Privacy policy
Background to the updated personal data policy
GDPR (General Data Protection Regulation) is a new EU regulation that applies throughout the EU as of May 25, 2018. GDPR replaces the Swedish Personal Data Act (PUL). Much remains the same, but it means that the requirements for how companies and organizations may process your personal data are tightened.
What is personal data?
Personal data is any kind of information that can be directly or indirectly linked to a living individual. This means that, among other things, the following are personal data: name, address, telephone number, email address, IP address, photograph, etc.
What personal data does iO Nordics process?
iO Nordics stores the personal data that you as a customer provide to iO Nordics in connection with an order. This includes name, address, email address, mobile number, information about credit cards and other payment methods, and also social security number for possible credit checks when paying by invoice. This information is stored so that we can handle your order, deliver your goods to the desired address, handle payment, and any returns, exchanges, and complaints. If you have agreed to receive iO Nordics’ newsletter, iO Nordics stores your email address upon registration. If you have visited any of our stores and provided your email address to receive the receipt digitally, your email address is stored.
Personal data may be disclosed for processing on behalf of iO Nordics through a so-called data processor. In such a case, a written agreement will be established to regulate the data processor’s handling of the personal data, and the data processor will not have the right to use the personal data for purposes other than performing the tasks the data processor has undertaken for iO Nordics.
Legal basis for the processing of personal data
iO Nordics processes provided personal data on the legal basis that it is necessary to fulfill the parties’ agreement. iO Nordics also has the right to process the customer’s address and other contact information for marketing purposes based on a balancing of interests, where iO Nordics considers that its interest in marketing its products and services outweighs your privacy interest as long as you have not objected to that processing.
Storage period
If you subscribe to iO Nordics’ newsletter, the personal data will be stored for two (2) years after you unsubscribe, provided that no purchase is made during that time. iO Nordics stores your information for as long as necessary based on legal requirements or to fulfill iO Nordics’ commitments to you in the individual case. Your information is never stored longer than permitted by applicable data protection legislation.
To the extent that iO Nordics is obliged by law or authority regulations to store data for a longer period than stated above, the data will be stored accordingly. An example of this is the Accounting Act.
Your rights as a customer
Right to information
You can at any time request information about what personal data we have stored about you.
Right to rectification
If your data is incorrect, incomplete, or irrelevant, you can request to have it corrected or deleted.
Right to erasure
You can request that we erase your personal data. We cannot delete your data when there is a statutory requirement for storage, such as accounting rules, or when there are other legitimate reasons why the data must be retained, such as unpaid debts.
However, you as a customer should be aware that a request for deletion of data or restriction of the processing of personal data may result in your ability to use iO Nordics’ services being limited or completely forfeited.
Data portability
You can ask us to move your personal data from our IT environment to another, either another company or to you. This does not apply to data that the law requires us to retain.
Withdraw consent
You can withdraw your consent to allow us to use the data for marketing purposes at any time.
Complaints
You can file a complaint with the Swedish Data Protection Authority if you believe that we are processing your personal data in violation of the General Data Protection Regulation.
What does the Swedish Data Protection Authority do and when do you contact them?
The Swedish Data Protection Authority is responsible for monitoring compliance with the legislation. Anyone who believes that a company/organization/authority is handling personal data incorrectly can submit a complaint to the Swedish Data Protection Authority regardless of the relationship. Contact information for the Swedish Data Protection Authority can be found at www.datainspektionen.se.