Privacy information

A.P. Shaps

1. INTRODUCTION

A.P. Shaps AB, (company reg. no 559061-3427) (“A.P. Shaps“, “we“, “our” or “us“) values your privacy. We always seek to be open about how we process your personal data to ensure that you feel comfortable providing it to us.

A.P. Shaps collects and processes your personal data when you interact with us, such as when you visit our website or when you purchase products from us. In this privacy information (“Privacy Information“) we describe what personal data A.P. Shaps collects about you and for which purposes the personal data is processed.

If you still have questions about how we process your personal data after reading this Privacy Information, please contact us at info@apshaps.se.

2. Definitions

In this Privacy Information, the term “processing” is used to refer to all processing activities involving your personal data, including, e.g., the collection, handling, storage, sharing, access, use, transfer and deletion of personal data.

Applicable data protection law” means all legislation and regulations, including those issued by the supervisory authority responsible for protecting the fundamental rights and freedoms of individuals, and in particular their right to privacy with regard to the processing of their personal data. This includes Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), as well as laws and regulations supplementing the GDPR.

Personal data” means any information relating to an identified or identifiable natural person. This includes, for example, name, social security number, address, e-mail address and phone number, but also encrypted data and various electronic identities such as IP numbers.

Retention period” means the period for which we process your personal data for the purpose in question. Please note that the same personal data may be stored by us for different purposes in different systems. Your name may, therefore, for example remain in our systems in order for us to deliver your ordered product, even though the personal data has been deleted for e.g. marketing purposes.

3. WHO IS THE DATA CONTROLLER?

A.P. Shaps AB, company reg. no 559061-3427, PO Box 699, SE-114 11 Stockholm, Sweden, is the data controller for the processing of your personal data described in this Privacy Information.

4. FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data:

  • Directly from you. We collect information about you when you provide information to us, for example, when you fill in your details when placing an order on our website or when you enter into a purchase agreement with us in our store, when you sign up for our newsletter when placing an order or when you fill in your details in our booking form to book a consultation with us. We also collect your data when you contact our customer service.
  • Following your use of our website or services. We collect information about how you use our services and our website. For example, we collect information about how you navigate our website. You can read more here.

You can always choose not to provide us with voluntary information. However, some personal data is necessary for us to provide you with some of our products. If you do not provide such personal data, it may prevent us from providing you with some of our products.

5. WHY DO WE PROCESS YOUR PERSONAL DATA?

5.1 Administration and delivery of your order

Processing operations

Category of personal data

Retention period

  • Identification and age verification
  • Maintenance of the necessary functions of the website and creation of a shopping basket through use of necessary cookies, read more here
  • Dispatch of order and delivery confirmations
  • Handling of payment
  • Distribution of your products
  • Handling of returns and complaints
  • Management of our services

 

 

  • Name
  • Contact details, e.g., address, telephone number and e-mail address
  • Login details
  • Age
  • Electronic identity, e.g. IP address and cookie ID
  • Purchase history, e.g., ordered products
  • Information about your order, e.g., your order number
  • Payment details and payment history
  • Information which you provide to us about any deviations/complaints

Personal data is stored for thirty-eight (38) months after the purchase has been made in order to handle any complaints.

As we offer lifetime service on our products, we may retain personal data required for this purpose, such as name and information linked to your purchase, for up to fifty (50) years after the purchase.

 

Legal basis

> Performance of a contract. The processing is necessary for the performance of our contract with you.

> Consent. Data retrieved from or stored in your terminal equipment, such as cookies, will only be processed with your consent to such processing to the extent that such processing is not necessary for the use of the website.

 

5.2 Managing customer support

Processing operations

Category of personal data

Retention period

  • Communication and answering any questions to our customer service
  • Receipt of any complaints, claims and support cases
  • Name
  • Contact details, e.g., address, telephone number and e-mail address
  • Login details
  • Purchase history, e.g., ordered products
  • Information about your order, e.g., your order number
  • Payment history
  • Information you provide to us, e.g. about any errors/complaints

Personal data is stored for twelve (12) months after the customer service case has been closed. We may, however, process the data for a longer period in the event of a dispute in accordance with section 5.9.

