Privacy Policy for Cargobike of Sweden AB
At Cargobike of Sweden AB, company reg. no. 556729-2759 ("Cargobike", "we", "us" and "our"), we value your privacy. That is why it is a matter of course for us to always strive to protect your personal data in the best possible way. In this privacy policy, we inform you about how we process your personal data and what rights you have.
We also inform you how we, together with our parent company WS WeSports Group AB (publ), company reg. no. 559237–3632, process your personal data in connection with your purchases as joint controllers.
Summary – How do we process your personal data?
Here you can read a summary of how we process your personal data. We retain different personal data for different periods depending on the purpose. Certain data that is required by law is retained for up to 7 years, while other data related to, for example, customer service and order management is deleted earlier.
Further down in this document you will find more detailed information about our different personal data processing activities. By clicking the links below, you will be taken directly to the detailed information.
Attention: The collection of personal data in connection with purchases applies to customers in Sweden who order directly from Cargobike of Sweden AB on our website, or from us in-store. Outside Sweden, you can find Cargobike of Sweden via our retailers, who process personal data in accordance with their own policies.
If you make a purchase from us we process your personal data in order to:
- Manage your purchase
- Communicate with you about your purchase
- Handle any questions about your purchase as well as returns and other claims in accordance with applicable law and our agreement
- Send a request asking whether you would like to review your purchase
- Prevent, detect and investigate potential misuse or fraud
If you (Retailer) are a member with us we process your personal data in order to:
- Create and administer your membership and your member account
- Send emails with relevant information and news
If you visit our website and give your consent, we analyse how our website is used and show you relevant offers on other sites you visit based on that analysis. In addition, we process your personal data to ensure the website functions properly and to remember your choices.
If you receive marketing and other messages from us we process your personal data in order to send newsletters and other marketing to you, as well as customer satisfaction surveys and market research.
If you take part in one of our competitions or if we share your posts on our social media/website we process your personal data in order to manage and run competitions and to share your posts on social media and your images on our website.
If you communicate with us, in order to safeguard our legal interests and to comply with legal obligations we process your personal data in order to
- Communicate with you if you contact us
- Comply with the requirements of the Marketing Act
- Comply with the provisions of the Accounting Act
Your personal data related to your purchases will be shared with and processed by our parent company WS WeSports Group AB (publ) ("WeSports"). WeSports processes your personal data as a joint controller with us, and processes it in order to carry out analyses based on your purchases from us.
You have a number of different rights in relation to our processing of your personal data, including the right to object, the right to lodge a complaint with the Swedish Authority for Privacy Protection, the right to withdraw your consent, and the right of access. More information about these and other rights that you have can be found at the end of this privacy policy.
Please use the summary above and the table of contents below to navigate to the section you would like to read more about. If you have any questions or would like to exercise any of your rights, you are welcome to contact us.
Information about the processing of your personal data
Cargobike of Sweden AB, company reg. no. 556729-2759, is responsible for the processing of your personal data (data controller) as described in more detail in this privacy policy.
In certain situations, we are joint controllers together with our parent company, WS WeSports Group AB (publ), company reg. no. 559237–3632. This means that we jointly determine why and how your personal data is to be processed. Read more about the situations in which we are joint controllers below.
If you have any questions about this processing, or if you would like to exercise any of your rights that we describe under the heading What rights do you have when we process your personal data, you are welcome to contact us by emailing info@svenssonbikes.com or by sending a letter to Cargobike of Sweden AB, Kosterögatan 13, 211 24, Malmö.
What happens if you do not provide us with your personal data?
In general, you are not obliged to provide your personal data to us. You will find a description of when you need to provide your personal data in the tables below where the legal basis is stated as "Legal obligation (art. 6.1 c GDPR)". Even if we do not have a legal obligation to process your personal data, the consequence of not providing certain personal data may be that it is not possible for us to enter into an agreement with you.
Who do we share your personal data with?
Your personal data is primarily processed by us at Malmö Velocipedfabrik. In some cases, we share your personal data with third parties. Below, we summarise in which situations we generally share your personal data with third parties, and in the tables below we provide more detailed information on the purposes for which your personal data is shared and with which categories of recipients.
