Privacy Policy

Privacy Policy

Last updated: 2018-05-25

Integrity and Marketing Policy

1. Generally

If you are a customer, subscriber or just visit our website, this policy applies to you. This privacy policy explains how we collect, use, leave and store your personal information, as well as how we ensure that your personal information is processed in accordance with current legislation.

2. Who is responsible for the personal data?

XTZ Group Aktiebolag, with organization number 556504-4947 and postal address GAMLA NISSASTIGEN 17, 314 41 Torup (in this policy called "XTZ Group Aktiebolag" or "We") is personally responsible for processing your personal information when XTZ Group Aktiebolag provides and markets products and services as well as in other contacts with XTZ Group Aktiebolag, such as visits to our online store or service cases via email and phone. As a data controller it is XTZ Group Aktiebolags responsibility to ensure that your information is handled correctly and safely in accordance with applicable law.

3. What personal data about you do we collect?

XTZ Group Aktiebolag collects and processes the following categories of personal data about you as a customer or potential customer in connection with the purchase and use of our services and that we promote and market our products and services.

  • Contact details such as name, surname, e-mail address, shipping address, invoice address and phone number.

  • Account Information such as customer number, username, password and when the account was registered.

  • Identification Number , i.e. social security number or organization number.

  • Orderinformation such as order numbers, ordered products or services, order date, price, discount and purchase history.

  • Payment details such as payment method, cardholder, transaction date, amount, IP address and payment history.

  • Correspondence and other information about support issues such as notes and e-mail at the point of customer service.

  • User generated data about your interaction with XTZ Group Aktiebolags market communications and websites, such as IP address, device information (technical information about computer, mobile phone and other devices that you use ex. browser settings, time zone, operating system), site information, questionnaire replies, clicks and visit history - which show, among other things, which of our products or offers you've been interested in, how you interact with our newsletters and which of your events you've signed up for and participated in, as well as results from customer satisfaction or market research.

4. From which sources do we collect information about you as a customer?

  1. Information about you is collected on these occasions in order for you to enter into an agreement with XTZ Group Aktiebolag and so that XTZ Group Aktiebolag shall be able to provide their products and services to you.

    When you:

    1. Make an order

    2. Viewing XTZ Group Aktiebolags website

    3. Fill in forms on our website, such as contact form, surveys or competitions

    4. Clicking links in digital marketing communications that we have sent to you

    5. Are in touch with our customer service and when you otherwise have contact with XTZ Group Aktiebolag and provide information about you.
  2. If you have a member account then XTZ Group Aktiebolag also collect personal information about you when registering the account as well as while you are account holder, for example your purchase history.
  3. In addition to the information XTZ Group Aktiebolag collect from you, we can also collect personal information from someone else, ie. from third parties. We retrieve information from third-party directory updates for address update, ex. Klarna, to automatically fill the checkout with your information. We retrieve credit rating data from credit rating agencies, disclosure companies or banks .ex. UC.
  4. We also collect certain personal information through cookies that log how to use our site to order our products and services. You will find more information on how to use cookies in our cookiepolicy .

5. Why do we collect personal data about you?

XTZ Group Aktiebolag collects and manages information about you for different purposes. These purposes set the limits for what we may use your personal data to. Below we explain the different purposes of our collection and give examples of the treatment activities that occur for each purpose. Please note that some of your personal data can be processed for multiple purposes.

  1. Manage orders and purchase

    Processing of personal data for this purpose includes activities such as identifying and checking your age, sending order confirmation, handling payment for ordered products and goods, and assessing the payment methods we can offer you (based on contact details, order items, payment history and financial information), deliver orders, notify of delivery as well as handling complaints and warranty issues regarding purchased products and services.

    The collection of data we do to handle your orders and purchases is required in order to fulfill our obligations under XTZ Group Aktiebolag general sales conditions . If the information is not provided by you, our obligations can not be fulfilled and the order can not be completed.
  2. Provide and manage membership account

    We process personal data for this purpose in order to ex. give you permission to log in to your account, ensure your identity, create your personal pages, maintain correct contact information, facilitate you to shop in our online store through pre-filled data and saved digital shopping carts, facilitate you to handle cases and complaints as well as enable you to follow your order and payment history.

