Toteme recognizes the importance of protecting the privacy of your personal data. We have instituted strict policies and security measures to protect the information you provide us.
– Retail customers (customers in our stores)
– Etail customers (customers that shop online)
– Account holders (customers with a registered account on our website)
– Newsletter subscribers
2 WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
The Swedish company Toteme AB, reg. No. 556951-0182 (“Toteme” “We” “Us”), is the controller of your personal data. Toteme affiliated companies (including other companies within the Toteme group, joint ventures, franchisees and licensees) and selected suppliers may process your personal data on Toteme’s behalf and in accordance with Totemes’ instructions as stated below and are thereby processors of your personal data.
You may contact Toteme at any time, please find our contact details below.
Mail address: [ADDRESS]
Visiting address: [ADDRESS]
Phone: [PHONE NUMBER]
3 CATEGORIES OF DATA PROCESSED, PURPOSE AND LEGAL BASIS FOR PROCESSING
Below is a summary of the categories of data that we process, the purposes of processing the data and on what legal basis we are processing your data.
3.2 Retail Customers
If you make a purchase in one of our physical stores we may process your name, e-mail, and purchase history to provide customer service, process returns and give customer advice on any products you have bought [and send electronic receipts to you]. We will only collect the information if this is accepted by you. The legal basis for the processing is a balance of interests where our legitimate interest is to be able to provide customer service and facilitate the administration of returns, exchanges and complaints.
Your contact details may also be processed for direct marketing purposes, namely to keep you informed via e-mail or other messenger services of our products, special events or promotions. The legal basis for the processing is a balance of interests where our legitimate interest is to market our products to existing customers.
3.3 Etail Customers
When you purchase a product online your name, e-mail, phone number, shipping address and billing address (including street name, zip code, city and country) are used to process your order. The data is also processed so that Toteme can process any returns, exchanges, and complaints as well as communicating with you regarding any questions or comments you may have regarding the product(s). The phone number is collected so that we can send a text message to you when the product(s) have arrived at your pick-up place. The legal basis for the processing is that it is necessary in order for Toteme to fulfil its contractual obligations towards you.
You purchase history is also stored so that Toteme can process any returns, exchanges, and complaints as well as communicating with you regarding any questions or comments you may have regarding the product(s). the legal basis for the processing is a balancing of interests where Toteme’s legitimate interest is to facilitate the administration of returns, exchanges and complaints.
Information regarding returns are also stored for accounting purposes. This storing is based on a legal obligation.
Your contact details may also be processed for direct marketing purposes, namely to keep you informed via e-mail or other messenger services of products, special events or promotions. The legal basis for the processing is a balance of interests where our legitimate interest is to market our products to existing customers.
Payments made for purchases on Toteme’s website are processed by a third-party payment service and such third party is the controller of the credit card information and other information relating to the payment. Toteme does not collect or store any payment information.
3.4 Account Holders
You may sign up to be an Account Holder by subscribing to the services offered by Toteme to Account Holders. Signing up as an Account Holder is completely voluntary and is not a requirement for purchasing Toteme’s goods. When you subscribe to become an Account Holder, you will enter into an agreement with Toteme.
When you sign up to be an Account Holder, Toteme collects your name and e-mail to create and administer your account. Furthermore, your phone number and address (including street name, zip code, city and country) is collected and stored to make future purchases quicker and to provide you with relevant information regarding our products. Purchase history is stored to provide you with the possibility to review your purchases and returns and for us to send relevant information to you.
The legal basis for the processing of your data as an Account Holder is that it is necessary to fulfil a contractual obligation namely a service which includes (i) smoother order placements once you purchase a product online (ii) allowing you to access and review previous purchases and returns and (iii) access to relevant information regarding Toteme’s products.
Direct marketing or information may be sent to you as a member for as long as you remain a member. However, if your account has been inactive for three (3) years a request will be sent to you asking if you want to remain a member, if no confirmation is received Toteme will cease sending direct marketing.
3.5 Newsletter subscribers
If you have subscribed to our newsletters, we will use your e-mail to send out the newsletter. Your IP-address will also be collected in order to send marketing based on geographic location, such as country or city. The legal basis for this processing is that it is necessary to fulfil a contractual obligation, namely the providing of the newsletter. The newsletter will be sent to you until you unsubscribe to the service.
Direct marketing, other than the newsletter itself can be sent to newsletter subscribers on the same basis as Etail and Retail customers who are not Account Holders.
3.6 Anonymized data
It can be noted that we may also use anonymized data for statistical purposes.
4 DOES TOTEME SHARE YOUR INFORMATION WITH OTHERS?
Toteme does not sell or rent our customers’ personal data to any other entity.
We may share your data with affiliated companies including other companies within the Toteme group, joint ventures, franchisees and licensees. If you have subscribed as an Account Holder with Toteme, we may combine your data provided to us with data that you have provided to such affiliated companies, for the purpose of improving our services to you, and to enhance your shopping experience when visiting a Toteme store in another country than your residence. The legal basis for the processing is that it is necessary for Toteme’s performance of the services to Account Holders.
Toteme may also share your data with selected suppliers who perform functions on our behalf such as fulfilling orders and delivery of orders, processing payments, carrying out promotional services or data management, to maintain our website, to distribute e-mails, to send out our newsletter, to provide client communications and to manage our customer database. As necessary, the personal data you provide to us may be processed by these third parties, solely on Toteme’s behalf and in accordance with Toteme’s instructions as data processors. We do not authorize any of our suppliers to make any other use of your personal data.
If Toteme and/or its subsidiaries are subject to an actual or potential merger or acquisition or similar transaction, we may share your data with potential and actual buyer(s) and their financial and legal advisers, subject to such third parties undertaking appropriate confidentiality.
