Incentive Policy
1. Introduction
This privacy statement ("Statement") describes how Mini Chef Norway processes personal data.
We care about your personal privacy and want you to feel confident about how we process your personal data. In this statement, we have therefore gathered information about how we process the personal data you have provided to us in connection with the use of our services and the personal data we have otherwise accessed. Whether you as a customer have used our services in Sweden, Norway, or Finland, we process your personal data as the data controller. This means that we are obligated to ensure that the processing is carried out in accordance with this statement and the applicable personal data legislation at all times.
The policies describe which categories of personal data we process, the purpose of the processing, and the legal basis for the processing. We also explain where we obtained the data from, who may access and process it, the principles for deletion, which third parties we may share personal data with, where the personal data is processed, and what rights you have as a data subject, including the right to information, correction, and deletion, among others. We ask you to read the statement carefully and familiarize yourself with its content, as it applies to all our processing of personal data.
It is worth noting that these policies only apply to our website and our mobile application, which means that when you are linked from our website or mobile application to another website, the privacy rules of that other website apply. We are therefore not responsible for the processing of your personal data on other websites.
From time to time, we may need to update or change the policies. If this happens, we will inform you appropriately and ask you to acknowledge the changes. You will always find the latest version of the policies on our website.
We hope this statement answers your questions about how we process and protect your personal data. If you have further questions or concerns, you are always welcome to contact us at the address above or via our website.
2. How we process your personal data
This section describes the categories of personal data we process, the purposes for which we process them, the processing activities carried out, the legal basis for the processing, and how long the data is stored.
2.1 Where do we collect personal data from?
We process personal data you provide to us when you, for example, create a user account with us, purchase goods via our website, create a customer service case, or subscribe to our newsletter.
We also process personal data obtained from our payment service provider (a so-called third party) when you make a purchase with us, personal data we receive from public registers, and personal data generated when you use our services online or via our mobile application, such as your IP address and browser settings, etc.
2.2 What personal data do we process and why?
A. To manage user accounts
Purpose of processing
- To be able to create and manage user accounts, including authorizing you to log in to your user account, offering you features that make it easier for you to use our services (including placing orders and purchasing goods), and viewing your order history.
Processing operations performed
- Collection and storage of personal data in our business systems, backup systems, and other online storage facilities.
Categories of personal data
- Username
- Email address
- Customer type (individual/company)
- Optional name, phone number, and country
- Password
- Date of user account creation
- Order information, e.g., information about ordered goods (such information is also processed when you place an order and are not logged in via your user account).
- Payment, purchase, and order history.
Legal basis: For active customers: The processing is necessary to fulfill a contract for the purchase of goods from us.
For inactive customers: Balancing of interests. The processing is based on our legitimate interest in managing user accounts and delivering our services.
Retention period: Three (3) years from the creation of the user account or your last purchase, after which your user account will be closed and your information anonymized or deleted. If your user account is closed at your own initiative, your information will be anonymized or deleted within thirty (30) days of the request.
B. To manage orders/purchases, etc.
Purpose
- To manage your orders/purchases (including sending order confirmations, notifying about deliveries, delivering ordered/purchased goods, and handling contacts related to delayed deliveries).
- To handle complaints, claims, and warranty cases regarding ordered/purchased goods.
- To be able to perform billing.
- To prevent misuse of our services, our suppliers' or partners' services, or to prevent, detect, and investigate criminal acts.
- To be able to determine which orders you have placed (via order number or personal identification number).
- To ensure our operational reliability and our ability to restore the system.
Processing performed
- Collection and storage of personal data in our business systems, backup systems, and other online storage locations.
- Sending order confirmations, delivery notifications, and correspondence related to delayed delivery.
- Transfer of personal data to freight forwarders and transport companies.
Categories of personal data
- Name.
- Username
- Personal identification number
- Contact details (for example, address, delivery address, email address, phone number, and postal code).
- Order number.
- Order information, such as details about the items ordered.
- Customer type (individual/business)
- Payment, purchase, and order history.
Legal basis: The processing is necessary to fulfill a purchase agreement with us. In other cases, the processing is necessary for us to fulfill a legal obligation or to protect our legitimate interest in preventing misuse of our, our suppliers', or partners' services or to prevent, detect, and investigate crime, or to protect legal interests in other ways.
Storage period: We store your personal data as long as necessary to fulfill our agreement with you, but no longer than three (3) years from your last purchase. If we are required by law, such as accounting regulations, to store the data for a longer period, we may do so; the data will then be stored for a maximum of seven (7) years after the end of the calendar year in which the financial year ended.
C. To handle customer service cases, etc.
Purpose
- To communicate with you and respond to questions you ask us via email, phone, our chat function, or Facebook.
- To verify your identity.
- To prevent misuse of our services, our suppliers' or partners' services, or to prevent, detect, and investigate criminal acts.
- To verify your orders (via order number or personal identification number).
- To handle complaints, claims, and warranty cases regarding ordered/purchased goods.
Processing performed
- Collection and storage of personal data in our business systems, backup systems, and other online storage locations.
Categories of personal data
- Name.
