PRIVACY POLICY

1. Introduction

Selftitled recognizes the importance of protecting the privacy of your personal data. We have instituted strict policies and security measures to protect the information you provide us.

The purpose of this privacy policy is for you, as a customer to learn how Selftitled handles your personal data and for you to be able to feel secure that the processing is being carried out in accordance with the General Data Protection Regulation and other applicable data protection law. The privacy policy also describes your rights vis-à-vis us and how you can enforce those rights. By purchasing or receiving our products/services, you confirm that you have read and understood the content of this privacy policy.

This privacy policy is aimed towards you as a customer belonging to one or more of the following categories.

- Retail Customers (customers in our stores)
- E-TAIL CUSTOMERS (customers that shop online)
- ACCOUNT HOLDERS (customers with a registered account on our website)
- RECIPIENTS OF NEWSLETTERS

2. Who is responsible for the processing of your personal data?

The Swedish company Selftitled AB, reg. No. 556719-7818 (“Selftitled” "We" "Us"), is the controller of your personal data. Selftitled affiliated companies (including other companies within the Selftitled group, joint ventures, franchisees and licensees) and selected suppliers may process your personal data on Selftitled’s behalf and in accordance with Selftitleds’ instructions as stated below and are thereby processors of your personal data.

You may contact Selftitled at any time, please find our contact details below.

Mail address: OUR LEGACY, c/o Selftitled AB, Box 5224, 11442, Stockholm, Sweden
Visiting address: Torstenssonsgatan 4, 11456, Stockholm, Sweden
Phone: + 46 8 660 9081
E-mail: privacy@ourlegacy.se

3. Categories of data processed, purpose and legal basis for processing

1. General

Below is a summary of the categories of data that we process, the purposes of processing the data and on what legal basis we are processing your data.

2. Retail Customers

If you make a purchase in one of our physical stores we may process your name, e-mail, and purchase history to provide customer service, process returns and give customer advice on any products they have bought. We will only collect the information if this is accepted by you. The legal basis for the processing is a balance of interests where our legitimate interest is to be able to provide customer service and facilitate the administration of returns, exchanges and complaints.

Your contact details may also be processed for direct marketing purposes, namely to keep you informed via e-mail or other messenger services of our products, special events or promotions. The legal basis for the processing is a balance of interests where our legitimate interest is to market our products to existing customers.

3. E-tail Customers

When you purchase a product online your name, e-mail, phone number and address (including street name, zip code, city and country) are used to process your order. The data is also processed so that Selftitled can process any returns, exchanges, and complaints as well as communicating with you regarding any questions or comments you may have regarding the product(s). The phone number is collected so that we can send a text message to you when the product(s) have arrived at your pick-up place. The legal basis for the processing is that it is necessary in order for Selftitled to fulfil its contractual obligations towards you.

You purchase history is also stored so that Selftitled can process any returns, exchanges, and complaints as well as communicating with you regarding any questions or comments you may have regarding the product(s). the legal basis for the processing is a balancing of interests where Selftitled’s legitimate interest is to facilitate the administration of returns, exchanges and complaints.

Your IP-address is stored for every order placed. IP-addresses are used for fraud risk checks. Selftitled only uses IP-addresses to the extent it is strictly necessary for preventing fraud and the legal basis for the processing is a balancing of interest where Selftitled’s legal interest is to protect itself from fraud.

Information regarding returns are also stored for accounting purposes. This storing is based on a legal obligation.

Your contact details may also be processed for direct marketing purposes, namely to keep you informed via e-mail or other messenger services of products, special events or promotions. The legal basis for the processing is a balance of interests where our legitimate interest is to market our products to existing customers. We may use your contact details for direct marketing purposes for up to 12 months after your latest purchase subject to your ongoing right to opt-out.

Payments made for purchases on Selftitled’s website are processed by a third-party payment service and such third party is the controller of the credit card information and other information relating to the payment. Selftitled does not collect or store any payment information.

4. Account Holders

You may sign up to be an Account Holder by subscribing to the services offered by Selftitled to Account Holders. Signing up as an Account Holder is completely voluntary and is not a requirement for purchasing Selftitled’s goods. When you subscribe to become an Account Holder, you will enter into an agreement with Selftitled.

