Boozt Fashion AB (556710-4699) (hereafter us, we or our) is the data controller (responsible) for the processing of your personal data as described in this policy. If you have any questions about how we process data about you, don't hesitate to contact us at email@example.com or by other means, see contact details below.
We only process your personal data when we have a specific purpose of doing so and when such purpose is fulfilled, we will delete the data unless there is a reason to do otherwise as described below.
Our processing of your personal data is subject to the rules of the Data Protection Regulation (hereinafter GDPR), national data protection legislation, the Data Protection Act and supplementary guidelines and opinions from the European Data Protection Board and national supervisory authority.
What information do we collect and where does it come from?
- Information is collected by us when we analyse your behaviour and engagement in communication we send or when you visit our platforms (general information in the form of e.g. IP address, country, visited pages, visited categories, visited brands, searches and click history, click rate and time spent reading the emails).
- Information comes from you when you provide information about yourself to us, for example when create your profile or when you buy goods (general information in the form of e.g.demographic data, name, email address, telephone number, payment information, items, order amount, discount level, brands and frequency. This also includes sending transactional emails, order confirmation, shipping confirmation, returns and refund confirmation).
- From comes from others when we collect it from third parties e.g. from an external credit scoring company (general information in the form of credit information).
For what purpose and on what basis do we process your personal data?
We only process your personal data when we have a purpose and legal basis for it. When you use our platforms, including when you purchase our goods, we will process your information as set out below:
o If you have given us your consent to receive targeted marketing, we may process your personal information for the purpose of sending you marketing as well as to personalize this for you and your preferences.
o If you have made a purchase with us, we may also process personal information regarding these in order to personalize our targeted marketing to you and your preferences, if you have consented to this.
o We also use profiling to identify buying patterns that are abnormal and deviate from what we consider acceptable buying behavior, which is identified by an algorithm based on various parameters. We will then individually assess whether the individual customer’s purchase should be accepted or not, either temporarily or permanently. You can read more about our Fair Use policy in our Sales and Delivery Conditions.
The legal basis for the above mentioned processing of your personal data is the consent you have given us in accordance with GDPR Article 6 (1 )(a). You can withdraw your consent at any time. However, it does not affect the legality of the processing of your personal data that has taken place up to the time you withdraw your consent.
- Contractual obligations
o We need to process some of your personal information in order to manage your customer relationship with us, including your purchases as well as provide customer service.
The legal basis for the above treatment is the consideration of fulfillment of the contract we have entered into with you, in accordance with GDPR Article 6(1)(b).
- Legitimate interests
o We may process some of your personal information to ensure compliance with our Fair Use Policy. You can read more about our Fair Use policy in our Sales and Delivery Conditions.
o We may process your personal information to conduct customer research or data analysis to improve our website, products/services, marketing, customer relationships and experiences.
o If you have made purchases from us and have not refused to receive marketing from us regarding products similar to those you have previously purchased, we may send marketing related to such similar products to you. You can unsubscribe from further inquiries at any time via links in received emails or your Boozt account.
o If necessary, we will process some of your personal information in order to be able to establish, exercise or defend legal claims, including to prevent, avert or prevent fraud and misuse of our platforms.
The legal basis for the above processing is our legitimate interest, which is considered to outweigh your interest in your personal data not being subject to process ing based on GDPR Article 6 (1 )(f).
- Legal obligations
o We will process your personal data in order to fulfill our legal obligations under the Swedish Accounting Act as well as legislation regarding consumer rights and product safety. You will be able to see what personal data we retain for bookkeeping purposes in Kap 5, 7 § of Bookkeeping Act (1999:1078).
The legal basis for the above processing is our legal obligations in accordance with GDPR Article 6 (1)(c).
For how long do we process your personal data?
We only store your personal information for the period necessary for the purpose of the processing. Below is an overview of the purposes and the retention period that applies to the personal data that is processed.
Management of customer relationship, including management of your purchases as well as provision of customer service
Information about your transactions and returns is stored until the seventh year following the end of the calendar year in which the financial year ended (See Kap 7, 2 § Swedish Bookkeeping Act (1999:1078)) and for use in ensuring compliance with our Fair Use Policy (see Sales and Delivery Conditions).
Customisation of the content displayed on our platforms based on your search history and your purchases
12 months after the specific personal information has been collected.
Targeted marketing based on consent to direct marketing
Until you withdraw your consent or (if the consent is not withdrawn) after a period of 12 months during which we have not communicated with you. However, we will keep documentation of your consent for a period of up to 5 years after your consent has been withdrawn.
