Data Protection Policy
1. Introduction
At Hatstore Scandinavia AB we care about your personal integrity. We only collect necessary personal data. We aim to process your personal data in the most professional way and to comply with the General Data Protection Regulation – GDPR – the law governing the processing of personal data.
With the aim of ensuring you feel comfortable and have a safe experience, this policy provides information about how Hatstore Scandinavia AB (hereinafter referred to as “Hatstore”) collects and processes data. It also describes what rights you have and how you can enforce them. Your personal data is not used for any purpose other than the original purpose, which is described in this policy.
By accepting Hatstore's purchasing terms and conditions, you also accept our Data Protection Policy and thus our processing of your personal data. It is thus important that you read and understand this policy before using our services.
2. Personal Data Controller
Personal data means any information relating to an identified or identifiable natural person.
Hatstore Scandinavia AB, org. no. 556913–5436, residing at Amerikavägen 10, 393 56 Kalmar Sweden, is personal data controller and responsible for the processing of your personal data, unless otherwise stated in this document.
3. What personal data do we collect and how are they processed?
Hatstore collects your personal data when you make a purchase, and also when you use our website, contact us or sign up for our newsletter.
If you are under the age of 18, consent from a guardian is required for us to process your personal data. By registering and/or making a purchase, you guarantee that you have consent from a guardian for us to process your personal data. Each member state in the EU regulates the required minimum age for processing of personal data.
Of the personal data collected by Hatstore, only necessary personal data is processed, and data is not stored longer than required. Each type of personal data is thus linked to a purpose and a legal basis to make it lawful for us to process your personal data. This is described below.
Legal basis means it is supported by law. Legal basis in this context demonstrates why it is necessary for us to process your personal data.
Personal data and contact information
First and last name
Invoice and delivery address
Contact information such as e-mail address and phone number
Date of birth/Social security number **
Purpose: Collected to process your order and deliver your products, and to enable us to send targeted offers which we believe is of value to you.
Legal basis: To achieve the purpose “to process your order”, the legal basis for processing your personal data is to fulfil a purchase agreement between Hatstore and you, as the customer, when you make a purchase from us. To achieve the purpose “to send targeted offers”, the legal basis is to satisfy Hatstore’s legitimate interest to develop its business.
Storage period: Until the purchase is completed (including delivery and payment) and during a reasonable time thereafter, or up to seven years for personal data processed in accordance with the Swedish Accounting Act.
** Your date of birth is collected and stored when you make a purchase from a country where we offer Klarna as a payment method. If you make a purchase from a Nordic country, your social security number is also collected to enable Klarna to offer you delayed payment alternatives and to give you access to the Klarna app. However, your social security number is only processed by Klarna, meaning it is not processed and stored by Hatstore. Read about how Klarna processes your personal data here: https://www.klarna.com/international/privacy-policy/.
Payment details
Credit and debit card details (card number, validity date and CVV code)
Purpose: Collected to enable the payment service suppler to confirm and verify your identity when you pay for your order.
Legal basis: Your payment details are not processed or stored by Hatstore, as only the payment service provider has access to your payment details. The payment service provider is thus personal data controller for this type of data. It is not necessary for us to process the data.
Storage period: Not stored by Hatstore.
Information about the products you have purchased
Details related to the products you have bought
Purpose: Collected to manage any returns and complaints and to assist you with customer service cases.
Legal basis: Necessary in order to comply with applicable legislation related to the purpose.
Storage period: Until the purchase is completed (including delivery and payment) and during a reasonable time thereafter, or up to seven years for personal data processed in accordance with the Swedish Accounting Act.
Information about how you interface with Hatstore
How you use our services
Response times for webpages, downloading errors etc.
How you entered and exited the service
Delivery notifications when we contact you
Purpose: Collected to improve our services, enhance products and functions and for general business development purposes.
Legal basis: Necessary to satisfy Hatstore’s legitimate interest to evaluate our services and improve and develop the business.
Storage period: From collection and for a reasonable time thereafter.
Device data
IP address
Language settings, web browser settings, geographical location, time zone etc.
Operating system, platform, display resolution etc.
Purpose: Collected to enable risk analysis and prevent fraud.
Legal basis: Necessary to satisfy Hatstore’s legitimate interest of troubleshooting and developing the business.
Storage period: From collection and for a reasonable time thereafter.
4. How do we protect your personal data?
Hatstore uses encrypted communication via Secure Socket Layer (SSL) to ensure that your personal data is protected when you make a purchase from us. Credit card details are only processed by the payment service provider in a secure and encrypted connection.