When you sign up to be an Account Holder, Selftitled collects your name and e-mail to create and administer your account. Furthermore, your phone number and address (including street name, zip code, city and country) is collected and stored to make future purchases quicker and to provide you with relevant information regarding our products. Purchase history is stored to provide you with the possibility to review your purchases and returns and for us to send relevant information to you.

The legal basis for the processing of your data as an Account Holder is that it is necessary to fulfil a contractual obligation namely a service which includes (i) smoother order placements online (ii) allowing you to access and review previous purchases and returns and (iii) access to relevant information regarding Selftitled’s products and events.

5. Newsletter subscribers

If you have subscribed to our newsletters, we will use your e-mail to send out the newsletter. The legal basis for this processing is that it is necessary to fulfil a contractual obligation, namely the providing of the newsletter. The newsletter will be sent to you until you unsubscribe to the service.

Direct marketing, other than the newsletter itself can be sent to newsletter subscribers on the same basis as E-tail and Retail customers who are not Account Holders.

6. Anonymized data

It can be noted that we may also use anonymized data for our internal marketing and demographic studies to analyze, profile and monitor customer patterns in order for us to be able to improve our products and services.

4. Does selftitled share your information with others?

Selftitled does not sell or rent our customers’ personal data to any other entity.

We may share your data with affiliated companies including other companies within the Selftitled group, joint ventures, franchisees and licensees. If you have subscribed as an Account Holder with Selftitled, we may combine your data provided to us with data that you have provided to such affiliated companies, for the purpose of improving our services to you, and to enhance your shopping experience when visiting a Selftitled store in another country than your residence. The legal basis for the processing is that it is necessary for Selftitled’s performance of the services to Account Holders.

Selftitled may also share your data with selected suppliers who perform functions on our behalf such as fulfilling orders and delivery of orders, processing payments, carrying out promotional services or data management, to maintain our website, to distribute e-mails, to send out our newsletter, to provide client communications and to manage our customer database. As necessary, the personal data you provide to us may be processed by these third parties, solely on Selftitled’s behalf and in accordance with Selftitled’s instructions as data processors. We do not authorize any of our suppliers to make any other use of your personal data.

If Selftitled and/or its subsidiaries are subject to an actual or potential merger or acquisition or similar transaction, we may share your data with potential and actual buyer(s) and their financial and legal advisers, subject to such third parties undertaking appropriate confidentiality.

Selftitled may also disclose your personal data to a public authority where Selftitled is obligated to do so by law. In the event all or part of Selftitled’s operations are sold, Selftitled may transfer your personal data to a potential purchaser of the business.

5. transfer outside of the EU/EES

We may share your data with our selected suppliers, who may process your data in countries both inside and outside of the EU/EES when performing functions on our behalf as set out in section 4 above.

If you have subscribed as an Account Holder with Selftitled, we will share your contact details and information on previous purchases and shopping preferences with our affiliated companies both inside and outside of the EU/EEA (please see further under section 4).

Please note that countries outside of the EU/EEA may not provide an adequate level of protection for your personal data. Selftitled has however taken appropriate safeguards to ensure that the receiving parties of your data in countries outside of the EU/EEA shall provide an adequate protection of your data. Such safeguards may be that the receiving party has joined the Privacy Shield (if the receiving party is a company established in the United States) or that the receiving party has signed so called standard data protection clauses adopted by the EU Commission. Please contact us at privacy@ourlegacy.se if you want further information on what safeguards have been taken and if you want a copy of such safeguards.

How long do we keep your data?

1. General

Notwithstanding anything to the contrary herein, Selftitled reserves the right to keep and process your personal data in accordance with this policy to the extent necessary to perform our contractual obligations to you, and to the extent we are required to process your data by law or in order to defend ourselves in a dispute, to prevent fraud or abuse, or to enforce our Terms and Conditions.

2. Retail and E-tail Customers

Your e-mail may be saved for up to 12 months from the last purchase for direct marketing purposes, subject to your ongoing right to opt-out. Thereafter it shall be deleted.

Purchase history will be stored during the return and exchange period for the purpose of administrating returns and exchanges.

