Tietosuojakäytäntö

Effective starting: May 25, 2018

Granit works actively to ensure that your privacy is protected when using our services. We therefore have a policy that determines how your personal data should be processed and protected. Please keep up to date on any changes to this privacy policy by regularly visiting our website. This policy applies only to Granit's customers and users of our online services. If you apply for a position at Granit, this privacy policy does not apply. The policy for applying for work can be found on the application form for each job advertisement.

At Granit we protect your personal integrity and always strive for a high level of data protection. This privacy policy explains what kind of information we collect about you, how this information is used, what actions we do to protect your personal information and how we share them. It also describes what rights you have in relation to your personal data and how you can apply them.

It is important that you read and understand the privacy policy and feel safe in our processing of your personal information. If you have any questions, please feel free to contact us. You will find our contact details in section 2 below. By using or registering at www.granit.com including its related sites such as mobile applications or otherwise interacting with us, you acknowledge that you understand that we collect, save and process your personal information under this privacy policy. Using the table of contents below, you can easily navigate to those sections of particular interest to you.

TABLE OF CONTENTS

  1. What is considered personal data and what do we mean with processing personal data?
  2. Who is responsible for the personal data we collect?
  3. What personal data do we collect about you as a customer and why?
  4. What personal data do we collect as a member of the Granit’s Community (customer club) and why?
  5. From which sources do we retrieve your personal information?
  6. Who can we share your personal data with?
  7. Where do we process your personal data?
  8. How long do we save your personal information?
  9. What do you have for rights as registered?
  10. How do we protect your data information?
  11. What are cookies and how do we use it?
  12. Changes to this Privacy Policy

1. What is considered personal data and what do we mean with processing personal data?

1.1 What is considered personal data?
The term personal data refers to all kinds of information that can be linked to an identifiable natural person. Examples of personal data are names, social security numbers, location information, online identifiers, and factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the physical person.

1.2 What is meant by "processing of personal data" according to current regulation?
"Processing," means any form of action to personal data, whether performed automatically or not. Examples of processing personal data are collection, registration, storage, processing, dissemination and deletion

2. Who is responsible for the personal data we collect?

The Swedish company Granit Funktion & Förvaring AB, VAT Registration Number: SE556537941801 ("Granit"), with address Hornsgatan 1, 118 46 Stockholm, is personally responsible for the personal information the company handles regarding its customers.
For questions concerning your personal information, please contact our customer service by phone +46(0)10 410 44 80 or by e-mail to privacy@granit.com

3. What personal data do we collect about you as a customer and why?

3.1 Handling an order or purchase
In order to handle an order or purchase, we collect the following personal information:
• Name
• Contact information (e.g. address, email and phone number)
• Payment History
• Payment Information
• Credit information from credit reporting companies
• Purchase information (for example, which item has been ordered or if the item is to be delivered to another address)
• My Pages User Information (Members Only)

What do we do with the data (treatment)?
• Delivery (including notification and contact regarding delivery).
• Identification
• Handling of payment (including analysis of possible payment solutions, which may include a check against payment history and credit reporting from Klarna).
• Address control against SPAR.
• Handling of complaint and warranty matters.

Legal basis
The processing of the above personal data is necessary in order for us to fulfil our obligations under the purchase agreement with you. If the information is not provided, our commitments can not be fulfilled and we will be forced to deny the purchase.

How long will we save the data?
Until the purchase has been completed (including delivery and payment) and 36 months thereafter to handle any complaints and warranty issues.

3.2 Handling of bookings
In order to manage bookings we collect the following personal information:
• Name
• Contact details (email and phone number)
• Notes that you choose to leave (e.g., colour or material preferences)

What do we do with the data (treatment)?
• Handling of bookings, cancellations and cancellations
• Submission of booking confirmations
• Communication around the reservation

Legal basis
The processing of the above personal data is necessary in order for us to fulfil the service agreement. If the information is not provided, our commitments can not be fulfilled and we will be forced to deny you the service.

How long will we save the data?
Until the service has been completed.

3.3 Compliance with Granit's legal obligations
In order to fulfil Granit's legal obligations, we collect the following personal data:
• Name
• Contact details (eg address, email and phone number).
• Payment History
• Payment method
• Your correspondence
• Details of purchase date, place of purchase, possible error / complaint.
• My Pages User Information (Members Only).

