OSCAR OF SWEDEN AB
1 IN GENERAL
1.1.1 Your privacy is important to Oscar of Sweden AB (“Oscar”) and it is important to Oscar that the personal data collected about you is stored and processed in a safe and secure manner, and in accordance with applicable data protection legislation. In this policy, Oscar provides you information about the types of personal data Oscar may process, for what purposes, on which legal bases, how it is collected, with whom it may be shared and how long it may be stored. Oscar also informs you of your rights and how to contact Oscar, for example if you have questions about this policy or Oscar’s processing of personal data.
1.1.2 You are not obligated to provide Oscar with your personal data. If you refrain from providing personal data, it may mean that Oscar will not be able provide you with its range of products and services, process your job application or send newsletters to you.
1.2 Data controller
1.2.1 The Swedish company Oscar of Sweden AB is the data controller for the processing of your personal data in accordance with applicable data protection regulations.
Oscar of Sweden AB
Bryggaregatan 5 tr, 503 38 Borås
Business register: Swedish Companies Registration Office
Company registration number: 556988-1278
Authorised representative: Lars Stefan Georgsson
1.3 Where your data is stored
1.3.1 The personal data Oscar collects from you is stored within the European Economic Area (EEA), but may also be transferred and processed in a non-EEA country (“Third Country”). Upon such transfer, processing of your personal data is still done in accordance with applicable data protection legislation. In cases where processing of your personal data is done outside the EU/EEA, this is due to the European Commission either having determined that a Third Country ensures an adequate level of protection or provides appropriate safeguards to ensure that your rights are protected. Examples of appropriate safeguards are an approved code of conduct in the recipient country, standard contract clauses, binding company internal rules or Privacy Shield.
1.4 Who has access to your data
1.4.1 Oscar uses providers to perform system maintenance, data analyses, audits, payment and development. These providers have access to your personal data to the extent necessary to carry out these tasks on behalf of Oscar. Providers are under an obligation not to disclose or use your personal data for purposes that extend beyond the above assignments. Oscar may also provide the information to its parent company Sangar AS. Oscar never forwards, sells or exchanges your personal data for marketing purposes.
2.1.1 In order to deliver the items you order on Oscar’s website, Oscar needs to process your personal data for a variety of purposes, which will be described in more detail below in this Section 2.
2.2 Types of personal data
2.2.1 When you make a purchase, register on our member pages or contact us via customer service, we may collect and process the following personal data about you:
- Name, social security number, address, email address, mobile phone number;
- Purchase history;
- Communication with our customer service via our various channels;
- Information about the items you have shown interest in on Oscar’s website;
- Information about the email from us you opened and what you clicked on in these emails;
- Results from market research; and
- Device information such as IP address, language settings, geographic information about the device, and browser settings.
2.3 Purpose and legal basis for the processing
2.3.1 Oscar processes your personal data in order to fulfil our agreement with you in the following cases;
- To confirm your identity and verify your personal and contact data;
- To administer your order and customer relationship;
- To manage your account on our member page; and
2.3.2 Oscar processes your information to fulfil a legal obligation in the following cases;
- To comply with applicable legislation, such as requirements for accounting, product liability and consumer law; and
- To prevent abuse such as fraud and identity theft.
2.3.3 Oscar processes your personal data based on a balancing of interests in the following cases:
- In order to send offers and direct marketing, both general and personalised;
- For customer and market analysis;
- For customer service purposes;
- To administer participation in competitions and events;
- To evaluate, develop and improve Oscar’s services, products and systems; and
2.3.4 Oscar’s legitimate interest in processing your personal data is to provide you with a better customer and shopping experience, providing you with services in the form of various services such as relevant and personalised offers and ensuring adequate security for Oscar’s customers.
2.4 Who can access your personal data?
2.4.1 In addition to that stated in Section 1.4.1, transfers may be made to the following third parties:
- Oscar uses a supplier for automatic downloading and updating of your address data on the Population Register;
- To manage payments made by Oscar’s customers, an external supplier is used to guarantee fast and secure payment; and
- In the event that Oscar sells or purchases a business or assets, Oscar may disclose your personal data to a potential seller or buyer of such business or assets;
2.5 How long your personal data is processed
2.5.1 Oscar processes your personal data for as long as is necessary with regard to the purpose of the relevant processing. The processing may continue as long as it is necessary to execute our contractual commitments towards you and as long as required by statutory storage times. When Oscar processes your personal data for purposes other than our contractual commitments, for example to meet requirements contained in accounting or consumer law, Oscar processes personal data only for as long as necessary for each purpose.
2.5.2 In accordance with applicable legislation, Oscar has the right to store your contact data for direct marketing for a period of time after your purchase or until Oscar’s agreement with you has expired. This period of time differs in length depending on what the agreement concerns. Oscar may therefore store your contact data to send direct marketing to you for the period of time relevant to applicable data protection legislation, marketing laws and practices.
2.5.3 Once you have registered as a member on our member sites, Oscar processes your personal data until you unsubscribe from Oscar or otherwise request Oscar to delete certain data. However, we will always delete your account if you have been inactive for 24 months. Purchase history is in any event deleted no later than 24 months after you have completed the purchase
2.5.4 Your personal data may be stored longer than stated above to the extent Oscar is required to do so by law, regulation or decision by a public authority.
3.1.1 When you apply for a job or otherwise report interest in a job at Oscar, we may collect, save and otherwise process personal data relating to you in accordance with this Section 3.
