1. GENERAL PROVISIONS
1.1 This notice concerning personal data processing (Privacy Notice) tells you how panduro.com, Panduro Hobby AB (Panduro, us, our, we) collect and process data concerning you.
1.2 This Privacy Notice applies to the personal data you submit to us or which we collect via panduro.com, email, SMS messages and other electronic communications, calls placed to customer service, our stores, print and online forms for, e.g. competitions and events. Your data also include generally available information from social networks.
1.3 Panduro is the data controller (“controller”) of your personal data. Any inquiries you wish to make with Panduro may be made via the contact details provided under Section 7.
2. THE PERSONAL DATA WE COLLECT, AND THE PURPOSES AND LEGAL BASIS OF OUR DATA PROCESSING
2.1 When you visit panduro.com, we automatically collect data on your use of panduro.com; for example, on the type of browser you use, the search criteria you apply on panduro.com, your IP address, including your network address, as well as information about your computer or mobile device, geographical location and similar data. .
2.1.1 The purpose is to enhance your experience of using panduro.com and the features of the site, and for us to perform targeted marketing, including re-advertisement via Facebook, Instagram, Pinterest, Youtube and Google. The purpose of this personal data processing is for us to enhance panduro.com and show you a relevant assortment of products. .
2.1.2 The legal basis for our data processing is the balancing of “legitimate interest”, as defined in Article 6 of the General Data Protection Regulation (“GDPR”). .
2.2 When you enter into a contract with us or communicate with us on panduro.com, we collect the data you personally provide us with such as your name, address, email address, phone number, payment method, information on which items you purchased and which you might return, delivery preferences and data on the IP address from which your online order was placed. .
2.2.1 The purpose of this is for us to be able to supply the items you have ordered and to otherwise fulfil our contract with you, including in order to be able to administer your right to return items and right of complaint. We may also process data on your purchases in order to comply with statutory requirements, including as regards accounting and financial reporting. IP addresses are collected at the time of purchase to support the above purpose and to prevent fraud. .
2.2.2 The legal basis for this processing is the “contract”, as defined in Article 6 of the GDPR. .
2.3 When you enter into an contract with us, communicate with us or collect items in-store (which you have ordered from panduro.com), we collect the information (data) you personally provide us with such as your name, address, email address, phone number, payment method, information on which items you purchased and which you might return. .
2.3.1 The purpose of this is for us to be able to supply the items you have ordered and to otherwise fulfil our contract with you, including in order to be able to administer your right to return goods and right of complaint. We may also process data on your purchases in order to comply with statutory requirements, including as regards accounting and financial reporting. Manage your transactions, answer inquiries, resolve any complaints and provide support services (including technical support) and the like. .
2.3.2 The legal basis for this processing is the “contract”, as defined in Article 6 of the GDPR. .
2.4 When you subscribe to our newsletter, we collect data on your name and email address. .
2.4.1 The purpose of this is for us to fulfil our obligation and deliver the newsletter to you. .
2.4.2 The legal basis for this processing is the “contract”, as defined in Article 6 of the GDPR. .
2.5 When you subscribe to our customer club We are Panduro, you will be requested to provide data such as your name, address, email address and phone number. Any additional data you might provide us with are optional on your part. We also, for as long as you hold membership, collect data on your use of We are Panduro benefits, which competitions you enter, etc. We collate this data with other data retained on you, including data on items you have purchased and any you might have returned. .
2.5.1 The purpose of this is to be able to administer your membership and provide you with the services offered and to offer you the benefits linked to membership of We are Panduro, and to send you newsletters, SMS messages and postal mailings and perform targeted marketing. .
2.5.2 The legal basis for this processing is the “contract”, as defined in Article 6 of the GDPR. .
2.6 When you contact Customer Care by phone, letter or digital channels, including social media, we collect the data you personally provide such as your name, any ID, contact details such as your address, email and phone number. Your correspondence, data on the time and date of the purchase transaction, any defects/complaint. Technical data on your equipment. Health data (e.g. allergic reactions and health status and other information you submit to us at your option). User credentials for your personal account with us (for members only).