Below we specifically describe what applies to the sharing and processing of personal data within the WeSports Group.
We always want to be transparent and help you feel secure, so please do not hesitate to contact us if you would like more information about how we share your personal data.
In order for us to have functioning IT systems and run our business efficiently, our IT suppliers will process your personal data. These IT suppliers process personal data on our behalf in their capacity as our processors and, as a general rule, are used for all purposes listed in the tables below. They will therefore not be listed in the tables.
- To manage your purchases from us, we share your personal data with the payment service provider and the carrier that processes your payment and delivery. These recipients are independent controllers for the processing of your personal data. Which payment service providers and carriers process your personal data depends on the choice you make at checkout when purchasing. To manage your reviews, we also share your personal data with Trustpilot, which processes it in its capacity as our processor.
- If you visit our website and give your consent, your personal data is processed by the analytics and marketing services we use, for example Google, Microsoft, LinkedIn, Intuit Inc (Mailchimp) and/or Meta (Facebook and Instagram). These recipients process personal data on our behalf as our processors, but they also process your personal data as independent controllers. These providers inform you separately about the personal data processing for which they themselves are responsible.
- In order to market ourselves effectively, we use suppliers that help us with our marketing, for example for advertising. These suppliers process personal data on our behalf in their capacity as our processors.
- If we share your posts in our channels or you contact us via social media, we share your personal data with the relevant social media platform where your posts are shared, for example Instagram or Facebook. These social media platforms are independent controllers for their processing of your personal data.
Sharing and processing of personal data within the WeSports Group
We are a company within the WeSports Group, which consists of several companies focused on sport and outdoor life, including our parent company WS WeSports Group AB (publ) ("WeSports"). Below we describe how we share and process your personal data within the WeSports Group.
When you make a purchase from us, we share personal data related to your purchase (such as which items you have purchased and your purchase history) with WeSports, which processes this personal data as a joint controller with us. This means that we, together with WeSports, determine how and why your personal data is processed in this case.
We process your personal data together with WeSports in order to analyse your purchases and to identify which products and areas you are particularly interested in. We will limit the information we share between us and process it at as aggregated a level as possible.
We process your personal data on the legal basis of balancing of interests, where we have assessed that the processing is necessary for purposes relating to our legitimate interest in being able to analyse purchasing patterns in order to provide you with tailored offers. We only retain your personal data for this purpose for 12 months.
We will then use the information we obtain from the analysis to tailor our marketing to you, including in our newsletters, if you receive these from us. In our tailored marketing, we may suggest offers and other products you may be interested in from other companies within the WeSports Group. However, the processing we carry out when we send marketing to you is performed by us as independent controllers, and you will not receive communications from WeSports or other companies within the WeSports Group.
WeSports will also share your personal data with its respective IT suppliers that need to process personal data in order for WeSports to have functioning IT systems and run its business in an efficient manner. These IT suppliers process personal data in their capacity as WeSports' processors.
If you have any questions about the processing we carry out jointly with WeSports, you are welcome to contact us using the contact details above.
You can read more about how we process your personal data as independent controllers if you receive marketing and other messages from us in the table below.
Do we transfer your personal data outside the EU/EEA?
As a general rule, we and our processors process your personal data within the EU/EEA. In some cases, however, your personal data will be transferred outside the EU/EEA. When we use services from Google, Meta, Intuit Inc and Zendesk, your personal data is transferred to the United States. These transfers take place on the basis of what is known as an adequacy decision from the European Commission under art. 45 GDPR, called the EU-US Data Privacy Framework. This means that the European Commission has assessed that the US has an adequate level of protection with regard to the activities that have certified under the EU-US Data Privacy Framework. You can find the respective certifications for Google, Meta, Intuit Inc and Zendesk here, by searching for each company.
