This privacy policy ("Privacy Policy") applies to laurapalmroth.com website ("Website"). The Website is owned by Laura Palmroth AB, a company headquartered in Stockholm, Sweden, [Agavägen 23, lgh.1001, 18155 Lidingö], registered with [Bolagsverket], under no. 559276-0440, [SE855000000005], e-mail address laura@laurapalmroth.com, represented by Laura Palmroth, in her capacity as Director, hereinafter referred to as "We" or “Laura Palmroth AB” or the "Company" or the "Controller".
Laura Palmroth AB is the Controller (as defined below) of your Personal Data (as defined below), according to the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). This Privacy Policy informs you on the Personal Data we collect and process, the purposes and the legal basis of the Processing (as defined below), and any other relevant information as per the GDPR.
The Company has designated a Data Protection Officer (DPO), as follows:
Name: [Juha Kunnas]
Address: [Agavägen 23, lgh.1001, 18155 Lidingö]
E-mail address: [info@laurapalmroth.com]
Phone number: [+46 722077460]
For the purpose of selling you our products or based on your consent, we process Personal Data jointly with our Joint Controllers (as defined below).
Joint Controller is Facebook Ireland Ltd - the operator of the social network Facebook and Instagram (Laura Palmroth AB becomes joint controller, as we operate the Laura Palmroth AB Facebook and Instagram business pages). We have entered into a controller addendum with Facebook Ireland Ltd, to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint Processing. Relevant aspects of this joint Processing are illustrated in this Privacy Policy below.
We have also agreed with our Joint Controller the following: (i) that Laura Palmroth AB is responsible for providing Data Subjects with the information on joint Processing of Personal Data, as mentioned herein below; (ii) after the joint Processing, Facebook Ireland Ltd is responsible for the exercise of your rights provided herein below.
You may contact and exercise your rights provided herein against each of the Joint Controllers. However, the contact point for you regarding the processing of Personal Data related to this Privacy Policy shall be: Laura Palmroth AB. For any matters related to Personal Data Processing, including joint Processing, please contact us to the email address laura@laurapalmroth.com or [info@laurapalmroth.com].
Please read this Privacy Policy and the Cookies Policy carefully. If you do not agree with these documents, we might not be able to respond to your inquiries, but in any case, you will not incur any negative consequences.
By ticking the boxes related to this Privacy Policy before using the Website, you agree that you have read, understood, and agree that your Personal Data will be processed in accordance with this Privacy Policy. Cookies Policy is separately provided to you and you will be able to separately consent. Nevertheless, there are certain Processing operations requiring your explicit consent, such as for marketing purposes, and you will be duly informed in this respect before giving your consent.
Definitions
‘Account’ means the user account you can create on the Website, in order to purchase our products;
‘Personal Data’ means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Special Categories of Personal Data’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Joint Controllers’ means controllers who jointly determine the purposes and means of Processing;
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
‘Sub-processor’ means the processor engaged by the Processor for carrying out specific Processing activities on behalf of the Controller;
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘Third Party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘Third Country’ means any country located outside of the European Economic Area.
What personal data do we collect, for what purpose and how do we use them
In what context do we collect your Personal Data
What type of Personal Data do we collect
For what purpose do we use the Personal Data
What is the legal basis of the Personal Data processing (according to the GDPR)
When you create an Account on the Website
Last name, first name, e-mail address, password
In order to create your Account
Processing is necessary in order to take steps at the request of the Data Subject prior to entering into a contract – Article 6 (1) (b) of the GDPR.
You are not obliged to provide these data, but if you do not provide these data Laura Palmroth AB will not be able to carry out necessary steps for the execution and performance of the contract with you.
The Website may also be used if you decide not to create an Account by providing Personal Data, but certain data may be collected through cookies – please see Cookies Policy in this respect.
For purchase of products, including invoicing
Last name, first name, e-mail address, payment details (credit/ debit card details etc.)
In order to be able to sell you our products
Processing is necessary for the performance of a contract to which the Data Subject is party – Article 6 (1) (b) of the GDPR.
For the avoidance of any doubt, your consent to the conclusion of the contract with us is different from the consent given for Personal Data Processing, where applicable.
You are not obliged to provide these data, but if you do not provide these data Laura Palmroth AB will not be able to carry out necessary steps for the execution and performance of the contract with you.