 

Legal basis

> Legitimate interest. The processing is necessary to pursue our legitimate interest in providing customer service and to administer your customer service case. The processing is based on a balance of interests between your and our legitimate interests where we have a legitimate interest to be able to answer your questions and communicate with you in an accurate and complete manner.

 

5.3 Register and manage your customer account  

Processing operations

Category of personal data

Retention period

  • Registration of customer account
  • Administration of your account
  • Processing of data to allow you to view previous purchases and receipts
  • Retention of a wish list

 

 

  • Name
  • Contact details, e.g. address, telephone number, e-mail address
  • Login details
  • Purchase history, e.g., ordered products
  • Information about your order, e.g., your order number
  • Payment history
  • Settings related to your profile

The personal data is stored until the customer account is closed on your request and for a period of thirty (30) days thereafter, or five (5) years since your last activity (e.g. making a purchase in logged-in mode or by logging into your account). 

Legal basis

> Legitimate interest. The processing is necessary to pursue our legitimate interest in providing and administering your customer account. The processing is based on a balance of interests between your and our legitimate interests where we have a legitimate interest in providing the customer account. Our legitimate interest is strengthened by the fact that you have not deleted your account.

 

5.4 Booking and organising a consultation

Processing operations

Category of personal data

Retention period

  • Administration of your booking
  • Communication regarding your booking
  • of your preferences for possible future purchases
  • Name
  • Contact details, e.g., address, telephone number and e-mail address
  • Other information you provide to us when booking, such as the names of other people who will attend the consultation

Personal data is stored for up to twelve (12) months after the consultation has been completed.

Legal basis

> Legitimate interest. The processing is necessary to pursue our legitimate interest of administering and conducting consultations with you. The processing is based on a balance of interests between your and our legitimate interests where we have a legitimate interest in being able to offer consultations.

 

5.5 Marketing of our products 

Processing operations

Category of personal data

Retention period

  • Sending newsletters and offers
  • Advertising via advertising platforms such as social media and search engines through use of marketing cookies, read more here

 

 

·       Name

·       E-mail address

  • Purchase history, e.g., ordered products

·       Purchase and user generated data, such as click and visit history and data on viewed products

 

For newsletters and offers, personal data is stored until you notify us that you no longer wish to receive newsletters or offers from us. We will no longer process your data for this purpose if you choose to unsubscribe from our newsletter.

For other processing, the personal data will be retained for the duration of the relevant marketing activity but no longer than twenty-four (24) months after the end of the marketing activity.

Legal basis

> Legitimate interest. The processing is necessary to pursue our legitimate interest in marketing ourselves and our products and services. Regarding our newsletters, our legitimate interest is strengthened by your approval to us sending you newsletters and offers and that you have not subsequently unsubscribed. If you choose to unsubscribe from our newsletter, we will no longer process your data for such purposes.

> Consent. Data retrieved from or stored in your terminal equipment, such as cookies, will only be processed with your consent to such processing to the extent that such processing is not necessary for the use of the website.

 

5.6 Evaluate and improve our operations, products and services  

Processing operations

Category of personal data

Retention period

  • Analysis of how you interact with our website through use of analytics cookies, read more here
  • Creation of statistics and data to improve our business, our products and services and the user experience on our website in general
  • Analysis of correspondence and feedback to improve our products and website
  • Anonymisation of personal data

 

 

·       Information you have provided to us, e.g., correspondence or feedback

·       Purchase history, e.g., ordered products

·       Electronic identity, e.g. IP address and cookie ID

·       Purchase and user generated data, such as click and visit history

·       Information about your use of the website, e.g., how the website is navigated

  • Device information, e.g., device type, browser setting, and operating system

Personal data is stored for up to twelve (12) months from the date of collection.

Reports and statistics at aggregated and anonymised level (i.e. data that is not considered personal data) are retained until further notice.

Legal basis

> Legitimate interest. The processing is necessary to pursue our legitimate interest in being able to evaluate and improve our business, our products and services and the user experience on our website. The processing is based on a balance of interests between your and our legitimate interests, where we have a legitimate interest in developing our business and our products.

> Consent. Data retrieved from or stored in your terminal equipment, such as cookies, will only be processed with your consent to such processing to the extent that such processing is not necessary for the use of the website.