In some cases, we use service providers that in turn transfer your personal data outside the EU/EEA to a country that lacks an adequacy decision or where the service provider is not certified under the EU-US Data Privacy Framework. Our suppliers will then transfer your personal data in accordance with the European Commission’s standard contractual clauses (art. 46.2 (c) GDPR). These standard contractual clauses include different modules depending on the role of the party transferring the personal data and the role of the party receiving the personal data. Most often, module 3 of the standard contractual clauses will be used (processor to processor), and otherwise module 1 (controller to controller) or module 2 (controller to processor). You can find the standard contractual clauses here. In cases where legislation or similar in the country outside the EU/EEA where the recipient of the personal data operates affects how the standard contractual clauses are intended to function, we/our suppliers will take additional safeguards to ensure adequate protection for your personal data.
If you would like more detailed information about transfers of personal data outside the EU/EEA, you are welcome to contact us.
Detailed description of how we process your personal data
Below you can read more detailed information about the purposes of our different processing activities, the categories of personal data we process, the legal bases for the processing, retention periods, when you need to provide the personal data to us, and recipients of your personal data.
If you make a purchase from us
When you make a purchase from us via our website, we process your personal data. We also process your personal data if you have made a purchase in-store at Cargobike in Malmö or Stockholm, e.g. to handle a return or send a receipt by email. The purposes for which we process your personal data are set out in the tables below.
We collect your personal data from you at checkout when you make your purchase or in connection with you contacting us.
In general, you are not obliged to provide your personal data to us. However, if you do not provide certain personal data, it is not possible for us to enter into an agreement with you.
Attention: The collection of personal data in connection with purchases applies to customers in Sweden who shop directly from Cargobike of Sweden AB in our webshop or in person with us in Malmö and Stockholm. Outside Sweden, you can find Cargobike of Sweden via our retailers, who process personal data in connection with purchases in accordance with their own policies.
Manage your purchase
|
|
Processing activities we carry out
|
Personal data processed
|
Legal basis
|
|
• Receive and register your personal data in order to receive, register and manage your order
• Send an order confirmation and/or receipt by email
• Send delivery information by email and deliver your order
• Share your personal data with payment service providers and carriers
|
• Name
• Contact details (address, email and phone number)
• Personal identity number
• Order information, which item(s) you have ordered
• Payment information
• Your Retailer membership, if you have identified yourself with it
• If you have shopped with us in-store, we also process other information you have provided at the time of purchase, for example to our sales staff or as shown on your digital receipt.
|
Performance of a contract (art. 6.1 b GDPR)
The processing is necessary in order for us to perform the contract relating to your purchase. If the personal data is not provided, you cannot complete a purchase with us.
The processing of personal identity numbers is needed in order to securely identify you and verify your age.
|
|
Retention period: The personal data related to your purchase will be processed by us for the time required to administer and manage your order so that you can receive the items you have ordered, but for no longer than 12 months.
After that, we will process information about your purchase so that we can, smoothly and in accordance with applicable consumer rules, handle any questions about your purchase, right of withdrawal, open purchase, warranties and complaints. You can read more about this in the table below.
Your personal data may also form part of accounting records, which we retain in accordance with our obligations under the Swedish Accounting Act. You can read more about our processing of your personal data for this purpose below.
|
|
Recipients of your personal data: We share your personal data with the payment service provider and the carrier you choose. These recipients are independent controllers for the processing of your personal data. Which payment service providers and carriers process your personal data depends on the choice you make at checkout when purchasing.
We will share your name, address and contact details with the carrier you choose at checkout in order to deliver your products. The carriers we use are independent controllers for the processing of your personal data.
|
Communicate with you about your purchase
|
|
Processing activities we carry out
|
Personal data processed
|
Legal basis
|
|
• If necessary, communicate with you about your purchase, e.g. if the product you ordered is out of stock or to inform you about any product recalls
|
• Name
• Email address
• Order information, which item(s) you have ordered
|
Balancing of interests (art. 6.1 f GDPR)
The processing is necessary for purposes relating to our legitimate interest in being able, when necessary, to communicate with you about your purchase
|
|
Retention period: The personal data related to your purchase will be processed by us for this purpose for 12 months.
|
Handle any questions about your purchase, as well as returns and other claims in accordance with applicable consumer rules and our agreement
|
|
Processing activities we carry out
|
Personal data processed
|
Legal basis
|
|
• Handle any questions as well as right of withdrawal, returns, warranties and complaints in a smooth manner and in accordance with applicable consumer rules and our agreement with you.
