Privacy policy
We handle all your personal data according to the GDPR. Below you can read more about out
Privacy Policy.
1. CONTROLLER
Mickes Mat Ab (”Smakbyn” or ”we”) processes online customers’ personal data for the managing
and processing of orders and deliveries, managing customer relations and for direct marketing
purposes. We also process the information of online visitors for trend detection and analytics.
It is important to us that you know how we use your data. This Privacy policy aims to clarify how
we process your personal information.
Please note that this Privacy Policy only applies to the data processing carried out by Smakbyn
as a data controller.
Your chosen payment service provider is the controller in regard to any payment transactions
data. The Privacy Policies of these service providers are available on their websites:
2. CONTACT DETAILS
Controller’s contact details:
Mickes Mat Ab
Business ID: 2208481-5
Raastuvankatu 24b, 65100 Vaasa
Online store customer service:
shop@smakbyn.ax
shop.smakbyn.ax
3. COLLECTED PERSONAL DATA
We collect the following information of our registered users or online customers:
• first and last name
• email address
• postal address
• phone number
• order and delivery history
• payment method
• possible communication history
• returns, complaints or claims
• direct marketing opt-ins or restrictions
• company name and business id of business customers.
We may also process technical data of all the online visitors that may in certain situations identify
you and qualify as personal data, including the following:
• IP address
• operating system
• device type
• products searched in the online store
• browsing history and URL route in the online store.
Paytrail stores IP-address, payment method and payment time & date during the payment
process.
4. COOKIES AND ANALYTICS TOOLS, SOURCES OF PERSONAL DATA
We use cookies and similar technologies such as beacons to improve the usability and
functionality of our website. We also use third party cookies to collect analytics data and to
integrate our social media accounts to our website.
Cookies allow web applications to respond to you as an individual. The web application can tailor
its operations to your needs, likes and dislikes by gathering and remembering information about
your preferences. A cookie is a small text file saved in the user’s computer. If you don’t want to save cookies on your computer, you can prevent cookies in your browser settings. In that case we cannot
guarantee that our site will functions in the best way possible.
Our site uses Google Analytics. More information regarding the privacy of Google Analytics’ is
available on Google Analytics’ Privacy Policy.
We primarily receive personal data directly from you in connection with your order or registration.
Technical analytics data is saved automatically from online visits.
5. THE PURPOSES AND LEGIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA
Personal data may also be used for the following purposes of use in accordance with legislation
and applicable consents:
• Facilitating orders and deliveries: We process personal data to process, confirm and deliver orders. Personal data may also be processed in situations concerning order’s or product’s reclamation or warranty.
• Customer communication and customer care: The customer’s data may be used for customer service, communication and to control and maintain customer relationship. If you contact our customer service, we will use the given data to response to questions and solve possible problems and processing of your message.
• Direct marketing and market research: If you have ordered our newsletter or in any other way expressed you want to receive direct marketing material, we may process your personal data in order to send you direct marketing material such as information about our products and current offers and events. With your consent we may also contact you for market research purposes. More information about the process of personal data in direct marketing is available in section 10. You always have a right to prohibit electronic direct marketing.
Legal grounds for processing personal data
We process personal data to take care of our obligations based on a contractual relation towards
you or to facilitate pre-contractual steps. In certain cases we process personal data to fulfil our
legal obligations, for example when we are obliged to store order and transactions data for
accounting purposes. We also process personal data on the basis of consent when you have
given your consent for the processing of personal data and on the grounds of our legitimate
interests to maintain and develop our business, for example for the purposes of collecting website
analytics.
6. STORAGE PERIOD
We do not store personal data longer than is legally permitted or as it is necessary to meet the
purposes of use above. The storage period depends on the nature of the information and the
purposes of processing. The maximum period may therefore vary per use.
Storage periods reflect the time reasonably necessary for our legitimate interests for example for
claims handling, internal reporting, marketing and reconciliation purposes.
Due to accounting legislation we are also required to store all material relating to our transactions
for the period as defined by the law.
