Boozt Fashion AB (556710-4699) (hereafter us, we or our) is the data controller (responsible) for the processing of your personal data as described in this policy. If you have any questions about how we process data about you, don't hesitate to contact us at email@example.com or by other means, see contact details below.
This policy applies to all personal data collected through Boozt.com and Booztlet.com. All contact with us with regard to processing of your personal data will be handled by Boozt Fashion AB, the owner of these two brands. This naturally means that we use the same systems and customer service to help our customers.
We care about your privacy and want to be transparent in what way we process your personal data. Here you can read about the information we collect, how we process the information, and who has access to it.
We only process your personal data when we have a specific purpose of doing so and when that purpose is fulfilled, we will delete the data unless it is further processed for another reason as described below.
Our processing of your personal data is governed by the EU General Data Protection Regulation (GDPR) and national data protection legislation.
Information we collect about you and from where
By ourselves when analysing your behaviour and engagement in communication we send or when you visit our websites (e.g. IP address, country, viewed pages, viewed categories, viewed brands, interaction/clicks and searches, open rate, click rate and time spend reading the emails).
From you when you supply information yourself to us, when setting up your profile or making a purchase (e.g. demographic data, name, email address, telephone number, payment information, items, order amount, discount level, brands and frequency. Including sending transactional emails, order confirmation, shipping confirmation, returns and refund confirmation).
From third parties e.g. credit scoring from 3rd party assessment company.
Why we process your personal data
We process your personal data mainly for reasons connected to you being a customer and fulfilling our commitment to you. Beside the contractual requirements we also process data for the following purposes. We are trying our best to describe the purposes as concise and clear as possible, but please ask us if you want any more information.
We create individual customer profiles based on collected data about you, across various data sources/categories, e.g. browsing behaviour together with your purchases and information you have supplied (e.g., favourite brand and favourite products). We combine and analyse this data for the purpose of improving your experience at our websites, evaluate your email responses and to tailor personal offers and services, after you have given your consent to this or after our thorough consideration, as described below.
The identification of buying patterns that must be considered abnormal and beyond the scope of what we consider to be acceptable buying behaviour and buying culture is discovered through an algorithm based on a number of different parameters. If a customer is identified by the algorithm, we will personally evaluate on a case-by-case basis whether that customer's order should be rejected by us - either temporarily or permanently. We do this because you have a right not to be subject to a decision based solely on automated processing.
If you want to receive personally tailored offers and information about campaigns that we think you like, you can give us your consent and then we will send you inspiration and offers by mail and SMS, based upon the information we have about your purchase preferences.
In order for us to administer and ship your goods and receive payment in return, some personal data about you is obviously needed.
We have also an obligation to provide customer service (via email, chat or phone) under our terms, and to administer your account.
To evaluate and assess abuse of our Fair Use policy, we will process some of your personal data. If we have reasonable suspicion that there is abuse, excessive/pathological buying behaviour on the part of the customer, or that a customer is a professional trader with the explicit intention to resell items bought from Boozt, we reserve the right to reject the order with reference to our Fair Use policy. You can read more about this in our Sales and Delivery Conditions.
When you browse around on our website we will keep track of which products you have looked at in order for us to tailor inspiration to you as well as make it easy for you to find what you've previously shown an interest in.
If you are already a customer of Boozt we will also take into account your previous purchases when showing inspiration and offers specifically for you.
If you initiate a purchase with us and add products to your cart, but do not continue to complete the purchase, we can send a reminder by email to you. We do this so that you will not have to start over from scratch, but you may at any time chose to not receive such communications by disabling it through your account.
To keep both you and us safe, we process personal data to administrate, operate and maintain our websites and systems. We also comply aggregated statistics about the site usage and purchases to improve our understanding of our customers preferences and for developing new functions.
To be able to establish, exercise or defend legal claims in connection to fraud. As well as to prevent misuse of our services or to avoid, prevent and investigate crimes against us.
We also need to process personal data about you in order to fulfil legal obligations, such as the Swedish Bookkeeping Act, legislation concerning consumer rights and product safety.
For how long do we process your personal data
We will retain your personal information for the period necessary to fulfil the purpose of the processing. We have highlighted the most common and important processing activities performed and its retention period, below.
Show inspiration based on your website browsing and purchases
3 years after your latest activity, e.g. purchase, engagement in communication or visit on our websites.
Processing for direct marketing purposes will no longer take place after an objection from you.
Marketing from Boozt through email and text (SMS), based on your consent
We process information for this purpose about you as long as it is relevant and useful to produce offers and information that suits you particularly well, but only as long as we have your consent (that is, until you withdraw your consent).
You give and easily withdraw your consent for direct marketing, on your profile in your account.
As long as provided for by the legal obligation in question (e.g. 7 years according to bookkeeping legislation).
3 years after your last contact with customer service, or longer if we have a legitimate interest to establish, exercise or defend legal claims.
3 years from the date the customer was in breach of our Fair Use policy, or in exceptional cases longer, in which case you will be informed of this specifically.
