PRIVACY POLICY

Your integrity is very important to us. Our Personal Data Processing Policy describes, among other things, what data we collect, the purpose for which it is collected, how you can control your own data, and how to contact us.

Personal data controller

SUNBEAMsystem (760327-0310) is the personal data controller for the processing of personal data at SUNBEAMsystem. The personal data manager is responsible for ensuring that SUNBEAMsystem processes the data according to current legislation.

What personal data is collected about you as a customer and why?

This section describes the purposes for which we process personal data, what categories of personal data are processed, and the legal basis upon which the processing is carried out for you as a customer at SUNBEAMsystem.

1) In order to handle orders/purchases

Personal data is processed in order to:

  • Deliver ordered/purchased products or services (including notification of delivery or contact regarding delivery).
  • Be able to carry out identification and age verification.
  • Manage payments (including analyzing which payment solutions should be offered).
  • Address verification against external sources, such as SPAR.
  • Manage return, complaint, and warranty issues.

The categories of personal data processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Payment information (e.g. transaction reference, transaction date).
  • Personal ID number.
  • Customer number.
  • Payment history.
  • Order information (e.g. what product has been ordered or if it is to be delivered to another address).

Legal basis:

Fulfillment of purchase agreement.

Storage period:

Until the purchase has been completed and for a period of 36 months thereafter. When it comes to customers who shop without logging in, we will keep your personal information for 6 months after the last purchase.

 

2) In order to manage and administer your user account

Personal data is processed in order to:

  • Provide authorization for logging in.
  • Be able to carry out identification and age verification.
  • Maintain correct and updated information.
  • Enable following of purchase history.
  • Manage your settings and information about payment history and payment options.
  • Facilitate the saving of shopping lists, make suggestions for shopping lists, or similar measures that simplify things for you. Analyses are carried out in order to enable this.

The categories of personal data processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Username and password.
  • Purchase history.
  • Technical information about your computer, mobile phone, and other devices you use and their settings.
  • Payment history.
  • Personal ID number.
  • Customer number.
  • Address information from external sources, such as SPAR.

Legal basis:

Registered customers – legitimate interest. The processing is necessary in order to satisfy your and our interest in managing and administer your user account.

Storage period:

As long as you have an active account. If you have not made any purchases in the last 36 months, the data will be removed.

 

3) To be able to market products and services

Personal data is processed in order to:

  • View relevant product recommendations, suggest shopping lists, remind about forgotten/abandoned digital shopping carts, or save shopping lists to simplify future purchases or similar measures.
  • Send direct marketing via email, text messages, social media, and similar electronic channels for communication as well as mail, including promotions from partners. For example, by executing campaigns or sending offers and invitations for events to all customers, a particular customer segment (e.g women/men between 30 and 40 in Sweden), or individual customers.

The categories of personal data processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Age
  • Place of residence
  • Information on how the customer uses the company’s websites and other digital channels.
  • Information about completed purchases.
  • User-generated data (e.g. clicking and visiting history).

In order to understand what kind of marketing or direct marketing should be used, we analyze:

  • How web sites and other digital channels are used (for example, which web pages and sections of web pages have been visited and what searches have been made).
  • Purchase history.
  • Age and place of residence.
  • Results from customer satisfaction or marketing studies.

Legal basis:

Registered and unregistered customers – legitimate interest.

Recipients of newsletters and website visitors – legitimate interest.

The processing is necessary to satisfy our interest and be able to market products and services.

Storage period:

As long as we think you benefit from our communication and you have not chosen to actively withdraw your consent.

 

4) To be able to carry out and manage participation in competitions and events

Personal data is processed in order to:

  • Communicate with participants in a competition.
  • Communicate with participants before and after an event (e.g. confirmation of notifications, questions, or evaluations).
  • Be able to carry out identification and age verification.
  • Select winners and convey prizes.

The categories of personal data processed are:

  • Name
  • Personal identification number or age.
  • Contact information (e.g. address, email, phone number).
  • Details submitted as part of a competition submission.
  • Details submitted as part of an evaluation of an event.

