How Sandviks AS processes your personal information
When you purchase goods, subscriptions, or use free services from Sandviks, you provide us with access to your personal information. The purpose of this document is to provide you with the best possible insight into what information we collect, why we collect it, and how we process it to protect your interests and rights.
In connection with the implementation of the EU General Data Protection Regulation, scheduled to be adopted on May 25, 2018, information about the processing of personal data should be provided in a “concise, transparent, intelligible, and easily accessible form, using clear and plain language.”
What personal information do we collect?
We collect information that we need to deliver goods or services you order from us in the best possible way and to communicate better with you. Additionally, we collect relevant statistics to improve our services.
We seek to achieve this through clear communication, your consent, and by providing you with easy access to limit the use of your information.
Personal information you provide to us directly
When you place an order with us, you provide us with information such as your name, contact information, and delivery information.
All your purchases are stored to comply with payment follow-up, as well as accounting regulations and documentation.
Many of our services involve deliveries based on information about family situations such as pregnancy and the age of children. This is because we only want to offer and deliver services and products that are relevant.
We also ask for feedback on products and services that we use to improve ourselves in general and to respond or provide better offers to you individually.
We also offer services where you store other information that is important for personalization. For example, you can store a profile picture of yourself. This type of personal information is processed only to personalize your experience.
We receive information when you use our services
When you visit our websites, you provide us with information such as IP address, browser, device, and the pages or services you use, which can potentially be linked to your identity when combined with other data.
Log data is stored.
Internet visit data is logged and used to:
- Monitor and improve our services based on statistics.
- Troubleshoot technical program interruptions or technical deviations.
- Profile groups based on visits to communicate better with you by minimizing irrelevant information.
- Provide you with individually tailored communication.
- Cookies are created on your device.
This is used:
- To simplify your use of the services, such as automatic recognition and login.
- To analyze website traffic and recognize unique visits that cannot be obtained from log data.
- To streamline online marketing processes by providing more relevant advertising. Visits to your device may affect our content on other pages, e.g., advertising networks like Google or Facebook.
We enrich your personal information with information from third parties and/or publicly available information
We enrich the data with third-party solutions where it improves, limits, or terminates services. Examples of this are that we can:
- Receive an address change from the postal service if a shipment is forwarded based on an address change.
- Update phone numbers or addresses from directory services.
- Update your official reservation settings or information about deaths from the Brønnøysund Register Centre.
- Correct spelling in street names and postal codes.
What we do not do
We do not store sensitive payment information, such as credit card information, ourselves. These are stored by authorized data processors – currently Dibs.no.
We do not process images with biometric procedures.
Why are these pieces of information processed?
Sandviks has a mission and purpose of “Enriching young minds,” where we aim to positively contribute to children’s upbringing through good and relevant products/services for pregnant women and families with young children. This means that we process your personal information to:
- Deliver your purchases or provide you
- Give us the opportunity to improve our products and services through aggregated data
- In some cases, to comply with other laws. For example, we must be able to document a sale in accordance with the Accounting Act.
- Provide you with the most personalized communication possible and give us the opportunity to market relevant products and services from us and our partners.
How are the information processed?
In processes where we collect personal information from you, consent should be clear, and this document easily accessible.
Personal data is stored in a well-organized centrally documented system, where access and data security comply with the regulations for the protection of personal data.
The data is used to:
Provide you with the most personalized service and the most relevant communication about our products and services. Provide the best possible service to each individual in their inquiries. Provide product developers, analysts, and customer representatives employed by Sandviks with the best opportunity to improve products and services. Provide you with the best possible information about other relevant products. Many of Sandviks’ services are based on automated decisions. This means that algorithms based on personal information control which products we recommend or what we consider relevant information for you. The intention is to provide better individual adaptation. The offers should not be discriminatory, except that Sandviks may choose to provide established customers with better offers and conditions than customers without a previous relationship with us.
We allow data to be processed by third parties to complete certain services. For example, data for a personalized book may be sent to a subcontractor who performs production, or to a printing company to send you a letter on behalf of Sandviks. In all cases, Sandviks is responsible for your personal information and has secure procedures for deleting temporary data extracts of personal information.
To the extent that data is transferred to third parties for third-party use, this will only be done with your explicit consent.
Personal data is automatically deleted 10 years after the last contact, or upon your request. Data deletion is carried out by pseudonymizing your personal data so that it can no longer be linked to you as a physical person. The encryption key for pseudonymization is stored in a separate system and will only be accessible for use in any legal disputes.
Individual details about you may be retained in a separate reservation table after deletion, the sole purpose of which is to exclude all marketing to the same email address or phone number if it later comes from a new source.
Certain data cannot be legally deleted before the time limit. This applies to legislation such as the Accounting Act. This means that the names and addresses of paying customers are stored for 10 years, even though other personal information may be deleted.
The regulations provide you with rights of access, rectification, erasure, restriction, and data portability. You can access this by logging into Sandviks’ My Page.
On your profile, you will find most of the personal information stored about you. Here, you can also correct, delete information, and set marketing and other usage restrictions on your personal data.
Upon request, we will provide you with an XML data file that gives you full access. This also forms the basis for your right to data portability, as there are currently no established standards we can adhere to.
You can also follow up on your rights of access, rectification, erasure, restriction, and data portability by contacting us at the email email@example.com.
If the personal information is desired to be used for a purpose other than described in this document, Sandviks will inform you again and, where relevant, obtain new consent for this.
The regulations for the protection of personal data impose many obligations on Sandviks beyond this document. You can find the entire set of regulations at datatilsynet.no.
We aim to respond to as many inquiries as possible through our customer service at firstname.lastname@example.org. If serious deviations or data breaches occur that require reporting to or involvement of authorities, our data protection officer at email@example.com and the Norwegian Data Protection Authority (Datatilsynet) should also be contacted. They have their own independent procedures for handling such matters.
The data controller is Sandviks AS, located at Strandsvingen 14, 4032 Stavanger, Norway. The data processor is the same company. Sandviks AS has subsidiary companies Sandviks Förlag AB and Lilleba og Herremann AS, which are part of the Sandviks group and are represented by Sandviks AS.