PRIVACY POLICY FOR HIJABFACTORY
INTRO AND SUMMARY
Your privacy is important to Ayisah Sweden AB (“HijabFactory” or “we”). In this policy, we want to inform you about how we process your personal data and about your rights. Personal data is any information that can be connected to you as a private person, for example name and contact information.
In short, this is why we process your data:
- To the extent necessary for handling and delivering your order.
- To give you offers and inspiration both by newsletters, text message and by targeted marketing in social media, and other media online and offline.
- To communicate with you and answer your questions.
- To ask you about Desenio and your experience with us.
- To remind you of an abandoned shopping cart.
- To create and maintain a customer account (incl. features such as favorites).
- To comply with mandatory law (e.g. consumer and accounting law).
You have several rights according to data protection law. For example you always have a right to object against marketing. You can also read about how to affect our processing of your personal data – what rights you have.
Do you want to know more? Please read our detailed explanations below. Below you can read more about how, why and for how long period we process your personal data.
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
Ayisah Sweden AB, with Swedish company registration number 559003-4707, is responsible for the processing of your personal data. Please note also that our payment provider(s) process personal data collected through our site upon purchase and are independently responsible for their processing.
If you want to contact us regarding our processing of your personal data, please contact us at help@hijabfactory.se. Our postal address is Box 738, 191 27 Sollentuna, Sweden
WHO CAN GAIN ACCESS TO YOUR PERSONAL DATA?
Your personal information is processed primarily by us at HijabFactory. We will never sell your personal data. In some cases, we share your personal data in order to fulfill our obligations to you in a good and efficient manner:
- In order for us to ensure that you pay us, our payment provider(s) will gain access to your personal data.
- In order for us to deliver your goods to your home address or to a postal agent, and to handle any returns, we will share your personal data with a carrier.
- To collect and publish your reviews on our website we share your personal data with the supplier that provide the technical solution to collect and publish such reviews.
- If a friend has referred you to us, we will share a hashed id (text-ID) of your email address with a supplier that have assisted us with enabling friend-referrals. The purpose is to know if we should pay the supplier of the service for referring a new customer or not. Note however that the supplier is not able to convert the text-ID to get access to your actual email address.
- To market relevant products and to make our website as relevant as possible we share your personal data with those providing us with a marketing service including such as Google and Facebook.
- We will share your personal data with IT suppliers that process the personal data on behalf of us as processors to assist us with IT-services.
If you want more detailed information about who we share your personal data with, please feel free to contact us.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EU/EEA?
HijabFactory generally process your personal data within the EU/EEA, but in a few cases we use suppliers from countries outside of the EU/EEA. When transferring your personal data outside of the EU/EEA, HijabFactory will ensure there is an adequate level of protection.
HijabFactory may transfer your personal data to the USA and our supplier that provides a service for sending newsletters and our suppliers that provides services for marketing relevant products and to make our website as relevant as possible.
Any US suppliers we may use have certification according to Privacy Shield. Privacy Shield is an agreement between the EU and the USA, which rationale is to protect the fundamental rights of Europeans and to ensure legal certainty for businesses transferring personal data to the USA. American companies are able to sign up to be Privacy Shield certified with the U.S. Department of Commerce. Such department will then verify that the suppliers’ privacy policies comply with high data protection standards.
If you have any questions about how we share your personal data or if you want the information appropriate safety measures we have, please contact us.
HOW CAN YOU AFFECT OUR PROCESSING OF YOUR PERSONAL DATA?
According to data protection legislation, you are entitled to a variety of rights to affect our processing of your personal data. Read more below.
RIGHT TO WITHDRAW CONSENT AND TO OBJECT TO PROCESSING
You have a right to, entirely or partly, withdraw a given consent for the processing of your personal data. Your withdrawal will have effect from the time of your withdrawal.
You have the right to object to our processing of your personal data. You always have a right to object to marketing from us, such as newsletters.
The right to object generally is applicable when the processing is based on a balance of legitimate interests. Read more about what this means in the tables below. In some cases however, the right to object does not exist (e.g. since we must store your personal data). If we can show compelling legitimate reasons for the processing that weigh heavier than your interests and fundamental rights or if it is for the purpose of determining, practicing or defending legal claims you never have a right to object to the processing.
RIGHT TO ACCESS
You have the right to obtain confirmation as to whether or not we are processing personal data concerning you. You can gain access to the personal data and obtain a copy of the personal data processed by us.
RIGHT TO RECTIFICATION
You have a right to obtain rectification of any inaccurate personal data concerning you and to ask us to have incomplete personal data completed.