Legal basis:

Legitimate interest. The processing is necessary to satisfy your and our interest in being able to carry out the management of competitions and events.

Storage period:

As long as necessary to complete the competition/event (including any evaluation).

 

5) To manage the booking of services (e.g. personal shopper or similar)

Personal data is processed in order to:

  • Manage bookings, re-bookings, and cancellations.
  • Be able to communicate about the booking and remind you of the service.

The categories of personal data processed are:

  • Name
  • Contact information (email, phone number).
  • Information you choose to provide that enables the service provider to prepare the service.

Legal basis:

Fulfillment of the service agreement. The processing is necessary in order for us to meet our commitments.

Storage period:

As long as it is necessary to provide our services and for a period of 36 months thereafter.

 

6) To be able to manage customer service cases

Personal data in order to:

  • Communicate with the customer and respond to inquiries submitted to customer service through phone or digital channels (including social media).
  • Enable identification.
  • Investigate complaints and support cases (including technical support).

The categories of personal data processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Your correspondence.
  • Information about purchase date, place of purchase, or product defects/complaints.
  • User information for My Pages, for example, when having login problems.
  • Technical details for your equipment required for support cases.
  • Personal ID number.

Legal basis:

Legitimate interest. The processing is necessary to satisfy your and our interest in being able to manage customer service cases.

Storage period:

Correspondence in customer service cases is saved for 36 months.

 

7) In order to fulfill obligations

(e.g. in terms of the requirements of the Swedish Accounting Law, Product Liability and Product Safety and Personal Data Protection in IT Systems)

Personal data is processed in order to:

  • To fulfill legal obligations, as required by laws, judgments, or administrative decisions. Such requirements may refer to product liability and product safety requirements such as providing communication and information to the public and customers regarding product alarms and product recalls, for example in case of a defect or health hazard, or if it is required by the Accounting Act or the Money Laundering Act and is attributable to a single individual.

The categories of personal data that may be processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Your correspondence.
  • Information about purchase date, place of purchase, defects/complaints for the product.
  • User information for My Pages.
  • Personal ID number.
  • Payment information.

Legal basis:

Legal obligations.

Storage period:

Personal data is stored for as long as required to fulfill the respective legal obligations.

 

8) To evaluate, develop and improve our services, products and systems for the customer community as a whole

Personal data is processed in order to:

  • Make services more user-friendly, such as changing the user interface to simplify the information flow or to highlight features commonly used in our digital channels.
  • Develop supporting documentation in order to improve product and logistical flows, e.g. by forecasting purchases, inventory, and deliveries.
  • Develop supporting documentation in order to develop and improve our product range.
  • Develop supporting documentation in order to develop and improve our resource efficiency from an environmental and sustainability perspective, e.g. by streamlining purchasing and planning of deliveries.
  • Develop supporting documentation in order to plan new establishments of stores and warehouses.
  • Allow you to influence the range we provide.
  • Develop supporting documentation in order to improve our IT systems to increase the security of our visitors and customers in general.

The categories of personal data processed are:

  • Purchasing and user-generated data (e.g. clicking and visiting history).
  • Age.
  • Place of residence.
  • Your correspondence and feedback with regard to our service and products.
  • Technical data relating to devices used and settings, such as language settings, IP addresses, browser settings, time zone, operating system, screen resolution, and platform.
  • Information about how you interact with the company, i.e. in what way services were used, the login method, where and how long different pages were visited, response times, download errors, how services can be reached, and when the service was left, etc.

For these purposes, we perform general analyses in aggregated form, i.e. not at the individual level, regarding:

  • How our websites and other digital channels are used (for example, what pages or parts of pages have been visited and what searches have been made).
  • Purchase history.
  • Age.
  • Geographic and/or demographic location.
  • Feedback regarding our services and products and results from customer satisfaction or marketing studies.
  • Data from customers’ devices and technical settings.

