Privacy Policy
Legal basis, personal data
Our Privacy Policy explains how we collect, use, and protect your personal data. We also explain for what purposes we process your personal data, the categories of personal data that are processed, the legal basis upon which this processing is carried out, and how long we store your personal data. The policy also describes your rights regarding your personal data.
It is important that you read and understand the Privacy Policy.
Collection of personal data
What items of personal data do you process?
We only process personal data when we have a legal basis for doing so. We do not process personal data except when necessary in order to fulfil our obligations in accordance with law or other statutory requirements.
Here are a few examples of your personal data that we need to process:
- Name and surname
- Address
- E-mail address
- Phone number
- National identity number
- Gender
- Bank account number and other payment details
In addition to the data that you provide to us or that we collect from you based on your purchasing behaviour and how you use our services, we may also collect personal data from a third party. This data may include address information from public records in order to ensure that we have your correct address details or, where invoicing is involved and VAT numbers checked, the correct company details.
Sharing and transfer of personal data
Personal data may be transferred for necessary processing to other companies that Rotage AB collaborates with, such as for marketing purposes (media agencies, etc.), payment solutions, and IT services, as well as for handling claims with manufacturers and direct deliveries from suppliers. In addition, Rotage AB may be legally required to disclose information to government authorities, such as the police and the Swedish Tax Agency. We may also disclose personal data to companies that handle general merchandise transport (e.g. logistics companies). In these cases, the partners process the data as independent data controllers in accordance with their own policies.
Rotage AB strives to process personal data within the EU/EEA, and to collaborate with partners and suppliers who process personal data within the EU/EEA. Where this is not possible, processing of personal data may take place outside the EU/EEA in countries considered to have an adequate level of protection as determined by the EU Commission or through the use of appropriate protection measures, e.g. standard agreement clauses, binding internal company rules, or US Privacy Shield. Regardless of the country in which personal data is processed, we implement all reasonable technical, legal, and organisational measures in order to ensure that the level of protection is the same as within the EU/EEA.
Storage of personal data
We never keep your personal data for longer than is necessary for the relevant purpose.
Right of Access
We are open and transparent about how we process your personal data. If you would like to know specific details about which items of your personal data that we process, you may request access to your file. You will receive a record extract showing the purpose, category of personal data, categories of personal data recipient, storage period, and information on the sources from which the data in question were collected. Upon receipt of such a request, we will request additional information in order to verify the specific data you wish to access and that we release the data to the correct person.
Right to Rectification and Erasure
In instances where the data is found to be inaccurate, you may request that your personal data is corrected. Within the framework of the specified purpose, you are also entitled to supplement any incomplete personal data.
Right to Erasure
You may request that your personal data we process is erased if:
- The data is no longer necessary for the purposes for which it was collected or processed.
- You have withdrawn the consent on which processing is based and there are no other legal grounds for processing to continue.
- You object to a stakeholder evaluation of legitimate interest that we have made and that this is not outweighed by any legitimate interest that Rotage AB may have.
- You object to processing for direct marketing purposes.
- Personal data has been unlawfully processed.
- Personal data must be erased in order to satisfy a legal obligation to which we are subject.
- Personal data has been collected from a child (below the age of 13) for whom you bear parental responsibility in connection with an offer made through services promoted through information society infrastructure, e.g. social media.
There may be reason for us to reject your request for erasure in instances where there are legal obligations that prevent us from doing so. This may be due to the fact that processing of the data in question is required in order to exercise our right to free speech and for freedom of information purposes, to satisfy a legal obligation to which we are subject, or to be able to establish, enforce, or defend legal claims.
Right to Restriction of Processing
You are entitled to request that our processing of your personal data is restricted. This involves us flagging the data in question so that we only process it for certain specified purposes in the future.
Legitimate Interest and Right to object.
You are entitled to object to processing that is based on a legitimate interest that we have if you have personal reasons for doing so. However, we may continue to process your personal data despite you having raised objections in instances where we have pressing legitimate reasons for processing that outweigh your privacy concerns.
Direct Marketing
You have the right to object to the processing of your personal data for direct marketing purposes. Your objection may also cover the analysis of personal data (‘profiling’) conducted for direct marketing purposes. If you object to direct marketing, we will desist from processing your personal data for that purpose and stop all types of associated direct marketing efforts.
Right to Data Portability
Where our right to process your personal data is contingent on you giving consent or the satisfaction of undertakings in an agreement with you, you are entitled to request to have the information you have provided us with to be transferred to another personal data manager (‘data porting’).
About cookies
A cookie is a small text file that the website you visit saves on your computer. Cookies are used on many websites in order to give a visitor access to various functions. The information contained in a cookie may be used to track a user’s browsing habits.