Calls placed with our Customer Care may be voice-recorded in accordance with applicable legislation for local operational requirements (e.g. for quality or training purposes) and in certain cases in order to record evidence of consent to direct marketing and profiling. Payment card data are not recorded. If required by applicable legislation, you will be notified that the call will be voice-recorded at the start of the call and you will be able to opt out of voice-recording. .
2.6.1 The purpose is to be able to fulfil our Customer Care services to you. Answer any queries, resolve any complaints and provide support services (including technical support) and the like. .
2.6.2 The legal basis for this processing is the “contract” and “legal obligation”, as defined in Article 6 of the GDPR. .
3. RECIPIENTS OF PERSONAL DATA
3.1 Data on your name, address, email address, phone number, customer number, order and invoice numbers and your delivery preferences will be transmitted to DHL or a carrier who fulfils delivery to you of the items you have purchased. .
3.2 Data may be transferred to a third-party partner who will process the data on our behalf. We use third-party partners for the purpose of technical services and enhancements of panduro.com, for mailing newsletters and for targeted marketing, including re-advertisement, and for your rating of our company and our products. Data on your name and your email address, may, for example, be forwarded to TrustPilot so that they, acting on our behalf, may invite you to rate us on the TrustPilot site. If you opt to provide a rating, TrustPilot’s controller will be responsible for the data you submit. This company is the data processor (“processor”) acting in compliance with our instructions, and processes data for which we are the controller. The processor is prohibited from using the data for purposes other than fulfilment of the contract with us and is subject to a non-disclosure agreement regarding their confidentiality. We have a written contract for processing with all data processing entities that process personal data on our behalf. .
3.3 Two of these data processors, Google Analytics under Google LLC and Facebook Inc. are domiciled in the USA. Due warranties regarding transfer of data to the USA have been ensured by means of the data processors’ certification according to EU-U.S. Privacy Shield; cf. Article 45 of the EU GDPR. .
3.3.1 A copy of Google LLC’s certification is available here:
3.3.2 A copy of Facebook Inc’s certification is available here:
3.4 We also share personal data with certain entities operating as independent controllers. The fact that such an entity operates as an independent controller means that it is not us that control how the information disclosed to that entity are processed. Independent controllers that we share your data with are.
1. National authorities (the police, tax authority or other public agencies) if we are required to do so by law or on suspicion of any infringement.
2. Companies offering payment solutions (card processing entities, banks and other payment service providers).
When your personal data have been shared with an independent data controller, that entity’s privacy notice and personal data processing are in force. .
4. YOUR RIGHTS
4.1 For the purpose of creating transparency surrounding the processing of your data, we, in our capacity as the controller, wish to inform you of your rights.
4.2 Right to access.
4.2.1 You have the right at any time to request information from us, including what data we have registered concerning you, the purpose of such registration, the categories of personal data and any third-party recipients of such data and information on where the data were obtained from. .
4.2.2 You have the right to receive a copy of the personal data we process concerning you. If you would like a copy of your personal data, please send a written request to Panduro Hobby, Attn: GDPR, SE-205 14 Malmö, Sweden. You may be asked to provide proof of your identity. .
4.3 Right to rectification
4.3.1 You have the right to have inaccurate personal data concerning you rectified by us. If you discover any errors in the data we have registered concerning you, we urge you to notify us in writing so that we can rectify your personal data. .
4.3.2 You are at liberty to personally rectify any data collected by us as a result of you obtaining membership of We are Panduro by signing into your account on panduro.com. .
4.4 Right to erasure (‘right to be forgotten’).
4.4.1 In certain cases, you have the right to have all or part of your personal data erased by us, for example, if you withdraw your consent and we have no other legal basis for continuing to process your data. Insofar as continued processing of your personal data is necessary, for example, in order for us to be able to fulfil our legal obligations or in order for legal claims to be established, exercised or defended, we may be unable to fulfil your request for erasure of your personal data. .
