Privacy Policy for Haypp.com
Privacy Notice
Updated: 2 January 2024
In this privacy notice (the 'Notice') we describe how we collect, use, and share your personal data when using our websites, digital channels, making a purchase, when you communicate with us, for example when contacting customers service, and when you participate in contests and other activities that we arrange.
Personal data means any information that, directly or indirectly, identify you, for example your name or your IP address.
It is important to us that you feel comfortable with how we process your personal data. We take measures to ensure that your personal data is protected and that our use of personal data complies with applicable regulations and laws and our internal procedures and routines.
We never sell your personal data to any third party without your consent.
To make it easy for you to find the information you are looking for we have divided the information in this Notice into the following sections. You can click on the relevant section in the list below to jump directly to the section in question.
1. WHO IS RESPONSIBLE FOR THE USE OF YOUR PERSONAL DATA?
The company that you interact with is, as a starting point, responsible for its own use of your personal data. In this Notice 'we', ' our' and 'us' refer to the relevant company that is responsible for the use of your personal data.
Snusbolaget Norden AB is, however, responsible together (joint controllers) with the relevant company for the use of your personal data to communicate and send offers to you in various channels and to carry out analysis for customer insights. To ensure that your personal data is covered is safeguarded the relevant group companies have entered into an agreement which includes an arrangement which governs the use of personal data. For information regarding the essence of the arrangement, please contact our data protection office. Contact details to our data protection officer can be found in section 11 below.
In the table below, we have outlined the companies that are covered by this Notice and their respective websites. For the sake of clarity, we have also included information regarding to which counties each company delivers its products. Please see section 11 for contact information to each company.
Company | Website | Delivery Countries |
---|---|---|
Haypp Limited (reg. no. 13876184) |
| The United Kingdom of Great Britain and Northern Ireland |
Snusbolaget Norden AB (reg. no. 556801-3683) |
| Sweden, Germany and Switzerland |
Haypp GmbH (HRB 729097) |
| Germany |
Snushjem.no AS (reg. no. 919 649 585) |
| Norway |
Contact details to the companies can be found in section 11 below.
2. WHICH PERSONAL DATA DO WE COLLECT?
We only collect the personal data that we need.
We collect and process the following categories of personal data, but which personal data that we collect about you in particular depends on how you interact with us:
- · Identity information. Information that makes it possible to identify you, for example your name.
- · Contact information. Information that makes it possible to contact you, for example your address, e-mail address and telephone number.
- · Order and delivery information. Information about your order and chosen shipping method, for example the product, purchase price, order date and shipping method.
- · User generated information. Information regarding your activity and use of our websites, digital channels, and services, for example clicks and visits and your behaviour when using the websites and our digital channels.
- · Profile information. Information regarding your profile, for example your gender and age.
- · Communication. Contents of communication with us, for example contents in e-mail communication with customer service or the responses you provide when participating in a market survey.
- · Technical information. Technical information about the device that you use when visiting our websites and digital channels, for example type of device, version of browser and operating system.
3. FROM WHERE DO WE COLLECT PERSONAL DATA?
We collect personal data from the following sources:
- · Yourself. When you make a purchase on the website, use our websites and other digital channels, contact customer service or participate in a market survey we collect personal data about you.
- · Payment service providers. When you make a purchase on the website, we collect for example identity information, contact information and order and delivery information that the payment service provider shares with us.
- · Couriers and shipping companies. To ensure that your delivery has arrived or to track your shipment we collect order and delivery information that the couriers and shipping companies that we collaborate with share with us.
- · Group companies. The companies within the group collaborate with each other and therefore shares information for example in order to communicate and send offers in various channels.
- · Partners. We collaborate with different companies, for example marketing platforms, and collect the personal data that they share with us to manage the relationship with the partner.
- · Social network platforms. If you visit our channels on social network platforms, we collect the personal data that you provide to us when using these channels.