Who do we share your personal data with
When we use a subcontractor to process your personal data for purposes described in this policy and under our responsibility, we will first sign a Data Processing Agreement (DPA) with them. The DPA gives instructions on confidentiality and security and limits the processing to what is strictly needed. These companies are not allowed to process your data for any other purpose. We use the following types of processors.
Storage, hosting and other IT-services
Communication, such as tailored emails and texts (SMS) where such interests you
In the event that personal data becomes available in an area outside of the EU / EEA, in a so-called “third country”, you can read about how we, through further agreements and measures, protect your personal data in the section with the same name, below.
After careful consideration, we may also use services from, or enter into cooperation with, companies where the processing of your personal data, after our collection, wholly or partly is controlled by this party and under their responsibility. This is applicable for the following situations:
Transportation and distribution, that is, to ensure that the goods you ordered arrive to you safely and quickly
When your personal data is transferred to another controller, it is important to us that you are aware of when and to whom, so that you have the possibility to contact these companies and ask about how they process your data, and to make sure you are able to exercise your rights under GDPR. We do this, for example, when you order a delivery, by clearly referring to the respective shipping company, or when using a payment service by putting pressure on the payment solutions that are made available to provide information themselves about what information they need to secure a payment and how you can ask questions about this.
All recipients who act as their own Data Controller are responsible to give you the necessary information about their processing.
Public authorities and transfers based on legal obligations
If we are obliged to share your personal data with tax authorities, the police or anyone else due to a legal obligation, we will of course do so.
Third country transfers
GDPR is perfectly aligned with our own values and the companies we share information with. However, in some cases, the best suppliers as well as some of our partners, are found outside of the EU. To not deprive us, or you, of these possibilities, we will occasionally use a sub-contractor outside of the EU/EEA. This puts extra demands on us to ensure that the processing of personal data is given protection which is equivalent to what you could expect if it took place in the EU, through contracts and technical measures. With that said, we would like to draw your attention to the fact that even in countries such as the USA, national legislation does not meet the requirements that are now set within the EU. This means that no matter how careful we are when choosing companies to collaborate with or engage for basic functions such as storage and communication, and despite the fact that we are constantly working to secure the processing that takes place outside the EU through agreements, there is a chance that a foreign security service is listening in. Both legislators and the companies we work with are currently searching for the best ways to make these transfers and processing overseas safer. The EU has developed so-called “standard contractual clauses”, abbreviated SCC, based on the EU commissions’ proposal, which are often part of – but not the whole - solution. We use subcontractors and have partners outside EU/EEA within the following functions:
CRM system, USA
Personalized marketing, USA
We will continue to monitor the situation, to keep you informed and further update our protection when possible.
We promise to keep this policy updated and you are most welcome to ask questions about this at any time. If you want to receive a copy of the documentation regarding these safety measures, you are welcome to contact us.
Right to access
If you want to access the information we process about you - we have created an automatic way for you to perform a personal data access request – you can find it in your account under My Profile – Collect personal data. Otherwise, please contact us at: firstname.lastname@example.org.
As a customer, you are entitled to access your collected data categories (article 15) and you may object to the registration pursuant to the relevant rules in the EU legislation General Data Protection Regulation (GDPR). Upon appropriate request, we will update, change or remove personal information that we control with reservation against violating any legislation or our continued legitimate interest.
We can reject requests that are unreasonably repeated, demand disproportional high technical intervention (e.g. development of new system or changing an existing process substantially), or which affects another individual’s rights and freedoms.
Since you only have the right to access your own personal data we cannot share information that includes details about someone else (respecting his or her rights). Therefore, you may not receive all personal data you have requested, but we will in such a case provide you with a description of which information we can't hand out and the reason for it.
Right to rectification
If your personal data is inaccurate or incorrect you can contact us, and we will make sure your information will be updated and correct. Upon request, we will update, change or delete your personal data that we process, subject to personal data that still need to be processed on the basis of a legal obligation or our continued legitimate interest.
Right to erasure
You have a right to be forgotten, which means we shall delete your data if any of the following grounds applies:
The personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed,
We process your data based on your consent and you withdraw your consent on which the processing is based on,
You object to a processing in accordance with your right to object (see below) and there are no overriding legitimate grounds for the processing,
Your personal data have been unlawfully processed, or
Your personal data have to be deleted for compliance with a legal obligation,
This right shall not apply if the processing is necessary for the establishment, exercise or defence of legal claims.
If you want to delete your account, you are able to do so when you are logged in and then go to My Profile and click “Delete account”. This will delete your profile and all of the other settings within your account, but of course we will keep your order history if you need help with a return errand, warranty or customer service of any kind in the future. As well as any personal data required to fulfil legal obligations or for our continued legitimate interest, for example to safeguard our Fair Use policy.
Right to restriction of processing
You have the right to obtain restriction of our processing where one of the following applies:
You have contested the accuracy of the personal data
The processing is unlawful, and you oppose the erasure and request restriction instead,
The personal data is no longer necessary for processing, but they are required by you for the establishment, exercise or defence of legal claims, or
You have objected to a processing (see below) and pending the verification whether the legitimate interest override your rights and freedoms.
