The product is now in your cart

Shopping bag

1. GENERAL PROVISIONS

1.1 This notice concerning personal data processing (Privacy Notice) tells you how Panduro Hobby AB (Panduro, us, our, we) collect and process personal data concerning you. in connection with your use of our website at www.panduro.com.

1.2 This Privacy Notice applies to the personal data you submit to us or which we collect via panduro.com, email, SMS messages and other electronic communications, calls placed to customer service, our stores, print and online forms for, e.g. competitions and events. Your data also include generally available information from social networks. 

1.3 Panduro is the data controller (“controller”) responsible for the processing of your personal data. Any inquiries you wish to make with Panduro may be made via the contact details provided under Section 7.

2. THE PERSONAL DATA WE COLLECT, AND THE PURPOSES AND LEGAL BASIS OF OUR DATA PROCESSING

2.1 When you visit panduro.com, we automatically collect data on your use of panduro.com; for example, on the type of browser you use, the search criteria you apply on panduro.com, your IP address, including your network address, as well as information about your computer or mobile device, geographical location and similar data.  .

2.1.1 The purpose is to enhance your experience of using panduro.com and the features of the site, for example, by presenting you with a relevant assortment of products, and for us to perform targeted marketing, including re-advertisement via Facebook, Instagram, Pinterest, Youtube and Google. 

2.1.2 The legal basis for our data processing is the “balancing of interests” according to Article 6 of the General Data Protection Regulation (“GDPR”). Our legitimate interest is to enhance your experience of using panduro.com and the features of the site, for example, by presenting you with a relevant assortment of products, and for us to perform targeted marketing.

2.2 When you enter into a contract with us or communicate with us on panduro.com, we collect the data you personally provide us with such as your name, address, email address, phone number, payment method, information on which items you purchased and which you might return, delivery preferences and data on the IP address from which your online order was placed. 

2.2.1 The purpose of this is for us to be able to supply the items you have ordered and to otherwise fulfil our contract with you, including in order to be able to administer your right to return goods and right of complaint. We may also process data on your purchases in order to comply with statutory requirements, including as regards accounting and financial reporting. IP addresses are collected at the time of purchase for these purposes. 

2.2.2 The legal basis for this processing is the “contract” and “legal obligation”, as defined in Article 6 of the GDPR. The processing is necessary in order for us to fulfil our obligations under the contract between you and Panduro and our statutory obligations. If we are not provided with the data, we will not be able to fulfil those obligations.

2.3 When you enter into an contract with us, communicate with us or collect items in-store (which you have ordered from panduro.com), we collect the information (data) you personally provide us with such as your name, address, email address, phone number, payment method, information on which items you purchased and which you might return. 

2.3.1 The purpose of this is for us to be able to supply the items you have ordered and to otherwise fulfil our contract with you, including in order to be able to administer your right to return goods and right of complaint. We may also process data on your purchases in order to comply with statutory requirements, including as regards accounting and financial reporting. We also process your personal data in order to be able to manage your transactions, answer inquiries, resolve any complaints and provide support services (including technical support) and the like. 

2.3.2 The legal basis for this processing is the “contract” and “legal obligation”, as defined in Article 6 of the GDPR. The processing is necessary in order for us to fulfil our obligations under the contract between you and Panduro and our statutory obligations. If we are not provided with the data, we will not be able to fulfil those obligations.

2.4 When you subscribe to our newsletter and do not hold membership of our We are Panduro customer club, we collect your email address. 

2.4.1 The purpose of this is for us to fulfil our obligation and deliver the newsletter to you. 

2.4.2 The legal basis for this processing is your consent, as defined in Article 6 of the GDPR.

2.5 When you subscribe to our We are Panduro customer club, you will be requested to provide data such as your name, address, email address and phone number. Any additional data you might provide us with are optional on your part. We also, for as long as you hold membership, collect data on your use of We are Panduro benefits, which competitions you enter, etc. We collate this data with other data retained on you, including data on items you have purchased and any you might have returned.

2.5.1 The purpose of this is to be able to administer your membership and provide you with the services offered and to offer you the benefits linked to membership of We are Panduro, and to send you newsletters, SMS messages and postal mailings and perform targeted marketing. 