- · External information services. We supplement the personal data that we collect about you with information from external information services. This in order to communicate and send offers in various channels, to carry out analysis for customer insights and to carry out age verification.
4. WHY DO WE USE YOUR PERSONAL DATA?
Below we further explain the purposes with our use of personal data and provide examples of processing activities carried out for respective purpose. Please note that not all processing activities may apply to you. Which processing activities that you are covered by depend on how you interact with us.
To read more about which categories of personal data, which legal basis that we rely on for the use of your personal data for each purpose and for how long your personal data is stored, please see in section 12 below.
Manage your order or subscription
We use your personal data to manage your order on our website, for example to process your order, communicate with you regarding the order and to handle any complaints. We also use your personal data to manage a subscription that you have ordered, for example to process the subscription and communicate with you regarding the subscription. You need to provide the information that we have requested when you place your order, since the information that we request is necessary in order to process your order. If you do not provide the information that we have requested, we unfortunately cannot process your order.Provide services on our websites
We also use your personal data to provide services on our websites, for example to register your user account and give you access to my account on the website.Respond to questions and provide customer service
If you contact us for example by e-mail or phone, we use the personal data that share with us to respond to your questions or to provide customer service.Communicate and send offers in various channels
We use your personal data to send offers and personalized communications to you from us and our partners in various digital channels, for example by e-mail or on social media platforms. You can at any time unsubscribe from communications by clicking on the unsubscribe link in the mailing or by contacting customer service. To communicate relevant information and offers, we may profile your personal data by analysing previous purchases and your use of our websites, digital channels and services.We also share your personal data for this purpose with social network platforms and marketing platforms. Please see section 6 below for further information on which recipients that we share personal data with.
Carry out analysis for customer insights
We use your personal data to carry out analysis for customer insights on an aggregated level. This in order to obtain a better understanding and insight into our customers' buying behaviour and buying patterns. For this purpose, we can also supplement your personal data with information collected from external information services. We do not profile your personal data for this purpose since analysis is made using aggregated information. We share anonymised customer insights which do not include any personal data about you with manufacturers and partners for their use in their businesses.Provide newsletter
We use your personal data to provide our newsletter, for example to send out the newsletter and manage your subscription. You can at any time unsubscribe from the newsletter by clicking on the unsubscribe link in the newsletter or by contacting customer service.Follow-up and analyse the business
We use your personal data to compile reports on an aggregated level and statistics to follow-up and analyse the business. By way of example, we compile order and delivery information to ensure that we your products in stock and to understand which products that are more popular than other products. We do not profile your personal data for this purpose.Carry out contests, events and other activities
If you participate in a contest, event or another activity that we arrange, we use your personal data to carry out the contest, event or activity, for example to register your participation, to communicate with you regarding the activity and, where applicable, publish information on winners on our websites and in our digital channels.Carry out market surveys
If you choose to participate in a market survey that we carry out we collect the personal data that you provide in connection with the survey. Market surveys help us better understand your shopping experience and your experience of our service. Your opinions about our business, products and services are important to us. You can unsubscribe from mailing at any time by clicking on the unsubscribe link in the mailing or by contacting customer service.Develop and improve the business
We use your personal data when we carry out analysis on an aggregated level to develop and improve the business, our business methods and business strategies. This in order to enable us to continuously provide an even better shopping experience and customer service. We do not profile your personal data for this purpose.Follow-up and analyse the use of our websites and digital channels
It is important for us to understand how our websites and digital channels are used. We therefore use your personal data for this purpose, for example when we collect and analyse visitor and user statistics on how our website, digital channels and our services are used.Enable functionality on our websites
To enable functionality on our website, for example to remember your settings, we use where necessary your personal data. This in order to provide you with a better user experience on the website.Manage the relationship with partners
We use your personal data to manage our relationship with partners, for example marketing platforms. This, for example, to pay commission to the partners on purchases generated through marketing using the partner's platform. For the same purpose, we share personal data with our partners. Please see section 6 below for further information on which recipients that we share personal data with.Ensure technical functionality and security
We use your personal data to ensure necessary technical functionality and security of our websites and services, for example for security logging, error handling, and backups.Manage and defend legal claims
If needed, we use your personal data to manage and defend legal claims for example in connection with a dispute or court proceeding. For this purpose, we share personal data, when needed, with other recipients, please see section 6 below.Fulfill legal obligations
To fulfil our legal obligations, if necessary, we will use your personal data, for example, in order to fulfil accounting or data protection obligations, carry out age checks and for product liability and product safety. For this purpose, we may share certain information with other recipients. Please see section 6 below for more information.5. BASED ON WHICH LEGAL BASES DO WE USE YOUR PERSONAL DATA?
