Our aim is for you to feel confident that your personal integrity is respected and that your personal data are processed correctly. We take responsibility for personal data processed by Gullers Trading and subsidiaries being used only for the intended purposes and being protected from unauthorised access. All processing of personal data within Gullers Trading is carried out in compliance with the applicable personal data legislation. Within the EU/EEA, the General Data Protection Regulation (GDPR) is applicable from May 2018.
“Personal data” covers all information that directly, or indirectly with other data, can be linked to a living physical person. This means that widely divergent data such as name and contact details, IP addresses, competition entries, options selected and behaviours all constitute personal data.
“Processing of personal data” is everything that happens to the personal data. Every action taken with personal data constitutes processing, irrespective of whether it is automated. This includes collection, registration, organisation, structuring, storage, processing or amendment, production, reading, use, passing on by transferring, dissemination or providing in some other way, adjustment or compilation, restriction, erasure or destruction.
Gullers Trading, org.nr. 559007-8605, Skaragatan 81B, SE-531 40 Lidköping is the data controller for the processing of personal data in accordance with the present policy.
Which personal data are collected and when are they erased?
We only process personal data when we have a lawful basis to do so. We do not process personal data unless it is necessary to fulfil contractual or statutory obligations. Here are some examples of the personal data we process:
We only process your personal identity number when this is clearly justified regarding purpose, necessary for secure identification or if there is some other reason worth consideration. We always minimise the use of your personal identity number wherever possible by using your birth registration number instead where this is sufficient.
The personal data will only be processed by us if this is necessary to fulfil the purposes of the processing or to fulfil Gullers Trading’s legal obligations. To meet current legal requirements, customers’ personal data may need to be saved longer than the purposes for which they were collected.
Wherever possible, we try to obtain your consent before starting to process your personal data. You consent to processing by accepting our general terms and conditions. When you consent to our general terms and conditions, you also consent to us processing your personal data.
We also gain access to your personal data in the following ways:
The personal data about you that are collected in connection with your direct contact with Gullers Trading or your use of our digital channels and associated services will be processed by Gullers Trading for the following purposes:
Gullers Trading always processes your personal data in accordance with the applicable legislation. We process your personal data when this is necessary to fulfil a contract with you or respond to your request for customer service, or when we have another legitimate and justified interest in processing your personal data. If Gullers Trading should process your personal data for a purpose that under applicable legislation requires your consent, we will obtain your consent in advance, by requiring you to actively click a box. In such cases, you may withdraw your consent at any time by contacting Gullers Trading email@example.com
Processing of personal data for provision of services that you have ordered, performance of other contracts or linked to actions you have requested prior to entering into such contract are based on Article 6.1 b) of the General Data Protection Regulation: necessary for the performance of a contract.
Processing of personal data for marketing purposes is based on Gullers Trading’s legitimate interest in marketing its services.
In addition, Gullers Trading processes personal data in accordance with applicable statutory requirements, e.g. pursuant to the Swedish Book-keeping Act (1999:1078).
In certain cases, we give specific companies access to your personal data in order to run the business and provide the company’s services. These companies are so-called data processors for us and may only process your personal data on our behalf and in accordance with our instructions. We primarily engage data processors who are subcontractors, but we may also engage data processors for marketing services, for example.
Written contracts with our data processors ensure, among other things, that the data processor applies security measures that are, as a minimum, equivalent to those we apply ourselves and that your personal data are not processed for purposes other than those for which we collected them.
As well as data processors, we may pass your personal data to authorities, e.g. the police, the Swedish Tax Agency or other authorities, to the extent we are liable to do so by law or where a crime is suspected.
Your personal data are processed within the EU/EEA, where all our own IT systems are based. If personal data should need to be processed outside the EU/EEA, we take all reasonable and legal, technical and organisational measures to ensure a level of protection equivalent to that within the EU/EEA. Such a level of protection is ensured either by a decision from the European Commission that the country in question has an adequate level of protection or by entering into approved standard contractual clauses or similar approved mechanisms to ensure protection of personal data.
We use IT systems and physical protection measures to protect your personal data from unlawful access, unintentional amendment or loss. Only those persons with an actual need to process your personal data for the purposes for which they were collected have access to them.
The right of access. As a data subject, you have a right of access to your personal data (a so-called register extract). If you wish to obtain a copy of the data held from Gullers Trading, contact us on firstname.lastname@example.org. The register extract will be sent to your registered address within 10 working days.
The right to rectification. You may also request your personal data to be rectified if they are incorrect. Within the framework of the specified purpose, you also have the right to complete any incomplete personal data.
The right to erasure. You may request erasure of personal data we process about you if:
Bear in mind that we may have the right to decline your request if there are legal obligations that prevent us from erasing certain personal data immediately. Such obligations derive from book-keeping and tax legislation and bank and money-laundering legislation, but also from consumer contracts legislation. It may also be that the processing is necessary to enable us to establish, exercise or defend legal claims. Should we be prevented from meeting a request for erasure, we will instead block the personal data from being able to be used for purposes other than the purpose preventing the requested erasure.
The right to restrict processing. You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process are correct, you may request restricted processing for the time we need to check whether the personal data are correct. If we no longer need the personal data for the specified purposes, but you on the other hand need them to be able to establish, exercise or defend a legal claim, you may request restricted processing of the data we hold. This means that you may request that we do not erase your data. If you have objected to a weighing of legitimate interest we have made as a lawful basis for a purpose, you may request restricted processing for the time we need to check whether our legitimate interests weigh more heavily than your interests in having the data erased. If the processing has been restricted in accordance with one of the situations above, apart from actual storage we may only process the data to establish, exercise or defend legal claims, to protect another party’s rights or if you have given your consent.
The right to object to certain types of processing. You have the right at any time to opt out of direct marketing and to object to all processing of personal data based on a weighing of interests. If we use a weighing of interests as a lawful basis for a purpose, you have the opportunity to object to the processing. To be able to continue processing your personal data after such an objection, we need to be able to show a compelling legitimate reason for the processing in question that weighs more heavily than your interests, rights or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.
The right to data portability. If our right to process your personal data is based on either your consent or performance of a contract with you, you have the right to request to have the data concerning you that you provided to us transferred to another data controller (so-called data portability). One condition for data portability is that the transfer is technically feasible and can be carried out by automated means.
You have the right at all times to submit a complaint about the processing of personal data to the Swedish Data Protection Authority.
We have adapted our website and our routines to reflect the General Data Protection Regulation (GDPR). Among other things, this means we do not save sensitive personal data without obtaining consent, we do not transfer personal data, and we have clear rules and routines for how we save personal data, why we do so and for how long we save them. We also ensure that we do not save them longer than necessary.
Gullers Trading may use third parties, including Matomo and Google Analytics, to analyse and optimise the traffic to and on our website. Gullers Trading may also use third parties, e.g. Facebook and Instagram, to be able to tailor marketing to you.
We use all our statistics in anonymous and aggregate form. This means we do not generate information on individual users but only on traffic and traffic providers.
All visitors have the right not to allow cookies, but there is a risk that the website will not behave correctly if cookies are not accepted. All web browsers can be set so as not to accept cookies. This is usually done under Settings in the browser.