 

5.7 Preventing and countering fraud, criminal offences, breaches, including measures to protect our IT systems  

Processing operations

Category of personal data

Retention period

  • Analysis of your activities, e.g., your use of our website
  • Taking measures to protect our business and IT environment against attacks and intrusions
  • Other processing operations necessary for the purpose

 

 

  • Name
  • Social security number or coordination number
  • Contact details, e.g., address, telephone number and e-mail address
  • Data on criminal offences
  • Login details
  • Payment details
  • Purchase history, e.g., ordered products
  • Purchase and user generated data, such as click and visit history

In order to manage and protect our IT systems, we may retain your personal data for up to three (3) months from the relevant logging activity.

In cases of suspicion of criminal offences or similar, the data may be kept for longer in accordance with section 5.9.

Legal basis

> Legitimate interest. The processing is necessary for the purposes of our legitimate interest in preventing and countering criminal activities and infringements of our guidelines, policies or contracts, and to manage and protect our IT systems. The processing is based on a balancing of your and our legitimate interests where we have a legitimate interest to conduct investigations.

 

5.8 Carrying out CCTV surveillance for security and to prevent and combat crime

Processing operations

Category of personal data

Retention period

  • Camera surveillance

 

 

  • Information in recorded material such as pictures of you

Personal data is stored for a maximum of seventy-two (72) hours after collection.

In case of suspicion of a criminal offence or similar, the data may be retained for longer in accordance with section 5.9.

Legal basis

> Legitimate interest. The processing is necessary for the purposes of our legitimate interest in providing a safe working environment for our employees and preventing and combating crime. The processing is based on a balancing of your and our legitimate interests where we have a legitimate interest in protecting our business against crime and protecting our employees. This interest is particularly relevant as we provide expensive products that are typically particularly prone to theft.

 

5.9 Establishing, asserting or defending legal claims

Processing operations

Category of personal data

Retention period

  • Investigation and similar processing operations
  • Notification to authorities, e.g., law-enforcement authorities and courts
  • Transfer of your personal data to authorities, e.g., law-enforcement authorities and courts
  • Provision of documentation to legal advisers

Depending on the circumstances:

·       Name

·       Social security number or coordination number

·       Contact details, e.g., address, telephone number and e-mail address

·       Data on criminal offences

·       Login details

·       Payment details and payment history

·       Purchase history, e.g., ordered products

·       Purchase and user generated data, such as click and visit history

·       Information about your use of the website, e.g., how the website is navigated

·       Video recordings from camera surveillance in our store

  • Other data necessary for the purpose

Personal data will be stored for the period necessary to establish, exercise or defend the legal claim and for a maximum of ten (10) years from the end of the legal process.

 

Legal basis

> Legitimate interest. The processing is necessary for the purposes of our legitimate interest in establishing, exercising or defending legal claims. 

> Establishment, exercise or defence Exercise of or establishment of legal claims. Special categories of personal data, including data relating to criminal offences, are only processed in order to pursue our legitimate interest in establishing, exercising or defending our legal claims or those of third parties.

 

5.10 Fulfilment of legal obligations

Processing operations

Category of personal data

Retention period

  • Documentation of transactions in accordance with the Swedish Accounting Act
  • Documentation and investigation of transactions under the Swedish Money Laundering Act
  • Sending information about updates to this Privacy Information or our Terms
  • Handling requests to exercise your rights as a data subject
  • Other processing operations necessary for the purpose
  • Name
  • Social security number or coordination number
  • Contact details, e.g., address, telephone number and e-mail address
  • Payment details and payment history
  • Purchase history, e.g. which product was ordered and when

Personal data is stored for as long as necessary to fulfil the relevant legal obligation. For example, we are obliged to store certain information about your purchase for seven (7) years under the Swedish Accounting Act. However, no personal data is stored for longer than ten (10) years.

Legal basis

>                   Legal obligation. The processing is necessary for compliance with a legal obligation.

 

6. RECIPIENTS WE SHARE YOUR PERSONAL DATA WITH

6.1 Other data controllers

Where necessary, we may share your personal data with others. In some cases, we remain the controller, and the recipients of such personal data are our processors for the processing. In other cases, the recipients are independent controllers for the processing. A recipient may also be an independent controller for one processing activity but a processor for another.

In this section you will find more information about with whom we may share your personal data.