In order for the use of your personal to be lawful there must be a legal basis for the processing. Below we describe the legal bases that we rely on when processing your personal data. To read more about the legal basis that we rely on for the use of your personal data for each purpose, please see our detailed information on our use of personal data in section 12 below.
- · Legal obligation. When we need your personal data to comply with a legal obligation which we are subject to, for example to fulfill age checks or accounting requirements, the processing of your personal data is carried out based on this legal basis.
- · Performance of a contract. When we need your personal data to perform a contract with you, e.g. our terms of purchase to process your order, the processing of your personal data is carried out based on this legal basis.
- · Legitimate interest. In certain cases, we have made the assessment that we have a legitimate interest of processing your personal data and that this legitimate interest – under a balancing of interest test – outweighs your interest of not having your personal data processed, for example to communicate with you or to follow-up and analyse the business. In such a case our processing of your personal data is carried out to satisfy our legitimate interest. You have the right to object to processing of personal data carried out based on our legitimate interest, please see section 7 below.
- · Consent. When you have given your consent to our processing of your personal data, for example if you accept our use of cookies and similar technologies, the processing is carried out based on your consent. You have the right to withdraw your consent at any time, please see section 7 below.
6. WHICH RECIPIENTS DO WE SHARE PERSONAL DATA WITH?
To read more about why and based on which legal basis we share your personal data with different recipients, please see our detailed information on our use of personal data in section 12 below.
We share personal data with:
Service providers
To process personal data for the proposes described in this Notice, we share personal data with service providers that we have engaged. These service providers provide, for example, IT services (e.g. storage), communication services (which enable us to send you messages and newsletters) and warehousing services. When the service providers process personal data on our behalf, they act as data processors for us, and we are responsible for the processing of your personal data. They must not use your personal data for their own purposes and are contractually and legally obliged to protect your personal data.Payment service providers
We use payment service providers to process your payment when you make an order on our websites and therefore share personal data with them for the same purpose.Couriers and shipping companies
To process your order and deliver your ordered goods to you we share personal data with the couriers and shipping companies that we have engaged to carry out the transport of the goods.Group companies
The companies with the group collaborate and therefore share personal data with each other, for example to communicate and send offers in various channels. Snusbolaget Norden AB is responsible together (joint controller) with the relevant group company for the use of your personal to communicate and send offers in various channels.Social network and marketing platforms
To communicate and provide personalised offers in our digital channels and on other websites we share personal data with social network and marketing platforms.When we automatically share personal data with these platforms we are, where applicable, jointly responsible together with the relevant social network or marketing platform for the collection and transfer of your personal data using cookies and similar technologies. We and the relevant platform is are, however, independently responsible for the subsequent use of your personal data. We have entered into specific arrangements with the platforms which outline the roles and responsibility of us and the relevant platform in relation to the use of your personal data. You have the right to receive information on the essence of these arrangements. Contact our data protection officer to obtain this information, please see section 11 below for contact details. Please also see our detailed information on our use of personal data in section 12 below for more information about the recipients with whom we are jointly responsible for the use of your personal data.
