The online shop on the website organization number 20010607 **** processes personal data provided by the customer to fulfill and also confirm the conditions for processing electronic orders and deliveries and for the necessary communication during a statutory period.

 General provisions

 1.Personal data controller, in accordance with GDPR (hereinafter referred to as "Ordinance") is the founder and owner of the company, organization number 20010607 ****, based in Stockholm (hereinafter referred to as "Personal data controller"); 

2. The contact information for the Personal Data Controller is: e-mail:

3. Personal data is any information relating to an identified or identifiable natural person.END_P} 

The source of personal data 

1. The person responsible for personal data processes personal data obtained with the consent of the customer and collects through the contract to purchase and fulfill the electronic order created in the webshop;

 2. The person responsible for personal data only processes identification and contact information for the Customer that is necessary for the contract to be fulfilled;

 3. The data controller processes personal data for shipping and accounting and for necessary communication between the contracting parties for the period required by law. Personal data will not be published and will not be transferred to other countries. 

The purpose of data processing 

The person responsible for personal data processes personal data at the customer's for the following purposes:

 1. Registration on the website in accordance with Chapter 4, Section 2 of the GDPR; 

2. To fulfill the electronic order created by the customer (name, address, e-mail, telephone number);

 3. To comply with laws and regulations arising from the contractual relationship between Customer and Personal Data Controller;

 4. Personal data is necessary for contracts to be procured. Contracts cannot be entered into without personal data.

Duration of storage of personal data 

1. The Data Controller stores personal data for the period necessary to fulfill the rights and obligations arising from the contractual relationship between the Data Controller and the Customer and for 3 years after the conclusion of the agreement; 

2. The data controller must delete all personal data after the end of the period required for the storage of personal data. 

Recipient and personal data controller of personal data

Third parties that process personal data at the Customer are subcontractors of the Personal Data Manager. The services of these subcontractors are indispensable for the contract to be carried out, for purchasing and processing the electronic order between the Personal Data Controller and the Customer.

 The subcontractors of the Personal Data Controller are:

 Webnode AG (e-shop system); 

Shipping company;

Google Analytics;

Customer rights

In accordance with the regulation, the customer has the following rights: 

1. the right of access to personal data; 

2. the right to the correction of personal data;

3. the right to delete personal data; 

4. the right to object to the processing of personal data;

5. the right to data transfer;

6. the right to withdraw consent to the processing of personal data in writing or by e-mail sent to:; 

7. the right to lodge a complaint with the supervisory authority in the event of a suspected breach of the Regulation. 

Security of personal data

1. The data controller shall ensure that all technical and organizational security measures are taken to protect personal data;

The data controller has taken technical security measures to secure data storage spaces, in particular secure access to the computer with a password, use antivirus software and perform regular computer maintenance.

Final provisions 

1. By placing an electronic order on the website, the Customer confirms that it has been informed of all the conditions for personal data and accepts them in full; 

2. the Customer accepts these rules by ticking the check box in the order purchase form; 

3. The data controller may update these rules at any time. New, updated version must be published on its website. 

The rules will enter into force on 24 September 2020.