2.5.2 The legal basis for this processing is the “contract”, as defined in Article 6 of the GDPR. The processing is necessary in order for us to fulfil our obligations under the contract on membership of the customer club. If we are not provided with the data, we will not be able to fulfil those obligations. The processing for the purpose of sending you newsletters, SMS messages and postal mailings and other targeted marketing is, however, instead supported by a balancing of interests, and our legitimate interest consists of being able to perform targeted marketing.

2.5.3 We employ automated decision-making known as profiling to present you with the offers we believe are best suited to you and in order to administer targeted marketing. Profiling is employed because we would otherwise not be able to present you with, or send you, offers and marketing of relevance to you. Without this profiling, you would instead see offers that are not of relevance to you. You have the right to object to profiling; see Section 4.7 below.

2.6 When you contact Customer Care by phone, letter or digital channels, including social media, we collect the data you personally provide such as 

- Your name, any ID, contact details such as your address, email and phone number. 

- Your correspondence, data on the time and date of the purchase transaction, any defects/complaint. Technical data on your equipment. 

- User credentials for your personal account with us (for members only). 

Calls placed with our Customer Care may be voice-recorded in accordance with applicable legislation for local operational requirements (e.g. for quality or training purposes) and in certain cases in order to record evidence of consent to direct marketing and profiling. Payment card data are not recorded. If required by applicable legislation, you will be notified that the call will be voice-recorded at the start of the call and you will be able to opt out of voice-recording. 

2.6.1 The purpose of this is to be able to manage your Customer Care transactions, answer any queries, resolve any complaints and provide support services (including technical support) and the like. 

2.6.2 The legal basis for this processing is the “contract” and “legal obligation”, as defined in Article 6 of the GDPR. The processing is necessary in order for us to fulfil our obligations under the contract between you and Panduro and our statutory obligations. If we are not provided with the data, we will not be able to fulfil those obligations.

3. RECIPIENTS OF PERSONAL DATA

3.1 Data on your name, address, email address, phone number, customer number, order and invoice numbers and your delivery preferences will be transmitted to DHL or a carrier who fulfils delivery to you of the items you have purchased. 

3.2 Data may be transferred to a third-party partner who will process the data on our behalf. We use third-party partners for technical services and enhancements of panduro.com, for mailing newsletters and for targeted marketing, including re-advertisement, and for your rating of our company and our products. Data on your name and your email address, may, for example, be forwarded to TrustPilot so that they, acting on our behalf, may invite you to rate us on the TrustPilot site. If you opt to provide a rating, TrustPilot’s controller will be responsible for the data you submit. This company is the data processor (“processor”) acting in compliance with our instructions, and processes data for which we are the controller. The processor is prohibited from using the data for purposes other than fulfilment of the contract with us and is subject to a non-disclosure agreement regarding their confidentiality. We have a written contract for processing with all data processing entities that process personal data on our behalf.

Third-party partners are:
Freight-forwarding agents
Partners providing technical services
Outsourced customer care

3.3 Two of these processors, Google Analytics under Google LLC and Facebook Inc. are domiciled in the USA. Due warranties regarding transfer of data to the USA have been ensured by Panduro executing standard contractual clauses with these processors. The standard contractual clauses are available on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

3.4 We also share personal data with certain entities operating as independent controllers. The fact that such an entity operates as an independent controller means that it is not us that control how the information disclosed to that entity is processed. Independent controllers that we share your data with are

1. National authorities (the police, tax authority or other public agencies) if we are required to do so by law or on suspicion of any infringement. 
2. Companies offering payment solutions (card processing entities, banks and other payment service providers). 

When your personal data have been shared with an independent data controller, that entity’s privacy notice and personal data management in respect of its personal data processing prevail.

4. YOUR RIGHTS

4.1 For the purpose of creating transparency surrounding the processing of your data, we, in our capacity as the controller, wish to inform you of your rights.

4.2 Right to access.

4.2.1 You have the right at any time to request information from us concerning, for example, what categories of personal data the processing concerns, the purpose of processing any data, any recipients of personal data and information on where such personal data were obtained from (if the data were not collected from you.

4.2.2 You have the right to receive a copy of the personal data we process concerning you. If you would like a copy of your personal data, please send a written request to Panduro Hobby AB, Attn: GDPR, SE-205 14 Malmö, Sweden. You may be asked to provide proof of your identity.

4.3 Right to rectification 

4.3.1 You have the right to have inaccurate personal data concerning you rectified by us. If you discover any errors in the data we have registered concerning you, we urge you to notify us in writing so that we can rectify your personal data. 