    Read more about registering an account in Membership terms . The collection of information we do to provide and manage your account is required to fulfill our obligations under the Account Terms and Conditions. If the information is not provided, our obligations can not be met and we may refuse your account registration or terminate your account..
  3. Manage issues that come into our support features

    Processing of personal data for this purpose includes activities for: ex. communicate, ensure the customer's identity, investigate complaints and support cases, answer questions that come in to customer service or other support features via email, phone or digital channels, correct incorrect data, provide technical support and care for the customer relationship.
  4. Completing legal obligations required by the business

    Personal data is processed for this purpose so that XTZ Group Aktiebolag should be able to meet the requirements of laws, judgments or government decisions. Examples of such requirements are product liability and product safety such as the development of communications and product alert information and product recalls (ex in case of defective or health hazardous product) and obligations to save certain information according to the accounting laws that can be attributed to an specific individual. If the information such as XTZ Group Aktiebolag collects in this context is not disclosed, our legal obligation can not be fulfilled and we may refuse your order., the purchase or the activity that gives rise to our legal obligations.
  5. Prevent and stop crimes within our business

    Processing of personal data for this purpose is, inter alia, to prevent misuse of Member Accounts and to prevent and investigate suspicion of theft and fraud. Therefore, when you want to pay for goods on invoice, we conduct a fraud check where we analyze what products you want to buy, shipping address, value of products, etc. We flag action patterns that often occur in the context of fraud, and then a manual review is conducted to investigate the risk that it may be a fraud attempt. Suspected crimes and attempts at crimes may be reported to the police.
  6. Evaluate, develop and improve services, products and systems for our customers in general

    Processing of personal data for this purpose includes activities to make our online store and other services more user-friendly, develop or highlight digital features, improve our customer offering (ex. development of services and products), develop support to improve product and logistics flows (ex. in order to forecast purchases, stocks and deliveries), develop and improve the company's product range and resource efficiency, and improve our IT system to enhance security, obtain statistics for market and customer analysis as well as business tracking and business and method development related to orders and purchases, automatically archive behaviors that may need to be reviewed for security reasons and allow customers to influence the range that XTZ Group Aktiebolag provide. In order to fulfill this purpose, XTZ Group Aktiebolag performs general analyzes in aggregated form, ie. not at the individual level, relating, among other things, to click and visitor behavior, device information, order history, payment history, geographic location, and individual customer feedback.

6. Under what legal grounds we process your personal information?

So that XTZ Group Aktiebolag shall have the right to collect and process your personal data there must be a legal basis for each purpose for which the data is processed. The legal basics on which we base our treatment are described in this section. Note that several legal bases may apply to the same treatment.

  1. Legal obligation

    This reason means that our treatment is necessary to fulfill a legal obligation required by XTZ Group Aktiebolag, for example, documenting payment information to meet the requirements of the accounting act.
  2. Contractual obligations

    This reason means that processing is necessary to fulfill an agreement with you as a customer or to be able to enter into a contract at a later date. For you who hold a member account you have, by accepting the Terms of membership account , entered into an agreement with XTZ Group Aktiebolag which sets the limits for the processing of your personal information that may be provided to provide, manage and administer our services associated with the account. When ordering or purchasing, we process your information to fulfill obligations under XTZ Group Aktiebolags general terms of sale. Then it can ex. be necessary for XTZ Group Aktiebolag to register your contact details so that we can fulfill our obligation to deliver the product or service and that we make a credit check if you choose invoice as payment method so we can ensure your payment ability.
  3. Legitimate interest

    This reason means that our treatment is based on one s.k. interest balance of legitimate interest. This means that the processing is done because XTZ Group Aktiebolag judge that we have legitimate interests in processing your personal data that weighs heavier than your interest in not having your data processed. For this reason, we processess your personal information, among other things, to prevent misuse of Membership Accounts, and to stop, prevent and investigate crime within the scope of our business. If we judge that crimes or attempts have been committed and we make a police report, XTZ Group Aktiebolag will continue to process your personal information in order to determine, defend or enforce legal claims.

