Privacy policy
Privacy Policy
Introduction and background
On May 25, 2018, the EU's new data protection regulation, GDPR, came into force. GDPR places higher demands on how we as a company handle your personal data. At Gavelo AB, we protect your personal privacy and always strive to maintain a high level of data protection. To ensure that you feel secure in our handling of your personal data, we have therefore developed a new privacy policy that shows how we ensure that your personal data is processed in accordance with applicable legislation.
The Privacy Policy describes how we collect, use, store, disclose and protect your personal data and what rights you have. The Privacy Policy applies when Gavelo provides products in connection with purchases and other contact, such as visits to the website.
Personal information
In this policy, we define “personal data” as information that can, directly or indirectly, identify a natural person. The term does not include information that has been anonymized so that it cannot be linked to, or identified by, a natural person.
Data Controller
The person responsible for the processing of personal data is Gavelo AB (559008-1005), Skraggevägen 4 66341 Hammarö. See our contact details here.
Personal data we collect
Order and delivery details
When making a purchase, we only ask you to provide information that is necessary for us to fulfill our agreement, provide you with correct service, and ensure safe delivery. When you complete your purchase and choose a payment method, we will therefore ask you for:
Name
Email address
ZIP code
Personal identification number (only stored by external payment provider when required for selected payment method)
Public registration address
Mobile number
Payment details
When making a purchase, you provide the information required for the selected payment method, such as your social security number and/or account details. We use external payment providers, which are clearly stated at the time of purchase, to handle all of our payments and we therefore never store any of your payment details in our systems.
Technical data
Information about the equipment you use when visiting our website, such as IP address, your device, operating system and browser and version.
Customer information
We also collect information about your visit statistics, which products or offers you have shown interest in, and how you interact with our newsletters. We save information about your historical purchases in order to provide you with better service.
Contact customer service
Information you provide when contacting customer service via email or phone may be used to administer your purchase, for example to correct incomplete personal information. We encourage you as a customer not to provide us with sensitive personal information in an unstructured format (for example, free text in an email).
Purpose and legal basis
In order for our processing of your personal data to be permissible, we must have a legal basis for our processing. Below are some examples of categories of personal data that we collect and the legal basis for our processing. Your personal data will never be used for a purpose other than the one for which it was initially collected without your consent.
Examples of categories of personal data that we process
| Category | Explanation | Examples of personal data | Legal basis |
| Offers | Information about what offers you have received from us, when you received offers and whether or not you have taken advantage of them. | Offer, validity, redeemed or not. | Legitimate interest |
| Order- & delivery details | Information about goods and delivery for the purchase of a product or service. | Product, price, order date, delivery address & delivery method. | Fulfillment of contracts |
| Subscription information | Information about your subscriptions with us, such as newsletters. | Date of subscription and subscription ID. | Legitimate interest |
| Purchase information | Information about your previous purchases. | Purchased products, amount, payment method, transaction ID, delivery address & date. | Legitimate interest |
| User-generated data | Information you have provided through your behavior and use of our internal & external digital channels. | Click history, website behavior, newsletter opening rate and favorite products. | Legitimate interest |
| Customer segments | Information about which customer segments/customer groups you belong to. | Segment name and segment ID. | &Legitimate interest |
| Identity information | Information that could potentially identify a person. | Name, username, email address, shipping address and IP address. | Fulfillment of contracts |
We use your personal data to provide you with information about goods or services (such as marketing materials, promotions or offers). This may be through email, advertisements, SMS and postal mailings to the extent permitted by applicable law. For more information about our competitions and other promotions, please see the rules or details attached to each competition/promotion.
Your rights
With the entry into force of the GDPR, you will have several rights in relation to the processing of your personal data. You can exercise these rights by contacting us.
Right of access
In accordance with the law, you have the right to request information from us free of charge about which of your personal data we process and the purpose of our processing. We will respond to your requests without undue delay. In cases where we cannot fulfill your requests, we will notify you of this and state why. Upon request, we may request information that proves your identity to ensure that your personal data does not reach unauthorized persons. We will send the register extract to your population registration address or verified email address.
Right to rectification
You have the right to request that your personal data be corrected without undue delay if the data is incorrect or incomplete.
Right to erasure
You have the right to request deletion of your personal data provided that:
The data is no longer necessary for the purposes for which it was collected or processed.
You have withdrawn consent on which the processing is based and there is no longer any legal basis for the processing.
You object to a balancing of legitimate interests that the Company has made, and there is no legitimate interest for the Company that outweighs the risk to you as an individual (you have the right to be informed of how the balancing has been made by the Company).
The personal data has been collected or processed unlawfully
The personal data must be deleted to comply with a legal obligation to which the Company is subject.
