Website Privacy Notice

1. Introduction

When visiting www.ecobynaty.com, Naty AB (the "COMPANY") may collect and process personal data ("Personal data") about you.

This privacy notice ("Privacy Notice") sets out which personal data that COMPANY collects and for which purposes the Personal data is processed.


 Throughout this Privacy Notice the term "processing" is used to cover all activities involving your Personal data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of information.

"Applicable Data Privacy Laws" means data protection laws and regulations implementing the Data Protection Directive 95/46/EC and as of 25 May 2018 the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the "GDPR").

"Personal data" is defined as any information relating to an identified or identifiable natural person.

2. Cookies

2.1. COMPANY uses cookies, web beacons and similar technologies to collect information about you and your device (such as phone or computer) when you visit our website.
A cookie is a text file that a web server places on your hard drive, mobile device or tablet when you visit websites. A cookie is uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. A key purpose of cookies is to tell the Web server that you have returned to a specific web page, so you can get a personalized experience when you visit the site again. You may choose whether to accept or decline cookies. Most browsers accept cookies automatically, but you can usually change your settings to not accept cookies if you prefer. If you choose to allow your computer to accept cookies, you can also choose to be automatically logged into the website, this will speed up the checkout process.

COMPANY websites use ”session cookies” to manage your visit at any of websites such as what pages you visits which products you look at, which products you have added to your cart. You can easily turn off the use of cookies and erase your cookie history in your web browser. The session cookies are deleted from your hard drive when all browser windows are closed down. If you turn off the function of session cookies for our website, you will not be able to make a purchase.

COMPANY also uses “persistent cookies” that will remain on your computer after you have closed the browser. This type of cookie helps our system to recognize that you have visited this site before and to remember which settings and products you have preferred. To help us with this we do use third party cookies, these cookies are from our partners and help us give you a more personalized website and more personalized marketing and advertising from us. These cookies do not store any personalized information about you and in our Web analytics systems like Google Analytics we cannot trace any information to you specifically.

Web beacons are transparent images which may be included in e-mails sent to you

Similar technologies are technologies that store information in your web browser or on your device in a similar way as cookies and web beacons.

For more information of cookies used, please see our cookie policy.

3. From where do we collect your personal data

3.1. We collect personal data from you (such as name and email address) if you chose to contact us through the website or through other means (such as email or phone). See also section 2.1 above regarding use of cookies.

4. Why do we collect and process your personal data

4.1. Provide you with information such as Newsletters, Marketing, Catalogues and Press Releases.

If you sign up to subscribe to newsletters, Ambassadorship, catalogues, press releases and similar information about COMPANY and its business or order such information on a one time basis we process your Personal data for the purposes of providing you with the requested subscription or information. Personal data processed for these purposes include:

Categories of personal data
First name
Last name
Email address
Phone number
Children’s age
Children’s gender
Purchase history

The legal basis for the above processing of your personal data as an end consumer is that the processing is necessary in order to fulfil our legitimate interest to provide you with the subscription and information you have requested, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

If you have agreed to receiving customized offers and marketing, we will use information regarding your children’s age, gender and previous purchases in order to provide you with the best possible offers.

If you are a contact person for a company/organization, the legal basis for the information in the table below your personal data is that the processing is necessary in order to fulfil our legitimate interest to provide you with the information you have requested, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service

Categories of personal data
First name
Last name
Email address
Phone number
Company/organization

4.2. Answer your Questions and handle Feedback in General

Most of our websites provide functionality for the visitor to communicate with us to ask questions and give feedback regarding our services and business. Where you use such functionality COMPANY will processes your Personal data for the purposes of answering your questions and handle feedback from you. Personal data processed for these purposes include:

Categories of personal data
First name
Last name
Email address
Address
Phone number
Feedback and comments made by you

The legal basis for the above processing of your personal data is that the processing is necessary in order to fulfil our legitimate interest to answer questions and handle feedback from you, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.3. Create personal Website User and/or Ambassador accounts.

Some of COMPANY's websites allow users to set up a personal user account with log-in. For those websites and if you create a user account COMPANY will process your personal data for the purposes of creating and managing your personal user account, create your log-in and provide you with access to your account and manage your account settings. Personal data processed for these purposes include:

Categories of personal data
First name
Last name
Email address
Customer number
Phone number
Children’s age
Children’s gender
Purchase history
Your account settings (such as preferred language)

The legal basis for the above processing of your personal data is that the processing is necessary in order to fulfil our legitimate interest to create and manage your user account and fulfil the user account agreement with you, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service. Information marked with * on the website form we will not be in a position to provide you with the requested service.

4.4. Personal data for fulfilling Naty orders.

Naty may process your Personal Data for the purpose to fulfill the contract with you for your order and purchase. This includes processing your Personal Data to complete your purchase, delivery of the product and payment. Personal Data processed for these purposes include:

Categories of personal data
First name
Last name
Email address
Phone number
Children’s age
Children’s gender
Order information, articles and amounts
Payment information (such as credit card number)
Your account settings (such as preferred language)

Your Personal Data processed in accordance with this section 4.4 is processed on the basis of executing and delivering the services/products (i.e. your contract with us) which you have requested and to verify that the payment information is correct and to ensure that the payment information is not being used without your consent and to fulfill legal obligations (such as book keeping). To ensure that your credit, debit or charge card is not being used without your consent we will carry out certain credit and fraud checks and will validate name, address and other personal information that you give to us during the “checkout” process. The checks performed are Consistency (e.g. non-matching card security code, card holder is only one wor and shopper country differs from issuing country), Velocity (e.g. payments attempted from a certain IP or email address and how many times a credit card has been used) and Referral (e.g. card numbers used in fraudulent transactions and IP addresses from which fraudulent transactions are submitted) The third party databases/tools used are for example 3D Secure, AVS, SCHUFA and CVC-CVV result testing.