Targeted marketing regarding products similar to those you have purchased from us
Until you opt-out from further inquiries from us or (if you do not opt-out from further inquiries from us) after a period of 12 months during which we have not communicated with you.
We process the information included on your invoice for the purpose of fulfilling our legal obligations in accordance with the Swedish Accounting Act's provisions on storage of accounting material, ie. Until the seventh year following the end of the calendar year in which the financial year ended ended (See Kap 7, 2 § Swedish Bookkeeping Act (1999:1078))
As long as it is necessary to be able to establish, defend or assert a legal claim.
Who do we share your personal information with?
- Data processors
When we use a subcontractor to process your personal information for purposes described in this policy and under our responsibility, we first enter into a data processing agreement with them. The agreement provides instructions on confidentiality and security, and stipulates how the information may be processed. We use the following categories of subcontractors:
• Providers of data storage, hosting and other IT services
• Providers that assist with marketing communications, such as specific emails and SMS, if you have given your consent to targeted marketing.
Should it happen that personal information becomes available outside the EU / EEA in a so-called “third country”, you can read below how we, with the help of extra security and special agreements, secure your personal information.
- Data controllers
We also use services from or enter into a cooperation agreement with companies that are independent data controllers and where the processing of your personal information, after our transfer, is fully or partially processed by this company and is their responsibility. This applies to treatment that takes place in the following categories of recipients:
• Partners who assist with transport and distribution to ensure that your goods arrive to you quickly and safely.
• Providers who assist with marketing if you have given your consent to this or if we have a legitimate interest in disclosing your personal information for marketing purposes.
• Providers assisting with payment
When your personal information is transferred to another data controller, it is important to us that you know when and to whom, so that you have the opportunity to contact these companies for further information on how they process your personal information and to be sure that you have the opportunity to make use of your legal rights under the GDPR. For example, we do this when you complete a purchase by clearly referring to the chosen distributor, or when we use a payment service by requiring the provider to release information about what information he needs, to secure payment, and how you can ask questions regarding this. All recipients who act as independent data controllers are responsible for providing you with the necessary information regarding their methods.
- Public authorities and transfers based on legal obligations
If we are legally obliged to share your personal information with the national tax authority, the police or others, we will do so.
Third country transfers
There are certain cases where the suppliers and some of our partners are outside the EU / EEA. In those cases, we will therefore use subcontractors outside the EU / EEA. This means that we ensure the necessary organizational and technical security measures so that the processing of personal data is carried out with the same level of security that you can expect when the processing takes place in the EU. The European Commission has drawn up standard contract clauses (abbreviated SCC), which are often - but not always – the part of the solution. We use subcontractors and have partners outside the EU / EEA within the following functions:
• CRM system, USA
• Marketing, USA
• Analytics, USA
• Storage, USA
If you have any questions about this, or if you would like to receive a copy of the documentation regarding the safety precautions, please feel free to contact us.
What are your rights in relation to your personal data?
Right to access
As a customer, you have the right to gain access to a range of information, including the categories of personal information collected.
If you want to access the information we process about you - we have created an automatic way for you to perform a personal data access request – you can find it in your account under My Profile – Collect personal data. Otherwise, please contact us at: firstname.lastname@example.org .
We can reject requests that are unreasonably repeated, demand disproportional high technical intervention (e.g. development of a new system or changing an existing process substantially), or which affects another individual’s rights and freedoms.
Since you only have the right to access your own personal data, we cannot share information that includes details about someone else (respecting his or her rights) to you. Therefore, you may not receive all personal data you have requested, but we will in such a case provide you with a description of which information we can't hand out and the reason for it.
Right to rectification
If your personal data is inaccurate or incorrect you can change it in your MyBoozt account or contact us, and we will make sure your information will be updated and correct. Upon request, we will update, change or delete your personal data that we process, subject to personal data that still needs to be processed on the basis of a legal obligation or our continued legitimate interest.
Right to erasure
You have the right to be forgotten, which means that we will delete your personal information if the following applies:
· The personal data is no longer necessary in relation to the purpose for which they were collected or otherwise processed;
· The processing of your personal data is based on your consent and you withdraw your consent;
· You object to the processing of your personal data in accordance with your right to object (see below) and there are no legitimate grounds for the processing that take precedence over your interests;
· Your personal information has been unlawfully processed;
· Your personal data must be deleted due to a legal obligation.
This right shall not apply if the processing is necessary for the establishment, exercise or defence of legal claims.
