You have the right to withdraw your consent at any time. Your withdrawal of consent does not affect the lawfulness of processing before consent is withdrawn.
|
|
Send you a request asking if we can use your content in our marketing on our website
Share your content on our website if you agree to it
|
• Name
• Username on, for example, Instagram
• Your content on social media, e.g., your photos from Instagram
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to send you a request to use your content.
Consent (Art. 6.1 a) of the GDPR)
We obtain your consent for the personal data we process for marketing purposes and to share your content on our website.
You have the right to withdraw your consent at any time. Your withdrawal of consent does not affect the lawfulness of processing before consent is withdrawn.
|
|
Storage period: We will keep the personal data included in the post you have chosen to publish and which we have shared and therefore processed as described above on our website or on our social media account until further notice. We regularly clear content that is no longer relevant (which varies from post to post) or when you contact us and ask us to remove the post or your personal data.
|
|
Recipients of your personal data: If we share your post on our social channels, the relevant social media platform will have access to your personal data, e.g. Instagram. These social media platforms are independently responsible for their processing of your personal data.
|
If you communicate with us, to protect our legal interests and to comply with legal obligations
When you contact us, for example via social media or our customer service, we will process your personal data as described in the tables below. We obtain your personal data from you when you contact us.
We also process your personal data in case we need to defend ourselves against claims or initiate claims. We obtain the data from you or from third parties linked to your case or claim.
If you use social media, the social media platform you use (e.g., Instagram) will also process your personal data, and we therefore recommend that you read our information below together with the information you find on the social media platform.
|
Communicate with you if you contact us and monitor our legal interests
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Communicate with you if you contact us, for example through our customer service, our AI-based chat function, or on our social media pages
Handle your questions or complaints
Defend ourselves against legal claims and initiate legal claims against you when necessary
|
• Name
• The contact details you use, such as your email address, telephone number, and/or address
• Other information you provide in connection with our contact, e.g., order number
• If you contact us through social media (e.g., our Instagram), we also process information from your profile (username and the image you have chosen for your account)
• If you contact us through our AI-based chat function on the website, your chat history will also be saved along with data about your IP address.
|
Balancing of interests (Art. 6.1 f) of the GDPR)
The processing is necessary for purposes related to our legitimate interest in being able to communicate with you via the channel you choose to contact us on, offer you customer service, handle questions and complaints, and monitor our legal interests.
Legal obligation (Art. 6.1 c) of the GDPR)
The processing is necessary for us to be able to act in accordance with consumer law, such as the Consumer Purchases Act (2022:260) and the Distance Contracts Act (2005:59), and thus comply with a legal obligation we have.
|
|
Storage period: We process your personal data that appears in communications in our customer service cases for as long as necessary to complete the contact. The data is deleted no later than two years after the last contact in the case.
On social media, we delete your comments and our communication upon request. You can delete your own comments/communication yourself. Material that may be perceived as offensive is removed on an ongoing basis. This applies, for example, to unpleasant comments, inappropriate language, or attacks on individuals.
|
|
Recipients of your personal data: We share your personal data with ImBox, which helps us handle customer service matters. They process your personal data in their capacity as our personal data processor. If you contact us via social media, the social media platform will also receive some of your personal data.
|
To comply with requirements in the Marketing Act
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
If you have notified us that you do not wish to receive our direct marketing, we will save a note about this in our unsubscribe register to ensure that we do not market to you.
|
|
Legal obligation (Art. 6.1 c) of the GDPR)
The processing is necessary to comply with legal obligations under the Marketing Act (SFS 2008:486) to which we are subject and which means that we may not send marketing to persons who have objected to receiving such marketing.
You must provide us with your personal data, otherwise we cannot guarantee that you will not receive any more marketing from us.
|
|
Storage period: You will remain in our " " deregistration register until further notice.
|
Compliance with accounting law
|
|
What processing we perform
|
Personal data processed
|
Legal basis
|
|
Compliance with accounting legislation by registering, accounting for, and archiving your payments and other transactions between us and you
|
• Payment history, transactions, and other material that constitutes accounting material
|
Legal obligation (Art. 6.1 c) of the GDPR)
The processing is necessary to comply with mandatory law, i.e., accounting law.
|
|
Storage period: Personal data included in our accounting material is stored for seven to eight years in order to comply with the Accounting Act (end of the seventh financial year).
|
How have we balanced our interests when the legal basis is our legitimate interest (balancing of interests (Art. 6.1 f) of the GDPR)?