Toteme may also disclose your personal data to a public authority where Toteme is obligated to do so by law. In the event all or part of Toteme’s operations are sold, Toteme may transfer your personal data to a potential purchaser of the business.
5 TRANSFER OUTSIDE OF THE EU/EES
We may share your data with our selected suppliers, who may process your data in countries both inside and outside of the EU/EES when performing functions on our behalf as set out in section 4 above.
If you have subscribed as an Account Holder with Toteme, we will share your contact details and information on previous purchases and shopping preferences with our affiliated companies both inside and outside of the EU/EEA (please see further under section 4).
Please note that countries outside of the EU/EEA may not provide an adequate level of protection for your personal data. Toteme has however taken appropriate safeguards to ensure that the receiving parties of your data in countries outside of the EU/EEA shall provide an adequate protection of your data. Such safeguards may be that the receiving party has joined the Privacy Shield (if the receiving party is a company established in the United States) or that the receiving party has signed so called standard data protection clauses adopted by the EU Commission. Please contact us at [INSERT CONTACT DETAILS] if you want further information on what safeguards have been taken and if you want a copy of such safeguards.
6 HOW LONG DO WE KEEP YOUR DATA?
Notwithstanding anything to the contrary herein, Toteme reserves the right to keep and process your personal data in accordance with this policy to the extent necessary to perform our contractual obligations to you, and to the extent we are required to process your data by law or in order to defend ourselves in a dispute, to prevent fraud or abuse, or to enforce our Terms and Conditions.
6.2 Retail and Etail Customers
Your e-mail may be saved for up to 12 months from the last purchase for direct marketing purposes, subject to your ongoing right to opt-out. Thereafter it shall be deleted.
Purchase history (i.e. name, contact information and purchase data) will be stored during the return and exchange period for the purpose of administrating returns and exchanges.
If you make a complaint Toteme may save your data to the extent necessary to handle the complaint. Toteme may also save the complaint information as such for the remaining period under which the customer is entitled to make a complaint in order to prevent a customer from filing two complaints and being compensated twice for the same defect.
The information regarding return for accounting purposes shall be stored as long as legally required by applicable law.
6.3 Account holder
If an account has not made any purchases or logged into its account during a consecutive period of 36 months Toteme will contact the you and ask whether the you wish to keep the account. Unless the you confirm that you want to keep the account, the data in the account will be deleted unless we need to keep it for other purposes that are legally justifiable.
6.4 Newsletter subscribers
The information can be saved as long as you do not unsubscribe from the newsletter but no longer than three years from the subscription date, unless you confirm that you want to keep receiving the newsletter.
7 YOUR DATA SUBJECT RIGHTS
In this section 7, we have summarized your data subject rights to request access, portability, rectification, erasure of your personal data, to restrict the processing of your personal data, to object to processing, and your right to lodge a complaint with the supervisory authority.
If you want to exercise your rights, please send us an e-mail to [E-MAIL ADDRESS]. Please note however that if you want to lodge a complaint with the supervisory authority, you need to contact the authority directly.
Right of access
You have the right to obtain confirmation of whether personal data concerning yourself are being processed and, where that is the case, access to the personal data and information regarding, inter alia, the purpose of processing, the categories of personal data concerned, the categories of recipients to whom your data have been or will be disclosed, and the envisaged period of time for which personal data will be stored (or the criteria for determining this).
Right of rectification
You have the right to request rectification of inaccurate personal data concerning yourself, and to complete incomplete data.
Right of erasure
Under certain circumstances you are entitled to request that we erase your personal data or restrict our processing of your data, namely in the following events.
– When it is no longer necessary for us to process your data taking into consideration the purposes for which it was collected.
– When our processing is based on your consent and you have withdrawn your consent, and there is no other legal basis for the processing of your data.
– When our processing of your data is based on a legitimate interest legal basis and you object to such processing, and there is no overriding legitimate ground for our processing.
– When you have objected to our processing of your data for direct marketing purposes.
– When your personal data has been unlawfully processed.
– When the personal data must be erased for compliance with a legal obligation that applies to us.
– When the personal data collected concerns a child (under 13 years of age) in relation to the offer of information society services.
Right to objection – direct marketing and profiling
You have the right to object at any time to our processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If you object to our processing of your personal data for direct marketing purposes, including profiling, we will cease such processing of your data.
If our processing is based on your consent or if the processing is necessary for our performance of a contract with you, you have the right to request that the data which you have provided to us shall be provided to you in a structured, commonly used and machine-readable format and you also have the right to transmit such data to another controller.
Right to lodge a complaint with supervisory authority
Please note that if you consider the processing of your data to be in violation of applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or the place of the alleged infringement (see http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).
8 HOW DO I UNSUBSCRIBE FROM TOTEME’S NEWSLETTERS AND E-MAILS?
If you no longer wish to receive our newsletters or other e-mails, you can unsubscribe as indicated in the particular communication, i.e. by using the unsubscribe link which is included on all newsletters and other e-mails. You may also contact us at [E-MAIL ADDRESS]
9 IS IT MANDATORY TO PROVIDE PERSONAL DATA?
Certain personal data is required to provide in order for you to access certain services. For example, to create an account on the website. The provision of mandatory data is necessary for Toteme to be able to fulfil our contractual obligation to you, for example processing your order, or fulfilling the account services.
When you purchase our products in our physical stores, you do not have to provide any personal data.
10 CHILDREN’S PRIVACY AND LEGAL PURCHASE AGE
Toteme does not wish to collect personal information from anyone under the age of sixteen (16). If you are under eighteen (18), we require that you inform and get your parents’ or guardians’ consent before purchasing anything or provide any personal data to us at [WEBSITE] or any other website related to Toteme.
Last date for modification: [DAY] [MONTH] [YEAR]