4.3.2 You are at liberty to personally rectify any data collected by us as a result of you gaining membership of We are Panduro by signing into your account on panduro.com. 

4.4 Right to erasure (‘right to be forgotten’) 

4.4.1 In certain cases, you have the right to have all or part of your personal data erased by us, for example, if you withdraw your consent and we have no other legal basis for continuing to process your data. Insofar as continued processing of your personal data is necessary, for example, in order for us to be able to fulfil our legal obligations or in order for legal claims to be established, exercised or defended, we may be unable to fulfil your request for erasure of your personal data. 

4.5 Right to restrict processing to storage

4.5.1 Under certain conditions, you have the right to have the processing of your personal data restricted to only comprise storage, for example, if you regard the data we process concerning you as being inaccurate. 

4.6 Right to data portability 

4.6.1 Under certain conditions, you have the right to receive personal data that you have provided to us, in a structured, commonly used and machine-readable and compatible format and have the right to transmit those data to another controller.

4.7 Right to object 

4.7.1 You have the right at any time to object to our processing of your personal data with respect to direct marketing, including the profiling carried out in order to target our direct marketing.

4.7.2 Furthermore, you have the right at any time to object to our processing of your personal data performed on the legal basis for processing as set out in this Privacy Notice. However, we are unable to guarantee our fulfilment of all aspects of your request. 

4.8 Right to withdraw consent 

4.8.1 You have the right at any time to withdraw any consent you have granted us concerning certain types of personal data processing, including the profiling performed of you in your capacity as a member of We are Panduro. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you wish to withdraw your consent, please contact us at customercare@panduro.se.

4.9 Right to lodge a complaint 

4.9.1 You have the right at any time to lodge a complaint concerning our processing of your personal data with the Swedish Authority for Privacy Protection (IMY) , Box 8114, SE-10420 Stockholm, Sweden. Complaints may be submitted to that authority by emailing imy@imy.se or by calling +46 8 657 61 00.

5. ERASURE AND TRANSFER OF PERSONAL DATA

5.1 We store personal data for as long as is necessary in order to fulfil the purpose of the processing. 

5.2 Data collected concerning your use of panduro.com; see Section 2.1 will be erased at the latest when you have not used panduro.com for 12 months. 

5.3 Data collected in connection with purchases you have made on panduro.com or in-store purchases; see Sections 2.2 and 2.3, will in the first instance be erased two years after the end of the calendar year in which a purchase was made. However, your data may be stored for longer if we have a legitimate interest in longer storage, but for no more than three years, for example, if this is required in order to establish, exercise or defend a legal claim or if storage is required for us to be able to comply with statutory requirements regarding claims under the legal guarantee. In order to meet the requirements of the Swedish Accounting Act, accounting material must be retained for seven years until the end of a financial year. 

5.4 Data collected in connection with your subscription to our newsletter; see Section 2.4, will be erased if you withdraw your consent to receive the newsletter.

5.5 Data we have collected in connection with you gaining membership of We are Panduro; see Section 2.4, will be erased by us automatically if you have not made a member purchase or clicked inside a newsletter within 24 months or before that if you cancel your membership of We are Panduro.  

5.6 You have the right to request the relocation of your personal data (data portability). 

6. SECURITY OF PROCESSING

6.1 We have taken appropriate technical and organisational measures to prevent personal data from being inappropriately disrupted, lost, altered or destroyed and to prevent data intrusion or misuse.

6.2 Only employees with a genuine need for access to your personal data in order to perform their duties shall have access to them.

7. CONTACT DETAILS

7.1 Panduro.com, Panduro Hobby AB, Org. No. 556073-6356, is the controller responsible for processing of your personal data in connection with your use of the website Panduro.com.

7.2 If you have any queries or points of view concerning this Privacy Notice or you wish to exercise one or more of your rights as described in Section 4, please contact:

Panduro Hobby AB
GDPR
SE-205 14 Malmö, Sweden
Tel: (+46) 040 – 22 30 70
Email: dataprotection@panduro.secustomercare@panduro.se

8. AMENDMENTS TO THE PRIVACY NOTICE

8.1 The latest updated version of the Privacy Notice is always available to you on this section of the website. 

8.2 In the event of substantive amendments (such as a change in the purpose of our personal data processing or to the personal data categories), you will be duly notified of such changes by email or on panduro.com.

9.VERSIONS

9.1 This is version 4 of Panduro’s Privacy Notice, dated 2022-02-15.