• If you have questions about your purchase, wish to exercise your right of withdrawal, make a complaint about an item or otherwise exercise any of your rights under applicable consumer law or our agreement with you, we process your personal data in order to help you and comply with applicable law and the terms of our agreement. For example, we may need to locate your order, your contact details and your payment information so that you can exercise your right of withdrawal or make a complaint about an item.
• Read more about how we process your personal data to communicate with you if you contact us here
|
• Name
• Contact details (address, email and phone number)
• Personal identity number
• Order information, which item(s) you have ordered
• Information you choose to provide to us, for example about a defect in an item, as well as information about measures we have taken in a return or warranty matter.
|
Performance of a contract (art. 6.1 b GDPR)
The processing is necessary in order for us to perform the contract relating to your purchase. If you do not provide your personal data to us, we are not able to help you with, for example, a warranty matter.
Legal obligation (art. 6.1 c GDPR)
The processing is necessary in order for us to act in accordance with consumer law legislation, such as the Consumer Sales Act (2022:260) and the Distance Contracts Act (2005:59), and thereby comply with a legal obligation that we have.
Balancing of interests (art. 6.1 f GDPR)
The processing is necessary for purposes relating to our legitimate interest in being able to handle your questions, complaints and other claims in an efficient and customer-friendly manner.
The processing of personal identity numbers is needed in order to securely identify you and verify your age.
|
|
Retention period:
We retain your personal data for a maximum of 7 years from your purchase in order to answer questions about your purchase and handle any returns, and so that you can, in a smooth manner and in accordance with applicable consumer protection legislation, make complaints about your items and exercise your right of withdrawal.
If you contact us with a question and we open a case to, for example, handle your return, we process your personal data for 36 months.
Read more about how long we otherwise process your personal data in our communication when you contact us here.
|
Send a request asking whether you would like to review your purchase
|
|
Processing activities we carry out
|
Personal data processed
|
Legal basis
|
|
• Send requests to you to review the product you have purchased
|
• Name
• Email address
• Order information, which item(s) you have ordered
|
Performance of a contract (art. 6.1 f GDPR)
The processing is necessary for purposes relating to our legitimate interest in being able to contact you with a request to evaluate us and our products in order to improve our products and our offering.
|
|
• Publish your review on our website if you have chosen that option. You decide yourself whether you want to provide your name
|
• Name (if you have chosen to provide it)
• Information you provide in your review
|
Consent (art. 6.1a GDPR)
We obtain your consent to publish your review on our website. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before it is withdrawn.
|
|
Retention period:
We process your personal data in order to send you a request for 14 days after the purchase has been completed. However, we will stop processing your personal data earlier if you object to our processing.
We process your review for as long as it is relevant for its purpose and in accordance with applicable data protection legislation. Reviews are removed or anonymised if you request this or if the processing is no longer justified.
|
|
Recipients of your personal data:
We use Trustpilot to carry out surveys and manage your reviews. Trustpilot will process your personal data on our behalf in its capacity as our processor.
|
• Identify unusual purchasing behaviour and prevent misuse of our services and fraud
To prevent, detect and investigate potential misuse or fraud
|
|
Processing activities we carry out
|
Personal data processed
|
Legal basis
|
|
• Name
• Email address
• Phone number
• IP address
• Personal identity number
• Order information, which item(s) you have ordered
• Return and order history
|
Balancing of interests (art. 6.1 f GDPR)
The processing is necessary for purposes relating to our legitimate interest in preventing, detecting and investigating misuse of our products and services.
The processing of personal identity numbers is needed in order to securely identify you and verify your age.
|
|
Retention period: We process your personal data for this purpose from the time you make a purchase and for up to 7 years thereafter.
|
|
Recipients of your personal data: If we need legal assistance, we share your personal data with our lawyers. If we were to detect criminal behaviour, we also share personal data with the Swedish Police Authority.
|
Membership in the retailer portal
Our retailers can apply to become members in our retailer portal. To administer your membership with us, we need to process your personal data. In order to create your membership and fulfil what follows from it, we must process your personal and company data. If you do not provide your personal data to us, we are not able to create or administer your membership.
