Privacy & cookie policy

Why and for whom?

At Aselma Retail AB (Sortix.se), organization number 559381-2190, (" Sortix ", " we ", " us ", " our ") we care about personal privacy. This means that we respect and protect your privacy and the right to control and transparency when processing your Personal Data.

This Privacy Policy (the " Policy ") applies to the processing for which Sortix is the Personal Data Controller. The policy describes overall the purposes for which we need your Personal Data, the legal basis we rely on and the measures we take to protect personal data. We also inform you of how you can exercise the rights you have linked to our processing of your Personal Data.

The policy informs about our handling of Personal Data in cases where you communicate with us, buy our products or visit our website https://sortix.se (collectively " Functions ").

This policy is aimed at:

Potential customers
Customers
Visitors to our website

Definitions

" Processing " of Personal Data is everything that can be done with a Personal Data, e.g. storage, modification, reading, transmission, etc.

" Governing Law " is the legislation applicable to the processing of Personal Data including the General Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.

" Personal data " is any kind of information that can be linked to an identifiable, living person.

" Personal data controller " is the company/organization that decides for which purposes and in what way the Personal Data is to be processed and is thus also responsible for Personal Data being processed in accordance with Applicable Law.

" Personal data assistant " is the company/organization that processes Personal Data on behalf of the Personal Data Controller and may therefore only process the Personal Data in accordance with the Personal Data Controller's instructions and Applicable Law.

" Registered " means the living, natural person whose Personal Data is processed.

Sortix's personal data responsibility

The information in this Policy covers the Processing of Personal Data for which Sortix is the Personal Data Controller, i.e. the Processing for which we determine the purpose of (why a processing is done) and means for (in what way, which personal data, for how long, etc.). The policy does not describe how we process personal data in the role of Personal Data Officer - i.e. when we process personal data on behalf of our customers.

We sell household products through e-commerce. We therefore need to process your personal data in order to send out the goods you have ordered. We may also use your personal data for marketing purposes by sending out offers and information.

Sortix's processing of personal data

We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to give you an understanding of the types of personal data we process about you and for what purposes.

How long do we save your Personal Data?

We save your Personal Data for as long as is necessary with regard to the purpose for which it was collected. Depending on the legal basis on which we support the processing, this may a) result from an agreement, b) depend on a valid consent, c) appear from legislation or d) result from an internal assessment based on a balancing of interests.

We never save your Personal Data for longer than necessary and regularly delete Personal Data. Sortix also takes reasonable measures to keep the Personal Data that is processed up-to-date and to delete outdated and otherwise incorrect or redundant Personal Data.

Treatments

The main purpose of the personal data processing that we carry out is to provide, perform and improve our services to you. There are several different reasons why we may need to collect, process and save your data.

We mainly process the following personal data:

Contact and identification information to confirm your identity, verify your information and be able to communicate with you
Information about your use of the service or product in order to improve your customer experience
IP address to perform customer analysis and for content on our site to be presented effectively to you and the device you are using
Consumption patterns to be able to cater to you with specific offers
Payment information to be able to offer, for example, direct debit and other payment methods

How do we get access to your personal data?

We collect your personal data in a number of different ways. We mainly get access to your personal data:

Because you yourself have provided your personal data to us
Through third-party analysis technology, e.g. cookies
Through information that has been created from the analysis of data

Legal grounds

In order for us to process your personal data, it is required that we have a so-called legal basis for the respective processing. In our business, we process your personal data primarily on the following grounds:

Consent - Sortix processes your Personal Data after we have received your consent to Processing. Information about the treatment is always provided in connection with asking for consent.

If you want additional information about the legal basis(s) for which we process your personal data, you always have the right to request a so-called register extract. Read more under "How to use your rights" below.

Your rights

You are the one who decides on your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access - You always have the right to receive information about the Personal Data Processing that concerns you in a so-called register extract. From the register extract, it appears that, among other things, which of your personal data we have stored and for which purposes and on which legal basis. We only release information if we have been able to ensure that it is actually you who is asking for the information.