We also protect our websites and other systems through technical and organisational measures against loss, destruction, access, modification or dissemination of your personal data by unauthorized persons.
We always strive to process your data within the EU/EEA. However, there may be situations where your personal data needs to be transferred to, and processed in, countries outside the EU/EEA. For example, if we share your personal data with a personal data processor which, either themselves or through a subcontractor, is established or stores data in a country outside the EU/EEA. In events like this, the processor only has access to the personal data that is relevant to the purpose (for example log files). Hatstore will then take all reasonable legal, technical and organisational measures to ensure your data is processed securely and at the same level of security offered within the EU/EEA.
5. With whom do we potentially share your personal data?
Your personal data is only processed by Hatstore and selected third parties, as described below.
Logistics and delivery companies: Hatstore share your personal data with logistics and delivery companies to be able to handle and deliver your order.
Payment service providers and similar providers: Your personal data is potentially shared with credit reference agencies and providers of similar services, with the purpose of enabling them to assess your creditworthiness when you apply for certain payment methods offered by us, and to confirm your identity and address.
Authorities: Hatstore may be required to provide necessary information to authorities such as the police, the Swedish Tax Agency and other authorities, if we are obliged to do so by law.
Marketing services agencies: Hatstore may share your personal data with marketing services agencies in order to send targeted promotions to you.
Subcontractors and other suppliers: Hatstore may share your personal data with subcontractors and other suppliers in performing our obligations to you.
Your personal data will not be shared with unauthorised persons. We never sell or exchange your personal data with third parties.
6. What rights do you have?
Right of access: You have the right to obtain information about what personal data we store about you. We are transparent in how we process your particular personal data and you are welcome to contact us in this regard.
Right to rectification: You have the right to obtain rectification of inaccurate personal data. You furthermore have the right to request limited processing of your personal data during the time it takes for us to verify and rectify the data.
Right to withdraw consent: You have the right to withdraw your consent at any time. Read more about how to withdraw your consent in relation to newsletters and SMSs in our purchasing terms and conditions.
Right to erasure: You have the right to request erasure of your personal data. Hatstore may, however, be prevented from erasing all data, due to obligations under accounting and tax legislations.
Right to object: You have the right to object to processing of personal data which is based on balance of interests. For Hatstore to be entitled to continue the processing of your personal data, we must demonstrate a legitimate interest which weighs heavier than your interests and rights.
Right to data portability: You have the right to request that your personal data be transmitted to another personal data controller (so-called data portability). This applies if our right to process your personal data is based on your consent or fulfilment of a contract with you. A precondition for data portability is that the transmission is technically possible and carried out by automated means.
To exercise your rights, please contact us at customerservice@hatstore.co.uk.
The Swedish Data Protection Authority (Sw. Datainspektionen) is responsible for monitoring the application of the personal data protection legislation. Anyone who believes a company incorrectly processes personal data can submit a complaint to the Swedish Data Protection Agency.
7. Integration of the Trusted Shops Trustbadge
Following an order, the Trusted Shops Trustbadge is incorporated into this web page in order to display our Trusted Shops trustmark for buyers and the eventually collected reviews, as well as the Trusted Shops product offer.
In balancing the various interests, this serves to safeguard our legitimate prevailing interests in an optimised marketing of our offer. The Trustbadge and the services advertised are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln.
Whenever a Trustbadge is called up, the web server automatically stores a so-called server log file which contains, for example, your IP address, the date and time of retrieval, the data volume transferred and the requesting provider (access data), and documents the retrieval. This access data will not be evaluated and will be automatically overwritten seven days after your visit to the page.
Other personal information will only be transferred to Trusted Shops if you decide, after completing an order, to use Trusted Shops products or have already registered for their use. In this case, the contractual agreement between you and Trusted Shops applies.
If you choose to subscribe to buyer protection, personal data about you will be sent to Trusted Shops. You can find more details in the Trusted Shops data protection policy.
8. How do we use cookies?
Hatstore uses cookies to provide the best possible experience on the website. To learn more about how we use cookies, please read our Cookie policy.
9. Contact us
For any questions about how we process your personal data, or to exercise your right, please contact us at customerservice@hatstore.co.uk.
10. Amendments to the Data Protection Policy
Hatstore reserves the right to make necessary amendments to the Data Protection Policy in order to comply with legal requirements or to remedy disruptions. All amendments will be published in this document.
Last modified on 21 October 2020