Legal basis:

Legitimate interest. The processing is necessary to meet our and your legitimate interest in evaluating, developing, and improving our services, products, and systems.

Storage period:

From the collection and for a time of 36 months thereafter.

 

9) In order to prevent abuse of a service or to investigate and prevent crimes against the company

Personal data is processed in order to:

  • Investigate or prevent fraud or other offenses by e.g. incident reporting in stores.
  • Prevent spam, phishing, harassment, unauthorized logins to user accounts, or other prohibited actions.
  • Protect and improve our IT environment against attacks and intrusions.

The categories of personal data processed are:

  • Purchasing and user-generated data (e.g. clicking and visiting history).
  • Personal ID number.
  • Video recordings from surveillance cameras.
  • Data relating to devices used by the customer and settings, such as language settings, IP address, browser settings, time zone, operating system, screen resolution, and platform.
  • Information about how our digital services are used.

Legal basis:

Legal obligations if such exist or, alternately, legitimate interest (if no legal obligations exist) if the processing is necessary to satisfy our legitimate interest in preventing abuse of a service or investigating and preventing crimes against the company.

Storage period:

As long as it is necessary to prevent and/or report fraud and other offenses. Video recordings are saved in accordance with local laws or max 30 days.

Sharing and transferring personal data

Personal data may also be transferred for necessary processing to other companies that the SUNBEAMsystem Group collaborates, e.g Facebook, in case of marketing (print and distribution, media agencies, etc.), distribution and transportation, payment solutions and IT services. When your personal data are shared with SUNBEAMsystem’ partners, the data shall be processed according to SUNBEAMsystem’ instructions and for SUNBEAMsystem’ account, and only for purposes compatible with the purposes for which SUNBEAMsystem has collected the data.

In addition, SUNBEAMsystem may be legally obliged to provide information to government authorities (e.g. the police and tax authorities). SUNBEAMsystem may also provide personal data to companies that provide payment solutions (e.g. payment service providers and banks) and enterprises that provide general goods transportation (e.g. logistics companies and freight forwarders). In such cases, the partners shall process the data as independent personal data managers in accordance with their own privacy policies and management instructions.

SUNBEAMsystem strives to process personal data within the EU/EEA and collaborate with partners and suppliers who process personal data within the EU/EEA. If not possible, processing of personal data may occur outside the EU/EEA in countries that are considered to have an adequate level of protection in accordance to the EU Commission’s decision, or through the use of appropriate safeguards, such as standard contract clauses, binding internal company rules or US Privacy Shield. The countries where SUNBEAMsystem’ partners process personal data outside the EU/EEA are the US and India. Regardless of the country in which personal data is processed, SUNBEAMsystem takes reasonable technical, legal, and organizational measures to ensure that the level of protection is the same as in the EU/EEA. You will have access to the standard contractual clauses and more information about these by clicking here.

Storing personal data

The processing complies with legal requirements, which means that personal details are not retained for longer than essential for the purpose of the processing. In practical terms, this means that information is removed when it is no longer relevant or necessary for analyses or direct marketing or the purposes for which it was collected. For marketing purposes, we do not use information about purchase transactions which is more than 3 years old. All handling of personal data will however be subject to a high level of security and secrecy.

 

Your rights and options

Right to access:

We want to be open and transparent about how we process your information, and if you want to find out more about the personal data that are being processed, you have the right to request access to your data, which we will provide to you in the form of a so-called “registry” (purpose, categories of personal data, categories of recipients of personal data, storage periods or criteria for determining storage periods, information about where information was collected). If we receive a request for access, we may ask for additional information to ascertain what information you wish to access and that we disclose it to the right person.

Right to rectification:

You always have the right to demand that your personal data are corrected if they are incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data. You, who have created an account in the SUNBEAMsystem app or at SUNBEAMsystem.com may, if you want, also update your information at My Pages or My Profile.

