Privacy policy

The protection of your personal data is important to Hafa. The privacy policy describes how we process your personal data and what rights you have regarding personal data.

DATA CONTROLLER

The data controller for the processing of your personal data is:

Hafa Brand Group AB
556005-1491
Box 525
301 80 Halmstad
SWEDEN

WHAT PERSONAL DATA DO WE COLLECT, AND FROM WHERE?

When you are in contact with us (e.g. when making a purchase, filling out a form, or visiting the website), we collect personal data about you. The data we collect includes your name, personal identification number, address, email address, and phone number, purchase, order and usage history, IP address, and any information you provide to our customer service.
We process this data to fulfill our obligations to you and in accordance with applicable laws.
We value your privacy and handle your personal data according to the General Data Protection Regulation (GDPR), valid throughout the EU. We regularly update our Data Protection Policy to ensure safe and secure handling of your data.

WHY WE PROCESS YOUR PERSONAL DATA

To offer our services and fulfill our commitments, we process personal data for various purposes. Below we describe what types of data we process, why we do it, the legal basis for processing, how long the data is stored, and whether it is shared with third parties. We comply with applicable data protection legislation, including the GDPR, and protect your privacy in all our processing.

Order Fulfillment

To manage customer purchases, we process personal data such as name, address, email, phone number, payment information, and order details.
Legal basis: Performance of contract (Article 6.1 b GDPR)
Storage period: As long as necessary to complete the purchase
Third parties: Data is shared with payment and logistics partners within the EU/EEA

Marketing

For marketing purposes, we process your name, email address, and phone number. This includes newsletters, advertisements, campaigns, and remarketing.
Legal basis: Consent (Article 6.1 a GDPR)
Storage period: Until consent is withdrawn
Third parties: Data may be shared with marketing partners within the EU/EEA

Customer Service & Support

When you contact our customer service, we process your name, email address, phone number, and order history to handle inquiries, communicate with you, and perform troubleshooting.
Legal basis: Legitimate interest (Article 6.1 f GDPR)
Storage period: Three years after last contact
Third parties: Data may be shared with customer service system providers within the EU/EEA

Contests & Campaigns

When participating in contests or campaigns, we process your name, contact details, address, and any communication with participants for administrative purposes.
Legal basis: Consent (Article 6.1 a GDPR)
Storage period: Until the campaign ends
Third parties: Data may be shared with campaign partners within the EU/EEA

Legal Obligations

We process name, contact details, payment and order information to fulfill our legal obligations, e.g. bookkeeping, reporting to authorities, or handling legal claims.
Legal basis: Legal obligation (Article 6.1 c GDPR)
Storage period: According to applicable laws (e.g. 7 years for bookkeeping)
Third parties: Data may be shared with authorities and accounting partners within the EU/EEA

Fraud Prevention

To detect and prevent fraud and misuse, we process IP addresses, device data, user behavior, security logs, and personal identification numbers if needed. Technical monitoring may also occur.
Legal basis: Legitimate interest (Article 6.1 f GDPR)
Storage period: Up to 24 months depending on need
Third parties: Data may be shared with IT and security partners within the EU/EEA

SHARING OF PERSONAL DATA WITHIN THE GROUP

We may share your personal data with other companies within BHG Group (https://www.wearebhg.com/brands/). Such sharing is carried out to comply with a legal obligation, to fulfil the purposes for which we process your personal data or based on our legitimate interest.

Personal data may be shared with other Group companies in the following situations:

• managing central functions that are partly handled jointly within the Group, such as analytics, marketing, finance, and legal assistance in connection with disputes,
• handling internal ordering and delivery processes between companies,
• developing and improving our services, products, and customer experience,
• for marketing purposes,
• security and risk management, for example to block customers who have attempted fraud, threatened employees, or otherwise abused our services.

The personal data that may be shared includes, for example, contact details (name, address, phone number, email), purchase and order history, and other relevant information necessary for the purposes described above.

Data sharing is carried out only to the extent necessary to achieve these purposes and in accordance with applicable data protection legislation.

TRANSFER TO PERSONAL DATA OUTSIDE THE EU/EEA

Personal data is primarily processed within the EU/EEA. If, in exceptional cases, data is processed outside this area, we ensure that such transfers comply with applicable data protection rules, e.g. through adequacy decisions by the EU Commission or standard contractual clauses.

HOW LONG WE STORE YOUR PERSONAL DATA

We store your personal data as long as needed for the purposes they were collected or as required by laws and regulations.

• Purchase and order history is stored as long as required by law.
• Customer service data related to purchases and complaints is stored as long as required by law.
• Communication with our service desk not subject to legal requirements is deleted after six months.
• Marketing data is stored until you request to opt out or after three years of inactivity.
• Data used for fraud prevention is stored up to 24 months depending on need.
   

YOUR RIGHTS

We respond to requests regarding your rights as soon as possible, no later than one month. When permitted by law, we may charge an administrative fee to fulfill certain requests.

Access

You have the right to know how we process your personal data and to receive a copy of it.

Rectification

You may request correction of inaccurate or incomplete data.

Erasure

You have the right to have your personal data erased if:

• The data is no longer necessary for the purpose for which it was collected
• You withdraw your consent and no other legal ground applies
• You object to processing based on legitimate interest and your interest overrides
• The data was unlawfully processed
• Erasure is required to comply with a legal obligation

Restriction of processing

You may request restriction of processing if:

• You contest the accuracy of the data
• The processing is unlawful and you oppose erasure
• You need the data to establish, exercise, or defend legal claims
• You have objected and we are assessing the overriding interest

Objection to processing

You may object to processing based on our legitimate interest. If we cannot demonstrate compelling legitimate grounds, we will stop processing.

Objection to direct marketing

You have the right to object to the use of your personal data for direct marketing. If you object, we will stop using your data for such purposes.

Data portability

You may request your personal data in a structured, commonly used, machine-readable format if processed based on consent or contract.

Complaints

If you are dissatisfied with how we process your personal data, you may contact us or file a complaint with a supervisory authority.

COOKIES

We use so-called cookies on the website. Information collected and analyzed via cookies is used to customize and improve our services, website content, offers and ads, and to increase website security.

In short, all information that must persist between page loads is tied to a specific user by storing a unique key in their browser. This key allows the site to recognize if the user is logged in, has items in the cart, etc.

If cookies are not accepted, many site functions will not work properly, as the site treats each visit as a new user.

You can configure your browser to automatically reject cookies or alert you when a site attempts to store a cookie. You can also delete stored cookies. See your browser's help pages for instructions.

We use session cookies to keep track of user actions, such as login and cart status. A unique key is stored in the user's browser, which allows continuity between pages.

We also use third-party services that may place cookies. For marketing improvement, we cooperate with companies like Google.

You can opt out of third-party cookies via:

• http://www.youronlinechoices.com/se/dina-val
• http://www.networkadvertising.org/choices

This website uses Google Analytics, provided by Google Inc., which uses cookies to analyze how users interact with the site.
Google uses this information to evaluate site use, compile reports, and provide other services related to web activity and internet usage.

If you do not want your site visits to be tracked by Google Analytics, you can install a browser add-on here:
https://tools.google.com/dlpage/gaoptout

LOG STATISTICS

Hafa.eu uses log statistics. These are used to analyze visitor numbers on the website.

CONTACT INFORMATION

You can contact us via our contact form.