1.1 Efva Attling Stockholm AB and its subsidiaries (collectively ”Efva Attling Stockholm”) process personal data of customers upon their registration at Efva Attling Stockholm’s website http://www.efvaaattling.com. According to the Swedish Personal Data Act (1998:204) and equivalent legislation in other jurisdictions, the processing of personal data is restricted and may only be made in accordance with applicable personal data law.
2.1 “personal data” means name, date of birth, address, e-mail address, telephone number and other personal information of the customers.
2.2 “processing” personal data means every action taken as regards such information, e.g. collecting, registration, storage, usage, disclosure, transfer etc. of the information when such activities are made wholly or partially by electronic means.
2.3 “registered person” means the customer whose personal information is being processed by Efva Attling Stockholm.
2.4 “sensitive data” means personal data that discloses race or ethnical origin, political opinion, religion, membership in trade union, or relating to health or sexual life.
2.5 “unstructured material” means text, images, e-mail etc. which is not included or intended to be included in a document or client relationship management system or any other database.
3. What Personal Data is Processed?
3.1 With regard to customers, Efva Attling Stockholm mainly processes name, telephone number, address and e-mail address of the customer. This information is used for the purpose of (i) delivering Efva Attling Stockholm’s products, (ii) keeping a customer database with contact details of the customers, and (iii) marketing activities.
4. General Requirements on Processing of Personal Data
4.1 If the personal data constitutes unstructured material it may be processed freely except that the processing may not be made in a manner that may be considered to violate the integrity of the registered person.
4.2 When personal data is part of a document or client relationship management system or any other database, the processing of the information must be made in accordance with the provisions of applicable personal data law. This means e.g. that personal data:
a) must be processed in a lawful way, e.g. in accordance with the provisions in the Personal Data Act or other applicable legislation;
b) must be processed in a proper manner and in accordance with good practice, e.g. SWEDMA’s rules for direct marketing;
c) must be gathered for specific, explicitly stated and legitimate purposes and not be processed for any purpose which is incompatible with this purpose. A legitimate purpose could be e.g. customer administration;
d) must be adequate and relevant to the purpose, i.e. information that is not relevant for the purpose may not be processed;
e) may only be processed to the extent necessary for the purpose, i.e. not more information than necessary may be processed;
f) must be correct and up-to-date and, if not, be rectified, blocked or erased; and,
g) may not be kept for a longer period than necessary in order to fulfil the purpose of the processing.
5. Access to the Personal Data
6. Sensitive Data
6.1 Sensitive data may not be processed unless the individual has given his/her explicit consent or when processing is necessary to fulfil the obligations or exercise rights under applicable law.
7. Children’s Personal Data
7.1 Efva Attling Stockholm does not knowingly gather any personal data from children under the age of 18 years and does not aim its website at children under the age of 18 years. Efva Attling Stockholm advises parents and custodians to take an active interest in children’s activities and interests online.
8. Transfer of Personal Data to a Third Country
8.1 Personal data may not be transferred to a country outside of the EU unless specific measures have been taken to ensure that the recipient of the personal data takes appropriate measures to ensure an adequate level of protection of the information.
9. Guidelines for Efva Attling Stockholm’s Employees
9.1 Unless processing of personal data is made as necessary to invoke Efva Attling Stockholm’s rights or perform Efva Attling Stockholm’s obligations under an agreement, Efva Attling Stockholm’s employees should consult with the office of General Counsel before they (a) process the personal data; or (b) transfer the personal data to a third country/outside of the EU.
10. Information to the Registered Person
10.1 A registered person is always entitled to get information about the processing. If data is gathered from the person him/herself, information shall be given as to how the information is processed etc. at the time of gathering the information. In addition, the registered person may annually request, free of charge, information about what information about him/her is being processed and how.
10.2 To protect the registered person’s personal integrity, Efva Attling Stockholm commits itself to conduct reasonable efforts to verify the registered person’s identity by means of password before the registered person is granted access to its personal information. To review and change the personal information submitted to Efva Attling Stockholm the registered person may enter the website where the personal information was submitted or contact Efva Attling Stockholm on the address provided in Section 18 below.
11.1 Erroneous information must, if the registered person so requests, be rectified, blocked or erased as soon as practicably possible.
12. Purging of Personal Data
12.1 Personal data may not be kept longer than necessary for the purpose for which it was gathered. This means that personal data must be reviewed regularly and obsolete personal data must be purged from the systems and databases where the information is kept. For example, obsolete personal data can be personal data that Efva Attling Stockholm no longer has use of for the relevant agreement or in respect of which the purpose of the processing has lost significance.
13.2 Efva Attling Stockholm has implemented technical and organizational safety measures which Efva Attling Stockholm believes are sufficient to protect the personal data being processed.
13.3 Efva Attling Stockholm uses a payment provider which uses SSL encryption protocol (Secure Sockets Layer) when gathering and transferring sensitive information such as credit card information. SSL encryption protocol makes the information illegible to everyone but the payment provider. This safety function is activated when the unbroken key symbol or a closed lock (depending on the web browser) is visible at the bottom of the web browser window.
15.1 All employees or other persons that are processing personal data shall attend Efva Attling Stockholm’s internal education or the equivalent thereof in order to fully understand the obligations of Efva Attling Stockholm with regard to processing of personal data. Such education is held for new employees and when needed to keep employees up-to-date with requirements on processing of personal data.
16. Links to External Websites
16.1 This website may contain links to websites maintained by other legal entities than Efva Attling Stockholm (“External Websites”). These External Websites are not under the control of Efva Attling Stockholm and Efva Attling Stockholm is not responsible for the contents or privacy policies of any External Websites, including, without limitation, any link contained on an External Website, or any changes or updates to an External Website. Efva Attling Stockholm is providing links to External Websites only as a convenience, and the inclusion of such External Websites are not an endorsement by Efva Attling Stockholm in favour of any company offering internet services, products or services on the External Websites.
18. How to Contact Efva Attling Stockholm
Efva Attling Stockholm
Att: Customer Service
SE – 851 05 Sundsvall
The website contains two different types of cookies; persistent cookies, which are text files sent from Efva Attling Stockholm and stored onto the hard drive of your computer, and temporary cookies, which are temporarily stored until you close your web browser. Cookies are used to optimize the website’s functions and to adjust it to your demands. The website’s functionality is in part dependant on the use of temporary cookies.
Temporary cookies are used when you navigate on the website and in the online store. Persistent cookies are used when you log on to your account. Your computer then remembers information for the next session.
Temporary cookies are necessary to navigate the website, but would you like to avoid them, you may configure your web browser so that cookie files are not downloaded onto your computer. More information on how to do this may be available in your web browser’s help section.