Miss Mary Integrity Policy | Miss Mary of Sweden
Close
Cart toggle
Search
Cart toggle
Refunded Returns

Miss Mary Integrity Policy

At Miss Mary we care about your privacy and always strive to provide a high level of data protection. This privacy policy explains how we collect and use your personal data. It also describes your rights and our obligations. It is important that you read and understand the privacy policy and feel confident about our processing of your personal data. You can contact us at any time if you have any queries. This document contains the following sections

What are personal data and what is personal data processing?

Personal data refers to any kind of information that may relate directly or indirectly to a living natural person.  Images and sound recordings that are processed in a computer can also be personal data even though no name is mentioned. Encrypted data and different kinds of electronic identities (e.g. IP number) are personal data if they can be associated with natural persons.

Personal data processing is everything that happens to personal data. All action that is taken in regard to personal data constitutes processing, whether or not this is done in an automated way. Examples of common types of processing are collection, registration, organisation, structuring, storage, transfer and deletion.

Who is responsible for the personal data we collect?

Miss Mary of Sweden OÜ, Corporate Identity Number 10194063, based at Mahtra 30C, Tallinn City, Harju County, Estonia, is the personal data controller for the company’s processing of personal data.

What personal data do we collect about you as a customer, and why?

To enable us to manage your order/purchase.

  • Collected personal data
    • Name.
    • Contact details (e.g. address, e-mail and telephone number).
    • Purchase information (e.g. which item has been ordered or if the item is to be delivered to another address).
    • User details for My Pages (customers who have chosen to register a customer profile only).

 

  • Types of processing carried out
    • Delivery (including notification and contacts regarding the delivery).
    • Identification and age check.
    • Handling of payment (including analysis of possible payment solutions, which may include a payment history check by our suppliers of payment solutions). NOTE: Miss Mary does not receive or save credit information about our customers. It is the supplier of the payment solution that carries out a credit assessment and decides whether a purchase can be made with the selected payment option.
    • Address check against SPAR.
    • Handling of complaint and warranty matters.

 

  • Legal basis:
    • Implementation of the purchase agreement. https://www.missmary.eu/general-terms-and-conditions. This collection of your personal data is required for us to be able to fulfil our obligations under the purchase agreement. If the information is not provided, our obligations cannot be met, and we will be forced to refuse your purchase.

 

  • Storage period:
    • Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter for the purpose of handling any complaints and warranty matters.
    •  

In order to fulfil the company’s legal obligations

  • Collected personal data
    • Name.
    • Contact details (e.g. address, e-mail and telephone number).
    • Payment history.
    • Payment information.
    • Your correspondence.
    • Information pertaining to date/time of purchase, purchase location, defect or complaint, if any.
    • User details for My Pages (customers who have chosen to register a customer profile only).

 

  • Types of processing carried out
    • Necessary handling to fulfil the company’s legal obligations in accordance with legal requirements, court orders or decisions of public authorities (for example, the Swedish Money Laundering Act, Swedish Accounting Act, or regulations on product liability and product safety, which may require communications or information to be provided to the public and customers about product alerts and recalls, for example, in the event of a defect or a product that is harmful to health).

 

  • Legal basis
    • Legal obligation. This collection of your personal data is required by law. If the information is not provided, our legal obligations cannot be met, and we will be forced to refuse your purchase.

 

  • Storage period:
    • Until the purchase is completed (including delivery and payment) and in accordance with legal requirements, e.g. the Swedish Accounting Act, for 7 years.

To be able to handle customer service matters

  • Collected personal data
    • Contact details (e.g. address, e-mail and telephone number).
    • Your correspondence.
    • Information pertaining to date/time of purchase, purchase location, fault or complaint, if any.
    • Technical data about your equipment.
    • User details for My Pages (customers who have chosen to register a customer profile only).

 

  • Types of processing carried out
    • Communication and response to any questions to customer service (by phone or via digital channels, including social media).
    • Identification.
    • Investigation of any complaint and support matters (including technical support).

 

  • Legal basis
    • Legitimate interest. This processing is necessary to meet our and your legitimate interest in handling customer service issues.

 

  • Storage period:
    • Until the customer service matter has been completed and for a period of 36 months thereafter for the purpose of handling any complaints and warranty matters.

 

To implement and manage participation in contests and/or events.

  • Collected personal data
    • Name.
    • Date of birth or age.
    • Contact details (e.g. address, e-mail and telephone number).
    • Information supplied for contest entry.
    • Information supplied in event evaluations

 

  • Types of processing carried out
    • Communication before and after participation in a contest or an event (for example, confirmation of notifications, questions or evaluations).
    • Identification and age verification.
    • The selection of winners and conveyance of any winnings.

 

  • Legal basis
    • Legitimate interest. The processing is necessary to meet our and your legitimate interest in handling your participation in contests and/or events.

