In this document you will find information about how personal data is processed on our “Website” (sillysilas.com) when you are visiting the Website and when you are making purchases. “We” are Silly Silas / Haptic District AB (559115-8455), and we operate the Website. This document (our “Privacy Notice”) describes how personal data about you is collected, used, and shared when you visit or make a purchase from the Website. We are the controller of the personal data that is processed.
Any terms and expressions used in this Privacy Notice that are already defined in the “GDPR” (the General Data Protection Regulation (EU) 2016/679) should be understood to have the same meaning as in the GDPR. This means, for instance, that “personal data” means any information that is relating to an identified or identifiable individual.
1. OUR PROCESSING OF PERSONAL DATA
1.1. Device information: information collected from the Website
When you visit the Website, we use Google Analytics and the Facebook Pixel to automatically collect information about your device, web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website. We refer to this automatically collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies”, which are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Webite, and collect data such as your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Website.
Insofar as the information collected from Log files and Web beacons constitute personal data, we base our processing of personal data on our legitimate interest to analyse the use of our Website and how people navigate from and to it (Article 6.1(f) of the GDPR).
1.2. Webshop information: information processed in connection with purchases
When you make a purchase or attempt to make a purchase through the Website, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information”.
In order to focus on what we do best (comfy childrens’ clothing) and to make your purchase more convenient, we use third-party payment service providers. If you check out your purchase using Shopify Payments or PayPal, those respective companies will process your personal data as controllers. With Shopify Payments, you can complete the purchase with a wide range of payment options provided by third parties, and if you chose it, you will be directed to a local payment service provider. Please see the respective privacy notices of these third parties for more information on how they process personal data.
In this context, our processing of personal data is limited to transferring it to the third-party payment service provider. Our legal ground for this processing is that the processing is a necessary step to enter into a contract (regarding the purchase), as requested by you (Article 6.1(b) of the GDPR). We will then store the relevant information from the transaction for bookkeeping and tax purposes, based on our obligation to fulfil applicable legal requirements (Article 6.1(c) of the GDPR).
We will use the Order information to ship your purchases to you, with the help of a shipping partner. If your order has any special instructions for us, please refrain from providing us with any personal data in those instructions. If such personal data is not necessary for us to fulfil your request, it will be deleted. When processing personal data for this purpose, our legal ground is that it is necessary to process the personal data in order to perform our end of the contract with you – i.e. to send you what you have bought (Article 6.1(b) of the GDPR).
In case of confirmed cases or suspicions of fraud, we will pursue the matter accordingly and process personal data if necessary, based on our legitimate interest to establish, defend and exercise legal claims, as well as the legitimate interest of third parties to protect their rights and property (Article 6.1(f) of the GDPR).
If you tick the box “keep me up to date on news and exclusive offers”, we will store your name and email address to send you news and exclusive offers. Our legal ground for the processing of personal data is our legitimate interest to reach out to you with news, updates and exclusive offers (Article 6.1(f) of the GDPR).
2. SHARING YOUR PERSONAL INFORMATION
We share personal data with third parties in order to provide our services to you. We use Shopify to power our online store – you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We also use Google Analytics to help us understand how our visitors use the Website – you can read more about how Google uses personal data about you as a controller, here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- We may use the Facebook Pixel to send advertising to visitors of our Website. You can read more about Facebook’s processing of personal data here: https://www.facebook.com/business/m/privacy-and-data. Facebook will process personal data both as a processor on our behalf, and as a joint controller with us. Please see here for more information on our respective responsibilities as joint controllers: https://www.facebook.com/legal/controller_addendum.
- Other than this, we also share personal data with Shopify Payments and PayPal, and other payment service providers if you chose to check out your purchase with them, and we use local logistics companies to ship your purchase to you.
These third parties may be based outside of the EU and the EEA, in countries which the European Commission has not deemed to ensure an adequate level of protection for personal data. Therefore, and in accordance with the GDPR, we are using appropriate safeguards to ensure the continued protection of personal data (such safeguards being the standard contractual clauses issued by the European Commission). If you wish to obtain a copy of them, please do not hesitate to reach out to us using the contact information set out below.
If there is a change of control in our business, we may transfer the personal data to the new owners for them to continue to provide the services described in this Privacy Notice. The new owners shall continue to comply with the commitments we have made in this Privacy Notice.
Finally, we may also disclose personal data about you when we comply with applicable laws and regulations, responds to any subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights and to enforce the terms of service or any other agreement. In such cases, we base our processing on the applicable legal obligation compelling us to disclose the personal data, or our legitimate interest to establish, defend and exercise legal claims (Article 6.1(c) and 6.1(f) of the GDPR).
3. DO NOT TRACK
Please note that we do not alter our Website’s data collection and use practices when we see a Do Not Track signal from your browser.
4. YOUR RIGHTS
You have rights regarding personal data about you, which means that you have the right to:
- Access: meaning that you have the right to information about the processing, access to the personal data in question, and the right to obtain a copy of it.
- Rectification: meaning that we must correct the personal data if it is incorrect.
- Erasure: meaning that we must erase the personal data in certain circumstances, such as if there is no point in processing it any longer.
- Object to processing: meaning that you can object to processing based on our legitimate interests. In terms of marketing messages, we will stop the processing if you object to it (for instance by using the unsubscribe-link in our messages).
- Restriction of the processing: this is like an alternative to erasure, but where we only store the personal data without doing anything with it.
- Data portability: if you want us to transfer the personal data to someone else, we will help you with this.
Also, you have the right to lodge a complaint at the relevant supervisory authority, which in Sweden is Integritetsskyddsmyndigheten. If you are not based in Sweden, you may contact the supervisory authority that is the closest to you. You can find a list of supervisory authorities here.
5. DATA RETENTION
Device Information is not stored for longer than 26 months (Google Analytics) and 180 days (Facebook) before it is automatically deleted.
Order information is stored for 36 months. After that, necessary details will be stored in accordance with applicable laws (e.g. on bookkeeping and tax). Any personal data provided in the “special request” field of an order may be deleted sooner, if it is not relevant for the order.
If you have opted in to receive news and special offers from us, we will store you name and contact details until you opt out from receiving such messages, or contact us using the details below. You will find the option to opt out in our messages.
If we make changes to this Privacy Notice that significantly affects you, we will notify you by sending an email. Otherwise, we will make an announcement on the Website that the Privacy Notice has been updated. If your consent is required due to the changes, we will provide you additional prominent notice as appropriate under the circumstances and, ask for your consent in accordance with applicable law.
7. CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint directly to us, please contact us by e‑mail at firstname.lastname@example.org or by mail using the details provided below:
Silly Silas / Haptic District AB, Kungsholmen 4, 11227 Stockholm, Sweden