Personal Data PolicyIn general
This policy on the processing of personal data (hereinafter “Personal Data Policy”) describes how Liewood ApS (hereinafter “Liewood”, “us”, “our” or “we”) collects information about you.
The Personal Data Policy applies to personal data which you provide us with or which we collect via the Liewood website, www.liewood.com (hereinafter “website”).
With regard to your personal data, Liewood is the data controller. All inquiries to Liewood can be made via the contact information stated under Contact information.
What personal data do we collect and for what purpose, and what is the legal basis for processing the data?
When you visit our website, we automatically collect information about you and your use of the website, e.g. which type of browser you are using, the search terms you use in the website, your IP address, including your network location, and information about your computer.
- The purpose of this is to optimize user experience and the website’s function, and to carry out targeted marketing, including retargeting via Facebook and Google. This data processing is necessary so that we can pursue our interests in improving the Website and showing you relevant offers.
- The legal basis for the processing is the EU General Data Protection Regulation, Article 6 (1f).
When processing orders and agreements with our agent, retailers and other collaborative partners it may in some instances involve processing of personal data. This data is either collected directly from the relevant collaborative partner or through our agents. The data includes name, address, e-mail address, telephone number, payment method, information about which products you purchase and any you may have returned, delivery wishes, and information about the IP address from which your purchase is being made.
- The purpose of this is to enable us to provide the products that you have ordered and to fulfil our agreement with you, and furthermore, that we are able to administer your right to return goods and to make complaints. We may also process information about your purchase in order to comply with legal requirements, including bookkeeping and accounting. When a purchase is made, the IP address is collected in order to pursue our interests in being able to prevent fraud.
- The legal basis for the processing is the EU General Data Protection Regulation, Article 6 (1b, 1c and 1f).
- The purpose of this is so that we can pursue our interest in being able to supply you with the newsletter.
- The legal basis for the processing is the EU General Data Protection Regulation, Article 6 (1a or 1f).
Recipients of personal data
Information about your name, address, e-mail address, telephone number and order number and specific delivery wishes are forwarded to GLS, UPS or a carrier, who manages the delivery of the purchased goods to you.
Information may be entrusted to external partners, who process the information on our behalf. We use external partners to, among other things, manage the technical operation of and make improvements to our website, issue newsletters and target marketing, including retargeting, and for your assessment of our company and products. These companies are data processors and are under our instructions, and they process data that we are the data controller of. The data processors may not use the data for any purpose other than the fulfilment of the agreement with us and are subject to confidentiality in this regard. We have entered into written data processor agreements with all of the data processors that process personal data on our behalf.
Two of these data processors, Google Analytics owned by/Google LLC and Facebook Inc. are established in the USA. The necessary guarantees for the transfer of data to the USA are ensured through the data processor’s certification under EU-US Privacy Shield, cf. the EU General Data Protection Regulation, Article 45.
- Google LLC’s certification is available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
- Facebook Inc.’s certification is available here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
In order to create openness with regard to the processing of your data, as the data controller, we must inform you of your rights.
Right of access
You are entitled at all times to request information from us about, among other things, what data we have registered about you, to what purpose does the registration serve, which categories of personal data and recipients of data there may be, and information about where the data comes from.
You are entitled to receive a copy of the personal data, which we process about you. If you wish to receive a copy of your personal data, you must send a written request by email, addressed to email@example.com. You may be asked to document that you are who you claim to be.
Right to make correction
You have the right to order us to correct any incorrect information about you. If you have become aware of an error in the information that we have registered about you, you are encouraged to contact us in writing about this, so that we can correct the information.
Right to erasure
In certain situations, you have the right to have all of your personal data with us erased, e.g. if you withdraw your consent and we do not have another legal basis for continuing with the processing. To the extent that the continued processing of your data is necessary, e.g. in order that we comply with our legal obligations or that a legal requirement can be established, exercised or defended, we are not obligated to delete your personal data.
Right to restriction of processing to storage
In certain situations, you have the right to restrict processing of your personal data to storage only, e.g. if you believe that the information about you is incorrect.
Right to data portability
In certain situations, you have the right to have the personal data that you have personally provided to us, returned to you in a structured, commonly used and machine-readable format and have the right to transfer this data to another data controller.
Right to object
You have the right to object at any time to our processing of your personal data for direct marketing, including profiling carried out in order to target our direct marketing.
In addition, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which we carry out on the basis of pursuing our legitimate interests under which information we collect.
Right to withdraw consent
At any time you have the right to withdraw the consent you gave to us for a given processing of personal data. If you wish to withdraw your consent, please contact us by email at firstname.lastname@example.org.
Right to complain
You have the right to submit a complaint at any time about our processing of your personal data to the Danish Data Protection Agency, Borgergade 28, 5, 1300 Copenhagen K. Complaints can also be submitted by email, addressed to email@example.com or made by telephone by calling +45 33 19 32 00.
Erasure of personal data
With regard to the data collected about your use of the website, cf. which information is collected, we deleted this when it is not relevant for us anymore.
Information collected when you subscribe to our newsletter is deleted once you have withdrawn your consent to receive the newsletter unless there is another basis for processing the information.
With regard to information collected in connection with purchases you have made through the website, cf. which information is collected, we will generally delete this after three years following the end of the calendar year in which you made your purchase. However, information may be stored for a longer period of time if we have a legitimate need for longer storage, e.g. if it is necessary because a legal requirement can be established, exercised or defended, or if storage is necessary for us to meet legal requirements. Accounting material is stored for five years to the end of a calendar year to meet accounting law requirements.
We have carried out appropriate technical and organisational security measures against personal data being accidentally or illegally destroyed, lost or impaired and against becoming available to unauthorised persons, or misused.
Only employees who have a real need to gain access to your personal data in order to carry out their work, are given access to the personal data.
Liewood is the data controller for personal data that is collected via the Website.
If you have any questions or comments about this Personal Data Policy or wish to exercise one or more of your rights described in paragraph 4, then please contact:
Strandlodsvej 42A, st.
DK-2300 Copenhagen S
Telephone: +45 31 32 63 11
Changes to the Personal Data Policy
This Personal Data Policy may be amended from time to time. You can always find the latest version of our Personal Data Policy on our website.