3.2 What types of personal data we process
3.2.1 Oscar records the data and information you provide us in connection with your application to us. This also includes information that Oscar receives in connection with your application, such as your CV, cover letter or references from previous employers.
3.3 Purpose and legal basis
3.3.1 Your data will be used to assess your application, check your references and verify your data. We will also use your data to send a reply to your application and for a possible notice of an interview. When you submit an application or expression of interest to us, you agree that we may process your personal data during a recruitment process.
3.4 Who has access to your data
3.4.1 Personal data may be provided to any recruitment consultant or other service provider hired in connection with the recruitment procedure.
3.5 How long we store your personal data
3.5.1 The personal data may be stored during the recruitment process period, after which the data is deleted. If you have consented to Oscar processing the data for future recruitment, the data may instead be retained for two years after consent has been given (or until the consent is withdrawn before then), after which it is deleted. Despite this, Oscar may store personal data as long as a jobseeker who is not hired may take legal action in connection with the recruitment procedure.
4 SUPPLIER OR PARTNER
4.1.1 If you are a supplier, partner or contact person at any of these categories, Oscar may collect, store and otherwise process your personal data in accordance with this Section 4.
4.2 What personal data Oscar processes
4.2.1 The personal data Oscar processes about you may be your name, title, employer, contact data (such as address, email address and phone number), data about your contact person(s) with us, data about the specified areas of interest for newsletters and other mailings, participation in trade fairs and events as well as notes and summaries of meetings Oscar has had with you.
4.3 How the personal data is collected
4.3.1 Oscar may either collect your personal data by ordering it from private or public records, or from other similar sources, or obtaining the data directly from you, the customer, the supplier, the partner or anyone who acts as contact point between Oscar and the above.
4.4 Purpose and legal basis
4.4.1 Your personal data may be processed to conclude and manage agreements with Oscar’s suppliers and partners. Certain personal data may also be processed in order to ensure compliance with Oscar’s legal obligations, which may be updated, for example in connection with managing personal data on invoices as a result of the accounting obligation. The processing is based on Oscar’s legitimate interest in managing relationships with suppliers and partners.
4.4.2 Personal data may also be processed for the purpose of, through you, maintaining and developing the relationship with the respective supplier and partner and, provided you aren’t opposed to it, marketing Oscar services (for example through invitations to trade fairs and events as well as mailing of newsletters and other mailings). The processing is based on Oscar’s legitimate interest in maintaining and developing relationships with suppliers and partners.
4.5 How long your personal data is stored
4.5.1 Oscar stores your personal data essentially as long as the supplier’s and/or partner’s relationship is in force. Within three months after the current relationship has been terminated or after Oscar has been notified that your status as a contact person has ended, Oscar normally deletes your personal information. Provided that you have no objections, however, personal data such as your name, title, employer, contact data (such as address, email address and phone number) and data about interest areas for newsletters and other mailings may be stored after the three-month period to be processed for marketing purposes. Insofar as you are opposed to continued storage, the above data will be deleted. However, your personal data will be subject to continued storage, regardless of consent, to the extent and during the period of time that Oscar is legally required to comply with the storage obligation, for example in accordance with the Accounting Act.
5 YOUR RIGHTS
5.1 Right of access
5.1.1 You are entitled to request information about the personal data we have stored about you at any time. In its capacity as data controller, Oscar shall provide you with a free copy of the personal data that is processed. In case of additional copies, Oscar may charge an administration fee.
5.2 Right to data portability
5.2.1 Each time Oscar processes your personal data in an automated manner as per your consent or under an agreement, you are entitled to obtain a copy of your personal data in a structured, common and machine-readable format transmitted to you or another party. It only includes the personal data you have divulged to us and applies as far as it is technically possible for us to accommodate your request.
5.3 Right of correction
5.3.1 You are entitled to request correction of your personal data if it is incorrect, including the right to supplement incomplete personal data. If you have an account on our customer portal, you can edit your personal data on the pages of your account.
5.4 Right of deletion
5.4.1 You may, under certain circumstances, have personal data relating to you deleted by us, for example personal data no longer necessary to meet the purposes for which it was collected or if the personal data was processed unlawfully.
5.5 Your right to refuse the processing of personal data due to a balance of interests
5.5.1 You are entitled to refuse the processing of your personal data based on a balance of interests. We will then stop processing unless we can demonstrate a legitimate reason for the processing that takes precedence over your interests and rights or due to legal claims.
5.6 Your right to refuse direct marketing
5.6.1 You are entitled to refuse direct marketing. You can opt out of direct marketing by following the instructions in each marketing mailing or by contacting Oscar.
5.7 Right of withdrawal of consent
5.7.1 If the personal data processing is based on the consent of the data subject, the data subject has the right to withdraw this consent at any time. Such withdrawal does not affect the legality of the personal data processing before the consent was withdrawn.
5.8 Right of restriction
5.8.1 You may require that in some cases we restrict the processing of personal data relating to you. For example, if you contest the accuracy of the personal data, you may require that we restrict its processing during the time it takes for us to check if the information is correct.
5.9 Right to complain to the supervisory authority
5.9.1 If you believe that Oscar is processing your personal data incorrectly, you may contact us. You are also entitled to file a complaint with the Swedish Data Protection Authority (www.datainspektionen.se), which is the supervisory authority in Sweden, or to the supervisory authority of the country in which you live or work.
6 CONTACT DATA
6.1 If you wish to exercise your rights as above or otherwise wish to contact us with regard to our processing of your personal data, you can do so by contacting us by phone at 033-108580 or by email at firstname.lastname@example.org.
7 CHANGE OF POLICY