7. How long do we save your personal information?

7.1 XTZ Group Aktiebolag will save your personal information as long as it is necessary to fulfill the purposes for which the data is processed. The length of storage period depends on the purpose for which the data is processed. In addition, XTZ Group Aktiebolag may save the data longer if necessary to determine, defend or enforce legal claims, ex. if a dispute is in progress or if a criminal record has been submitted to the police authority. We regularly carry out thinnings and remove personal information that is no longer necessary.

7.2 XTZ Group Aktiebolag saves personal information associated with your member account as long as you are active by interacting with XTZ Group Aktiebolag in different ways. If you have been inactive for a certain period, the account will be automatically terminated and the personal data we have collected and processed to provide Member Account and the services associated with the account holder will be deleted. Learn more about this and how we define inactive customers in the Terms of membership account .

8. Overview of our personal data processing

Below we have made a summary of our processing of personal data to clearly explain what categories of personal data we process for our various purposes, the legal basis on which our treatment is based and how long we store the data.

PurposeLegal basisCategories of personal dataStorage time
Manage your orders and purchaseContractual obligations under XTZ Group Aktiebolag general terms of sale
  • Contact details ex name, postal address, e-mail address
  • Account Information
  • Identification Number
  • Orderinformation
  • Payment information ex card number and cardholder
  • Financial information
Five years after your order has been paid and delivered or, if the warranty period for purchased product or service is longer, after that period expires.
Provide a Member AccountContractual obligations under Terms of membership account
  • Contact details ex email address
  • Account information ex username and password
  • Identification Number
  • Order information such as order history
  • Payment details
  • User-generated data
  • Customer Settings
As long as you have a Member Account.
To implement and manage competitions and other marketing measuresLegitimate interest
  • Contact details
  • Account Information
  • Identification Number
  • Information submitted in a contest, notification or evaluation
One year after the event or the competition has ended.
Support Features and Customer ServiceLegitimate interest
  • Contact information, eg phone number and e-mail address
  • Account Information
  • Identification Number
  • Order information such as order number, purchased products and delivery date
  • Payment information such as payment method
  • User-generated data
  • Employment or membership entitling to benefits
  • Correspondence and other information about support matters such as technical information about the customer's equipment
Five years after the last contact in the case or, if the warranty period for the product or service to which the matter relates is longer, after that period expires.
Comply with legal obligations such as the requirements of the Accounting Act, Product Liability, and the Protection of Your Personal Information in our SystemsLegal obligation
  • Contact details ex. name and address
  • Account Information
  • Identification Number
  • Order information such as date of purchase
  • Payment details
  • Correspondence and other information about support cases
As long as we are required to save the data according to applicable law or authority's decision.
Stop and prevent abuse and investigate crime within the scope of our businessLegitimate interest
  • Contact details ex, name and phone number
  • Account Information
  • Identification Number
  • Order information ex, ordered items
  • Payment information such as payment method
  • User-generated data ex, click and visit history
  • Video recordings from our stores
Meanwhile necessary checks are performed. If the treatment results in a police report, the data will be saved as long as it is required to complete the notification and determine, defend or claim the legal claim.

9. Who do we share your personal information with?

  1. XTZ Group Aktiebolag may disclose your information to other companies in order to share our offers, products and services. The recipients of your personal information can be data processors to XTZ Group Aktiebolag, ex. companies that process your information on our behalf and according to our instructions, or independently Data controllers, ex. Companies who are responsible for processing your information as they have a direct relationship with you as a customer such as Klarna.
  2. XTZ Group Aktiebolag may also disclose your information to authorities if it is necessary to comply with law, regulation or authority decision or so that XTZ Group Aktiebolag shall be able to determine, defend or enforce legal claims.
  3. Depending on what contacts you have had with XTZ Group Aktiebolag, ex if you are a member of a member account or receive market communication, then XTZ Group Aktiebolag can submit your personal information to the following recipients:

    1. Companies providing information from the public records or other public records to ensure that we have the correct contact information so that we can handle your orders and purchases as well as your Member Account and the services associated with your account. The information provided is the identification number and contact details based on our contractual obligations to you on a legal basis.