What do we do with the data (treatment)?
We are required to handle the above personal data in order to comply with Granit's legal obligations pursuant to legal requirements, judgments or governmental decisions (e.g. the Accounting Act, the Money Laundering Act or the Product Liability and Product Safety Rules). Such authority decisions may require communication and information to the public and customers regarding product alarms and product recalls in, for example, a defect or health hazard.

Legal basis
Our processing of the above personal data is necessary in order for us to fulfil our legal obligations. If the information is not provided, our legal obligation can not be fulfilled and we are forced to deny the purchase.

How long will we save the data?
Until the purchase has been completed (including delivery and payment) and 36 months after in e-commerce platform and for 7 years in business systems in accordance with the Swedish Accounting Act (1999:1078).

3.4 Handling customer service matters
In order to handle customer service matters, we collect the following personal information:
• Name
• Contact information (e.g. address, email and phone number)
• Your correspondence
• Details of purchase date, place of purchase, possible error / complaint
• Technical details of your equipment
• After consent - Health data (e.g. allergic reactions and health conditions you inform us) - possibly. reaction with skin care products, food items, etc. for any investigations of the products.

What do we do with the data (treatment)?
• Communication and response to possible customer service questions (by phone or in digital channels, including social media)
• Identification
• Examination of possible complaints and support cases (including technical support)

Legal basis
Our processing of the above personal data is necessary to meet our legitimate interest in handling customer service matters. However, saving your health data is only done to the extent that as you have agreed to it, or to the extent necessary to determine any legal claim against us.

How long will we save the data?
We save the data until the customer service is completed and 90 days ahead.

3.5 Managing and conducting participation in competitions and events
In order to handle and conduct participation in competitions and events, we collect the following personal data:
• Name
• Age
• Contact information (e.g. address, email and phone number)
• Details left in the contest
• Data left in evaluations of events

What do we do with the data (treatment)?
• Communication before and after participation in a contest or event (e.g. confirmation of notifications, questions or evaluations)
• Identification and control of age
• Choice of winner and transfer of any winnings (e.g. pay-outs or travel bookings)

Legal basis
The processing of the above personal data is necessary to meet our legitimate interest in handling your participation in our competitions and / or events.

How long will we save the data?
During the competition / event (including any evaluation) is in progress.

3.6 Evaluation, development and improvement of our services, products and systems for the customer collective
In order to be able to evaluate, develop and improve our services, products and systems for the customer collective agreement as a whole, we collect the following personal data:
• Age
• Gender
• Residence
• Communication and feedback about our services and products
• Purchase and user generated data (e.g., click and visit history)
• Technical data related to devices used and its settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform).
• Information about how you interacted with us, i.e. how you used the service, login method, where and how long different pages were visited, response times, download errors, how to reach and leave the service, etc.

What do we do with the data (treatment)?
• Adaptation to make our services more user-friendly (e.g. change the user interface to simplify the flow of information or to highlight features commonly used or searched by customers in our digital channels).
• Develop support to improve product and logistics flows (e.g. by forecasting purchases, inventories and deliveries).
• Develop support to develop and improve our product range and to develop and improve our resource efficiency from an environmental and sustainability perspective (e.g., streamlining purchasing and scheduling of deliveries).
• Provide documentation for planning new and possibly launches of stores and warehouses.
• Give our customers the opportunity to influence our product range.
• Develop support to improve IT systems in order to generally increase the security of the company and our visitors / customers.
• We analyse the data we collect to evaluate, develop and improve our services, products and systems for all our customers and visitors. Based on the data we collect (e.g., purchase history, age and gender), you are sorted into a customer group (called customer segments) for which analyses are then made at an aggregated level using unidentified or pseudonymised data without any connection to you as an individual. The insights from the analysis are the basis for which products are purchased and how we develop.

Legal basis
The processing of the above personal data is necessary to meet our legitimate interest in evaluating, developing and improving our services, products and systems.

How long will we save the data?
From the date of collection and up to 36 months thereafter.

3.7 Prevention of abuse of a service and prevention, prevention and investigation of crime
In order to prevent abuse of a service or to prevent and investigate criminal offenses against the company, we collect the following personal data:
• Purchase and user generated data (e.g., click and visit history)
• Technical data related to devices used and its settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform)
• Information on how our digital services are used

What do we do with the data (treatment)?
• We want to prevent and investigate possible fraud or other offenses (eg incident reporting in the store).
• Prevent spam, phishing, harassment, unauthorized login to user accounts, or any other prohibited by law or our terms of purchase, membership or service.
• Protect and improve our IT environment from attack and intrusion.