Partners
To manage the relationship with the partner we share personal data with them for the same purpose. As an example, we share personal data with marketing platforms that we cooperate with to pay correct commission on purchases generated through marketing made with the partner's platform.Other recipients
If needed, we share your personal data with other recipients for the following purposes:
- · to manage a merger or sale of the business,
- · to manage and defend legal claims and rights,
- · to fulfil legal obligations,
- · to respond to a request, and
- · to protect and ensure the safety of our staff.
Examples of recipients are external advisors, public authorities, courts, law enforcement, and potential buyers and sellers should we sell the business.
7. WHICH RIGHTS DO YOU HAVE?
You have certain right rights under applicable data protection laws in relation to the personal data that we have collected about you.
You have the right to:
- · Request access to and a copy of your personal data. You can view certain personal data that we have store about you by accessing my account.
- · Request rectification of your personal data that is incorrect or incomplete.
- · Withdraw your consent to our use of your personal data that is based on your consent.
- · Request erasure of your personal data in some circumstances, but not in cases where we, for example, are legally obligated to keep your personal data.
- · Unsubscribe from marketing communications which you for example can do by clicking on an unsubscribe link in the communication. Where applicable you can unsubscribe from communication in Your account.
- · Request restriction of your personal data in certain circumstances and you can then, at least for a certain period of time, prevent us from using your personal data for other purposes that for example to manage and defend a legal claim or to comply with legal obligations that we are subject to.
- · Object to the processing of your personal data that is based on our or another party's legitimate interest for reasons related to your specific situation and if we cannot show that we have a compelling reason for our use of personal data we will stop using your personal data for the relevant purpose.
- · Transfer your personal data (data portability) under certain circumstances by requesting a copy of your personal data that you have provided to us in a structured format that you can transfer to another recipient.
In order to exercise your rights, please contact customer service for the relevant company. Please see section 11 below for contact details.
8. COOKIES AND OTHER TECHNOLOGIES
9. WHERE WE PROCESS PERSONAL DATA
To ensure that the personal data is protected, we ensure that there are adequate safeguards in place with the service providers that process your personal data outside the EU/EEA area in light of the laws of the receiving country, for example data transfer agreements which include standard data protection clauses for transfers of personal data in addition to, if needed, supplementary measures.
10. UPDATES TO THIS NOTICE
We will in such case notify you in advance by appropriate means, for example by showing a message on the website or by e-mail. The latest version of the Notice is always available on this page and the date the Notice was last updated is stated above.
11. ANY QUESTIONS?
If you have questions about this Notice, our use of your personal data or if you wish to exercise your rights, please contact our customer service, please see contact details below.
Country | Address | Contact Details |
---|---|---|
Norway | Sweden House, 5 Upper Montagu Street, London, W1H 2AG UK |
|
Snusbolaget Norden AB | Östgötagatan 12 116 25 Stockholm Sweden |
|
Haypp GmbH | c/o Schmeding & Hoffman Max-Brauer-Allee 52 22765 Hamburg Germany |
|
Snushjem.no AS | Kabelgata 39C 0581 Oslo, Norway |
|
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country. Below we have outlined the data protection authority that is responsible for supervising our use of personal data in the countries to which we deliver our products. Contact details for each data protection authority can be found on the data protection authorities' websites.
Country | Data Protection Authority | Website |
---|---|---|
Norway | Datatilsynet | datatilsynet.no/ |
Switzerland | Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB) | edoeb.admin.ch/ |
Sweden | Swedish Authority for Privacy Protection (IMY) | imy.se |
Germany | Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BFDI) | bfdi.bund.de/ |
United Kingdom | Information Commissioner's Office (ICO) | ico.org.uk/ |
12. DETAILED INFORMATION ON OUR USE OF PERSONAL DATA
Why and how we use personal data
Please find below detailed information regarding our use of personal data, including the categories of personal data used, the legal basis for the use and for how long the personal data is stored.