We will store Analytics Data relating to the Services 36 months.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
We primarily store personal data inside the European Economic Area.
However, in some situations we may transfer personal data to be processed outside of this area.
In these cases we will ensure that your data receives an adequate level of protection in the
jurisdictions in which it is processed. We provide adequate protection for the transfers of personal
data to countries outside of the European Economic Area through a series of agreements with our
service providers based on the Standard Contractual Clauses or other similar arrangements such
as the Privacy Shield framework.
8. THE RECIPIENTS OF PERSONAL DATA
We do not share your personal data with third parties outside of Smakbyn’s organization unless
one of the following circumstances applies:
It is necessary for the purposes set out in this Privacy Policy
To the extent that third parties need access to personal data to personal data for the purposes
specified above, we have taken appropriate contractual and organisational measures to ensure
that personal data are processed exclusively for the purposes specified in this Privacy Policy and
in accordance with all applicable laws and regulations.
For legal reasons
We may share personal data with third parties outside Smakbyn’s organization if access to the
personal data is reasonably necessary to: (i) meet applicable law, regulation, and/or court order;
(ii) detect, prevent, or otherwise address fraud, identity theft, money laundering, terrorism
financing or information security or technical difficulties; or (iii) ensure any other purpose required
by public interest in accordance with the law.
To authorized service providers
We may share personal data to authorized service providers such as the service provider
responsible for transport service. Our agreements with our service providers include commitments
requiring our service providers to limit their use of personal data and to comply with the privacy
and security standards of this Privacy Policy.
For other legitimate reasons
If Smakbyn is involved in a merger, acquisition or asset sale, we may transfer personal data to the
third party involved. However, we will continue to ensure the confidentiality of all personal data.
We will give notice to when the personal data are transferred or become subject to a different
privacy policy as soon as reasonably possible.
With your explicit consent
We may share personal data with third parties outside Smakbyn organization for other reasons
than the ones mentioned before, when we have your explicit consent to do so. You have the right
to withdraw such consent at any time by contacting us.
9. YOUR RIGHTS
• Right to access: You have the right to access your personal data processed by Smabyn. You may contact us to find out what personal data we process and for which purpose we use it.
• Right to correct: You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored corrected or completed. By contacting us you can update for example your contact information or other information.
• Right to deletion: You may ask us to delete your personal data. We will comply with your request unless we have a legitimate ground to not delete the data. Such ground may be for example an obligation to keep certain data due to accounting legislation or a requirement to store order information to verify your product warranty.
• Right to object and right to restrict: You have a right to resist the processing of your personal data or profiling, if your data is being processed for direct marketing.
You have a right to demand the limitation of your personal data among other things when the data concerning you is not true. In addition in certain special situations you have a right to resist the processing of your personal data on the grounds of a personal special situation.
• Right to data portability: You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit data to a third party.
• How to use your rights : If you want to use any of the above mentioned rights, please send us a letter or a secure e-mail with the following information: name, address, phone number and a copy of a valid ID. We may request additional information to confirm your identity.
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
10. DIRECT MARKETING
If you have given your consent to receive direct marketing for example by ordering a newsletter,
we may send you notices concerning our products, offers and events. You have the right to prohibit us from using personal data for direct marketing, market research or profiling by contacting us through the contact information pointed above or by using the unsubscribe option included in all direct marketing messages.
11. INFORMATION SECURITY
We have implemented administrative, organizational, technical, and physical safeguards to
protect the personal data we collect and process. Our security controls are designed to maintain
an appropriate level of data confidentiality, integrity, and availability.
Access to personal data is limited to authorized persons on a need-to-know basis. The personal
data is protected with appropriate access controls, user rights and passwords.
Should despite of the security measures, a security breach occur that is likely to have negative
effects on your privacy, we will inform you and other affected parties, as well as relevant
authorities when required by applicable data protection laws, about the breach as soon as
possible.
12. LODGING A COMPLAINT
You have the right to lodge a complaint to the supervisory authority, if you consider Smakbyn’s
processing of personal data to be inconsistent with the applicable data protection laws.
Last updated: 28.11.2024