    2. Analysis and marketing companies that provide services such as automated marketing tools, analysis, communication, print and distribution. These recipients help XTZ Group Aktiebolag to analyze your information, as well as to inform about and promote the products and services that XTZ Group Aktiebolag sell. The information provided is contact information, account information, customer settings, order details and user-generated data based on legitimate interest as well as our contractual obligations to you as the holder of a Member Account on a legal basis.

    3. Government agencies, such as the Swedish Police Office or the Swedish Tax Agency, which we are obliged to disclose your personal data according to law or authority decision or which we provide personal data due to suspicion of crime or attempted crime. The categories of information provided are contact details, identification numbers, account information, order information, payment information, user-generated data and video recordings based on legal obligations that are due to XTZ Group Aktiebolag or for us to determine, defend or enforce legal claims.
  4. In addition, if you place an order or make purchases from XTZ Group Aktiebolag, we may disclose your personal information to the following recipients in the context of handling your orders and purchases based on our contractual obligations to you as a legal basis:

    1. Suppliers, manufacturers, distributors and subcontractors of products and services that XTZ Group Aktiebolag sells, among other things, providing the products and services as well as assisting us with support services such as maintenance, repair and disposal of returned products. The information provided is contact information and order information.

    2. Logistics companies and shipping providers who help us with shipping so that we can deliver our products and services to you. We provide contact information and order information to these recipients.

    3. Insurers who provide insurance for some of our products and services. The information given when you choose to take out insurance is contact information and order information.

    4. Collaborators and payment solutions, such as card issuers, banks, credit institutions and other financial partners, who make payments and offer you different financing solutions. The information provided is contact information, identification number and payment details.

    5. Credit rating agencies, credit reporting agencies or banks providing us with information to ensure your payment ability, ex, credit reports, when applying for credit in the context of managing your orders and purchases.

    6. Businesses that provide financial services such as bank balances and debt collection services that ensure XTZ Group Aktiebolag are paid for delivered products and services in the context of managing your orders and purchases. The information provided is contact information, identification number, order information and payment details.
  5. XTZ Group Aktiebolag will not sell your personal information to third parties unless we have your permission.

10. Where do we store your personal information?

XTZ Group Aktiebolag will primarily handle your personal data within the EU/EEA. However, we may also transfer your personal data to a non-EU country if we need to share your information with XTZ Group Aktiebolag s suppliers or partners outside or storing personal data in a non-EU country.

If your personal data are transferred to any country outside the EU/EEA, XTZ Group Aktiebolag will take the necessary steps to legally transfer your personal data by ensuring that your personal information is handled securely and with an adequate level of protection comparable to the protection offered in the EU/EEA, for example by entering into agreements with the recipient that include the EU Commission's standard contractual clauses or, if transferred to the United States, by the recipient certifying compliance with the principles of Privacy Shield.

11. What are your rights as a registered customer?

XTZ Group Aktiebolag is responsible for processing your personal data in accordance with applicable legislation. This section describes your rights related to our processing of your personal information. Upon your request or on our own initiative, we will correct, anonymize, delete or supplement information that is found to be incorrect, incomplete or misleading. If you have questions about this or want to exercise any rights, please contact us at the information given at the bottom of this policy.

  1. Right to your personal information

    XTZ Group Aktiebolag want to be open with how we handle your personal information. If you want to understand the processing we do about you, you are entitled to request information about the processing, including a copy of your personal data being processed, a so-called "transcript". Please note that upon request for access, we may ask for further information about you to ensure that we provide the information to the correct person and the information you wish to receive. We complete data requests within 30 days, depending on the current load of our staff.
  2. Right to correct your personal information

    If the information we have about you is incorrect, you are entitled to request that they be corrected. You are also entitled to supplement any incomplete personal data, for example, if we have the correct street address but do not have street numbers. At your request, we will correct the incorrect or incomplete information we process about you as quickly as possible.
  3. Right to be forgotten (deletion of your personal data)

    You are entitled to request that we remove your personal information when:

    1. The data was processed illegally

    2. Must be deleted to comply with a legal obligation that XTZ Group Aktiebolag is covered by

    3. No longer necessary for the purposes for which they have been treated

    4. or when you object to a balance of interest of legitimate interest that XTZ Group Aktiebolag have done and there is no legitimate interest for XTZ Group Aktiebolag or third party who weighs heavier.