 

  • Storage period:
    • During the time the contest or event is in progress (including any evaluation time).

To be able to evaluate, develop and improve our services, products and systems for our customers.

  • Collected personal data
    • Age.
    • Gender.
    • Place of residence.
    • Correspondence and feedback regarding our services and products.
    • Purchase and user-generated data (e.g. click and visits history).
    • Technical data regarding units that are used and their settings (e.g. language setting, IP address, web browser settings, time zone, operating system,

screen resolution and platform).

  • Information about how you have interacted with us, i.e. how long you have used the service, login method, where and for how long different pages have been visited, response times, download errors, how you reach and leave the service, and so on.

 

  • Types of processing carried out
    • Adaptation of services to make them more user friendly (for example, by changing the user interface to simplify the flow of information or to highlight features commonly used by customers in our digital channels).
    • Provision of documentation for the purpose of improving product and logistics flows (for example, by forecasting purchases, stocks and deliveries).
    • Provision of documentation for the purpose of developing and improving our product range.
    • Provision of documentation for the purpose of developing and improving the company’s resource efficiency from an environmental and sustainability perspective (e.g. by streamlining purchasing and scheduling of deliveries).
    • Provision of documentation for the purpose of planning goods storage, a returns centre and any establishment of shops.
    • Giving our customers the opportunity to influence our range.
    • Provision of documentation to improve IT systems for the purpose of raising security in general for the company and our visitors/customers.
    • Analyses of the data we collect for the purpose. Based on the data we collect (e.g. purchase history, age and gender), you are placed in a customer category (a so-called customer segment) for which analyses are then made at an aggregate level by means of anonymised data, without any association with you as an individual. The analyses give us an idea of what products are purchased and how we can develop our online store.

 

  • Legal basis
    • Legitimate interest. The processing is necessary to safeguard our own and our customers’ legitimate interest in evaluating, developing and improving our services, products and systems.

 

  • Storage period:
    • For 36 months from collection

 

 

 

To be able to prevent misuse of a service, or to hinder, prevent and investigate breaches against the company.

  • Collected personal data
    • Purchase and user-generated data (e.g. click and visits history).
    • Technical data pertaining to units that are used and their settings (e.g. language setting, IP address, web browser settings, time zone, operating system, screen resolution and platform).
    • Information pertaining to how our digital services are used.

 

  • Types of processing carried out
    • Prevention and investigation of any instances of fraud or other contraventions of the law.
    • Prevention of spam, phishing, harassment, unauthorised login attempts to user accounts, or any other activity prohibited by law or our terms and conditions of purchase, membership or service.
    • Protection and improvement of our IT environment from attack and intrusion.

 

  • Legal basis
    • Fulfilment of legal obligation (if applicable) or legitimate interest. If no legal obligation applies, the processing is necessary to safeguard our legitimate interest in preventing the misuse of a service or to hinder, prevent and investigate breaches against the company.

 

  • Storage period:
    • For 24 months from collection.

 

To be able to manage your customer profile and to create My Pages, and to be able to provide a personally tailored experience of our services.

 

  • Collected personal data
    • Name
    • Age
    • Gender
    • Contact details (e.g. address, e-mail and telephone number).
    • Purchase history.
    • Payment history.
    • Payment Information.
    • User name and password.
    • Settings for your profile and your personal selections.
    • Purchase and user-generated data (e.g. click and visits history).
    • Stated customer selections pertaining to communication channels
    • Address details via SPAR, PostNord, Bring.
    • Correspondence and feedback regarding our services and products.
    • Technical data pertaining to units that are used and their settings (e.g. language setting, IP address, web browser settings, time zone, operating system,

screen resolution and platform).

  • Information about how you have interacted with us, i.e. how long you have used the service, login method, where and for how long different pages have been visited, response times, download errors, how you reach and leave the service, and so on.

 

  • Types of processing carried out
    • Creation of login function.
    • Protection of your identity and age.
    • Maintaining correct and updated information.
    • The opportunity for you to track your purchase and payment history.
    • Managing your customer profile (e.g. your profile and your settings).
    • Protection and improvement of our IT environment from attack and intrusion.
    • Creation of customised content, such as relevant product recommendations and other similar actions that simplify your shopping experience.
    • Simplification of your use of our services (e.g. by saving favourites to facilitate future purchases or reminding you of online shopping baskets you may have forgotten or abandoned).
    • Personal communication based on your behaviour.
    • Analyses of the data we collect for the purpose. Based on the data we collect (e.g. purchase and click history), we carry out an analysis at an individual level. Insights from these analyses form the basis for our communication with you and the offers and information that are presented to you.

 

  • Legal basis
    • Fulfilment of user agreement for My Pages. This collection and processing of your personal data is required for us to be able to fulfil our obligations under the purchase agreement. If the information is not provided, our obligations cannot be met, and we will be forced to refuse your registration of My Pages.