If you want to delete your Boozt account, you can do so when you are logged in and then by going to "My profile" and clicking "Delete account". It will delete your profile and all other settings on your account, but we will still have your order history in case you need help with a return, complaint or other customer service in the future, as well as personal information required to comply with legal obligations or for our own continued legitimate interest e.g. in connection with our Fair Use Policy.
Right to restriction of processing
You have the right to obtain restriction of our processing of your personal data where one of the following applies:
- You have disputed the accuracy of the personal data and you are awaiting our decision on whether the personal information is correct;
- The processing is unlawful, and you oppose the erasure and request restriction instead;
- The personal data is no longer necessary for processing, but it is required by you for the establishment, exercise or defence of legal claims, or
- You have objected to a processing (see below) and pending the verification whether the legitimate grounds override your rights and freedoms.
Right to data portability
You have the right to data portability, which means you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and transmit it to another company without hindrance from us, if (i) the processing is based on your consent or a contract, and (ii) the processing is carried out by automated means, and (iii) it does not adversely affect the rights and freedoms of others.
If technically possible, you also have the right to have the personal data transferred directly from us to another data controller.
Your right to data portability applies as long as it does not affect the rights and freedoms of others.
Right to object
You have the right to object to any processing which is based on legitimate interest at any time. We will then assess whether our legitimate interest override your interests, rights and freedoms, or whether your personal information is necessary for the establishment, exercise or defense of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to withdraw your consent to this at any time and we will no longer process your personal data.
Organisational and technical security measures
GDPR requires your personal information to be kept secure and confidential. We store your personal data on servers with high levels of security, which are located in controlled facilities, and our security is checked regularly to determine whether our user information is handled securely and always taking your rights as a user into account.
Updates to this policy
Questions and complaints
We are happy to help you if you have any questions about how we process your personal data. If you believe that we have not processed your information in accordance with our obligations, you have the right to complain about this to the national Supervisory Authority in your country which you will find here: https://edpb.europa.eu/about-edpb/board/members_en
You can contact us via:
By phone: +46 10 138 83 36
Or by post:
c/o Boozt Fashion AB
Attn: Customer Service
SE-203 20 Malmö, Sweden
Thank you for visiting platforms operated by Boozt Fashion AB (556710-4699), Hyllie Boulevard 35 Malmö, 215 37, Sweden (hereafter us, we or our).
Phone: +46 10 138 83 36
Or by post:
c/o Boozt Fashion AB
Attn: Customer Service
203 20 Malmö, Sweden
What is a cookie?
A cookie is a small text file that via your browser is stored on your computer or device when you visit websites or use apps. Cookies make it possible to collect certain information, including information about which pages and functions you visit and use.
Some cookies are technically necessary for functions you use on the platforms (for example so that we can store the contents of your shopping cart), but other cookies are used for other purposes (for example for compiling statistics). In the next section, you can read more about which cookies can be used.
There are basically two main types of cookies - 'temporary' and 'permanent':
· Temporary cookies are linked to your current visit on the website or in the app and are deleted automatically when you close your browser.
· Permanent cookies are stored and will be renewed every time you visit the website or use the app. However, they delete themselves after a certain period of time. By using these cookies, it is possible to "recognize" you when you return to the website or the app, which we use, for example, to adapt our platforms to your interests. In cases where permanent cookies are used, their duration is stated in the table below.
In the table below it is stated for each cookie whether it is a temporary cookie (session cookie) or a more permanent cookie, which expires after a specified period of time.
A distinction is also made between 'first-party cookies' and 'third-party cookies'. First-party cookies are those that we apply ourselves, while third-party cookies are applied by a third party who has elements embedded on the platform that is used. In the table below you can see which cookies are applied by us and which cookies are applied by a third party.
Which cookies do we use?
- Support for platform functionality, including, among other things, enabling automatic log-in, use of our chat function and placement of items in the shopping cart.
- Compilation of statistics for use in business development, including improving our platforms, optimizing your user experience and adapting the content of the platforms to your interests.
- Targeted marketing.
Below you will find detailed information about each cookie, including the provider of the cookie, the purpose and duration:
Withdrawal of your consent
You can withdraw or change your consent to cookies at any time by clicking on the link 'Update cookie settings' at the bottom of the website, where you can again select or deselect cookies. The cookies that are technically necessary for the website's function ‘necessary cookies' cannot be deselected. Withdrawal of consent does not affect the legality of the processing carried out up to the time you revoked your consent.
If you want to delete or block cookies, this can be done via your browser settings. Below you will find links to instructions for some of the most popular browsers:
If you choose to withdraw your consent or delete / block cookies, you must be aware that this (depending on the type of cookie) may impair the user experience on the website.
Processing of your personal data