PRIVACY POLICY

On 25 May 2018, the EU Data Protection Regulation, the GDPR, entered into force. The GDPR sets high demands on how we as a company process your personal data and it gives you certain rights to influence how we handle your personal data. In this privacy policy, which was last updated on 28 February 2022, you can read more about how we process your personal data.

WHAT IS PERSONAL DATA?

Personal data is data through which we can directly or indirectly identify you, e.g. your name, email or phone number.

WHAT IS PROCESSING OF PERSONAL DATA?

Everything we do with your personal data, such as storage, collection, registration, processing and deletion, is according to applicable laws and regulations, considered to be processing.

WHICH TYPES OF PERSONAL DATA DO WE PROCESS?

Bama Nordic AB (in the following referred to as “Bama Nordic”) processes different types of personal data depending on which of our services you use. Examples of such personal data are name, e-mail, address and telephone number.

WHAT IS BAMA NORDIC’S ROLE?

In order for us to be able to provide our services and products to you, we need to process your personal data. Below are examples of when we process your personal data and on what legal ground we do this.

The processing that we perform is based on of the following legal grounds:

  • The processing of your personal data is necessary for us to be able to answer questions and suggestions that you send to us. For this process, we use the legal ground consent.
  • The processing of your personal data is necessary for us to be able to fulfil an agreement with you, e.g. when selling and delivering profile products. For this process, we use the legal ground agreement.
  • The processing of your personal data is necessary for us to be able to give you the best possible experience of our website. After a weighing of interests, we have assessed that our interest in processing your personal data outweighs your right to privacy protection in these cases.

HOW DO WE COLLECT PERSONAL DATA?

We primarily collect personal data in connection with you contacting us with questions, suggestions, orders or similar. We also collect data through our websites by using cookies that collect information from your browser to give you the best user experience possible and for targeted marketing. You can find more information about our use of cookies in our cookie policy.

We will of course protect all collected data in accordance with current rules and regulations and thin data (by deletion or anonymization) according to our routines.

FOR HOW LONG DO WE RETAIN PERSONAL DATA?

The general rule is that we retain personal data only as long as we need it to answer questions and inquiries from you and deliver orders you place. We sort through and delete personal data continuously. We may need to retain personal data that is attributable to a financial transaction between us (e.g. if you buy products from us) for longer, due to the rules of the Swedish Accounting Act. In such cases, the legal ground is that we have a legal obligation.

WHOM WE SHARE INFORMATION WITH

We only share information if it is required for us to perform the processing of personal data that we need to provide our services to you as a customer. We never sell your personal data to others.

SERVICE PROVIDERS WHO PROCESS PERSONAL DATA ON OUR BEHALF

We may employ third party companies and individuals (collectively referred to as “data processors”) to facilitate our services, to provide our services on our behalf, to perform service-related services or to assist us in analyzing how our services are used.

When we use data processors to process personal data on our behalf, we always sign data processing agreements with the processor to ensure that the processor meets international security standards. The agreement also states that the processor may only process personal data for the specific purposes that we decide and on specific instructions from us.

Our data processors are not allowed to do anything with your personal information that we have not explicitly instructed them to do. We also require that the data processor’s processing of personal data must be secure and correct.

TRANSFERRAL TO PROCESSORS IN THIRD COUNTRIES

We do not transfer your personal data to processors located outside the EU/EEA, so-called ”third countries”. If you want to read more about transfers to third countries, you can find information on the Swedish Authority for Privacy Protection’s (IMY) website, www.imy.se.

YOUR RIGHTS UNDER THE GDPR

If you are in the European Economic Area (EEA), you have the following data protection rights:

  • The right to information about and access to the personal data we have about you.
  • The right of rectification. You have the right to have your information rectified if the information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your personal data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to receive a copy of the information we have about you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests and that we will not be able to terminate our processing of your data if the processing is due to a legal obligation that we have (such as accounting).

If you believe that we process or have processed your personal data in violation of applicable privacy rules, we are of course happy to help you and ask you to report the matter to us as soon as possible (contact details can be found below). You can also file a complaint with the Swedish Privacy Protection Authority, IMY, which monitors the processing of personal data.

If you have suffered economic damages due to your personal data being processed in violation of applicable privacy rules, you may be entitled to compensation. In such cases, you may, upon a written request, seek compensation from us or bring an action for damages in court.

ENTITY RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA

Bama Nordic AB (Org. No. 559187-3228) is the entity responsible for the processing of your personal data (the controller) on bama.se. We decide for what purposes the processing takes place and how it is done.

Contact person: Stefan Grahn. Contact: stefan.grahn@bama.se
Phone: +46 42 24 96 31 Address: c/o BAMA NORDIC AB, Box 5052, 250 05 Helsingborg
More information about the protection of your personal data can be found on the Swedish Authority for Privacy Protection (IMY) website, www.imy.se.