 

  • Storage period:
    • Until My Pages is terminated. This can be done upon your request, or automatically if the account has been inactive for a period of 48 months.

From what sources do we collect your personal data?

Apart from the data you provide to us yourself or that we collect from you on the basis of your purchases and use of our services, we may also collect personal data from someone else (a so-called third party). The data we collect from third parties are address details from public registers, for us to be sure we have the correct address details for you.

Who can we share your personal data with?

The personal data processor.

If it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called personal data processors for us. A personal data processor is a company that processes information on our behalf and in accordance with our instructions. We have personal data processors who help us with:

  1. Transportation (logistics companies and freight forwarders).
  2. Payment solutions (card payment companies, banks and other payment service providers).
  3. Marketing (printing and distribution, social media, media agencies or advertising agencies).
  4. IT services (companies that manage the necessary operation, technical support and maintenance of our IT solutions).

When your personal data are shared with personal data processors, this only happens for the purposes that are consistent with the purposes for which we have collected the information (e.g. to enable us to fulfil our obligations under the purchase agreement or user agreement for My Pages). We check all personal data processors to ensure that they are able to provide sufficient guarantees in respect of the security and confidentiality of personal data. We have written agreements with all personal data processors, through which they guarantee the security of the personal data processed and undertake to fulfil our requirements for security, as well as restrictions and requirements pertaining to the transfer of personal data.

Companies that are independent personal data controllers.

We also share personal data with certain companies that are independent personal data controllers. The fact that the company is an independent personal data controller means that we are not the party who controls how the information that is provided to the company should be processed. Independent personal data controllers that we share your personal data with are:

  1. Government authorities (the police, the Swedish Tax Agency or other authorities) if we are required to do so by law or in the event of a suspected breach.
  2. Companies providing general goods transportation (logistics companies and freight forwarders).
  3. Companies offering payment solutions (card payment companies, banks and other payment service providers).

When your personal data are shared with a company that is an independent personal data controller, that company’s privacy policy and personal data processing apply.

Where do we process your personal data?

We always endeavour to ensure that your personal data are processed within the EU/EEA and all of our own IT systems are located within the EU/EEA. We may be forced, however, to transfer information to a country outside the EU/EEA for system support and maintenance, for example, if we share your personal data with a personal data processor that is established or stores information, either itself or through a subcontractor, in a country outside the EU/EEA. In such cases, the processor may only have sight of the information that is relevant for the purpose.

Regardless of what country your personal data are processed in, we take all reasonable legal, technical and organisational measures to ensure that the level of protection is the same as that within the EU/EEA.

If personal data are processed outside the EU/EEA, the level of protection is guaranteed either by a decision of the EU Commission that the country in question ensures an adequate level of protection or through the use of so-called suitable protection measures. Examples of suitable protection measures are an approved code of conduct in the recipient country, EU standard contractual clauses, binding internal corporate regulations or a privacy shield. If you would like a copy of the protection measures that have been taken or information on where these have been made available, you are welcome to contact us.

How long do we store your personal data?

We never store your personal data for longer than is necessary for the respective purposes. See more on specific storage periods under the respective purposes.

What are your rights as a data subject?

Right to access (so-called register excerpt).

We are always open and transparent about our processing of your personal data, and if you would like a deeper insight into what personal data we process about you, you may request to be given access to the data (the information is provided in the form of a register excerpt containing details of the purposes, categories of personal data, categories of recipients, storage periods, information on where the data has been collected from and the existence of automated decision-making).

Bear in mind that if we receive a request for a register excerpt, we may ask for additional information to ensure efficient management of your request and to ensure that the data is provided to the correct person.

Right to rectification.

You may request that your personal data be corrected if they are erroneous in any way. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data.

Remember that if you have access to My Pages at Miss Mary, you can change some details directly via My Pages.

Right to erasure.

You may request the erasure of personal data we process about you if:

  1. The data are no longer necessary for the purposes for which they have been collected or processed. You object to a balance of interests we have made on the basis of legitimate interest and your reason for objection outweighs our legitimate interest.
  2. You object to processing for direct marketing purposes.
  3. The personal data are processed in an illegal way.
  4. The personal data must be erased to comply with a legal obligation we are bound by.

Please bear in mind that we have the right to deny your request if there are legal obligations that prevent us from immediately erasing certain personal data. These obligations derive from accounting and tax legislation, banking and money laundering legislation, as well as from consumer rights law. It may also be the case that processing is necessary for us to determine, enforce or defend legal claims. If we are prevented from meeting a request for erasure, we will instead block personal data from being used for purposes other than that which prevents the requested erasure.

Right to restriction.

