SVEREA Privacy Policy

Updated: 10 October, 2024

1. Introduction

SVEREA operated by Swedeal AB ("SVEREA," "we," or "us"), with its office in Sweden at Lilla Nygatan 19, 111 28, Stockholm, is the data controller for the processing of personal data as explained in this privacy policy.

At SVEREA, we value our users' privacy and actively work to protect the personal data we process in our operations. This Privacy Policy explains how and why SVEREA processes personal data. It also explains how we work to protect our users' privacy and what rights you have regarding our processing of personal data. We encourage you to review our privacy policy from time to time to ensure you understand how we process your personal data and the choices you have regarding such processing.

2. Important Definitions

- Personal Data  

 Any information that relates to an identified or identifiable natural person. Examples of personal data include your name, address, email address, payment card information, IP address, portrait, etc.

- Data Controller  

  A natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. Here, the data controllers are SVEREA management team and our third-party membership management system Join It.

- Data Processor  

  A natural or legal person who processes personal data on behalf of the data controller. Here, the data processors are the SVEREA management team members.

-Supplier

  A legal or natural person contracted by SVEREA to offer discounts via SVEREA's platforms.

3. Why Do We Need to Process Personal Data?

At SVEREA, we want to continue offering our users and customers the best possible discounts in the future. We also want to provide you with optimal user experience when you use our services. To achieve this, we need to process personal data for the following purposes:

3.1. We at SVEREA process personal data to provide our website.

3.2. To tailor the content of our services to our users' preferences, we need to process personal data. This enables us to better exclude content that you are not interested in.

3.3 We aim to create the best possible conditions for improving our services. A key part of this is understanding how our users interact with our services. Therefore, we collect data on our users' behavior on our website, social media, and in our newsletters. We convert this data into aggregated data that cannot identify individual users. With this aggregated data, we can understand trends, see which products attract customers, identify problems in our services, and much more. Ultimately, this leads to a better experience with SVEREA.

3.4. We process personal data, including usernames and email addresses, to troubleshoot our systems. This is done to detect which users are affected by any errors in our systems and to ensure we provide secure services. We also process personal data to prevent misuse of our services. Examples of such misuse include attempts to gain unauthorized access to user accounts, fraud, spam, or other malicious behaviors. In the event of suspected fraud or other criminal activity in the use of our services or services closely related to SVEREA, we reserve the right to share the necessary personal data with relevant authorities or suppliers to investigate the matter. We only share information, including personal data, that is necessary to investigate the specific case.

3.5. We send out newsletters via email to those who have consented to this and to active users or active customers. The processing of personal data for this purpose is based on your consent. If you no longer wish to receive newsletters via email, you can unsubscribe from all our emails.

 

4. What Categories of Personal Data Do We Process?

The personal data we process can be divided into three categories: 

4.1. Information You Provide to Us

- When you make a purchase or subscription via SVEREA, you need to provide certain personal data. The personal data that may be processed for these purposes includes your name, email address, physical address, payment card information, and personal portrait. The processing continues until the purchase is completed, with an additional storage period of 36 months to manage complaints and other consumer protection-related services. Certain transaction data must be stored for 7 years as required by law. Such data may include personal information.

- If you contact SVEREA, such as our customer service, you may share personal data with us depending on your inquiry. We process this personal data to resolve your specific issue. We store your personal data for this purpose as long as necessary to handle your inquiry.

- If you provide us with feedback, you may share personal data with us depending on what you choose to include in your feedback. Personal data will only be stored until the feedback has been collected and anonymized, which should occur once we have reviewed your feedback. 

4.2. Information from Other Entities

Sometimes, SVEREA receives personal data from other entities rather than directly from our users. This can happen when authorities contact us or when our payment service provider contacts us about a specific transaction. Personal data under this category may include information related to your purchase, such as payment method, purchased product, price, etc. Since the flow of information into SVEREA is not controlled by us, we cannot provide an exhaustive list of the types of personal data that may be involved. Therefore, we also cannot specify which legal basis will be applied when processing such personal data. If you have questions regarding these types of situations, please contact our customer service, and they will assist you further.

 

5. Who Do We Share Your Personal Data With?

In some instances, we need to share personal data with suppliers and other service providers. We may share personal data with data processors, which means that these entities process personal data on our behalf. Data processors are subject to confidentiality and are not permitted to process personal data on our behalf for purposes other than to provide the agreed-upon services to us.

 

6. How Do We Ensure Data Minimization?

At SVEREA, we only process personal data that is adequate, relevant, and limited to what is necessary to fulfill the purpose for which it is processed. We actively and systematically work to ensure that redundant personal data is excluded from our processing.

 

7. Where Do We Process Your Personal Data?

At SVEREA, we strive to process personal data within the EU or the EEA. However, in some cases, our service providers’ (such as Join It) servers may be located outside the EU or the EEA. In such cases, we make sure that our service providers comply with GDPR by offering data processing agreements (DPAs) and incorporating Standard Contractual Clauses (SCCs) for data transfers outside of the EU/EEA. Regardless of where your personal data is processed, we take measures to ensure that your personal data is not processed for purposes other than those agreed upon.

 

8. Your Rights

You have the following rights:

- Right to access your personal data, including the right to request a register extract of the personal data SVEREA processes about you.

- Right to request the correction of your personal data.

- Right to request the restriction of our processing of your personal data.

- Right to have your personal data erased.

- Right to object to our processing of your personal data.

- Right to have your personal data transferred to another data controller (data portability).

If you wish to exercise any of these rights, please send a request to info@sverea.com. When you send such a request, you will need to verify your identity by submitting a photocopy of your driver's license, passport, ID card, or other documentation that confirms your identity.

 

9. How Long Does SVEREA Retain Personal Data?

We generally retain records of our members' accounts and purchase history for at least 7 years. Additionally, when you consent to receive marketing communications from us, we retain your email address and information about your marketing preferences throughout your membership unless you opt out of receiving such communications or terminate your membership.

 

10. Changes to the Privacy Policy

We reserve the right to change this privacy policy from time to time. If we make changes, we will notify you by updating the date at the top of this policy, and if we make significant changes, we will provide you with additional notice. We encourage you to review this privacy policy frequently to ensure that you understand how your personal data will be processed and the choices available to you. The latest version will be available at https://www.sverea.com/privacy-policy.

*The latest update was made on 2024-10-01.

 

11. Contact Information

If you have any questions about this Privacy Policy or about how we process personal data, please contact our customer service at info@sverea.com.

You can also contact the Swedish Data Protection Authority (Datainspektionen) if you wish to file a complaint regarding SVEREA's processing of personal data.