RIGHT TO ERASURE (“THE RIGHT TO BE FORGOTTEN”) AND RESTRICTION OF PROCESSING
Under certain circumstances, you have a right to request erasure of your personal data. This is the case for example where the personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or you withdraw your consent on which the processing is based and where there is no other legal ground for continuance of the processing.
You also have a right to request that HijabFactory restrict its processing of your personal data. That is the case for example when the accuracy of the personal data is contested by you, or the processing is unlawful and you oppose the erasure of the personal data and instead requests restriction of its use.
RIGHT TO LODGE A COMPLAINT TO A SUPERVISORY AUTHORITY
You always have the right to lodge a complaint with a supervisory authority.
You may do this in in particular in the EU/EEA member state of your habitual residence, place of work or of an alleged infringement of the applicable data protection laws. In Sweden, the supervisory authority is the Swedish Data Protection Authority. This right is without prejudice to any other administrative or judicial remedy.
RIGHT TO DATA PORTABILITY
You have a right to ask us to transfer certain of your personal data we have about you to another company (data portability).This right applies to personal data that you have provided us in a structured commonly used, machine-readable and interoperable format if:
- The processing is based on consent or on a contract; and
- The processing is carried out by automated means.
In exercising your right to data portability, you have the right to have personal data transmitted directly from HijabFactory to another controller, where technically feasible.
HOW AND WHY DO WE PROCESS YOUR PERSONAL DATA?
Our aim is to be as transparent as possible regarding how and why we process your personal data. In the table you can read more detailed information about why we process your personal data (the purposes of processing), what personal data we process, our legal basis for processing your personal data, and how long we process your personal data for each purpose.
We process personal data that you have chosen to share with us.
PROCESSING BEFORE MAKING A PURCHASE
In order for us to communicate with you, and to receive feedback from you, we need to process your personal data. If you do not provide us with personal data for these purposes, we will not be able to provide you with the service or answer your questions.
For what purposes do we process your personal data? | What personal data do we process? | What is our legal basis for processing your personal data? | For how long do we process your personal data for the specific purpose? |
To save your abandoned cart and to remind you of the product you have left in the cart if you have started a purchase by entering your email address. | Information about your cart and your email that you provided to us when starting your purchase. | Our legitimate interest of making it as easy as possible for you to purchase the product you have showed interest in by placing them in the cart. | From the time you place the product in the cart until you make a purchase, however, no more than five (5) days. |
To answer questions you ask us. | Your name, contact information, pictures that you send us and other information that you provide to us. | Processing is necessary for the performance of our contract with you. | For three (3) years or as long as we are required by law. |
PROCESSING NECESSARY FOR THE PURCHASE AND OUR AGREEMENT, ETC.
In order for us to carry out your purchase, for example to be able to deliver the product, we need to process your personal data. We also need to process your personal data to comply with statutory or other requirements, such as the accounting law's requirement to save data and consumer protection laws. If you do not provide us with personal data for these purposes, we will not be able to complete your purchase with us.
Please note that also our payment provider(s) process personal data in order to administrate your payment of the order. Our payment provider(s) is independently responsible for such processing. Our payment provider(s) also allow you to choose an easier way to make a purchase by automatically filling in your personal data or to be remembered at your device.
For what purposes do we process your personal data? | What personal data do we process? | What is our legal basis for processing your personal data? | For how long do we process your personal data for the specific purpose? |
To administrate your purchase, i.e. to know who we enter into an agreement with, to confirm your purchase, to deliver your purchase and communicate with you regarding your delivery and to collect information on your experience. | and chosen payment method and IP-address. | Processing is necessary for the performance of our contract with you. | Twelve (12) months from order. |
If you want to use your right of withdrawal or change your product and for us to be able to comply with consumer protections laws. | Your name, contact details, such as email address and delivery address, order information Your name, phone number, email address, postal address and information about your purchase, for example your payment method. We also save the information that you have shared when you use your right of withdrawal or when you change your product.
| The processing is necessary for the performance of our contract with you, for us to comply with our return policy and for us to comply with relevant consumer protection laws. | From when you make your purchase and for twelve (12) months thereafter in order for us to comply with consumer protection laws. If you choose to use any of your rights we will process your personal data until we have made a decision regarding the withdrawal or change of product and completed eventual repayment or sent you the new product.
|
To handle any complaints and/or legal disputes against us. | Your name, contact details, information you have stated which is relevant within the framework of the complaint and/or legal dispute. | The processing is necessary in order for us to comply with relevant consumer protection laws and our legitimate interest to handle complaints and/or defend us against legal claims. | From when your complaint and/or legal dispute comes to our attention and for as long as it is ongoing. If we decline your claim, we always store the information for twelve (12) months in case you would choose to have your legal dispute reviewed by a relevant instance.