If you make a complaint Selftitled may save your data to the extent necessary to handle the complaint. Selftitled may also save the complaint information as such for the remaining period under which the customer is entitled to make a complaint in order to prevent a customer from filing two complaints and being compensated twice for the same defect.

The information regarding return for accounting purposes shall be stored as long as legally required by applicable law.

IP-addresses for E-tail Customers will be stored as long as it is necessary for Selftitled to conduct the fraud check risks.

3. Account holder

If an account has not made any purchases or logged into its account during a consecutive period of 36 months Selftitled will contact the you and ask whether the you wish to keep the account. Unless the you confirm that you want to keep the account, the data in the account will be deleted unless we need to keep it for other purposes that are legally justifiable.

4. Newsletter subscribers

The information can be saved as long as you do not unsubscribe from the newsletter but no longer than three years from the subscription date, unless you confirm that you want to keep receiving the newsletter.

7. Your DATA SUBJECT RIGHTS

In this section 7, we have summarized your data subject rights to request access, portability, rectification, erasure of your personal data, to restrict the processing of your personal data, to object to processing, and your right to lodge a complaint with the supervisory authority.

If you want to exercise your rights, please send us an e-mail to privacy@ourlegacy.se. Please note however that if you want to lodge a complaint with the supervisory authority, you need to contact the authority directly.

Right of access

You have the right to obtain confirmation of whether personal data concerning yourself are being processed and, where that is the case, access to the personal data and information regarding, inter alia, the purpose of processing, the categories of personal data concerned, the categories of recipients to whom your data have been or will be disclosed, and the envisaged period of time for which personal data will be stored (or the criteria for determining this).

Right of rectification

You have the right to request rectification of inaccurate personal data concerning yourself, and to complete incomplete data.

Right of erasure

Under certain circumstances you are entitled to request that we erase your personal data or restrict our processing of your data, namely in the following events.

When it is no longer necessary for us to process your data taking into consideration the purposes for which it was collected.

When our processing is based on your consent and you have withdrawn your consent, and there is no other legal basis for the processing of your data.

When our processing of your data is based on a legitimate interest legal basis and you object to such processing, and there is no overriding legitimate ground for our processing.

When you have objected to our processing of your data for direct marketing purposes.

When your personal data has been unlawfully processed.

When the personal data must be erased for compliance with a legal obligation that applies to us.

When the personal data collected concerns a child (under 13 years of age) in relation to the offer of information society services.

Right to objection - direct marketing and profiling

You have the right to object at any time to our processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If you object to our processing of your personal data for direct marketing purposes, including profiling, we will cease such processing of your data.

Data portability

If our processing is based on your consent or if the processing is necessary for our performance of a contract with you, you have the right to request that the data which you have provided to us shall be provided to you in a structured, commonly used and machine-readable format and you also have the right to transmit such data to another controller.

Right to lodge a complaint with supervisory authority

Please note that if you consider the processing of your data to be in violation of applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or the place of the alleged infringement (see http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).

8. How do I unsubscribe from SELFTITLED’S newsletters and e-mails?

If you no longer wish to receive our newsletters or other e-mails, you can unsubscribe as indicated in the particular communication, i.e. by using the unsubscribe link which is included on all newsletters and other e-mails. You may also contact us at privacy@ourlegacy.se

9. Is it mandatory to provide personal data?

When you purchase our products online, or sign up for an account with Selftitled, we will inform you which data is mandatory by marking certain fields with a symbol (*). The provision of mandatory data is necessary for Selftitled to be able to fulfil our contractual obligation to you, for example processing your order, or fulfilling the account services.

When you purchase our products in our physical stores, you do not have to provide any personal data.

10. Children's privacy and legal purchase age

Selftitled does not wish to collect personal information from anyone under the age of sixteen (16). If you are under eighteen (18), we require that you inform and get your parents’ or guardians’ consent before purchasing anything or provide any personal data to us at www.ourlegacy.se or any other website related to Selftitled.

11. Cookies

We use cookies on our website. Please see our separate policy for cookies, which you can find on our website.

12. Modifications

Selftitled reserves the right to occasionally make changes to our privacy policy or practices. We will post the updated policy on our website, and thus we encourage you to review this page from time to time.

Last date for modification: May 25, 2018