Legal basis
The processing of the above personal data is necessary to fulfil our legal obligations (if any), alternatively, for legal claims to be established, enforced or defended. The treatment is always done to safeguard our legitimate interest in preventing abuse of a service or for preventing, preventing and investigating violations of the company.

How long will we save the data?
From the date of collection and up to 36 months thereafter.

4. What personal data do we collect as a member of the Granit’s Community (customer club) and why?

4.1 Managing Your Membership and Creating Your Member Page
In order to manage your membership and to create your member's page, we collect the following personal information:
• Name
• Contact information (e.g. address, email and phone number)
• Purchase History
• Payment History
• Payment Information
• Username and password
• Settings regarding your profile and your personal choices

What do we do with the data (treatment)?
• Creation of login function.
• Security of your identity and age (you must be over 18 years old to be a member of the Granit’s Community)
• Maintain accurate and updated tasks.
• The opportunity for you to follow your purchase and payment history and bonus status.
• The ability for you to save favourites and similar facilitation measures.
• Managing your customer choices (such as your profile and your settings

Legal basis
The collection of your personal information is required in order to fulfil our obligations under the membership agreement in our community. If the information is not provided, our commitments can not be fulfilled and we are therefore forced to refuse membership.

How long will we save the data?
Until the membership is terminated (can be done manually or automatically due to inactivity for a period of 24 months).

4.2 Managing your benefits and offers
In order to manage your benefits and offers we collect the following personal information:
• Name
• Birthday
• Contact information (e.g. address, email and phone number)
• User name
• Member Number
• Member level
• Gender
• Place of residence
• Purchase History
• Purchase and user generated data (e.g., click and visit history)
• Specified customer choice regarding products and services

What do we do with the data (treatment)?
• Creates personal and general member offers, custom news, product recommendations, inspiration, benefits linked to your member level, and event invitations.
• Analyses of the data we collect, for example we looked at your purchase history, age, gender, place of residence, specified preferences (about products and communication channels) and results from customer satisfaction or market research.
• Based on the data we collect (e.g., purchase history, age, gender and specified preferences), we will analyse an individual level that may result in you being sorted into a customer group (so-called customer segments) or getting a unique profile. The insights from the analysis are the basis for your personal offers and custom benefits, etc. Different members can therefore get different benefits and offers so it should be more relevant to you.

Legal basis
The processing of your personal data is based on our legitimate interest in providing personal and relevant member offers and news to our customer club members, as well as analysing shopping behaviour and creating customer groups.

How long will we save the data?
Until the membership is terminated (can be done manually or automatically due to inactivity for a period of 24 months).

4.3 Delivery of a personalized experience of our services
In order to deliver a personalized experience of our services, we collect the following personal information:
• Name
• Age
• Purchase History
• User name
• Sex
• Place of residence
• Member level
• Purchase and user-generated data (e.g., click and visit history)
• Specified customer choice regarding communication channels
What do we do with the data (treatment)?
• We create customized content for you, such as through relevant product recommendations, presentation of your specific benefits and offers, and other similar actions that simplify you and make content more relevant. Simplify your use of our services (for example, saving favourites to facilitate future purchases or reminding you of forgotten / abandoned digital shopping carts).
• Personal communication based on your member behaviour.
• Analyses of the data we collect for this purpose. Based on the data we collect (e.g., member level, purchase and click history), we do an individual-level analysis. The insights from the analysis form the basis for our communication with you and what offers, benefits and information presented to you on your member page and via mail.

Legal basis
The processing of your personal data is based on our legitimate interest in providing personal and relevant member offers and news to our customer club members as well as analysing purchasing behaviour.

How long will we save the data?
Until the membership is terminated (can be done manually or automatically due to inactivity for a period of 24 months).

5. From which sources do we retrieve your personal information?

In addition to the information you provide to us or we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else (such as third parties). The information we collect from third parties is as follows:

  1. Addresses from public records to be sure we have the correct address details for you.
  2. Credit rating data from credit rating agencies, banks or disclosure companies

6. Who can we share your personal data with?

6.1 Personal Data Assistant
In cases where it is necessary for us to offer our services, we share your personal data with companies that are so-called. personal information assistants for us. A personal information officer is a company that processes the information on our behalf and according to our instructions. We have personal information assistants who help us with:

  1. Transports (logistics companies and freight forwarders)
  2. Payment solutions (card-insolvent companies, banks and other payment service providers)
  3. Marketing (print and distribution, social media, media agencies or advertising agencies)
  4. IT services (companies that handle necessary operations, technical support and maintenance of our IT solutions)

When your personal information is shared with Personal Data Assistant, it will only be for purposes that are consistent with the purposes for which we have gathered the information (for example, to fulfil our obligations under the Purchase Agreement or the Loyalty Program Membership Terms). We check all Personal Data Assistant to ensure that they can provide sufficient safeguards regarding the security and confidentiality of personal data. We have written agreements with all personal information officers through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding the international transfer of personal data.

