Privacy Policy

1. GENERAL

1.1 What does this policy cover?

This Privacy Policy (“Privacy Policy”) governs the processing of personal data collected from individual users (“you” and “your”) via the e-commerce website www.matsilver.se (the “Website”). The Privacy Policy does not apply to any other websites, applications or software that integrate with the Website or other third-party products and services (for example, social media providers linked to the Website).

1.2 What is personal data?

Personal data is any information that can be directly or indirectly linked to a living natural person, including:

  • Name
  • Social security number
  • Delivery address
  • Phone number
  • Email address
  • Order history
  • User data

1.3 What does processing of personal data mean?

Processing of personal data includes any operation which is performed on personal data, whether or not by automated means. This means that, among other things, the following operations are covered:

  • Collection
  • Registration
  • Bringing together
  • Transfer
  • Deletion

1.4 Who is responsible for your personal data?

The website is owned and operated by:

Sveto AB
Organization number: 556722-6534
Address: Bollstanäsvägen 3, 192 78 Sollentuna
Email: info@matsilver.se

Sveto AB is responsible for the processing of your personal data on the Website and is therefore defined as the data controller.

1.5 Why are we allowed to process personal data?

In order for it to be permissible to process personal data, there must always be support in the GDPR, a so-called legal basis. Such a legal basis is, among other things:

  • A consent from you
  • That the processing of personal data is necessary for the performance of an agreement (in this case, the Website's Terms of Use and your purchase of products)
  • To fulfill a legal obligation, for example regarding saving data for 7 years due to accounting obligations
  • After weighing up interests, make the assessment that Sveto AB's interest in processing personal data is greater than your interest in protecting it.

2. PERSONAL DATA COLLECTED VIA THE WEBSITE

2.1 What personal data do we collect?

As a starting point, we collect only the minimum amount of personal data that is necessary for your use of the Website. We use your personal data for limited, specified and legitimate purposes that are expressly specified in this Privacy Policy. In general, your personal data is used for the purposes of providing you with access to the Website, maintaining and improving the Website, processing your orders, enabling customer care and responding to your inquiries, compiling statistics on the use of the Website and pursuing our legitimate interests.

Below you can see a more detailed summary of the types of personal data we collect, the purposes for which we use it and the legal bases we rely on when processing it:

Orders
  • Type of personal data: When you place an order on the Website, we collect your first name, last name, address, email address and telephone number.
  • Purpose: We use this information to send you order confirmation and receipt, deliver your orders, contact you when necessary, and to maintain our customer care.
  • Legal basis: The legal basis on which we base our processing is our agreement with you.
  • Retention period: We will store this data for as long as required by applicable law (at least 7 years).
Payments
  • Type of personal data: When you make a payment, our payment service providers collect your personal data such as first name, last name, billing and shipping addresses, and payment details (e.g. credit card details).
  • Purpose: Your payment details are used to process payments and to manage our accounting.
  • Legal basis: The legal basis on which we base our processing is our agreement with you.
  • Retention period: We will store this data for as long as required by applicable law (at least 7 years).
Inquiries
  • Type of personal data: When you contact us by email, we collect your name, email address, and any information you choose to include in your message. When you contact us via our contact form, we collect your first name, last name, email address, phone number, and any information you choose to include in your message. When you contact us via our chat feature, we collect your first name, last name, email address, phone number, and any information you choose to include in your message.
  • Purpose: We use this information to respond to and handle your inquiries and provide you with requested information.
  • Legal basis: The legal basis we rely on is our legitimate interest in treating our customers well and strengthening/maintaining our reputation, your consent (for optional personal data shared) or our agreement (if the request relates to a product you have purchased from us).
  • Storage period: We will store this data until you stop communicating with us and we deem that the current request has been handled.
Reviews
  • Type of personal data: When you leave a review about the products you purchased, we collect your name and any information you decide to provide in your review.
  • Purpose: We use this information to display your review on the Website and give other customers/potential customers an objective opinion about our products.
  • Legal basis: The legal basis on which we base our processing is your consent.
  • Storage period: We will store this information until you ask us to delete your review or until we determine that it is no longer relevant (for example, if the reviewed product has been discontinued).

2.2 Commercial communication

We only send you commercial communications if (i) you sign up for our newsletter (ii) you subscribe to a newsletter by providing us with your email address or (iii) you purchase something from us and we want to inform you about our similar products. In such cases, you will receive information about our new products, the Website's features and special offers. The legal bases on which we rely are your consent or our legitimate interests in promoting our company's activities and sales. You can opt out of receiving our commercial communications at any time by clicking on the "Unsubscribe" link or equivalent provided in our newsletters or by contacting us directly.

2.3 Transaction messages

If we deem it necessary, we may send you important informational messages via email or SMS, such as order updates, payment receipts, invoices, shipping information, and other technical or administrative emails. Please note that such messages are sent "on an as-needed basis" unless they fall within the scope of commercial communications, which may require your prior consent. You cannot opt ​​out of receiving transactional messages.

2.4 Feedback and questions

If you contact us, we may record any questions, responses, complaints, recommendations or compliments you may have. Where possible, we will anonymize your personal data (i.e. we will remove all personal data that is not necessary for the purpose of maintaining such records). If your personal data is anonymized in such a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and may therefore be used for any legitimate purpose.

2.5 Sensitive personal data

Some personal data are by nature particularly sensitive and therefore have stronger protection. They are called sensitive personal data. These include data about health, genetic and biometric information, religious or philosophical beliefs, political opinions, ethnic origin, sexual orientation and sex life, and trade union membership. We do not collect sensitive personal data.