We also process your personal data in order to send information and news to you. Read more about this under the heading If you receive marketing and other messages from us
To create and administer your membership and your member account
|
|
Processing activities we carry out
|
Personal data processed
|
Legal basis
|
|
• Create your membership
• Enable your login to your member profile
• Communicate with you regarding your membership
|
• Name
• Contact details (address, email, mobile number)
• Personal identity number
• Your login details, i.e. username and password
• Orders and order history
|
Performance of a contract (art. 6.1 b) GDPR
The processing is necessary in order to create and administer your membership and your member account and thereby to perform our agreement with you.
If name, personal identity number and contact details are not provided, our obligations cannot be fulfilled and we must therefore deny you membership. The processing of personal identity numbers is needed in order to securely identify you and verify your age.
|
|
Retention period: The data is processed until you end your membership and for 30 days thereafter.
|
If you visit our website
If you consent, we analyse how our website is used and show you relevant offers on other websites and social media platforms that you visit based on such analysis. In addition, we process your personal data to ensure that the website functions properly and to remember your preferences. We explain this in detail in the tables below.
Personal data is collected from your device (for example a mobile phone, computer or tablet) when you visit our website. Google also uses information they already have in order to perform analysis and to show you offers from us that may be of interest to you.
In order to collect personal data when you visit the website as described below, we use cookies and similar technologies. In our cookie information notice available on our website, we explain in more detail how this works.
Analysing how our website is used
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• Analysing how you use our website using cookies. We do this in order to improve the functionality of the website, adapt it to our visitors, and to be able to draw conclusions about our visitors.
• For this purpose, we use an analytics service from Google Analytics, which involves the use of a random ID to distinguish your device from other visitors and to identify patterns in how our website is used.
• We are only interested in how visitors interact with us on an aggregated level. At Cargobike, we do not know who you are and do not take any measures to find out.
|
• An encrypted version of your IP address that cannot be linked to you as an individual
• Information about how you use the website, such as what you click on and how long you stay on the website
• The area of the country from which you access our website
• How many times you have visited the website, enabling us to calculate the total number of visitors
• Your device/browser, such as your screen resolution
• Other information that Google has about you, such as information about which website or other channel you used to find us
|
Consent (art. 6.1 a i GDPR)
We obtain your consent when you visit our website. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.
You can opt out of Google Analytics by, for example, downloading and installing this browser add-on. To avoid cookies, you can also adjust the settings in your web browser.
|
|
Retention period: Personal data is stored for 14 months after your visit to our website. After that, the data is deleted or anonymised.
|
|
Recipients of your personal data: Our analytics service, Google Analytics, receives your personal data. More information about Google’s processing of personal data and how long they store your data can be found in their privacy policy, available by clicking on their name.
|
Show offers from us that may be of interest to you on other websites you visit
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• Marketing our products by displaying offers and new products that we believe may be of interest to you. We show marketing tailored specifically to you on other websites and social media platforms that you visit.
• We may display offers by using marketing services from, for example, Google, Meta (Facebook and Instagram), Microsoft (Bing) and LinkedIn. We do this based on analysis of our website, through cookies or similar technology, as well as information that these parties already have about you.
• We tailor the marketing to you based on information that the marketing services already have about you and based on your previous browsing history with us. This means that profiling* of your browsing history takes place.
|
• An encrypted version of your IP address that cannot be linked to you as an individual
• Information about how you use the website, such as what you click on and how long you stay on the website
• The area of the country from which you access our website
• How many times you have visited the website, enabling us to calculate the total number of visitors
• Your device/browser, such as your screen resolution
• Other information that Google has about you, such as information about which website or other channel you used to find us
|
Consent (art. 6.1 a i GDPR)
We obtain your consent when you visit our website. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.