4.5 Right to restrict processing to storage.
4.5.1 Under certain conditions, you have the right to have the processing of your personal data restricted to only comprise storage, for example, if you regard the data we process concerning you as being inaccurate. .
4.6 Right to data portability.
4.6.1 Under certain conditions, you have the right to receive personal data that you have provided to us, in a structured, commonly used and machine-readable and compatible format and have the right to transmit those data to another controller. .
4.7 Right to object.
4.7.1 You have the right at any time to object to our processing of your personal data with respect to direct marketing, including the profiling carried out in order to target our direct marketing. .
4.7.2 Furthermore, you have the right at any time to object to our processing of your personal data performed on the legal basis for processing as set out in this Privacy Notice. However, we are unable to guarantee our fulfilment of all aspects of your request. We may, for example, need to retain your personal data for compliance with legislation or in order to fulfil our legal contract with you. .
4.8 Right to withdraw consent.
4.8.1 You have the right at any time to withdraw any consent you have granted us concerning certain types of personal data processing, including the profiling performed of you in your capacity as a member of We are Panduro. If you wish to withdraw your consent, please contact us at email@example.com. .
4.9 Right to lodge a complaint.
4.9.1 You have the right at any time to lodge a complaint concerning our processing of your personal data with the Swedish Data Protection Authority, Box 8114, SE-10420 Stockholm, Sweden. Complaints may be submitted to that authority by emailing firstname.lastname@example.org or by calling +46 8 657 61 00. .
5. ERASURE AND TRANSFER OF PERSONAL DATA
5.1 We store personal data for as long as is necessary in order to fulfil the purpose of the processing. .
5.2 Data collected concerning your use of panduro.com; cf. Section 2.1 will be deleted at the latest when you have not used panduro.com for 24 months. .
5.3 Data collected in connection with your subscription to our newsletter will be erased if you withdraw your consent to receive the newsletter unless we have another legitimate reason for processing your personal data. .
5.4 Data collected in connection with purchases you have made on panduro.com or in-store purchases; cf. Sections 2.2 and 2.3, will in the first instance be erased two years after the end of the calendar year in which the purchase was made. However, your data may be stored for longer if we have a legitimate interest in longer storage, for example, if it is required in order to establish, exercise or defend a legal claim or if storage is required for us to be able to comply with statutory requirements. In order to meet the requirements of the Swedish Accounting Act, accounting material must be retained for seven years until the end of a financial year. .
5.5 Data we have collected in connection with you gaining membership of We are Panduro; see Section 2.4, will be erased by us automatically if you have not logged in or made a member purchase in 24 months, or if you cancel your membership of We are Panduro. .
5.6 You have the right to request the relocation of your personal data (data portability). .
6. SECURITY OF PROCESSING
6.1 We have taken appropriate technical and organisational measures to prevent personal data from being inappropriately disrupted, lost, altered or destroyed and to prevent data intrusion or misuse. .
6.2 Only employees with a genuine need for access to your personal data in order to perform their duties shall have access to them. .
7. CONTACT DETAILS
7.1 Panduro.com, Panduro Hobby AB is the controller of the personal data collected via panduro.com. .
7.2 If you have any queries or points of view concerning this Privacy Notice or you wish to exercise one or more of your rights as described in Section 4, please contact: .
Panduro Hobby AB
SE-205 14 Malmö, Sweden
Tel: (+46) 040 – 22 30 70
8. AMENDMENTS TO THE PRIVACY NOTICE
8.1 The latest updated version of the Privacy Notice is always available to you on this section of the website. .
8.2 In the event of substantive amendments (such as a change in the purpose of our personal data processing or to the personal data categories), you will be duly notified of such changes by email or on panduro.com. .
9.1 This is version 3 of Panduro’s Privacy Notice, dated 2020-06-16. .