This policy applies to all personal data that is gathered or otherwise processed by the data controller, Marifix Produktion AB (corp. reg. no. 559196-9877, Industrigatan 33, 312 34 Laholm, Sweden).
The policy may be updated in the event changes are made to the way we process personal data, in order to clarify the text, or in the event of changes to the law.
If you have any questions regarding the policy or data protection in general, or if you believe that we have processed your personal data incorrectly, please contact us at firstname.lastname@example.org and we will be happy to respond.
Processing personal data
Purchases and customer accounts
In order to manage purchases and customer relationships, we save the information you specify as well as certain other information.
We need the information you provide in order to process your order and, if necessary, to be able to contact you. Your IP address is stored in connection with purchases via the online store in order to prevent attempted fraud.
Your current shopping cart is also stored in the online store in order to facilitate support and allow targeted e-mails (see the heading Newsletters and marketing).
Purpose: Order management, enable customer relationships and support, enable targeted marketing, establish purchase history and prevent fraud.
Personal data that is processed: Name, address, telephone number, e-mail address, social security number, IP address, website activity and purchase history.
Legal basis: Performance of contracts – in order for us to process your order and manage your account in accordance with the purchasing terms.
Retention period: 36 months after the last purchase and thereafter 12 months after the last login, or until you choose to close your account. The data used to process the order is kept for 10 years for accounting purposes.
Newsletters and marketing
If you are a customer and have not declined to be on the mailing list, or if you have opted in to it, newsletters and similar material will occasionally be sent to your e-mail address.
If you are a customer with us, we may also target mailings at your activity in the online store. Examples include reminders of a forgotten shopping cart, or information relating to a product you have purchased.
New customers need to agree to join the mailing list. Previously customers were added automatically, with reference to the Swedish Marketing Act.
You can decline further mailings at any time. This is done through My account (if you are a customer), or via the opt-out link at the bottom of each mailing.
Purpose: Marketing and communicating information.
Personal data that is processed: Name, e-mail address, website activity and completed purchases.
Legal basis: Legitimate interest – according to the Marketing Act, companies are entitled to target marketing to their customers. Recipients who are not customers have themselves registered an interest in receiving newsletters.
Retention period: For customers, until the customer account is terminated (see the heading Purchases and customer relationships). For other recipients, until you unsubscribe.
If you request a quote for a railing or other item, your information will be saved in order that we can process your enquiry.
Purpose: To manage quote requests.
Personal data that is processed: Name, address, phone number, e-mail address, social security number.
Legal basis: Performance of contracts – necessary processing before and in conjunction with entering into agreements.
Retention period: During the ongoing matter. In the event of an approved quote, the policy applies to Purchases and customer relationships.
Contact and support
In order for you to be able to get in touch with us, we use e-mail and telephony services. Certain information is processed in this context.
Our ambition is to only save your personal data for the time it is required, while at the same time endeavouring to maintain long-term customer relationships. That is why we have implemented, and are continuing to implement, measures to improve this data management.
In order to sort incoming calls, we use a PBX and telephone answering service. The service creates tasks in the form of e-mail messages. For this reason, personal data is treated in a similar way during telephone calls as with e-mails.
Purpose: To enable contact by e-mail and phone, to sort incoming calls.
Personal data that is processed: Name, phone number, e-mail address.
Legal basis: Legitimate interest – necessary for the purpose.
Retention period: E-mails are saved for 36 months. In the case of telephone contact, the information is stored at the agent for 3 months. Other than that, the same retention period as for e-mail applies.
Sharing personal data
When necessary, we may share your personal information with personal data processors. Examples of processors include payment solutions, invoicing services and forwarding agents. Marifix has entered into data processing agreements with these operators.
For some of our payment methods, the company that provides the payment service is independently responsible for any personal information they receive (they are the data data controller). In those cases that company's personal data management policy applies.
We do not share your personal information with third parties, other than what is necessary for the business. We do not sell your personal information.
Here we have summarised some of the fundamental rights that you, as a data subject, have according to the General Data Protection Regulation (GDPR). If you would like to know more about your rights, we recommend the European Commission's website about GDPR, where you can also read the Regulation in its entirety.
Information about processing
This policy includes information about the categories of personal information we process and why. Should we need to supplement this with more specific information, for example in the event of a security incident, this primarily takes place by e-mail.
Register extracts and corrections
You are entitled, on request, to have access to the personal data relating to you, along with information about the purpose of processing the data, any recipients of the personal data and the anticipated retention period. You are also entitled to have your personal data amended in the event it should be inaccurate.
Restriction and deletion
In certain cases, you are entitled to have your personal data deleted, for example if it is no longer needed for the purpose for which it was collected, or if has been processed incorrectly.
In cases where it is uncertain whether personal data has to be deleted or amended, you are entitled to request “restriction of processing”. In this case, the personal data may only be used for specific purposes, such as to protect legal rights or in the event of legal claims.
In the case of personal information that you have provided to us, you can request for the data to be moved to another company, for example.
In those cases where we process personal data with the balancing of interests as the legal basis, you are entitled to object to such processing. In such cases, it is only permissible to continue processing personal data for this purpose if it can be demonstrated that there are legitimate reasons why the data must be processed, which outweigh the interests and rights of the individual.
Supervisory authority and complaints
The Swedish Data Protection Authority is the authority responsible for the supervision of data protection issues in Sweden, where Marifix is based. If you believe that your personal data has been processed incorrectly by us, you are entitled to report this to them.
The Swedish Data Protection Authority asks parties to attempt to resolve such problems themselves in the first instance. For this reason, we would be grateful if you could contact us at email@example.com, so that we can resolve the problem.