Right to data portability
You have the right to data portability, which means you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and transmit it to another company without hindrance from us, if the processing is based on your consent or on a contract and the processing is carried out by automated means, and as long as this does not adversely affect the rights and freedoms of others.
Right to object
For any processing we base upon our legitimate interest you have the right to object, at any time. We then have to demonstrate a compelling legitimate ground for the processing which override your interest, rights and freedoms, or the personal data is needed for the establishment, exercise or defence of legal claims. Otherwise, we have to terminate the processing.
If your personal data is processed for direct marketing purposes, you have the right to object and we will then end the processing.
Organisational and technical security measures
GDPR requires your personal information to be kept secure and confidential. We store your personal data on servers with high levels of security, which are located in controlled facilities, and our security is checked regularly to determine whether our user information is handled securely and always taking your rights as a user into account.
Updates to this policy
The rapid development in the digital and technical field means that changes to our processing of personal data may be necessary. We thus reserve the right to update and amend these guidelines for the processing of personal data. You can always find the current policy at our website. In case of substantial changes, we will notify you in the form of a visible notice on our websites.
Questions and complaints
We are happy to help you if you have any questions about how we process your personal data. If you feel we have let you down in any way, not meet your request or treated your data unlawfully you have the right to submit a complaint about this to the national Supervisory Authority in your country:
You can contact us via:
By phone: +46 10 138 83 36
Or by post:
Boozt Fashion AB
Attn: Customer Service
Hyllie Boulevard 35
215 37 Malmö
What is a cookie?
When you visit Boozt.com or Booztlet.com, cookies are stored on your computer. The information in your cookies is sent between your browser and a web server and includes information on user settings, login and how the website is being used.
What cookies do we use?
We collect information about all visits to our website. We use this information to improve your user experience, evaluate the use of the individual elements of Boozt.com and Booztlet.com and to support our marketing.
Browsing can trigger a service email
We collect your browsing behaviour (e.g. categories, brands, products viewed) to improve the communication of relevant products and offers catered to you. An example of this collection is the products you have added to the shopping cart, but then have chosen to not complete the purchase. This could imply receiving a service email reminding you about the products left in your shopping cart. If you don’t want to receive emails regarding unfinished orders, you can unsubscribe direct via the link in the bottom of the email or go to My Profile>Manage Email and SMS Preferences.
We automatically detect who you are, based on different parameters such as the IP address, device and cookies when you move between different pages and services on the website. This means if you are logged in on our website, you will automatically be logged in the next time you visit our website on the same device. The same auto login will occur if you click in a email.
We use various analytical tools such as Google Analytics, which assist us in collecting statistics on the use of our websites to create a better experience for you.
You can opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We also works together with companies to enhance our online advertisement to ensure that you are only exposed to relevant ads. In this context we use e.g. the following suppliers: Facebook, DoubleClick, Criteo, Adform, Youtube, Instagram, Tiktok, Snapchat and Google. If you want to be excluded from these types of advertisements, you can remove your cookie here.
Our website contains third party components such as "Facebook Recommend", "Facebook Like" or "Google+". These third-party components have the effect that the owner of the third-party component, such as Facebook or Google, receives technical data about your browser, IP address, and the pages you visit on our websites and similar. The treatment that the owner of the third-party component performs is beyond our control and is solely between you and the owner of the third-party component.
We use these components to link directly to our social media sites and thereby ensure easy navigation for you as a customer.
At our websites a number of technical cookies are in place that is necessary for handling the functionality in several areas. These are the cookies that are stored when you log into your account and cookies stored to keep track of the contents of your shopping cart, favourites etc.
How do I avoid cookies?
If you do not want to receive cookies, you can either block all cookies, delete existing cookies from your computer or receive a warning before saving cookies.
A change to cookie settings may cause a degraded user experience when visiting our and other websites.
You should be aware that if you do not accept cookies, there may be functions on our websites that will not work.
To delete cookies, go to Tools -> Options -> Privacy -> and remove individual cookies or clear your history.
To block cookies, go to Tools -> Options -> Privacy -> in drop-down menu under History select "Use custom settings for history" -> tick "Always use private browsing mode" and uncheck "Accept cookies from pages ".
To delete cookies, go to Tools -> Internet Options -> General tab -> Click Delete -> Cookies-> Delete.
To block cookies, go to Tools -> Internet Options -> Privacy -> Move slider to the top. This is how you block all cookies. -> Click OK.
To delete cookies, click on the Tools button -> Tools -> Clear browsing data -> Delete cookies and other site data -> Clear browsing data.
To block cookies, click on the Tools button -> Settings -> Show Advanced Options -> Content Settings -> Click "Block all sites from storing data" and tick the "Block third-party cookies and site data" -> Ok
To delete cookies, click on the Tools button -> Settings -> Security -> Click on "Show Cookies". Here you can either delete cookies from a single domain or remove all cookies.
To block cookies, click on the toolbar button -> Settings -> Security -> Under "Accept Cookies" select "never".
Version 6 – December 2020