Purpose | Personal Data | Legal Basis | Storage Period |
---|---|---|---|
Manage your order or subscription |
| Performance of a contract. The processing is necessary in order to fulfill the contract with you pursuant to our terms and conditions. | Personal data is stored until the order has been processed, including delivery and payment, and for a period of 36 months thereafter to manage complaints and warranty matters or the longer period thereafter that is necessary to handle the complaint or the warranty matter. |
Provide services on our websites |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of providing services on our websites. Consent. If you have given your consent to our use of cookies and similar technologies for this purpose, the use of your personal data that has been collected using cookies and similar technologies is based on your consent. | Personal data is stored as long as you have an active customer relationship and for a period of six (6) months thereafter for this purpose. Your customer relationship is active if you have interacted with us, e.g. made a purchase or contacted customer service, during the last twelve-month period. This means that your personal data is stored for this purpose for a maximum period of 18 months without any activity. |
Respond to questions and provide customer service |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of responding to questions and providing customer service. | Personal data is stored for this purpose as long as you have an active customer relationship, however, up to a maximum of 18 months from the date of the completion of the matter. Personal data published in digital channels, for example in our social media feeds is, as a starting point, retained until further notice. |
Communicate and send offers in various channels |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of communicating and sending offers in various channels. Consent. If you have given your consent to our use of cookies and similar technologies for this purpose, the processing of your personal data which is collected using cookies and similar technologies is based on your consent. | Personal data is stored for this purpose as long you have an active customer relationship and for a period of 12 months thereafter for this purpose. Your customer relationship is active if you have interacted with us, e.g. made a purchase or contacted customer service, during the last twelve-month period. This means that your personal data for this purpose is stored for a maximum period of 24 months without any activity. Order and delivery information is, however, stored for a period of up to 27 months calculated from the date of collection for this purpose. |
Carry out analysis for customer insights |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of carrying out analysis for customer insights. | Personal data is stored for this purpose for a period of 27 months calculated from the date of collection. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted. |
Provide newsletter |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of providing our newsletter to you when you have registered for the newsletter. | Personal data is stored as long as you have an active customer relationship and for a period of six (6) months thereafter for this purpose. Your customer relationship is active if you have interacted with us, e.g. made a purchase or contacted customer service, during the last twelve-month period. This means that your personal data is stored for this purpose for a maximum period of 18 months without any activity. |
Follow-up and analyse the business |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of follow-up on and analysing the business. | Personal data is stored for this purpose for a period of 27 months calculated from the date of collection. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted. |
Carry out contests, events and other activities |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of carrying out the contest, event, or the activity in question. | Personal data is stored for this purpose during the time the activity is carried out and for a period of 26 months calculated from the date of the activity to satisfy our legitimate interest of follow-up on the participation, evaluate the activity and for planning potential future activities. Thereafter the personal data will be anonymised. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted. |
Carry out market surveys |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of carrying out market surveys for the purpose of collecting your opinions about our business, products, and services. | Personal data is stored for this purpose during the period the survey is carried out and for a period of three (3) months thereafter to compile the responses in a report. Thereafter the personal data will be anonymised. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted. |
Develop and improve the business |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of developing and improving the business. | Personal data is stored for this purpose for a period of 27 months from the date of collection. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted. |
Follow-up and analyse the use of our websites and digital channels |
| Consent. The processing is carried out based on the consent that you provide when accepting our use of cookies and similar technologies for the same purpose. | For information on how long your personal data is stored for this purpose, please see our information on our use of cookies. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted. |
Enable functionality on our websites |
| Consent. The processing is carried out based on the consent that you provide when accepting our use of cookies and similar technologies for the same purpose. | For information on how long your personal data is stored for this purpose, please see our information on our use of cookies. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted. |