You can opt out of Google Analytics by, for example, downloading and installing this browser add-on. To avoid cookies, you can also adjust the settings in your web browser.
|
|
Retention period: You will see marketing from us for 90 days after your visit to our website.
|
|
Recipients of your personal data: Your personal data is shared with the analytics services we use. The marketing services we use will continue to process your personal data as independent data controllers. More information about Meta’s, Microsoft’s, LinkedIn’s and Google’s processing of personal data and how long they store your personal data can be found in their respective privacy policies. Click on the name to read more.
|
*Profiling: Your personal data is used for so-called profiling carried out by the marketing services in order to show you the offers that they and we believe suit you best and to provide tailored marketing. Profiling is carried out because otherwise we would not be able to show relevant offers and marketing specifically to you; instead, you would see offers that are not relevant to you. You have the right to object to profiling. You can read more about your right to object below, where your rights are explained in detail.
To ensure the website functions and remembers your choices
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• We use cookies and similar technology to ensure that the website functions in a satisfactory and secure manner.
• Remembering your choices on the website, such as your consent, or items added to your shopping cart.
• We and our suppliers do not track how you specifically use the website; this is done automatically through technical functions.
|
• An encrypted version of your IP address that cannot be linked to you as an individual
• Information about how you use the website
• Information about your choices
• Information about which products you have added to your shopping cart
|
Consent (art. 6.1 a i GDPR)
The processing is necessary for purposes relating to our legitimate interest in being able to provide a well-functioning and secure website and to remember your choices.
|
|
Retention period: The personal data collected through cookies and similar technology for the website’s functionality is stored for 12 months. .
The processing is necessary for purposes relating to our legitimate interest in being able to provide a well-functioning and secure website and to remember your choices.
|
|
Recipients of your personal data: Your personal data is processed through the services we use on the website, for example the service that provides our consent solution. We list these services as “necessary” in the cookie policy. These services are used so that we can run our business efficiently, and the companies behind the services act as our data processors.
|
If you receive marketing and other messages from us
The tables below describe how we process your personal data if you have chosen to receive marketing and other messages from us. We collect personal data directly from you as well as by analysing how you interact with our various marketing communications.
In addition, we also use data related to analysis of your previous purchases, which we process jointly together with our parent company within WeSports Group. We do this in order to identify which products and areas you are particularly interested in and to provide you with better tailored offers. You can read more about how your data is shared and processed within WeSports Group above.
Send newsletters and other marketing to you
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• Managing and sending marketing with offers, benefits, discounts and information via email.
• Sending personalised product recommendations and communications so that you receive offers and information about goods and services you are interested in
|
• Name
• Email
For personalised communications, we also process:
• User history (e.g. how you click or search on our website)
• Age, if you have chosen to provide this information to us
• Whether you are a private customer or a business customer
• Purchases
• Geographic location, if you have chosen to provide this information to us
|
Balancing of interests (art. 6.1 f i GDPR)
The processing is necessary for purposes relating to our legitimate interest in being able to provide you with newsletters and tailored offers.
|
|
• Developing and improving our newsletters and marketing by analysing how our customers interact with our newsletters. However, we do not carry out such analysis on an individual level, and therefore do not look at how you specifically interact with our newsletters.
• Sending personalised product recommendations and communications so that you receive offers and information about goods and services you are interested in
• We will collect your data using cookies and similar technology. You can read more about our use of cookies here.
|
• Information about how you interact with our newsletters, such as whether you open our newsletter and what you click on (for the purpose of performing a general analysis of how our customers interact with our newsletters)
• Contact details (email, address, mobile number)
• IP address
• Email address
|
Balancing of interests (art. 6.1 f i GDPR)
The processing is necessary for purposes relating to our legitimate interest in developing and improving our newsletters and marketing.
|
|
Retention period: We process your personal data until you unsubscribe or otherwise ask us to stop sending direct marketing. You can opt out of marketing from us at any time. If you opt out, your personal data is stored in our suppression list until further notice.
|
|
Recipients of your personal data: We share your personal data with the Mailchimp platform (Intuit Inc) to manage subscription lists and mailings. We also share your personal data to analyse how you open our mailings and what you click on. Mailchimp (Intuit Inc) processes your personal data as our data processor.
|
If you participate in one of our competitions, or if we share your posts on our social media/website
If you participate in a competition hosted by us, or consent to us sharing your posts on social media and/or our website, we will process your personal data. We receive your personal data from you through your participation in the competition and from your social media accounts.
