Privacy policy
Privacy Policy
This privacy policy applies to you as a private customer of The Equemist, including current, previous, and potential customers, users, and recipients of a product offered by us, as well as visitors to any of our official websites or digital channels operated by us.
The Equemist values your privacy and personal data, and implements appropriate technical and organizational security measures to ensure that your personal data is handled fairly, legally, and transparently. Through this privacy policy, we aim to inform you about what data we process about you, for what purposes, the legal basis for processing, how long the data is stored, and your rights, among other things.
Who is responsible for processing your personal data?
The Equemist is responsible for the personal data processed under the brand The Equemist, as described in this privacy policy. As the data controller, we determine the purpose and means of the processing.
What types of data do we process and how do we collect them?
We collect, process, and store your customer data. Customer data refers to information about you as an individual and the products you purchase from us, such as your name and personal identification number, your address and email address, your phone number, your payment information, and other details you provide during your interactions with us.
How do we collect personal data?
We collect data in various ways, for example:
– Through your interactions with us, such as when you become a customer or contact our customer service, respond to a questionnaire we send, or subscribe to our newsletters.
– By using cookies on our websites.
When do we process your personal data?
We primarily process personal data necessary to enter into or fulfill a contract with you and to meet any obligations arising from that contract.
We may also process your personal data if it is necessary for a purpose related to our legitimate interest, provided your interest in protecting your personal data does not outweigh our interest.
For each specific purpose for processing personal data, we will inform you of which legal basis applies.
What do we use your data for?
Providing products
We process customer data to provide products to you and to fulfill and protect our rights and your rights under the contract. For example, we need to identify you as a customer, manage your orders, handle your invoices and payments for the product, conduct credit checks, maintain records, address issues, and handle feedback and complaints.
Legal basis: Performance of contract.
Providing and improving customer service
We process customer data to manage your inquiries and handle complaints. If necessary, we also use customer data to contact you via email, phone, social media, or other means in response to your inquiries regarding orders, delivery, returns, etc., or to request your participation in a customer survey. To resolve your issue, we may also need to access and use transaction data such as order, payment, and delivery information.
Legal basis: Legitimate interest.
Marketing and advertising
We process personal data to market our own products and services as well as those of our partners.
General marketing
General marketing includes ads, offers, and messages communicated to you without considering personal preferences or interests. In such cases, customer data and statistics are processed to offer you relevant promotions for our products. Customer data is also used to distribute marketing materials such as newsletters, recommendations, push notifications, and marketing surveys.
Legal basis: Legitimate interest.
The Equemist’s legitimate interest in this processing is to market existing or new products. For this purpose, we may use customer data such as your name, address, email address, phone number, and purchase history.
How long do we store personal data?
The data we collect and generate when you use our services and products is processed for various purposes and is therefore stored for different lengths of time depending on its use and our legal obligations. As a rule, we never store personal data longer than necessary to fulfill the purposes for which it was collected or other compatible purposes.
Your personal data is stored as long as needed in order for us to fulfill our obligations to you as a customer. Storage times are for the following cases:
– For billing and payment purposes, customer data is stored until the debt is paid or the statute of limitations has expired.
– For unpaid debt collection claims transferred to a third party, we store the customer data for a maximum of three years from the transfer.
– As part of the accounting records, we store customer data for up to 7 years plus the current year after the record was created, or for as long as a legal dispute is ongoing.
– Service history from support cases and customer contacts is stored for up to 4 years to assist you further if you contact us again regarding the same issue.
– Information about your purchases is stored for up to 4 years to assist you if you contact us regarding any questions related to your purchase.
– For marketing purposes, we store customer data for up to 12 months after the contractual relationship has ended.
How do we protect your personal data?
We have implemented organizational and technical measures to protect personal data within our organization, including security controls to prevent unauthorized access to our systems.
To whom do we disclose your data?
Your personal data is only accessible to those who need the data to achieve the intended purpose of the processing. We reserve the right to transfer all personal data we hold about you to third parties in the event of a merger or divestiture of all or part of the business.
Companies that process personal data on behalf of The Equemist
Whenever appropriate, we outsource the processing of personal data to companies specializing in their field. Such data processors are companies that process personal data on behalf of The Equemist and according to our instructions. We have written agreements with all data processors, through which they guarantee the security of the personal data they process and that the data is only processed according to given instructions. Before selecting the companies we wish to partner with, we conduct thorough checks.
We have data processors that assist us with:
– Order and payment processing (banks and other payment service providers).
– Advertising and campaigns (printing and distribution, media agencies or advertising agencies, data analysis companies).
– Customer events (e.g., PR agencies).
– IT services (companies that manage the necessary operation, technical support, maintenance of our IT solutions, and other IT services and solutions), excluding consulting and staffing companies.
Depending on your relationship with The Equemist, we may also share your customer data with third parties that are solely or jointly responsible for the processing.