|
In order to comply with legal obligations, i.e. accounting laws and money laundry legislation. | Information on your invoice such as your purchase history, name and contact information. | The processing is necessary in order for us to comply with relevant legislation. | From when you make your purchase and for seven (7) to eight (8) years according to Swedish accounting law and for five to ten (5-10) years according to money laundry legislation. |
If a friend has referred you to us, we process your personal data in order to pay our supplier that provide a solution for referring friends. | A hashed id (text-ID) of your email address. | Our legitimate interest is to make sure that we only pay our supplier for the purchases from new customers that they have referred to us. | The email address is never kept by us for this purpose. |
PROCESSING TO HANDLE REVIEWS
For what purposes do we process your personal data? | What personal data do we process? | What is our legal basis for processing your personal data? | For how long do we process your personal data for the specific purpose? |
In order to send emails requesting reviews after your purchase. | Your name, email address and order id. | Our legitimate interest is to contact you with a request to rate or review the customer experience with us for us to make the experience better for both you and other customers. | Until we have sent our request to you. |
PROCESSING TO MANAGE YOUR CUSTOMER ACCOUNT
In order to manage your customer account we process your personal data for the performance of our contract with you. If you do not provide us with personal data for this purpose, we will not be able to provide you with your customer account.
For what purposes do we process your personal data? | What personal data do we process? | What is our legal basis for processing your personal data? | For how long do we process your personal data for the specific purpose? |
To manage your customer account that you have created. This includes sending you updated information about your account and our privacy policy. It also includes processing in order to take security measures regarding your account. | Your name, personal identification number , email address, mobile number, cookies and IP-address, user name, user name and the postal address you want us to deliver your products to. | Processing is necessary for the performance of our contract to provide you with an account with you, when you have chosen to have an account. Processing in order to send you updates to our privacy policy is necessary in order to comply with data protection legislation and regulations. | We store your personal data from when you make a purchase and for two (2) years from your last login or until you ask us to remove your account. |
PROCESSING IN ORDER TO COMMUNICATE NEWS, INSPIRATION AND RELEVANT OFFERS TO YOU
For what purposes do we process your personal data? | What personal data do we process? | What is our legal basis for processing your personal data? | For how long do we process your personal data for the specific purpose? |
To send newsletters and relevant offers to you on your request and to send marketing to you who have made a purchase. | Your email address and purchase history. | When you choose to subscribe to our newsletter, we process your personal data based on your consent. When you have made a purchase, we process your personal data based on our legitimate interest to send relevant direct marketing. We only do this if you have made a purchase from us and not objected from receiving marketing. | If you have chosen to receive newsletters and relevant offers, we will send those to you until you unsubscribe to our newsletter. If we send you newsletter based on our legitimate interest we will send you such marketing for two (2) years after your last purchase, unless you object to receiving marketing from us earlier. |
In order to make targeted marketing towards you in social media and at third party web sites. | Your email address, cookies and IP-address. | Our legitimate interest is to use your personal data for direct marketing and to make our marketing relevant for you. We only do this if you have made a purchase from us and not objected from receiving marketing | Your personal data will be processed from when you have made your purchase and for two (2) years, unless you object to our marketing before. |
To publish a review that you have chosen to write in order to make the customer experience transparent to our site visitors and to market our brand to potential customers. | Your name and the information that you have left in your review. | Our legitimate interest is to publish the review that you have written and shared on a review platform. | Until you remove the review from the review platform. |
In order to market our products on our website we may publish your pictures/video of the product that you have shared on your social media profile and tagged #hijabfactory. | The picture/video that you have shared in social media, your user name, and your text. All of these can include personal information about you. | Our legitimate interest is to publish the picture/video that you have tagged #hijabfactory. | Until you declare you no longer want us to show the picture/video at our website. |
COOKIES
More information about our cookies policy can be read here.
HOW HAVE WE ASSESSED THE BALANCING OF INTERESTS WHEN THE LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA IS OUR LEGITIMATE INTEREST?
For some purposes, HijabFactory processes your personal data relying on our legitimate interest as legal basis for the processing. When assessing the legal basis we rely on a balance of interests test, through which we have determined that our legitimate interest for the processing outweighs your interest and your fundamental right not to have your personal data processed. We have stated what our legitimate interest is in the tables above. You are welcome to contact us if you want to read more about how we have done this test. Our contact details are as stated in the beginning of this privacy policy.
This privacy policy was adopted by HijabFactory on february 12th 2019.
The product has been added to your cart