To administer and run competitions
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• Communicating with you before and after the competition.
• Selecting winners and communicating the results
|
• Name or username on social media
• Contact details (email address, and in case of a prize: address and mobile number)
• Data and content that you submit as part of your competition entry
|
Performance of a contract (art. 6.1 b i GDPR)
The processing is necessary in order for us to administer your participation in the competition, i.e. our agreement with you regarding your participation. You must provide the personal data to us; otherwise, we cannot administer your participation in the competition.
|
|
Retention period:We process your personal data during the competition and in order to administer your participation or prize. Thereafter, we delete your personal data after 30 days, except if you have won our competition, in which case we delete your personal data after 12 months. We keep the personal data included in the content you chose to post and that we have shared on our website or on our social media account until further notice. We will remove the content if you contact us and ask us to delete the content or your personal data.
|
|
Recipients of your personal data:Competitions are in most cases conducted on social media and are promoted in newsletters and on our website. You can click through to read more about how we handle personal data in the following channels: social media, newsletters and our website.
|
Share your posts on social media and your photos on our website
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• Sharing your posts on social media where you have tagged us or used one of our hashtags.
|
• Name
• Username on, for example, Instagram
• Your social media content in which you have tagged us, e.g. posts from Instagram
|
Consent (art. 6.1 a i GDPR)
For the personal data we process for marketing purposes and for sharing your posts on social media, we obtain your consent. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the consent is withdrawn.
|
|
• Sending you a request asking whether we may use your content in our marketing on our website.
• Sharing your content on our website if you consent to it
|
• Name
• Username on, for example, Instagram
• Your social media content, e.g. your photos from Instagram
|
Balancing of interests (art. 6.1 f i GDPR)
The processing is necessary for purposes relating to our legitimate interest in being able to send you a request to use your content.
Consent (art. 6.1 a i GDPR)
For the personal data we process for marketing purposes and for sharing your content on our website, we obtain your consent. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the consent is withdrawn.
|
|
Retention period: We keep the personal data included in the content you chose to post and that we have shared and therefore process as described above on our website or on our social media account until further notice. We continuously remove content when it is no longer relevant (which varies from post to post) or when you contact us and ask us to remove the content or your personal data.
|
|
Recipients of your personal data: If we share your post on our social channels, the relevant social media platform will have access to your personal data, e.g. Instagram. These social media platforms are independent data controllers for their processing of your personal data.
|
If you communicate with us, to safeguard our legal interests and to comply with legal obligations
When you contact us, for example via social media or our customer service, we will process your personal data as described in the tables below. We receive your personal data from you when you contact us.
We also process your personal data if we need to defend ourselves against claims or initiate claims. We receive the data from you or from third parties in connection with your case or claim.
To manage customer support, we use Zendesk among other tools, where your personal data is processed for example when using contact forms, support cases, chat and email to customer service. In addition, Zendesk may in some cases process personal data as an independent data controller, for example to ensure operation and security of the service.
If you use other channels, such as social media, the social media platform you use (for example Instagram) will also process your personal data.
We therefore recommend that you read the information below together with the information you can find from Zendesk or the relevant social media platform.
Personal data processed within the scope of customer support is not used for marketing or advertising purposes.
Communicating with you if you contact us and safeguarding our legal interests
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• Communicating with you if you contact us, for example through our customer service or on our social media pages
• Handling your questions or complaints
• Defending ourselves against legal claims and initiating legal claims against you when necessary
|
• Email
• The contact details you use, for example email address, phone number and/or address
• Other information you provide in connection with our contact, e.g. order number
• If you contact us via social media (for example our Instagram), we also process information from your profile (username and the profile picture you have chosen for your account)
|
Balancing of interests (art. 6.1 f i GDPR)
The processing is necessary for purposes relating to our legitimate interest in being able to communicate with you via the channel you choose to contact us through, provide customer service, handle questions and complaints, and safeguard our legal interests.
Legal obligation (art. 6.1 c i GDPR)
The processing is necessary in order for us to act in accordance with consumer law, such as the Consumer Sales Act (2022:260) and the Distance and Off-Premises Contracts Act (2005:59), and thereby comply with a legal obligation to which we are subject.
|
|
Retention period: We process your personal data that appears in communications in our customer service cases for twelve months from when our contact regarding the case has ended.