- Username and password (e.g., for support with login issues).
- Personal identification number.
- Contact details (e.g., address, email address, and phone number).
- Order number.
- Order history, e.g., information about ordered items.
- Customer type (individual/company)
- Images you have sent to customer service.
- Your correspondence with us
- Health information when you provide it to us and it is necessary to handle your customer service case. This may include information about allergic reactions and/or health conditions. We never request health information from you and only process such information if you have given it to us voluntarily.
Legal basis: The processing is based on our legitimate interest in assisting you if you have questions or complaints about goods you have purchased, or if you have problems using our services. In other cases, the processing is necessary to fulfill our legitimate interest in preventing misuse of our services, our suppliers’ or partners’ services, or to prevent, detect, and investigate criminal acts, or to safeguard legal interests in other ways.
Retention period: We store your personal data as long as necessary to handle your customer service case, but no longer than one (1) year after your case is closed. If the data is necessary to handle complaints, claims, and warranty cases regarding ordered/purchased goods, it may be stored longer, but no longer than three (3) years from the purchase the data concerns.
D. To market our products and services, etc.
Purpose
- To be able to send direct marketing (e.g., newsletters) via mail, email, SMS, social media, or other similar electronic communication channels.
- To conduct targeted marketing campaigns (e.g., personalized offers, benefits, or gifts).
- To analyze your buying habits in order to provide you with relevant information and marketing.
Processing operations performed
- Collection and storage of the provided personal data in our business systems, backup systems, and other online storage facilities.
- Transfer of data to third-party providers for purposes such as direct marketing communications and targeted marketing campaigns.
Categories of personal data
- Name
- Address.
- Email address.
- Mobile phone number.
- Gender
- Date of birth
- Name day.
- Purchase and order history.
- Search history
Legal basis: Balancing of interests. Our legitimate interest in being able to market our products and services and conduct customer surveys.
Storage period: For active customers: We store your personal data for marketing purposes as long as the customer relationship exists or until you request that the marketing stops, but no longer than one (1) year after your last purchase.
For individuals who have registered to receive newsletters/marketing communications: We store your personal data for marketing purposes until you request that the marketing stops.
Based on the information we collect about you and your purchases, as well as other customers with similar buying behavior, we conduct an individual-level analysis. This analysis forms the basis for targeted offers, for example within specific product categories, that you may receive. Different customers may therefore receive different benefits and offers; for example, you may get extra offers on organic products if you buy products with an organic label.
Please note that as a customer you always have the right to object to your data being used for direct marketing. For more information about your rights, see section 2.4 below.
E. To evaluate, develop, and improve our services, etc.
Purpose
- To evaluate the use of, develop, and improve our services and our website and mobile application.
- To be able to conduct customer surveys.
Processing activities performed
- Aggregated analysis of the technical information provided when you visit the website and mobile application, such as how our customers use the website, mobile application, and other digital channels (e.g., which pages or parts of pages have been visited, how visitors arrive at and leave the service, and what searches visitors have made on our pages and via the mobile application).
- Transfer of data to third-party providers for the purpose of conducting customer surveys.
Categories of personal data
- Technical information about devices (e.g., mobile, computer, or tablet) used when you visit our website and mobile application (e.g., IP address) and statistics on how you have interacted with us, i.e., how you have used our website and mobile application.
- Results from customer or market surveys, including feedback from individual customers.
- Email address (for conducting customer surveys).
Legal basis: Balancing of interests. The processing is based on our legitimate interest in being able to evaluate the use of and improve our services and our website and mobile application.
Storage period: The technical information about how visitors interact with our website and mobile application is stored for a maximum of ninety (90) days after the visit.
2.3 Direct Marketing
We may use your personal data for electronic direct marketing if you have previously shopped with us or if you have consented to such marketing. Direct marketing means all types of outreach marketing measures, such as mailings via email and text messages. You have the right to object free of charge to your data being used for such purposes, and all mailings from us for marketing purposes include an unsubscribe option. If you choose to unsubscribe from further mailings, we will record this in our business systems to stop targeting marketing at you.
3. Protection of your personal data
We have implemented a number of security measures to ensure that our processing of personal data is done securely and to protect the personal data we process against unlawful access, unauthorized processing, and misuse. For example, access to the systems where personal data is stored is limited to our employees and service providers who need access to the data in connection with performing their work tasks. They are also informed about the importance of maintaining the security of personal data. We also continuously monitor our systems to detect vulnerabilities and protect your personal data.
4. Who can we share your personal data with?
In order for us to deliver our services and send you marketing messages, we share your personal data with third parties. The following applies to this.
a) Service providers that we use for certain parts of our business, including processing personal data; we share personal data with these providers mainly for IT operations services (such as data storage, support, maintenance, and development), communication services, and marketing services such as conducting customer surveys and managing marketing communications.
b) Suppliers and partners in payment services, transportation services, inventory management, delivery planning, and delivery information services; We share personal data with these suppliers and partners to be able to deliver the goods you have ordered/purchased, but also to prevent misuse of our, these suppliers', and partners' services or to prevent, stop, and investigate crime.
c) IT security providers; We share personal data with IT security providers when required by law, to protect you or our customers and partners, or to protect our services.
d) Advisors and potential buyers of our business; If all or part of our business is sold or merged with another business, your personal data may be disclosed to our advisors and the potential buyer and their advisors.
e) Authorities (for example, the police, the Tax Agency, and other authorities); We share personal data with authorities if we are required to do so by law or in case of suspicion of criminal acts.