2.6 Where we collect your personal data

We collect your personal data from the following sources:

  • Directly from you: for example, if you provide your personal data when you purchase something from us or contact us.
  • Directly or indirectly through your activity on the Website: when you use the Website, we automatically collect technical information about your use of the Website.
  • From third parties: we may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a legal basis for disclosing your personal data to us (for example, for payment purposes).

2.7 Consequences of not disclosing personal data

If you decide not to provide us with your personal data when we ask for it, we may not be able to perform certain requested processes (for example, process your order) and you may not be able to use all of the features of the Site, receive the requested information, or receive our response. Please let us know immediately if you believe that any personal data we collect is excessive or unnecessary for the intended purpose.

3. STORAGE OF PERSONAL DATA

3.1 Storage period (personal data)

We will only store your personal data for as long as such data is required for the purposes described in this Privacy Policy or until you ask us to update or delete your personal data, whichever occurs first. Specific retention periods for different types of personal data are set out in section 2.1 above. After your personal data is no longer necessary for its purposes and we have no other legal basis for storing it, we will immediately delete your personal data from our systems in a secure manner. As a general rule, we will not store your personal data for longer than is strictly necessary.

3.2 Storage time (data)

We store anonymous data (i.e. data that is not considered personal data) related to you for as long as is necessary for the purposes described in this Privacy Policy. This means storing data for the period of time needed to manage our business, fulfill our contractual obligations, pursue our legitimate interests, conduct audits, comply with laws and regulations, and resolve any disputes.

3.3 Legal storage period

Where we are required by law to store your personal data for a certain period of time (e.g. for accounting and business records), we will store your personal data for the period of time prescribed by applicable law (in most cases for seven years) and securely delete the personal data as soon as the required storage period expires.

4. PROTECTION AND SHARING OF PERSONAL DATA

4.1 How we protect your personal data

We implement adequate technical and organizational security measures to protect your personal data from, among other things, loss, misuse, unauthorized access and disclosure. The security measures we take include secure networks, strong passwords, limited access to your personal data by our staff, multi-factor authentication, anonymization of personal data (where possible), regular updates, security patches and careful qualification of our data processors.

4.2 When we share your personal data

As a starting point, we do not share your personal data. However, if it is necessary for the intended purpose of your personal data, we will disclose your personal data to companies that provide services on our behalf or support us in our operations (our so-called personal data processors). Your personal data may be shared in this context with companies that provide technical support services to us such as hosting, payment processing, shipping and email distribution services. The disclosure of your personal data is limited to those situations where it is necessary for the following purposes:

  • Ensure that the Website functions properly;
  • Deliver the products you have ordered;
  • Manage your payments;
  • Respond to your inquiries;
  • Pursue our legitimate interests;
  • To maintain our rights and security and to prevent/prevent fraud;
  • Fulfill our contractual obligations; and
  • For law enforcement purposes.

4.3 How we share your personal data

Although our company and most of our partners are based in Sweden, i.e. within the European Economic Area (EEA), some of our data processors are based outside the EEA. Therefore, we may need to transfer your personal data outside the EEA. If it is necessary to make such a transfer, we will ensure that the country where our data processor is located guarantees an adequate level of protection for your personal data or we will enter into an agreement with data processors that ensures such protection (e.g. a data processor agreement based on pre-approved standard contractual clauses).

5. YOUR RIGHTS

5.1 Control of treatment

You always have the right to check how we process your personal data. Subject to any restrictions imposed by law, you have the following rights:

  • Right of access – you can receive a copy of the personal data we store in our systems as well as a list of the purposes for which your personal data is processed;
  • Right to correction – you can ask us to correct inaccurate or incomplete information we process about you;
  • Right to erasure – you can ask us to erase your personal data from our systems;
  • Right to restriction – you can ask us to restrict the processing of your personal data;
  • The right to data portability – you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move these personal data to another processor;
  • The right to object – you can ask us to stop processing your personal data;
  • Right to withdraw consent – ​​you have the right to withdraw your consent if you have provided it; or
  • Right to complain – you can submit your complaint regarding our processing of your personal data.

5.2 Exercise of rights

If you wish to exercise any of your rights as above, please contact us by email info@matsilver.se. In order to verify the legitimacy of your request, we may ask you to provide us with identifying information so that we can identify you in our system. We will respond to your request as soon as possible and always within a reasonable time frame of a maximum of 30 days. If you are not satisfied with how we handle your personal data, you also have the opportunity to report our processing of your personal data to the Swedish Data Protection Authority. However, for smooth and efficient handling, we recommend that you contact us in the first instance so that we can help you with any questions and concerns.

6. OTHER

6.1 Validity

This Privacy Policy is effective on the date specified at the end of the Privacy Policy (“Last Updated”) and remains in effect until terminated or updated by us.

6.2 Changes and updates

We reserve the right to revise this Privacy Policy from time to time. The date of the last change is indicated at the end of the Privacy Policy. If we make any changes to the Privacy Policy, we will publish those changes on the Website. You are therefore advised to read this Privacy Policy regularly to be aware of any changes. If we change the Privacy Policy in a way that is materially different from what was stated when any consent was collected, we will notify you of those changes and, if necessary, ask you to consent again to our processing of your personal data.

6.3 Personal data of minors

The website is not intended for use by persons under the age of 18.

6.4 Contact

Please do not hesitate to contact us if you have any questions about this Privacy Policy, the processing of your personal data or if you would like to request a register extract. Mail: info@matsilver.se