We, at Simmer Style AB (”Simmer Style”, “we”, ”our” and ”us”) care about your privacy and want you to feel safe when we process your personal data.

With this privacy policy, we want to provide information of our processing of personal data to you when you:

Below you can find information on how and why we process your personal data, the lawful basis for our processing and the storage period for which we keep your personal data. The information also describes your rights, such as the right to lodge a complaint with a supervisory authority, the right to withdraw your consent and object to processing.

In this Policy, you can read more about the following:

 

Simmer Style is responsible for processing of your personal data

Simmer Style AB, a Swedish company with company registration number 556229-8520, is responsible for the processing of your personal data as controller when you share your personal data with us.
Should you have any questions regarding our processing of your personal data, or if you wish to exercise any of your rights under data protection legislation, please contact us via our e-mail address [email protected]. Our postal address is c/o Tomas Persson, Glasbruksvägen 15, 305 72 Steninge, Sweden.

Which personal data do you need to share with us?

In general, you are not required to provide any of your personal data to us. However, if you want to purchase or make a subscription to our products, we need some of your personal data in order to administrate your purchase or subscription and to comply with legislation or other statutory requirements.
You will find a description of the scenarios when you need to provide your personal data to us and what personal data you need to provide in the tables below where the lawful basis is ”Performance of contract” or ”Legal obligation”. If you do not provide your personal data to us in such scenarios, you will for example not be able to make a purchase.

What are your rights when we process your personal data?

You have certain rights that you can exercise to affect how we process your personal data. You can read about what those rights are below.
If you want to know more about your rights or if you want to exercise any of your rights, please contact us and we will help you. Our contact information can be found at the beginning of this privacy policy.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, the IMY).

In detail: Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority, in particular, in the EU/EEA member state of your habitual residence, place of work or place where the alleged infringement of applicable data protection laws has allegedly occurred.
The supervisory authority has an obligation of informing you on the progress and the outcome of the complaint, including the possibility of a judicial remedy.

Right to withdraw consent (Article 7.3 GDPR)

You have the right to withdraw your consent at any time by contacting us.

In detail. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right of access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about our processing of your personal data.
In detail. The information we provide includes the following:

For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means the information will be provided to you in a commonly used electronic form, unless otherwise requested by you.

Your right to obtain a copy referred to above shall not adversely affect the rights and freedoms of others.

Right to object (Article 21 GDPR)

You have the right to object to our processing of your personal data at any time.

In detail: Your right to object applies as follows:

Right to erasure (“the right to be forgotten”) (Article 17 GDPR)

You have the right to ask us to erase your personal data.

In detail: We have the obligation to erase your personal data without undue delay where one of the following grounds applies:

Where we have made the personal data public and are obliged in accordance with the rights stated above to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

We will notify any erasure of personal data carried out in accordance with your rights stated above to each recipient whom the personal data have been provided to, unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us.

Right to rectification of processing (Article 16 GDPR)

You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you.

In detail: Considering the purposes of the processing, you have the right to have incomplete personal data completed, including by providing a supplementary statement.

We will communicate any rectification of personal data to each recipient whom the personal data have been provided to, unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us.

Right to restriction of processing (Article 18 GDPR)

You have the right to obtain from us restriction of the processing of your personal data.

In detail: Your right applies if:

Where the processing has been restricted according to above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

We will notify each recipient whom the personal data have been provided to about any restriction of processing according to above, if this do not occur to be impossible or entails a disproportionate effort. If you want more information about these recipients, you are welcome to contact us.

Right to data portability (Article 20 GDPR)

You have the right to receive your personal data (that you have provided to us) from us in a structured, commonly used and machine-readable format and, where technically feasible, have your personal data transferred to another data controller (“data portability”).

In detail: The right applies if:

The exercise of the right to data portability shall be without prejudice to the right to erasure, i.e. Article 17.

Your right to data portability shall not adversely affect the rights and freedoms of others.