For certain purposes, we process your personal data on the basis of a balancing of interests as the legal basis for the processing. In the balancing of interests, we have assessed that our legitimate interest in performing the processing outweighs your interest and your fundamental rights not to have your personal data processed. Our legitimate interest is set out in the tables above under "Legal basis." If you would like to know more about how we have made these assessments, please feel free to contact us.
Consent
In certain situations, we process your personal data after you have given your consent to the processing. These situations are described above and you can withdraw your consent at any time. If you withdraw all or part of your consent, we will cease processing for that purpose. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
What rights do you have when we process your personal data?
In accordance with the GDPR, you have certain rights – see more information below.
If you have any questions about your rights or wish to exercise any of your rights, please contact us using the contact details above. The Data Protection Authority also provides more detailed information about when your rights apply and what exceptions there are.
You have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates the GDPR.
- In Denmark, the competent supervisory authority is https://www.datatilsynet.dk/
- In Great Britain, the competent supervisory authority is https://ico.org.uk/
- In Poland, the competent supervisory authority is https://uodo.gov.pl/pl
- In Lithuania, the competent supervisory authority is https://vdai.lrv.lt/en/
- In Estonia, the competent supervisory authority is https://www.aki.ee/en
- In Latvia, the competent supervisory authority is https://www.dvi.gov.lv/en
- In Slovakia, the competent supervisory authority is https://dataprotection.gov.sk/en/
- In Czech Republic, the competent supervisory authority is https://uoou.gov.cz/en
- In Netherlands, the competent supervisory authority is https://autoriteitpersoonsgegevens.nl
- In Austria, the competent supervisory authority is https://data-protection-authority.gv.at/
- In Hungary, the competent supervisory authority is https://www.naih.hu/
- In Belgium, the competent supervisory authority is https://www.dataprotectionauthority.be/citizen
- In Luxembourg, the competent supervisory authority is https://cnpd.public.lu
- In Italy, the competent supervisory authority is https://www.garanteprivacy.it/web/garante-privacy-en
- In France, the competent supervisory authority is https://www.naih.hu/
- In Spain, the competent supervisory authority is https://www.aepd.es/
- In Romania, the competent supervisory authority is https://www.dataprotection.ro/
- In Slovenia, the competent supervisory authority is https://www.ip-rs.si/
- In Bulgaria, the competent supervisory authority is https://cpdp.bg/en/contacts/
- In Croatia, the competent supervisory authority is https://azop.hr/about-the-agency/
- In Portugal, the competent supervisory authority is https://www.cnpd.pt/en/
- In Ireland, the competent supervisory authority is https://www.dataprotection.ie/en
You have the right to withdraw your consent at any time by contacting us.
Right of access ("right to register extract") – Article 15 of the GDPR
You have the right to obtain confirmation as to whether or not we are processing your personal data. You can send a request by contacting us. If we are processing your personal data, you also have the right to obtain a copy of the personal data we are processing and information about the processing, e.g. the purposes of the processing and how long the data will be stored.
You have the right to object at any time to the processing of your personal data for direct marketing purposes (including any profiling) and to the processing of your personal data based on a balancing of interests.
You have the right to have inaccurate personal data concerning you corrected without undue delay. You also have the right to have incomplete personal data completed.
Right to erasure ("right to be forgotten") – Article 17 of the GDPR
Under certain conditions, you have the right to have your personal data erased by us without undue delay. For example, if you withdraw your consent and there is no other legal basis for the processing ( ) or if the personal data is no longer necessary for the purposes for which it was collected or processed.
Under certain circumstances, you have the right to request that we restrict our processing of your personal data. For example, if you dispute the accuracy of the data, or if the processing is unlawful and you oppose the erasure of the personal data, requesting instead that the use of the data be restricted.
If we process your personal data based on your consent or to fulfill a contract, you have the right to obtain the personal data concerning you. This right applies to data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transfer this personal data to another data controller, where technically feasible.
This privacy policy was adopted by Spobik AB on December 19, 2025.