For fraud prevention and security related reasons
Last name, first name, e-mail address, and, as the case may be, Personal Data comprised within your valid government-issued photo identification, and possibly a copy of a recent bank statement for the credit or debit card
In order to be able to prevent frauds and security issues
Our legitimate interest - Article 6 (1) (f) of the GDPR
Laura Palmroth AB legitimate interest in processing these data arises from the interest in preventing frauds and maintaining the security of operations.
In order to provide assistance to the Website users
Last name, first name, e-mail address, and any other data you directly provide us with.
For the offering of technical assistance to the users, communicating with you and solving your requests/ complaints
Our legitimate interest – Article 6 (1) (f) of the GDPR.
Laura Palmroth AB legitimate interest in processing these data arises from the interest in resolving your requests/ complaints and thus in ensuring and increasing client satisfaction; or processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract – Article 6 (1) (b) of the GDPR.
You are not obliged to provide these data, but if you do not provide these data Laura Palmroth AB will not be able to offer you assistance or solve your requests/ complaints or execute/ perform the contract.
For compliance with applicable laws
Last name, first name, e-mail address
To comply with our legal obligations, for example for information archiving, reporting towards public authorities/ institutions
Processing is necessary for compliance with a legal obligation to which the Controller is subject – Article 6 (1) (c) of the GDPR
On-line browsing (information collected with the help of cookies or similar technologies), for analytics purposes
Please see our Cookies Policy for further information.
We use tools provided by Facebook Ireland Ltd and Instagram to receive anonymous, aggregated statistics about our visitors to our Facebook and Instagram business pages (through Facebook and Instagram Insights).
We use the Laura Palmroth AB Facebook and Instagram business pages, and we jointly process Personal Data with Facebook Ireland Ltd when you visit our Facebook and Instagram business pages. We have entered into agreements with Facebook that define the terms for use of the Facebook business page.
Facebook Ireland is a Joint Controller of the joint Processing and the information required by Article 13(1)(a) and (b) of the GDPR can be found in Facebook Ireland’s data policy at https://www.facebook.com/about/privacy.
To create statistics regarding the traffic on our Facebook and Instagram business pages. This helps us to understand how visitors are engaging with our content.
Your consent - Article 6 (1) (a) of the GDPR, for the purpose of analytics.
Depending on the types of cookies, your consent may or may not be required - please carefully read the Cookies Policy. For the use of cookies that require your consent, if you do not express your consent, those cookies will not be used, without negative consequences for you. You may express your consent by ticking the boxes on the Website for each type of cookie and data as you will be informed upon and only the cookies you expressed your consent for will be placed on your computer/ device.
Laura Palmroth AB ensures that you are well informed at all times, thus at intervals of 6 months we will again request your consent.
Further information on how Facebook Ireland processes Personal Data, including the legal basis Facebook Ireland relies on and the ways to exercise Data Subject rights against Facebook Ireland, can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy
For more relevant information, please study: https://www.facebook.com/legal/technology_terms, https://www.facebook.com/legal/controller_addendum
Laura Palmroth AB shall not process Personal Data for automated individual decision-making, direct marketing and advertising profiling without your express prior consent for such purposes.
Laura Palmroth AB shall not process Special Categories of Personal Data.
In case you might need additional information regarding the Processing of your Personal Data, please contact our Data Protection Officer to the following email address: [info@laurapalmroth.com].
To whom is your personal data disclosed
Laura Palmroth AB ensures data confidentiality at all times. However, there are circumstances when we will disclose Personal Data, as applicable, to certain Recipients as follows:
Within the European Economic Area:
if we have legal obligations in this respect – for instance, we can disclose Personal Data to tax authorities and other authorities/ institutions requiring them;
for the purpose of exercising or defending our legitimate rights and interests - for instance, to enforce our agreement: lawyers, consultants etc.;
for the purpose of selling you our products and providing you assistance, your Personal Data will be transferred to our partners, such as payment service providers, accountants, marketplaces;
you have given your consent for this purpose, if applicable.