Balancing of interests assessments when processing personal data based on the lawful basis “legitimate interests”

As we state above, for some purposes, we process your personal data based on our “legitimate interest”. By carrying out a balancing of interests assessment concerning our processing of your personal data, we have concluded that our legitimate interest for the processing outweighs your interests or rights which require the protection of your personal data.

If you want more information in relation to our balancing of interests assessments, please do not hesitate to contact us. Our contact information can be found at the beginning of this privacy policy.

 

Detailed description about how we process your personal data

How do we process your personal data?

You can read more about how we process your personal data in the below. As we are legally required to provide some of the information to you, the text is extensive and may be perceived as difficult to understand. If you have any questions regarding the information set out herein, do not hesitate to contact us.

The below tables describe in detail (i) when we process your personal data (ii), what kind of data we process, (iii) why we process your personal data, (iv) how long we will process your personal data and (v) the lawful basis for the processing. The lawful basis is the basis for processing your personal data according to the GDPR.

If you interact with us without making a purchase, e.g. our social media

If you are in contact with us before you make a purchase or agree to a subscription, e.g. by sending us an e-mail or sending us a message via our social media, we will process your personal data as described in the tables below. We process the personal data that you provide to us and information from your social media account (if you use such account to communicate with us).

To communicate with you:

What processing we perform

What personal data we process

If you interact with us via our social media sites (e.g. our Instagram) we also process:

Our lawful basis for the processing

Legitimate interest

The personal data will be processed based on our legitimate interest to communicate with you who have contacted us.

Storage period: We will delete your personal data [for Simmer Style to insert after how long period of time data is deleted].

Your communication with us on social media (e.g. comments) can be deleted by you at any time. We will remove posts or comments which are in breach of the rules of the platform or in conflict with applicable legislation as soon as possible.

To share your posts on social media

What processing we perform

What personal data we process

Our lawful basis for the processing

Storage period: Your posts will be shared on our social media until we delete the post or you ask us to remove it.

If you visit our website or social media

We analyse how our website is used and provide you with relevant marketing on other websites you visit based on such analysis. This means that your personal data is processed when you visit our website. To protect your privacy, we have taken measures to avoid identifying you when you visit our website. For instance, we only process an encrypted version of your IP-address.

When you visit our website, we will gather your personal data from the device you are using to visit our website and from the companies we collaborate with (see below). Such companies will also use previous information they have about you to show you interesting offers from us.

When you use our website, we will gather personal data by using cookies. If you would like to know how we do this, it is described in our Cookie Policy which you find here.

 

To analyse how our website is used

What processing we perform

What personal data we process

Our lawful basis for the processing

Storage period:

Google will continue to store your personal data for their own purposes and Google will inform you separately about such storing.

 

To show you relevant marketing online from us

What processing we perform

What personal data we process

An encrypted version of your IP- address which we at Simmer Style cannot connect to you as an individual:

You will see search results and ads based on:

Our lawful basis for the processing

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

Here you can make choices about the marketing you see from Google and here on Facebook under the heading ad settings you can choose which marketing you want to see on Facebook.

Storage period: You will see marketing from us for a period of at the latest two years after your visit to our website.

Google (including YouTube) and Facebook (including Instagram) will continue to process your personal data as independent controllers. Information on how long they store your personal data can be found in their respective privacy information.

 

If you make a purchase or agree to a subscription

When you make a purchase or agree to a subscription, we will process your personal data as described below. Such personal data is collected directly from you. We use Stripe, Klarna and Paypal as a provider of payment providers. We will share your personal data with the payment provider that you have chosen. The payment provider you have chosen will also process your personal data for its own account. [If you have chosen to pay by Stripe your personal data will be shared with Stripe that will be responsible (controller) for your personal data. You can find Stripe’s privacy policy here.

To administrate and enable your purchase

What processing we perform

What personal data we process

Our lawful basis for the processing

Storage period: We will store the personal data during the purchase process and thereafter for a period of 24 months after the purchase in question. In case of a claim, dispute or similar we need to store some of your personal data for a longer period according to what is stated below.