In accordance with the Swedish Electronic Communications Act, which came into force on 25 July 2003, all visitors to a website that uses cookies shall be notified that:
- the website uses cookies,
- what these cookies are used for, and
- how cookies can be blocked
Rotage AB uses cookies. Technically, cookies are used to identify user activity on a page – logs in, places something in their cart, etc. We also use cookies to measure traffic, to assess the effectiveness of marketing initiatives, and to further develop Rotage AB. Rejecting cookies in your web browser will result in a lot of website functionality being lost.
Our website uses a third-party system, CookieTractor, to manage cookies. You can find information about cookies, your current consent (accept/reject), and change your consent by clicking Cookie settings in the website footer.
If you do not want to accept cookies, your web browser can be set so that you automatically reject the storage of cookies or be informed every time a website asks to store a cookie. You can also delete previously stored cookies via your web browser. See your browser’s help pages for more information. You can read more about cookies on the PTS website (in Swedish)
Management of National Identity Number
We only process your national identity number in instances where doing so is clearly justifiable, is necessary to ensure secure identification, or for any other noteworthy purpose. In instances where this is not necessary, we use your customer number instead in order to minimise the use of your national identity number.
Personal Data Protection
Only those individuals who actually need to process your personal data to achieve our stated purposes have access to it.
Complaints
The Swedish Authority for Privacy Protection, which is the official supervisory authority for Sweden, monitors the application of data protection legislation. You have the right to submit a complaint to the Authority if you believe that we are processing your personal data in contradiction to this legislation.
Amendments to the Policy
This Personal Data Policy may be updated from time to time. The most recent version of the policy is always available on this page. Date last amended: 24-06-12.
In order to be able to market our products and services
Personal data is processed for the following purposes:
- To show relevant product recommendations.
- To send direct marketing via e-mail, SMS, social media, or other similar digital communication channels, as well as via standard post. This includes conducting campaigns or sending offers and invitations to events to: all customers, a particular customer segment (e.g. men/women aged 30-40 located in Sweden), or to a specific customer.
The categories of personal data processed are:
- Name
- Contact details (e.g. address, e-mail, telephone number).
- Age
- Town/city of residence
- Information about how the customer uses the company’s website and other digital channels.
- Social identity
- Information about completed purchases.
- User-generated data (e.g. click and visitor history).
In order to be able to understand which type of marketing or direct marketing is to be used, analyses are carried out on the following items of information:
- How websites and other digital channels are used (e.g. which pages and parts of pages are visited and what searches are carried out).
- Age and location.
- Results of customer satisfaction or marketing surveys.
Legal basis: Recipients of newsletters and website visitors – legitimate interest.
Processing is necessary in order to satisfy your and our interest of being able to market our products and services.
Storage time: Data is stored for 12 months from the date of collection, and 12 months from the date of interaction via digital media (e.g. clicks in newsletters).
Unsubscribing: You can unsubscribe from receiving newsletters by clicking the link provided in the newsletter. In order to prevent statistics being collected via social media, you need to change your settings and preferences in your social media accounts. If you do not want your browsing statistics collected, block cookies in your web browser and refrain from participating in surveys on our website. If you have any questions, please get in touch with us using the contact details shown on this page.
In order to stage and manage participation in competitions and events
Personal data is processed for the following purposes:
- To communicate with competition participants.
- To communicate with participants before and after an event (e.g. confirmation of registration, questions, or evaluations).
- To perform identification and age verification.
- To choose winners and issue prizes.
The categories of personal data processed are:
- Name
- National identity number or age.
- Contact details (e.g. address, e-mail, telephone number).
- Information provided in competition submissions.
- Information provided in event evaluations.
Legal basis: Legitimate interest. Communication and processing is necessary in order to satisfy your and our interest in conducting and managing competitions and events, as well as to ensure compliance with any legal requirements.
Storage time: During the period in which the competition/event runs, including any evaluation. Maximum of 12 months.
Unsubscribing: Contact us if you do not want your details included in our registers linked to an event or competition. Specify which particular competition/event your request relates to.
In order to be able to manage customer service cases and sales enquiries
Personal data is processed for the following purposes:
- To communicate with customers and to answer inquiries received by customer services and the sales department by telephone or through digital channels (including social media).
- To verify identity.
- To investigate complaints and handle support cases (including technical support).
- To arrange direct deliveries.
- To receive and address complaints.
The categories of personal data processed are:
- Name
- Contact details (e.g. address, e-mail, telephone number).
- Your correspondence
- Information about date of purchase, place of purchase, fault/complaint about the product.
- User information for My Pages, e.g. to address login problems.
- Technical information about your equipment that is required in order to provide support.
- National identity number
Legal basis: Legitimate interest. Processing is necessary in order to satisfy your and our interest of being able to manage customer service cases.
Storage time: Until the customer service case has been closed. Maximum of 12 months.