4.5. Establish, exercise and defend legal claims.

COMPANY may process your Personal data for the purposes of establishing, exercising and defending legal claims in the un-likely event of a dispute between you and COMPANY. Personal data processed for these purposes include:

Categories of personal data
First name
Last name
Email address
Other information as necessary for the purpose

The legal basis for the above processing of your personal data is that the processing is necessary in order to fulfill our legitimate interest to establish, exercise and defend legal claims, article 6.1 f) GDPR.

5. For how long do we keep your personal data

COMPANY will retain Personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by local law to which COMPANY is subject. We are using the following criteria to establish our retention period: (i) as long as we have an ongoing relationship with you (either as an individual or in your capacity as employed by one of our corporate customers, suppliers or co-operations partners) up to a time period of 36 months and for the purpose of using purchase history information in order to share offers and campaigns with you; (ii) as required by legal obligations to which COMPANY is subject (such as tax and accounting obligations) up to a time period of 36 months; and (iii) as advisable in light of our legal position in order to exercise, establish and defend legal claims (such as applicable statutes of limitations regarding claims for faulty products).

6. Disclosure and transfer of Personal data.

Recipients

Recipient Purpose of transfer Legal basis
Courts and outside counsels In order to exercise, establish or defend legal claims To fulfill ours and yours legitimate interest to have disputes settled by competent courts.
Payment application/software company Execute order payments To fulfill the contract with you
Public authorities We may disclose information if we are obliged to do so under applicable law (for tax and book-keeping purposes) Fulfillment of a legal obligation
Potential buyers of our business We may share information in connection with a potential acquisition, takeover or merger Our legitimate interest to execute an acquisition, takeover or merger

Data processors acting on behalf of COMPANY

Moreover, COMPANY may disclose Personal data to external parties, such as vendors and service providers which process Personal data under the instructions of COMPANY. Where such disclosure entails transfers of Personal data outside the EU/EEA, COMPANY will ensure that SCCs have been entered into between the transferring COMPANY entity and the receiving external party. Alternatively, other safeguards will be put in place prior to such transfers.

Recipient Purpose of transfer Legal basis
COMPANY warehouse and logistic partners/transporters In order to execute your orders In order to execute your orders
IT providers In order to execute your orders In order to enable execution of your orders

Appropriate Safe Guards to countries outside the EU/EEA-area

You are Applicable Data Privacy Law upon request entitled receive a copy of any documentation demonstrating that appropriate safeguards have been taken in order to protect your Personal data during a transfer outside the EU/EEA. Countries outside of EU/EEA are the US, Canada and Australia

7. Security

7.1 We will ensure that the access to your data is accurately secured by applying appropriate safeguards, depending on the circumstances taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk. In support of this commitment, we have implemented appropriate technical, physical and organizational measures to protect your personal data against: unauthorized or accidental destruction, alteration or disclosure; misuse; damage; theft or accidental loss; or unauthorized access.

8. Your rights

8.1. Right of rectification

COMPANY will take steps in accordance with Applicable Data Privacy Law to keep your Personal data accurate, complete and up-to-date. If you identify that any Personal data related to you is inadequate, incomplete or incorrect, you are entitled to have the Personal data corrected.

Moreover, you also have the right to request access to the Personal data that we process about you.

8.2 Further rights as of 25th May 2018

As of 25th May 2018, you are also under Applicable Data Privacy Law in addition to rectification entitled to:

(i) Access
You may request confirmation whether or not Personal data is processed and if that is the case access to your Personal data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the Personal data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise.

(ii) Object to certain processing
You may object to processing of your Personal data processed on the basis of a legitimate interest, on grounds relating to your particular situation and to processing for direct marketing purposes. If you have opted to receive a subscription by email each email will include an easy accessible opt-out function where you may de-register from further communication.

(iii) Erasure
You may have your Personal data erased under certain circumstances such as when your Personal data it is no longer needed for the purposes for which it was collected.

(iv) Restriction of processing
You may ask us to restrict the processing of your Personal data to only comprise storage of your Personal data under certain circumstances such when the processing is unlawful, but you do not want your Personal data erased.

(v) Withdrawal of consent
You have the right to at any time withdraw your consent to processing of Personal data to the extent the processing is based on your consent.

(vi) Data Portability
You may ask to receive a machine-readable copy of the Personal data processed on the basis of your consent or on the basis that the processing is necessary in order to perform an agreement with you, and which Personal data have been provided to COMPANY by you (data portability) as ask for the information to be transferred to another data controller (where possible).

8.3 Complaints to the supervisory authority

You acknowledge that you always have the right to lodge complaints pertaining to the processing of your Personal data to the competent data protection authority if so provided under Applicable Data Privacy Law. The data protection authority can be reached here.

9. Contact information

If you have any questions or concerns regarding the processing of your Personal data or wish to exercise any of your rights, please contact COMPANY on the contact details set forth below.

The data controller for Personal data is Naty AB, registration no 556487-2223
Swedenborgsgatan 20A
118 27 Stockholm
Sweden
email: dataprotection@ecobynaty.com
+46 8 644 9696