Below you will find examples of recipients who are independent controllers for their processing of your personal data.

  • In order for us to fulfil our legal obligations or to establish, exercise or defend our legal claims or those of third parties, we may transfer your personal data to authorities, such as the Swedish Tax Agency (Sw. Skatteverket), law-enforcement authorities and courts.
  • Legal advisors. We may transfer your personal data to our legal advisors if it is necessary for the establishment, exercise or defence of our legal claims, e.g., in connection with a dispute.
  • Payment service provider. In order for us to administer and deliver your order, we may transfer your personal data to our payment service provider for the execution of payment.

6.2 Recipients who are our processors

We may also transfer your personal data to processors, i.e. companies that may only process your personal data according to our instructions and not for their own purposes. These may include companies we have engaged to deliver our IT systems, logistics and transport services companies and our payment solution provider.  

6.3 Other recipients

For research and statistical purposes, we prepare anonymous, aggregated or generic data for several different purposes, which have been listed above. As we believe that you cannot be reasonably identified from this information, we may share the information with external parties such as our partners, advertisers, industry organisations, the media and/or the public. However, to ensure a high level of safety and security, we apply a restrictive approach.

6.4 Appropriate safeguards for transfers of personal data outside the EU/EEA

A.P. Shaps engages suppliers that transfer personal data to countries outside the EU/EEA (so-called “third countries“). A.P. Shaps has entered into data processing agreements with these suppliers that contain provisions that adequately protect your personal data in connection with such third country transfers.

Transfers of personal data outside the EU/EEA are processed in accordance with applicable data protection legislation, including the GDPR. The protection of personal data in the context of transfers outside the EU/EEA is ensured either by (i) the European Commission’s adequacy decision or (ii) by the procedural safeguards offered by the European Commission’s standard contractual clauses. The protection is further supplemented by technical and organisational security measures, including encryption and anonymisation/pseudonymisation.

If you have any questions about A.P. Shap’s transfers of personal data to countries outside the EU/EEA, please contact us using the contact details provided at the end of this Privacy Information. You have the right to obtain a copy of all documentation demonstrating that appropriate safeguards have been implemented to protect your personal data in the event of a transfer to a third country.

7. YOUR RIGHTS

According to applicable data protection law, you have certain rights in relation to the processing of your personal data. We process your personal data to the extent necessary to fulfil your rights. You are welcome to submit requests for the exercise of your rights by contacting us via the contact details provided below.

You have under certain circumstances a right to exercise the following rights:

Right of access

You may request us to confirm whether we process personal data relating to you or not. If that is the case, you can access the personal data and other information relating to the processing (e.g. the purposes of the processing). You also have the right to obtain a copy of the personal data being processed.

Right to object to certain processing

You have the right to object, on grounds relating to your particular situation, to such processing of personal data concerning you, if the processing is based on a legitimate interest. In such a case, we will cease such processing of your personal data based on a legitimate interest, unless we can demonstrate that our legitimate interest overrides your interest in privacy or that the processing is necessary for the establishment or defence of our legal claims.

Correction

You can ask us to correct inaccurate personal data concerning you.

Right to erasure

You may have your personal data erased under certain circumstances, e.g., when the personal data is no longer necessary to fulfil the purposes for which it was collected.

Right to restriction of processing

In certain circumstances, you have the right to ask us to restrict the processing of your personal data to only include storage. This applies, e.g., if the processing is unlawful but you do not want your personal data to be erased.

Right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data at any time. This applies to the extent that the processing is based on your consent.

Right to data portability

You have the right to obtain, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to us. You also have the right to request that this data be transferred to another controller (when possible).

Right to lodge a complaint with the supervisory authority

If you have a complaint regarding A.P. Shap’s processing of personal data, you have the right to lodge a complaint with the Swedish supervisory authority (Sw. Integritetsskyddsmyndigheten). For more information, please visit the website of the competent supervisory authority.

8. CONTACT US

If you have any questions or concerns about the processing of your personal data, please contact us by e-mail to info@apshaps.se

9. CHANGES TO THIS PRIVACY INFORMATION

This Privacy Information may be updated from time to time. You will be notified appropriately when changes are made to this Privacy Information unless the changes are non-material or insignificant.

This Privacy Information was last updated on december 9 2024.