      However, we can not always accommodate your request as there may be grounds for giving us the right to continue processing, for example, if personal data is processed to fulfill a legal obligation as a legal basis (as per the requirements of the Accounting Act) or if the information is necessary for us to determine, enforce or defend legal claims.
  4. Right to data portability

    You are entitled to receive a copy of the personal data relating to you in a structured format and, in some cases, transfer the data to another data controller. However, this right only includes information that you have provided to XTZ Group Aktiebolag and which we treat with the support of consent or contractual obligation to you as a legal basis. We complete data requests within 30 days, depending on the current load of our staff.
  5. Right to limit processing of your data

    You are entitled to request that our processing of your personal data be limited in certain situations, which means that the data may only be processed for certain purposes. For example, you may request a restriction of incorrect information when you have requested a correction. Meanwhile, when XTZ Group Aktiebolag investigating the correctness of the data, their treatment will be limited.
  6. Right to object to certain types of data processing

    When XTZ Group Aktiebolag is processing your personal data based on interest weighing of legitimate interest as a legal basis or for direct marketing, you are rightly opposed to our processing.

    Opposition to XTZ Group Aktiebolags balancing of interests can be done when you have personal reasons regarding the situation. In such objection, XTZ Group Aktiebolag assesses if our legitimate reasons for processing, weigh heavier in interest than protecting your privacy. If so, XTZ Group Aktiebolag will continue to process your personal information even though you have opposed your processing.

    Additionally, you are given the opportunity to object to promotion at each individual digital mail by selecting to unsubscribe. If you oppose direct marketing, we will discontinue processing of your personal information for that purpose as well as all types of direct marketing measures such as sending newsletters.

If you find that we are handling your personal information incorrectly, you are welcome to contact us. Contact information is at the bottom of this policy. You are also entitled to submit any complaints regarding the processing of your personal data to Datainspektionen who is responsible for the supervision of personal data in Sweden.

12. Personal data about children

XTZ Group Aktiebolag does not collect or process personal data for children under the age of 16. If children under the age of 16 have given us personal information, we will delete them as soon as we have been alerted. Any legal guardian can contact us below.

13. How do we protect your personal information?

You should always be able to feel confident when you submit your personal information to us. XTZ Group Aktiebolag has therefore taken appropriate technical and organizational security measures to protect your personal information against inappropriate or involuntary disclosure, use, improper access, deletion, alteration or damage to your personal data.

For example, all customer information is stored behind a firewall and permission management databases, so that only employees in XTZ Group Aktiebolag and partners through agreement - which needs access to your tasks to perform specific tasks - have such access.

14. Application and amendment of the privacy policy

The most recent version of XTZ Group Aktiebolag's privacy policy is always available on our site. Our privacy policy applies at any time in any form and to the content published on the site.

XTZ Group Aktiebolag is entitled to update the privacy policy at any time. If the privacy policy changes, the updated policy will be published on the XTZ Group Aktiebolag site. You will also be informed that the privacy policy has changed the next time you log in to your Member Account. We may also inform you via email if there are major changes to the privacy policy. If you do not want to accept the changed policy, you can terminate your member account by contacting customer support, see the contact details at the bottom of this policy.

15. Contact details

Please do not hesitate to contact us if you have questions about this privacy policy or if you would like more information about our processing of your personal information or if any information would be incorrect and you would like us to correct it.

Company Name: XTZ Group Aktiebolag
Company ID: 556504-4947
Address: GAMLA NISSASTIGEN 17
ZIP code & City: 314 41 Torup
Phone number: +46(0)345-20049
E-Mail: [email protected]