Outside the European Economic Area/ Third Countries:
As applicable, when we, our Joint Controllers, Processors and Sub-processors engage in such transfers, a variety of legal mechanisms are used, including contracts such as the standard contractual clauses published by the European Commission. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where Laura Palmroth AB or its Joint Controllers, Processors/Sub-processors process Personal Data, please see this article on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
(i) When we sell our products on marketplaces, please refer to the privacy policies of the respective marketplaces where you buy our products from;
(ii) The Website is developed via Squarespace, and Personal Data may be processed by Squarespace in order to provide you assistance. Please carefully read the privacy policy of Squarespace: https://www.squarespace.com/privacy. For information on the security measures taken by Squarespace, please refer to the data processing agreement between us and Squarespace: https://www.squarespace.com/dpa;
(iii) For the purpose of selling you our products, your Personal Data will be transferred to our payment service providers, namely Stripe and PayPal. Please refer to their privacy policies: https://stripe.com/en-ro/privacy, https://support.stripe.com/questions/accept-and-download-your-data-processing-agreement-(dpa)-with-stripe, https://www.paypal.com/ga/webapps/mpp/ua/privacy-full, https://www.paypal.com/ga/webapps/mpp/ua/bt-data-protection;
(iv) Based on your consent, for analytics purpose, your Personal Data will be shared with Facebook Ireland Ltd – for information on how Facebook transfers your Personal Data, please refer to their privacy policy: https://www.facebook.com/about/privacy;
(v) Laura Palmroth AB will exceptionally transfer Personal Data to Third Countries in the following circumstances:
a) If required to do so by law, comply with legal process or to comply with a governmental or regulatory request, subject to requirements provided under Article 49 (1) d) of the GDPR;
b) To protect and defend the rights or property of Laura Palmroth AB, as part of a transaction where they merge with another organization, files for bankruptcy, or sells its assets or capital stock, where the transfer is necessary for the establishment, exercise or defense of the legal claim in question, under Article 49 (1) e) of the GDPR.
Your rights and how can you exercise them
The right
Details
The right to access
You can request information related to the Personal Data that we process
The right to rectification
You can request the rectification of the data if the information is inaccurate
The right to the erasure of the data (‘right to be forgotten’)
You can request the erasure of the data, in certain conditions (specified in GDPR), namely:
If personal data are no longer necessary for the purposes for which they were collected or processed;
if you withdraw your consent and there is no other legal ground for the processing;
if you object to the processing and there are no legitimate reasons to prevail;
if the personal data have been unlawfully processed;
if personal data must be deleted in order to comply with a legal obligation.
The right to the restriction of the processing
You can request the restriction of your personal data processing, when one of the following applies:
the accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of the Personal Data;
the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead;
we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
you have objected to processing pending the verification whether our legitimate grounds override yours.
The right to oppose
You can oppose to the Processing, in certain conditions (specified in GDPR), namely and where applicable, when we process Personal Data based on our legitimate interest or for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.
The right to the portability of your Personal Data
You can request a copy of your data in a structured, commonly used and easy-to-read format, and you can receive it in an electronic format, respectively the right for these data to be transmitted by us to another data controller, insofar as the conditions provided by law are met.
The data to which the right to portability applies are either those obtained by your consent or by a contract with us.
The right to oppose to an automatic individual decisional process, including profiles creation
You can oppose to any automatic individual decisional process including profiles creation
The right to withdraw consent
The right to withdraw consent
Where applicable, namely where Data Processing is based on the legal basis of consent provided at Article 6 (1) (a) of the GDPR, you have the right to withdraw consent at any time, as easy as you originally gave it, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal.
The right to file a complaint at the Supervisory Authority
You can file a complaint at the Supervisory Authority for Personal Data Processing
You can exercise the above rights by sending an e-mail in this regard to the address laura@laurapalmroth.com. Also, you can contact our Data Protection Officer [info@laurapalmroth.com], who is available for any questions related to the protection of your Personal Data.
Your answer will be transmitted in accordance with the GDPR provisions, in not more than a month since the receiving of the request. This period of a month can be prolonged with two months if the complexity of the request and/or if the number of requests are imposing it.
Amendments to this Privacy Policy
Laura Palmroth AB may change this Privacy Policy by notifying you in this respect at least 30 days before the change takes effect via e-mail and/or through a notice/pop-up on the Website home page or via the Account. We will publish a new version on the Website. You will have the opportunity to accept or refuse the revised Privacy Policy.
This document was last updated on 14-03-2021.