Most third parties with whom we share personal data as described above are so-called processors in relation to us. They may only process the transferred data on our behalf and in accordance with our explicit instructions. We only transfer your personal data to such processors for purposes compatible with the purposes for which we collected the data, and we ensure through written agreements with the processors that they commit to comply with our security requirements and restrictions as well as requirements for international transfer of personal data.
Authorities and, in some cases, companies to whom we transfer personal data as described above may be independent controllers of the transferred data. When your personal data is transferred to someone who is an independent controller, we do not control how the data is processed, but the responsibility lies with the authority or company to whom the data is transferred, which among other things means that the authority or company is obligated to inform you about the processing of your personal data and ensure that the processing is lawful.
5. Where We Process Your Personal Data
Our goal is always to process your personal data within the EU/EEA, where all our own IT systems are located. However, it may happen that your personal data is shared with processors who, either themselves or through subcontractors, are established or store data in a country outside the EU/EEA. In such cases, we will take all reasonable legal, organizational, and technical measures necessary to ensure that the level of protection for this processing is equivalent to that within the EU/EEA. This is done either through a decision by the EU Commission that the relevant country ensures an adequate level of protection, or through the use of appropriate safeguards, such as standard contractual clauses or approved codes of conduct in our contracts with such processors.
You can read more about which third countries the EU Commission has assessed to ensure an adequate level of data protection at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_sv.
6. Your Rights as a Data Subject
This section describes the rights you have as a data subject. You can always exercise these rights by contacting us on our website.
6.1 Right of Access
If you wish to obtain information about which personal data we process about you, you can request access to the data. The information will then be provided in the form of an extract showing which personal data we process, for what purposes we process them, where the data was obtained from, which third parties the data has been transferred to, and how long the data will be stored. If your request is made electronically, the information will be provided in a commonly used electronic format, unless you request otherwise.
6.2 Right to rectification
You have the right to have incorrect information about you corrected without delay. You also have the right to have incomplete information completed.
6.3 Right to erasure
You have the right to have your personal data deleted without delay if any of the following occur:
a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or
b) you withdraw your consent to processing based on consent and there is no other legal basis for the processing;
c) you object to processing based on a balancing of interests, and your reason for objecting outweighs our legitimate interest;
d) the personal data has been processed unlawfully, or
e) the personal data must be deleted for us to comply with a legal obligation.
6.4 Right to restriction of processing
You have the right to request restriction of the processing of your personal data if one of the following applies:
a) you contest the accuracy of the personal data for a period that allows us to verify the accuracy of the data;
b) the processing is unlawful and you oppose the deletion of the data and instead request that their use be restricted, or
c) we no longer need the personal data for the purpose of processing, but you need them to establish, exercise, or defend legal claims;
d) you have objected to processing based on a balancing of interests, and we are assessing whether our legitimate grounds outweigh your legitimate grounds.
When processing is restricted in accordance with this section, personal data subject to processing restrictions, except for storage, shall only be processed to establish, exercise, or defend legal claims or to protect the rights of third parties or for important public interests of the EU or an EU member state.
6.5 Right to object to the processing of personal data for direct marketing
You also have the right to object to the processing of your personal data for direct marketing purposes. This right to object also includes analyses of personal data (so-called profiling) carried out for direct marketing purposes.
6.6 Right to data portability
When our processing of personal data is automated and based on your consent or the fulfillment of a contract, you have the right to request that the data you have provided to us be delivered to you or transferred to another data controller in a structured, commonly used, and machine-readable format. However, this is conditional on the transfer being technically possible.
6.7 Withdrawal of consent
If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. Such withdrawal of consent does not affect the lawfulness of the processing based on your consent before it was withdrawn. If you withdraw your consent, we will no longer process the personal data based on the consent unless we are legally obliged to continue processing. If our legal obligations prevent us from deleting your data, we will instead mark it so that it is no longer actively used in our systems. You can withdraw your consent at any time by sending an email to kontakta.aouva@gmail.com. We will respond to your request as soon as possible.
6.8 The right to file a complaint If you believe that we are processing your personal data incorrectly, you can, in addition to contacting us, file a complaint with the competent supervisory authority in the country where you reside.
7. Use of cookies
On our website and mobile application, we use cookies to improve your search (both on our website and mobile application), our services, and our website and mobile application.
A cookie is a text file sent from our web server and stored in your browser or on your device (e.g., mobile phone, computer, or tablet). We also use cookies for overall analytical information about your use of our website and mobile application and to save functional settings. You can change the settings in your browser or device regarding the use and scope of cookies. Examples of such adjustments include blocking all cookies or deleting cookies when you close our browser or mobile application.