6.2 Companies that are independent personally responsible

We also share your personal information with some companies that are independent personal data administrators. The fact that the company is independent personally responsible means that we are not controlling how the information submitted to the company will be treated. Independent personal data officers with whom we share your personal information are:

  1. Government authorities (Police, Tax Agency or other authorities) if we are required to do so by law or in the event of suspected crime. The transfer of personal data to the relevant authorities is made only for the purposes described in section 1.1. In these cases, the transfer of personal data is necessary for us to comply with our legal obligations under law, court decision, government decision or the like.
  2. Companies dealing with general freight transport (logistics companies and freight forwarders). The transfer of personal data to such operators is made only for the purposes described in sections 3.1 - 3.2 and 4.1 - 4.2. In these cases, the transfer of personal data is necessary in order for us to fulfil our agreements.
  3. Businesses offering payment solutions (card-insolvent companies, banks and other payment service providers). The transfer of personal data to such operators is made only for the purposes described in sections 3.1 - 3.2 and 4.1 - 4.2. In these cases, the transfer of personal data is necessary in order for us to fulfil our agreements.
  4. Once your personal data has been transferred from us to a company that is an independent personally responsible person, the company's privacy policy and personal data management apply.

7. Where do we process your personal data?

We always strive for your personal data to be processed within the EU / EEA and that all our own IT systems are located within the EU / EEA. However, in case of systematic support and maintenance, we may have to transfer the information to a non-EU country. if we share your personal information with a personal data assistant who, either himself or through a subcontractor, is established or stores information in a non-EU country. In these cases, the assistant may only share the information relevant to the purpose (eg log files).
Regardless of the country in which your personal data are processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as within the EU / EEA. In cases where personal data are processed outside the EU / EEA, the level of protection is guaranteed either by a decision of the EU Commission that the country concerned ensures an adequate level of protection or by the use of so-called appropriate safeguards. Examples of appropriate protection measures are approved code of conduct in the recipient country, standard contract clauses, binding company internal rules or privacy shield. If you want a copy of the safeguards that have been taken or information about where these have been made available, please contact us.

8. How long do we save your personal information?

We will never save your personal information longer than is necessary for each purpose. See the details of the specific storage periods under the respective purposes for collection.

9. What do you have for rights as registered?

9.1 Right of registry extract
We are always transparent and transparent about how we process your personal information. If you want a deeper understanding of what personal data we are dealing with just about you, you can request access to the information. The information is provided in the form of a register extract, specifying the purpose, categories of personal data, categories of recipients, storage periods, information about where the information has been collected and the existence of automated decision making.
Please note that if we receive a request for access, we may ask for additional information to ensure the effective handling of your request and that the information is provided to the correct person.

9.2 Right to request rectification
You may request that your personal data be corrected if the information is incorrect. Within the stated purpose, you also have the right to supplement any incomplete personal data.
Keep in mind that you who are a member of Granit can change certain tasks directly through My Pages.

9.3 Right to be deleted
You may request the deletion of personal data we are dealing with if you:

  • The data is no longer necessary for the purposes for which they have been collected or processed;
  • You object to an interest weighing we have made based on legitimate interest and your objection of appeal is heavier than our legitimate interest;
  • You oppose processing for direct marketing purposes;
  • Personal data are processed illegally;
  • Personal data must be deleted to comply with a legal obligation we are subject to; or
  • Personal data have been collected for a child (under 16 years) for which you have parental responsibility and collection has been made in connection with the provision of information society services (e.g. social media). 

Keep in mind that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal information. These obligations come from, for example, accounting and tax legislation, banking and money laundering legislation, but also consumer law.
It may also be possible that treatment is necessary for us to determine, enforce or defend legal claims. Should we be prevented from meeting a request for deletion, we will instead block personal data from being used for purposes other than the purpose that prevents the requested deletion.