Correction - If you discover that the Personal Data we process about you is incorrect, contact us and we will fix it!

Deletion - Do you want us to forget you completely? You have the right to request the deletion of your Personal Data when they are no longer necessary for the purpose for which they were collected. If we are required to retain your data by law or an agreement we have entered into with you, we will ensure that it is only processed for the specific purpose stated in the law or agreement. We then ensure that the data is deleted as soon as possible.

Objection - Do you not agree with us that our interest in processing your Personal Data outweighs your interest in protecting personal integrity? No problem - in that case we will review our balance of interests and check that it still holds. We will of course take your objection into account when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.

Limitation - You can also ask us to limit our processing of your data:

During the time we are dealing with a request from you about any of your other rights.
If, instead of requesting deletion, you want us to mark that the data should not be processed for a certain purpose. If you e.g. do not want us to send you advertising in the future, we still need to save your name to know that we should not contact you.
In cases where we no longer need the data for the purpose for which it was collected, provided you do not have an interest in us retaining the data in order to assert a legal claim.

Data portability - We can give you the information you have provided to us yourself or that we have received from you in connection with entering into an agreement with you. You receive your data in a commonly used and machine-readable format, which you can then take with you to another Personal Data Controller.

Withdraw consent - If you have consented to one or more specific processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to cease the Processing immediately. Please note that you can only withdraw your consent for future Processing(s) of Personal Data and not for any Processing that has already taken place.

How to use your rights

Transfer of Personal Data

In order to conduct our business, we may need the help of others who process Personal Data on our behalf, so-called Personal Data Processors.

In cases where our Personal Data Assistants transfer the Personal Data to a country outside the EU/EEA, we have ensured that the Processing is legal according to Applicable Law by having one of the following requirements met:

there is a decision from the European Commission that the country ensures an adequate level of protection;
application of the European Commission's standard contractual clauses for third country transfers; or
other appropriate protective measures that comply with Applicable Law.

We have entered into personal data processor agreements (PUB agreements) with all of our Personal Data Processors. The PUB agreement regulates how the Personal Data Processor may process the Personal Data and which security measures are required for the processing of personal data.

We may also need to provide your Personal Data to certain designated authorities in order to fulfill obligations according to law or authority decisions.

Our Personal Data Assistants

Sortix does not sell your personal data to anyone and of course we do not share your personal data with anyone. In some cases, however, we may share your Personal Data with selected third parties. If that happens, we make sure that the transfer takes place in a secure way that preserves your privacy. Below are categories of recipients with whom we may share your information.

Providers of marketing services, e.g. advertising agency for creating campaigns or supplier for help with sending out by post or email.
IT suppliers for, for example, business systems and case management. In order to carry out our assignments and services, we store your data in our business systems (a system that administers our customers and contacts).
System for conducting customer analysis and producing statistics to contribute to industry statistics and to improve the customer experience.

Security

Sortix has taken technical and organizational measures to ensure that your personal data is processed securely and that it is protected from loss, misuse and unauthorized or unauthorized access.

Our security measures

Organizational security measures are measures that are implemented in working methods and routines within the organization. Our organizational security measures are:

Login and password management
Information Security Policy

Technical security measures are measures implemented through technical solutions. Our technical security measures are:

Encryption
Access list
Access log
Secure network
Backup

Cookies

Sortix uses cookies and similar tracking technologies to, among other things, analyze how Features are used so that we can provide you with the absolute best user experience. More information about how we use cookies can be found in our Cookie Policy (https://sortix.se/cookies).

If we don't keep what we promise

If you feel that we are processing your Personal Data incorrectly, even after you have alerted us to this, you always have the right to submit your complaint to the Swedish Privacy Protection Authority.

More information about our obligations and your rights can be found on the Swedish Data Protection Authority's website ( https://www.imy.se/ ). You can also contact the authority at imy@imy.se.

Changes to this policy

We reserve the right to make changes to this Policy. In cases where the change affects our obligations or your rights, we will inform about the changes in advance so that you are given the opportunity to take a position on the updated policy.