Sole data controllers
Sole data controllers are responsible for all processing of personal data from the moment they receive it. Sole data controllers we may share your customer data with include:
– If you have ordered a product, we share customer data with companies that operate postal services and handle general freight transport (logistics companies and carriers).
– If you have ordered a product, we share customer data with companies that offer payment solutions (credit card acquirers, banks, and other payment service providers).
Joint data controllers
When there is a common interest between us and a third party, and both parties jointly determine the purpose and means of processing, joint data control arises. We are typically joint data controllers for the collection and sharing of personal data with advertising platforms used to create and target personalized marketing in your social media, on websites, and in apps.
Where is personal data processed?
The personal data we collect from you is processed within the European Union or the European Economic Area (EU/EEA) but may also, in exceptional cases, be transferred to and processed in a country outside the EU/EEA. Any such transfer of your personal data is carried out in accordance with applicable laws and without weakening your statutory rights. Occasionally, we may transfer personal data from the EU/EEA to a third country that has not been approved by the European Commission as a safe country for such a transfer. Where relevant, we use the European Commission’s model agreements and standard contractual clauses for the international transfer of personal data, i.e., a set of contractual terms signed by both the sender and recipient of personal data that ensures the protection of the individual’s rights and freedoms. Where appropriate, we also implement additional safeguards, such as encryption, pseudonymization, and strict access controls to keep your data safe.
What are your rights?
Data protection is a fundamental right, and you have several rights under the GDPR. These rights are in place to allow you to control the way we process your personal data lawfully and correctly. In some cases, there may be competing interests, such as the protection of others or public interests. In such cases, some of your rights below may be limited. We will assess each request individually and inform you of the extent to which your wishes can be fulfilled.
Right of access: You have the right to request confirmation of whether we process personal data about you, and if so, we will inform you of how your personal data is being processed. You also have the right to request a copy of the data we process (via a data extract). If you request additional copies, we reserve the right to charge a reasonable fee for this. The data extract will be sent to your registered address.
Right to data portability:
You have the right to request that your personal data be provided in a machine-readable format, allowing you to use that personal data elsewhere. This right applies to personal data you have provided to us and that is processed based on your consent or a contract with us.
Right to rectification:
You have the right to request rectification of your personal data if it is inaccurate. You also have the right to request that data be added if something is missing, provided the addition is relevant to the purpose of the processing. We will notify those to whom we have disclosed your data that the rectification has occurred. Upon your request, we will also inform you of who has received the information about the rectification.
Right to erasure:
You have the right to contact us to request that your personal data be erased:
– If the data is no longer necessary for the purposes for which it was collected;
– If the processing is based solely on your consent and you withdraw your consent;
– If the processing is for direct marketing purposes and you object to the processing of the data;
– If you object to the processing of personal data based on a legitimate interest, and there are no overriding legitimate grounds for the processing;
– If the processing of your data has not complied with the applicable laws; or
– If erasure is required to fulfill a legal obligation.
In certain cases, we may not be able to fulfill a request for erasure, such as when we are legally required to retain the data. If erasure occurs, we will notify those to whom we have disclosed your data that the erasure has taken place. Upon your request, we will also inform you of who has received information about the erasure.
Right to restriction of processing:
You have the right to request that we restrict the processing of your personal data in the following circumstances:
– If you object to processing based on our legitimate interest, we will restrict all processing of such data while the legitimate interest is being verified.
– If you claim that your personal data is inaccurate, we must restrict all processing of such data while the accuracy of the personal data is being verified.
– If the processing is unlawful, you may object to the erasure of personal data and instead request the restriction of the use of your personal data.
– If we no longer need the personal data, but you require it to establish, exercise, or defend legal claims.
In some cases, we may not be able to fulfill a request for restriction, such as when the data is needed to defend our rights or protect another person's rights. If a restriction is implemented, we will notify those to whom we have disclosed your data that the restriction has taken place. Upon your request, we will also inform you of who has received the information.
Right to object to processing and withdraw consent:
You have the right to object to the processing of your personal data based on legitimate interest as the legal basis. In such a case, we will stop processing unless our or third parties' legitimate interests outweigh your interests, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
You always have the right to decline general marketing of services and products conducted via SMS, email, telemarketing, post, or via our partners' websites. If you receive personalized marketing from us or our partners, you have previously consented to this. When you provided your consent, you were also informed that you could withdraw it at any time and how to do so.
You can always object to marketing or withdraw your consent directly in the SMS or email message. You can also contact customer service. Please provide your name and personal identification number.
How to exercise your rights or contact us for other reasons:
If you have any questions or wish to exercise your rights, such as requesting a data extract or withdrawing consent, please contact support@theequemist.com.
Right to file a complaint with a supervisory authority:
You have the right to file a complaint with the relevant supervisory authority, the Swedish Authority for Privacy Protection (IMY), via email: imy@imy.se
Changes to the privacy policy:
We may update this privacy policy. Significant changes will be communicated to you in an appropriate manner and well in advance of the change coming into effect.
Last updated: September 2024