You have the right to request that our processing of your personal data be restricted. If you contest the accuracy of the personal data we process, you may request a restricted processing for the time we need to check whether the personal data are correct. If we no longer need the personal data for the purposes determined, but you on the other hand need them to be able to determine, enforce or defend a legal claim, you may request restricted processing of your personal data with us. This means that you may request that we do not erase your data.

If you have objected to a balance of interests that we have made in respect of the legitimate interest as a legal basis for a purpose, you may request restricted processing for the time we need to check whether our legitimate interest outweighs your interest in having the data erased.

If the processing is restricted according to one of the situations described above, we may only process the data, in addition to storing them, to be able to determine, enforce or defend a legal claim, to protect another person’s rights, or if you have given your consent to this.

Right to object to certain types of processing.

You always have the right to opt out of direct marketing and to object to all processing of personal data that is based on a balance of interests.

Legitimate interest: In cases where we use a balance of interests as the legal basis for a purpose, you have the opportunity to object to the processing. To be able to continue processing your personal data after such an objection, we need to show that we have a compelling legitimate reason for the current processing that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to determine, enforce or defend a legal claim.

Direct marketing (including analyses that are made for direct marketing purposes):

You have the option of objecting to your personal data being processed for direct marketing purposes. The objection also covers the analyses of personal data (so-called profiling) that are made for direct marketing purposes. Direct marketing refers to all types of out-reach marketing measures (e.g. via post, e-mail and SMS). Marketing measures where you as the customer have actively opted to use our services or otherwise sought us out to learn more about our services are not counted as direct marketing (e.g. product recommendations or other functions and offers on My Pages).

If you object to direct marketing, we will cease the processing of your personal data for that purpose and also cease all types of direct marketing activity.

Remember that you always have the opportunity to influence which channels should be used for mailings and personal offers. For example, you can choose only to receive offers from us by e-mail, but not catalogues. In such case, you should not object to the personal data processing as such, but instead restrict our channels of communication (by changing the settings on My Pages or contacting customer service).

Right to data portability.

If our right to process your personal data is based on either your consent or the fulfilment of an agreement with you, you have the right to request to have the information that concerns you and that you have provided to us transferred to another personal data controller (so-called data portability). A prerequisite for data portability is that the transferral is technically possible and can be made automatically.

How do we handle your date of birth?

We will only process your date of birth if there is a clear reason to do so with respect to the purpose that is necessary for secure identification, or if there is another significant reason. We always minimise the use of your date of birth as far as possible.

What are cookies and how do we use them?

Cookies are small text files consisting of letters and digits that are sent from our web server and saved on your web browser or computer. At Miss Mary, we use the following cookies:

  1. First-party cookies (cookies that are placed by our website).
  2. Third-party cookies (cookies that are placed by a third-party website, e.g. Google Analytics, which we use to make analyses).
  3. Session cookies (a temporary cookie that is erased when you close your web browser or computer).
  4. Permanent cookies (cookies that remain on your computer until you remove them or they expire).
  5. Similar technologies (technologies that store information in your web browser or your computer in a similar way to cookies).

The cookies we use normally improve the services we provide. Some of our services require the use of cookies to function correctly, while others improve the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings such as language and other data. We also use cookies to be able to direct the relevant marketing to you. You can read more about cookies specifically for Miss Mary under cookies. https://www.missmary.eu/use-cookies

Can you control the use of cookies yourself?

Yes! Your web browser or computer allows you to change the settings for the use and extent of cookies. Go to the settings for your web browser or computer to learn more about how to adjust the settings for cookies. Examples of adjustments you can make are blocking of all cookies, accepting first-party cookies only, or erasing cookies when you close down your web browser. Bear in mind that some of our services are not likely to function if you block or erase cookies. You can read more about cookies in general on the Swedish Post and Telecommunications Authority’s website, pts.se.

How are your personal data protected?

We use IT systems to protect confidentiality, privacy and access to personal data. We have taken special security measures to protect your personal data against illegal or unauthorised processing (such as illegal access, loss, destruction or damage). Only those people who actually need to process your personal data to fulfil our specified purposes have access to them.

What is the easiest way of contacting us if you have any queries about data protection?

Since we take data protection very seriously, we have dedicated members of staff in customer service dealing with this particular issue, and you can reach us at any time at dataskydd@missmary.se. If you feel that our staff are unable to help you or that we are processing your personal data improperly, you may lodge a complaint with the Swedish Data Protection Authority.

We reserve the right to make changes to our privacy policy. The most recent version of the privacy policy is available here on our website at any time. In the event of updates that are essential for our processing of your personal data (for example, change of the stated purpose or categories of personal data) or updates that are not essential for the processing, but which may be essential for you, you will receive information at Missmary.se or by e-mail (if you have given your e-mail address) in good time before the updates become effective. When we make information on updates available, we will also explain the importance of the updates and how they may affect you.

 

The privacy policy was last updated on 23 May 2018.