Manage the relationships with partners |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of managing the relationship with our partners, e.g. marketing platforms that we collaborate with. | Personal data is stored for this purpose as long as there is an active relationship and for a period of ten (10) years thereafter to satisfy our legitimate interest of managing and defending legal claims. |
Ensure technical functionality and security |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of ensuring technical functionality and security of our websites and services. | Personal data is stored for the same period as stated in relation to each relevant purpose of the processing. Personal data in logs is retained in order to satisfy our legitimate interest of troubleshooting and incident management for a period of 13 months from the date and time of the log entry. Personal data in backups are stored for a period of 13 months from the date of the backup. |
Manage and defend legal claims |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of managing and defending legal claims. | Personal data is stored for the period required in order for us to manage and defend the legal claim in the individual case |
Fulfill legal obligations |
| Fulfill legal obligation. The processing is necessary in order to fulfill legal obligations that we are subject to. Legitimate interest . The processing is necessary in order to comply with the legal obligation not to sell products to minors. | Personal data is stored for such period that is necessary in order for us to fulfill each legal obligation that we are subject to and for a period of ten (10) years thereafter to satisfy our legitimate interest of managing and defending legal claims and for the period necessary to manage such a claim. As an example, personal data in accounting material is stored for 7 years calculated from the end of the calendar year in which the relevant financial year ended in order for us to fulfil our legal obligations (bookkeeping and accounting requirements in the Swedish Accounting Act (1999:1078)). |
Why and with whom we share personal data
Please find below detailed information regarding which categories of personal data we share with other recipients and the legal basis for the transfer.
Recipient | Purpose | Personal Data | Legal Basis |
---|---|---|---|
Payment service providers | Manage your order or subscription |
| Performance of a contract. The processing is necessary in order to fulfill the contract with you pursuant to our terms and conditions. |
Couriers and shipping companies | Manage your order or subscription |
| Performance of a contract. The processing is necessary in order to fulfill the contract with you pursuant to our terms and conditions. |
Social networks and marketing platforms | Communicate and send offers in various channels |
| Consent. The processing is carried out based on the consent that you provide when accepting our use of cookies and similar technologies for the same purpose. |
Partners | Manage the relationship with the partner |
| Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of managing our relationship with our partners. |
Other recipients
Recipient | Personal Data | Legal Basis | |
---|---|---|---|
Manage a merger or scale of the business | Only the personal data that is necessary for this purpose is shared with the recipient. | Legitimate interest. The processing is necessary in order for us to satisfy our and the buyer's legitimate interest of completing the sale or merger. | |
Manage and defend legal claims | Only the personal data that is necessary for this purpose is shared with the recipient. | Legitimate interest. The processing is necessary in order for us to satisfy our legitimate interest of managing and defending legal claims. | |
Fulfil legal obligations | Only the personal data that is necessary for this purpose is shared with the recipient. | Legitimate interest or to fulfil a legal obligation. The processing is necessary in order for us to comply with our legal obligations. Otherwise, the processing is based on a balance of interests where it is necessary to satisfy our obligation to comply with legal requirements.
| |
Respond to a request | Only the personal data that is necessary for this purpose is shared with the recipient. | Legitimate interest or to fulfil a legal obligation. To the extent that we are obligated to respond to a request, personal data is used to fulfil this legal obligation. Otherwise, the processing is based on a balance of interests where it is necessary to satisfy our and the requester's legitimate interest in responding to the request.
| |
Protect and ensure the safety of our staff | Only the personal data that is necessary for this purpose, for example to notify an incident to law enforcement. | Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of protecting and ensuring the security of our staff.
|
Recipients that We Are Jointly Responsible With
As noted in section 6 are we jointly responsible for the use of your personal data with certain recipients that we share your personal data with.
Recipient | Information |
---|---|
Facebook Ireland Limited
Grand Canal Square, Grand Canal Harbour, Dublin | Information regarding Facebook Ireland's use of your personal data, including their legal basis and the ways that you can exercise your rights against Facebook Ireland can be found in their Data Policy available at https://www.facebook.com/about/privacy We and Facebook Ireland have entered into a joint controller addendum to determine the respective responsibilities in relation to the use of your personal data for which we and Facebook Ireland is jointly responsible, please see https://www.facebook.com/legal/controller_addendum
|