Unsubscribing: Contact us if you do not want your details included in our registers linked to a case. Please note, pursuant to the provisions of the Swedish Accounting Act and the Swedish Consumer Sales Act, certain documentation may need to be stored – also see paragraph pertaining to Legal Obligations below. Get in touch and we will help you with your query about what data we have saved about you.
In order to be able to comply with legal obligations
Personal data is processed for the following purposes:
- To comply with legal obligations in accordance with the requirements of laws, judgements, or official decisions. (Examples include the Swedish Book-keeping Act, the Swedish Money Laundering Act, or regulations pertaining to product liability and product safety, which may require the communication with, and the release of, information to the general public and customers concerning product alerts or recalls).
The categories of personal data that may be processed are:
- Name
- Contact details (e.g. address, e-mail, telephone number).
- Your correspondence
- Information about date of purchase, place of purchase, fault/complaint about the product.
- User details for My Pages.
- National identity number
- Payment information
Legal basis: Legal obligation. This collection of personal data is required by law.
Storage time: Until the purchase has been completed (including delivery and payment) and for a period of 84 months.
In order to be able to evaluate, develop, and improve our services, products, and systems
Personal data is processed for the following purposes:
- To make services more user friendly, e.g. changing the user interface in order to simplify the information flow or to highlight functions that are frequently used in our digital channels.
- To produce documentation with the aim of improving our product and logistics flows, e.g. by being able to forecast procurement, stocks, and deliveries.
- To produce documentation with the aim of developing and improving product range.
- To produce documentation with the aim of developing and improving our resource efficiency from an environmental and sustainability perspective, e.g. by streamlining procurement and delivery planning.
- To produce documentation with the aim of planning the establishment of new outlets and warehouses.
- To give you the opportunity to influence the range of products we provide.
- To produce documentation with the aim of improving IT systems so that our visitors and customers can feel confident of a higher level of security.
The categories of personal data processed are:
- Purchase and user-generated data (e.g. click and visitor history).
- Age
- Town/city of residence
- Your correspondence and feedback in respect of our products and services.
- Technical data concerning units used and settings, e.g. language settings, IP address, browser settings, time zone, operating system, screen resolution, and platform.
- Information about how you interacted with the company, i.e. how services have been used, login method, where and how long various pages have been visited, response times, download errors, how services can be accessed, and when you leave the service, etc.
Legal basis: Legitimate interest. Processing is necessary in order to satisfy our and your legitimate interest in evaluating, developing, and improving our products, services, and systems.
Storage time: 12 months from the date of collection.
To Prevent Misuse of a Service or to Hinder, Prevent, and Investigate Crimes Against the Company
Personal data is processed for the following purposes:
- To investigate or prevent fraud or other breaches of law by, for example, in-store reporting.
- To prevent the sending of spam, harassment, or other actions that are forbidden.
- To protect and improve our IT ecosystem against attacks and breaches.
The categories of personal data processed are:
- Purchase and user-generated data (e.g. click and visitor history).
- National identity number
- CCTV video recordings.
- Data concerning units that customers use and settings, e.g. language settings, IP address, browser settings, time zone, operating system, screen resolution, and platform.
Legal basis: Legal obligation if such exists. Alternatively, legitimate interest (if there is no legal obligation) if processing is necessary in order to satisfy our legitimate interest in preventing misuse of a service, or to hinder, investigate, and prevent crime against the company.
Storage time: 12 months from the date of collection.
Contact details
Rotage Aktiebolag, org. nr. 556211-6086, is the personal data manager for the processing of personal data on www.rotage.se/en
Data protection contact
If you have any questions, enquiries, or concerns relating to the processing of your personal data and our privacy policy, please contact our Data Protection Officer:
Mathias Larsson
E-mail: mathias.larsson@rotage.se
Phone number: +46 512-298 50
Postal address: Rotage Aktiebolag, Föreningsgatan 7, S-535 30 Kvänum, Sweden.
Our Data Protection Officer is on hand to help you with all queries or problems you may have concerning your personal data. This includes:
- Questions about what items of your personal data we hold.
- Requests to correct or erase your personal data.
- Information about how we collect, use, share, and store your personal data.
- Questions about consent and how you can withdraw it.
- Any other data protection-related questions or concerns.
We endeavour to answer all queries within a reasonable time frame and in accordance with applicable data protection laws.
Responsibility for data protection
The Chief Executive Officer of the company (CEO) is the person who bears ultimate responsibility for ensuring that the company operates in compliance with laws and regulations pertaining to data protection. The CEO has overall responsibility for creating and maintaining a culture of privacy and data protection within the company. This means that the CEO is obliged to understand and communicate the company’s privacy policy to all employees and to ensure that the necessary resources and training are available to support compliance with the policy.
Furthermore, the CEO shall work together with the company’s Data Protection Officer or equivalent function in order to ensure that the company keeps itself informed about changes to privacy legislation and implements the necessary measures to maintain compliance with said laws and protect the personal data of customers and users.