We cannot always comply with your request for deletion, for example if:
The processing is necessary to exercise someone's right to freedom of expression and information
To comply with a legal obligation to which we are subject
To establish, exercise or defend legal claims
Right to restriction
In some cases, you have the right to request that our processing of your personal data be restricted. Restriction means that the data is marked and may only be used for certain limited purposes in the future. For example, this may apply if you believe that your personal data is incorrect and have requested correction. In this case, the use of your personal data may be restricted while the accuracy is being investigated. When any restriction ceases, you will be informed of this.
Right to object to certain types of processing
By law, you have the right to object to certain types of processing.
Legitimate interest
You have the right to object to processing based on our legitimate interests on grounds relating to your particular situation. We may continue to process your data despite your objection if we have compelling legitimate grounds for the processing that override your privacy interests.
Advertising, marketing and promotions
You may opt out of marketing communications and communications at any time by contacting us. Please note that even if you opt out of marketing communications, you will still receive administrative communications from us, such as order confirmations or other transaction information, account activity notifications (account confirmations, password changes, etc.), and other important communications.
Right to data portability
You have the right to receive a copy of the personal data processed about you in a structured format (data portability). The right to data portability only covers data that you have provided to us and that we process on the basis of certain legal grounds, such as a contract with you.
Protection of your personal data
Limited access
Only authorized personnel have access to your personal data during working hours. The personal data that is processed is determined by the purpose and scope of the work task.
Storage of personal data
In accordance with applicable law, we process your personal data only for as long as is necessary to fulfill the purposes for which your personal data was collected or to comply with our legal obligations.
Your personal data will be securely stored within the Group, in a structured format and we aim to store data within the EU/EEA. If any of our partners are located outside the EU/EEA, safeguards will be put in place to ensure that the personal data continues to be protected and that any transfer to countries outside the EU/EEA is in accordance with the law.
Actions from us
We store your personal data in systems that use appropriate security measures to prevent unauthorized access.
We adhere to reasonable standards for the protection of personal data.
We inform all employees about how we as a company work together to protect the personal data we process.
In the event of a data breach or loss of sensitive personal data, supervisory authorities will be notified and, in cases where the loss poses a particular risk to individuals, they will also be informed.
We use secure data transmission methods. The information you provide when ordering is encrypted using the SSL method before it is transmitted. SSL, Secure Socket Layer, is the most proven method on the internet to protect data and ensure secure data transmission. We always use the SSL method when sensitive data is transmitted.
Actions from you
We ask you as a customer to join us in working towards safe and secure data management.
Do not disclose information to unauthorized persons and never provide more information than necessary.
Choose a difficult password and change it regularly.
Log out of your account every time you leave your computer (be extra careful when using a shared or public computer).
Avoid writing sensitive personal information in continuous text, for example via our "Contact Us" forms or via email to customer service.
Information to third parties
It is important to us that you feel secure in our handling of your personal data. We undertake to process and store your personal data in accordance with applicable legislation and we will never disclose your personal data to unauthorized parties or resell your personal data to third parties.
Collaboration partners
In order to fulfill our part of the agreement, we use subcontractors and partners. These help us with delivery, payment and invoicing services, customer service, etc. Only the personal data that is necessary to be able to complete the agreement will be provided to the parties concerned.
Legal reasons
In the event of suspicion of criminal activity, we may share your personal data for the purpose of answering questions in connection with, for example, a criminal investigation. In accordance with existing laws, information is provided to the police or other competent authority to fulfill our legal obligations.
Cookies
Gavelo.com uses cookies. A cookie is a small text file that a visited website requests to be saved on your computer. Cookies are used to give visitors access to various features, the information can also be used to track a visitor's browsing.
We use so-called session cookies to be able to offer the webshop service and your browser must accept cookies in order for you to be able to add items to the shopping cart. Session cookies store a unique ID for the visit to gavelo.comCookies on gavelo.com used to identify your shopping cart, save information about you in an order, to keep statistics on visitors to gavelo.com and to display advertisements on gavelo.com and on other websites. The session cookie disappears when you are inactive or when you close your browser.
If you object to the storage of cookies, you can deactivate the function by going to "settings" in your browser. Gavelo cannot guarantee that all functions on Gavelo.com then it works as intended.
Changes, comments, complaints and contact
Changes
Gavelo reserves the right to make changes to the privacy policy. Changes of a material nature will be communicated well in advance of their entry into force, and you then have the right to terminate the agreement with us before the change takes effect.
Complaint
If you have any comments or objections to our processing of your personal data based on applicable laws and regulations, we ask you to report this to us as soon as possible. You also have the right to contact the Swedish Data Protection Authority if you have any complaints about our handling of personal data.
Contact details
Gavelo AB, Amino Street 34, 431 53, Molndal
E-mail: store@gavelo.se
Phone: +46 725885800