Right to erasure:

You have the right to demand that personal data that we are processing are deleted if:

  • The data are no longer necessary in relation to the purpose for which it was collected or processed.
  • You have withdrawn the consent on which the processing is based and there are no other legal grounds for the processing.
  • You object to a balancing of interests that we have done and there is no legitimate interest for SUNBEAMsystem that outweighs your interest.
  • You object to processing for purposes of direct marketing.
  • The personal data are processed in an illegal fashion.
  • The personal data must be deleted in order to comply with a legal obligation that pertains to us.
  • The personal data have been collected from a child (under 13 years) for which you have parental responsibility in connection with IT-services, e.g. social media.

There may be reasons for us not to grant your request for erasure if there are legal obligations that prevent us from doing so. This may be the case if the processing is necessary in order to exercise our right to freedom of expression and information, to fulfill a legal obligation to which we are subject or to determine, enforce or defend legal claims.

Right to restriction:

You have the right to demand that our processing of your personal data is limited.

Right to object against certain kinds of processing:

Legitimate interest: You have the right to object to processing that is based on a legitimate interest of ours if you have personal reasons that relate to the situation. We may however continue to process your information, despite your objection to the processing, if we have compelling legitimate reasons for the processing that outweigh your privacy interest.

Direct marketing (including analyses carried out for purposes of direct marketing):

You have the possibility to object against the processing of your personal data for direct marketing. The objection also encompasses the analyses of personal data (so-called profiling) which are carried out for purposes of direct marketing. If you object to direct marketing, we will cease processing your personal data for that purpose as well as all types of direct marketing actions. If you wish to decline receiving push messages in the SUNBEAMsystem app you can do this in the general settings of your device.

Right to data portability:

If our right to process your personal data is based on your consent or the fulfillment of commitments in an agreement with you, you have the right to request to have the data that relate to you and which you have provided to us transferred to another personal data manager (e.g. data port).

 

Regarding cookies

Personal data may be collected when you use SUNBEAMsystem.com, and then the information about your use and the pages you visited is stored. This may relate to technical information about your device and Internet connection such as operating system, browser version, IP address, cookies, and unique identifiers. When you visit SUNBEAMsystem.com where our services are provided, various technologies can be used to recognize you in order to learn more about our users. This may occur directly or through the use of third party technology. It may be the use of e.g. cookies.

What is a cookie?

There are two types of cookies. One type saves a text file over an extended period, but has an expiry date. The purpose of this cookie is, for example, to tell you what is new since your last visit. The other type of cookie is a so-called session cookie, which lacks an expiry date. The text file is temporarily saved for as long as you are surfing on a page, and helps with remembering which language you want to use, for example. As soon as the browser is closed, the text file is deleted.

Why do we use cookies?

At SUNBEAMsystem.com we use cookies to keep track of the items you’ve added to your shopping cart. We also use cookies to obtain web statistics. We need these statistics in order to develop SUNBEAMsystem.com. The information is not accessible to parties other than AB SUNBEAMsystem.

In order to fully use SUNBEAMsystem.com you must accept cookies. You can do this via your browser settings. If you do not want to accept cookies you can turn off cookies through your browser’s security settings. This will however mean that SUNBEAMsystem.com will not function as intended. 

 

Managing personal identification numbers

We only process your personal identification number when it is clearly justified by the purpose, necessary for secure identification or if there are other legitimate reasons. Otherwise we will instead use your customer number if sufficient, in order to minimize the use of personal identification numbers as far as possible.

 

Complaints

You are entitled to file a complaint with relevant data protection authority. The relevant authority in each country can be found here.

 

Contact details

To learn more about personal data management or if you have any other questions, you’re welcome to contact us at:

SUNBEAMsystem, Customer Service

 

Changes to the policy

This privacy policy may be updated to correct interferences or to comply with new legal or technical requirements. The latest updated version of the privacy policy may always be found on this page. In case of considerable changes (e.g. to the purposes for personal data processing or categories of personal data), you will receive information about this via email or at SUNBEAMsystem.com.

 

Last updated 05/02/2020