9.4 Right to restriction
You are entitled to request that our processing of your personal data be limited. If you disagree that the personal information we process is correct, you may request limited treatment during the time we need to check whether your personal information is correct. If we no longer need your personal information for the stated purposes, but you need them to determine, enforce or defend legal claims, you may request limited processing of our data. This means that you can request that we do not delete your information.

If you have objected to an interest-bearing interest of legitimate interest that we have made as a legal basis for an end, you may request limited treatment for the time we need to check whether our legitimate interests outweigh your interests in getting the data deleted.

If the treatment has been limited in accordance with any of the above situations, we may, in addition to the actual storage, process the data to determine, enforce or defend legal claims, to protect someone else's rights or if you have given your consent.

9.5 Right to object to certain types of treatment
In cases where we use a balance of interests as a legal basis for the purpose of collecting your personal information you have the opportunity to object to the treatment. In order to continue processing your personal information after such objection, we need to display a compelling legitimate reason for the current treatment that weighs heavier than your interests, rights or freedoms. Otherwise, we may only process the data to determine, exercise or defend legal claims.

9.6 Direct marketing (including analyses conducted for direct marketing purposes)
You may object to your personal data being processed for direct marketing. The objection also includes the analysis of personal data (i.e. profiling) performed for direct marketing purposes. Direct marketing refers to all types of outreach promotional actions (e.g. by mail, email and text). Marketing actions where you as a customer actively chose to use one of our services or else sought us to know more about our services do not count as direct marketing (such as product recommendations or other features and offers on My Pages).

If you oppose direct marketing, we will discontinue the processing of your personal data for that purpose and terminate any direct marketing action.

Keep in mind that you are always able to influence which channels we will use for mailing and personal offers. For example, you can choose to receive only offers from us via email, but not text. In that case, you should not object to personal data processing as such but limit our communication channels (by changing the settings on My Pages or contacting customer service).

9.7 Right to withdraw consent
You are entitled to revoke any consent for processing personal data at any time. Such recall may be limited to only part of the treatment, such as the collection of health data.

9.8 Right to data portability
You are entitled to obtain the personal information you have provided to us and concern you in an electronic format that is widely used. You are entitled to transfer such data to another person responsible for data (i.e. data portability). A prerequisite for data portability is that the transmission is technically possible and can be automated.

10. How do we protect your data information?

We have taken technical and organizational measures to protect your data from loss, manipulation and unauthorized access. We continually adjust our security measures in accordance with the progress and development of e-commerce security systems. To make card purchases as secure as possible, all information is sent in encrypted form. This means that the information is transmitted through a secure connection and that your personal information can not be read by third parties.

11. What are cookies and how do we use it?

11.1 General about cookies
A cookie (cookie file) is a small text file that is saved on your computer or mobile device and retrieved from it on subsequent visits to the current site. Granit uses cookies to improve and simplify your visit. We do not use cookies to distribute data to third parties.
There are two types of cookies: permanent and temporary (session cookies). Permanent cookies are saved as files on your computer or mobile device for a maximum of twelve (12) months. Session cookies are temporarily saved and disappear when you close the browser. We use permanent cookies to save your choice of home page (language and currency). We use session cookies when you visit our product pages, product filtering feature, to check if you're logged in or if you added an item to the cart.

11.2 Third Party Cookies
We use third-party cookies to collect aggregated / aggregated statistics in analytics tools like Google Analytics. The cookies used are both permanent and occasional cookies (session cookies). These permanent cookies are saved as files on your computer or mobile device for a maximum of 24 months.
For the best buy experience at granit.com, we recommend that you use any of the browsers Google Chrome, Mozilla Firefox or Safari.
You can also read about Granit cookies at https://www.granit.com/en/help-information/terms-conditions/cookies

11.3 Can you control the use of cookies yourself?
Yes, you can easily delete cookies from your computer or mobile device through the browser. For instructions on how to manage and delete cookies, go to the "Help" option in your browser. You can choose to disable cookies or get a notification each time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to use all features on our site.

12. Changes to this Privacy Policy

We may make changes to our privacy policy. The latest version of the privacy policy is always available on this site. For updates that are critical to our processing of personal data (such as change of specified purposes or categories of personal data) or updates that are not critical to the treatment but which may be of crucial importance to you, you will receive information on granit.com and by e-mail (if you have e-mailed) in good time before the updates start to apply. When we provide information about updates, we will also explain the meaning of the updates and how they affect you.

The privacy policy was last updated 23-05-2018.