On social media, we delete your comments and our communications upon request. You can remove your own comments/your own communications yourself. Content that may be perceived as offensive is removed continuously. This includes, for example, rude comments, inappropriate language or attacks on individuals.
|
|
Recipients of your personal data: We share your personal data with Zendesk, which helps us manage customer service cases. Zendesk processes your personal data as our data processor. If you contact us via social media, the social media platform will also receive your personal data.
|
To comply with requirements under the Marketing Law
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• If you communicate with us, to safeguard our legal interests and to comply with legal obligations.
|
• Email
|
Legal obligation (art. 6.1 c i GDPR)
The processing is necessary in order to comply with legal obligations under the Marketing Law (SFS 2008:486), which applies to us and means that we must not send marketing to individuals who have objected to receiving such marketing. You must provide the personal data to us; otherwise, we cannot guarantee that you will not receive further marketing from us.
|
|
Retention period: You will remain in our “suppression list” until further notice.
|
Comply with the Accounting Law
|
|
Processing activities
|
Personal data processed
|
Legal basis
|
|
• Complying with accounting legislation by registering, posting, and archiving your payments and other transactions that take place between us and you
|
• Payment history, transactions and other material that constitutes accounting records
|
Legal obligation (art. 6.1 c i GDPR)
The processing is necessary in order to comply with mandatory law, i.e. the Accounting Act.
|
|
Retention period: Personal data that forms part of our accounting records is stored for seven to eight years in order to comply with the Accounting Law (until the end of the seventh financial year).
|
How have we carried out our balancing of interests when the legal basis is our legitimate interest (balancing of interests (art. 6.1 f) i GDPR)?
For certain purposes, we process your personal data on the basis of a balancing of interests as the legal basis for processing. In the balancing of interests, we have assessed that our legitimate interest in carrying out the processing outweighs your interests and your fundamental rights not to have your personal data processed. What our legitimate interest is is stated in the tables above under “Legal basis”. If you would like to know more about how we have made these assessments, you are welcome to contact us.
Consent
In certain situations, we process your personal data after you have given your consent to the processing. These situations are described above, and you may at any time withdraw your consent. If you withdraw all or part of your consent, we will stop processing for that purpose. Withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn.
What rights do you have when we process your personal data?
In accordance with the GDPR, you have certain rights – see more information below.
If you have any questions about your rights or would like to exercise any of your rights, you are welcome to contact us using the contact details above. The Swedish Authority for Privacy Protection also provides more detailed information about when your rights apply and what exemptions exist.
You have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your personal data infringes the GDPR. In Sweden, the competent supervisory authority is the Swedish Authority for Privacy Protection.
You have the right to withdraw your consent at any time by contacting us.
Right of access (“right to obtain access to your personal data”) – Article 15 i GDPR
You have the right to receive confirmation as to whether or not we process your personal data. You can submit a request by contacting us. If we process your personal data, you also have the right to receive a copy of the personal data we process as well as information about the processing, e.g. the purposes of the processing and how long the data is stored.
You have the right at any time to object to the processing of your personal data for direct marketing (including any profiling) and to processing of your personal data based on a balancing of interests.
You have the right, without undue delay, to have inaccurate personal data concerning you rectified. You also have the right to have incomplete personal data completed.
Right to erasure (“right to be forgotten”) – Article 17 i GDPR
Under certain circumstances, you have the right, without undue delay, to have your personal data erased by us. For example, if you withdraw your consent and there is no other legal basis for the processing, or if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
Right to restriction of processing – Article 18 i GDPR
Under certain circumstances, you have the right to request that we restrict our processing of your personal data. For example, if you contest the accuracy of the data, or if the processing is unlawful and you oppose the erasure of the personal data and instead request a restriction of the use of the data.
If we process your personal data based on your consent or for the performance of a contract, you have the right to receive the personal data concerning you. This right applies to data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this personal data to another data controller, where technically feasible.
This privacy policy was adopted by Cargobike of Sweden AB on 29 January 2026.