Your order and payment information will be stored for a longer period to comply with bookkeeping legislation.

To provide customer service and track your order

What processing we perform

What personal data we process

If you ask us to track your order, we will process:

Our lawful basis for the processing

Legitimate interest

The personal data will be processed based on our legitimate interest to provide customer service.

Storage period: We will delete your personal data 1 year after your customer service matter has been solved.

 

To publish customer reviews

What processing we perform

What personal data we process

Our lawful basis for the processing

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

Storage period: We will send a request for you to submit a customer review after your purchase. We will stop sending requests if you object to receiving such e-mails. If you choose to submit a review, we will remove your review from our website and delete your personal data 24 months after your review was published.

 

To comply with bookkeeping and accounting legislation

 

What processing we perform

What personal data we process

Our lawful basis for the processing

Legal obligation

The processing is necessary to comply with legal obligations to which we are subject, i.e. bookkeeping and accounting legislation.

Storage period: We will store any document constituting bookkeeping material and personal data included until the end of the seventh (7) financial year according to Swedish bookkeeping and accounting legislation. The regulation means that we store bookkeeping material until and including the seventh year after the end of the calendar year for the fiscal year to which the personal data relates.

 

If you subscribe to our newsletters

The points below describes how we process your personal data if you subscribe to our newsletters. We gather your personal data directly from you and provide some personal data ourselves by analysing how you use our newsletters.

To send newsletters

What processing we perform

What personal data we process

Our lawful basis for the processing

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

If you make a complaint or withdraw your purchase/subscription or we have a discussion regarding your purchase

We do everything we can to please our customers and as a result rarely receive complaints, but should you want to make a complaint, withdraw your purchase or discuss your purchase, we will process your personal data as described below. We will collect your personal data from you or provide the information ourselves.

Note that the ongoing claim or right may mean that we cannot delete all your personal data after your request.

To handle any withdrawals, complaints or claims

What processing we perform

What personal data we process

Our lawful basis for the processing

Legal obligation

The processing is necessary to comply with legal obligations to which we are subject, i.e. consumer law.

In these cases, you need to provide your personal data to us since we otherwise will not be able to comply with your consumer rights.

Legitimate interest

We also have a legitimate interest to process your personal data to defend ourselves against a possible complaint or claim.

Storage period: We will store your personal data from the time the complaint or claim was initiated and for the duration of such complaint or claim.

 

Who can gain access to your personal data and why?

Your personal data is initially collected and processed by us and we do not sell your personal data. This means that your personal data will be handled by our employees, but only personnel who need such access to conduct their work.

To conduct our business, we need to work with suppliers and partners who will process your personal data. We are responsible for any sharing of your personal data and to make sure your personal data is safe when shared with third parties as set out below.

We will share your personal data with our data processor. A processor processes data only on our behalf, which means that we are still responsible for the data they are processing. We share your personal data with the following categories of processors:

We also share your data with other controllers, who are responsible for processing your data.

The other controllers are:

If you have any questions regarding how we share your personal data or want to know more about who we share your personal data with, please feel free to contact us at [email protected]

Where are your personal data processed?

Your personal data will in most cases be processed outside of the EU/EEA if the suppliers we use are based outside of the EU/EEA. Your personal data will be transferred outside the EU/EEA in the following cases:

We also rely on an adequacy decision regarding most transfers to the US, when our American suppliers are certified under the EU-US Data Privacy Framework. You can find the adequacy decision for the US here. Google and Meta are certified under the EU-US Data Privacy Framework. By clicking on their names, you will be taken to the certificate of the respective company.

In the absence of an adequacy decision, or when our transfer is not protected under an adequacy decision, we and our suppliers will instead rely on Standard Contractual Clauses (Article 46.2 c GDPR) module 1 and module 2, and supplementary security measures for the transfer of personal data outside of the EU/EEA. The use of Standard Contractual Clauses is an effort to provide a safe transfer of your personal data. You can find the Standard Contractual Clauses here.

If you want to know more about where your personal data will be processed, please feel free to contact us at [email protected]