This Privacy Policy describes how your personal information is collected, used, stored and shared ("processed") when you visit or make a purchase from www.hem.com (the “Site”).

DATA CONTROLLER (“We”):

Hem Design Studio Sweden AB, ORG.NR: 559047-2766
Torsgatan 16, 111 23 Stockholm, Sweden
+46 (0)8 408 067 40
info@hem.com  


PERSONAL INFORMATION WE PROCESS

When you visit, and browse the Site, we automatically collect data about:
- Your device, your web browser, IP address, time zone, and some of the cookies that are installed on your device.
- Additionally, we collect data about the individual web pages or products that you view, what websites or search terms referred you to the Site, and data about how you interact with the Site.
We refer to this automatically-collected information as “Device Data”, and we collect it using the following technologies:

- “Cookies”, which are data files that are stored by your internet browser or your computer, and which often include an anonymous unique identifier. The webpages you browse are then able to recognize some information contained in the cookies stored by your browser. While some cookies are necessary to ensure proper communication with the website (for example to store items in your shopping cart), some cookies may also contain anonymous analytical information about your browsing to display content relevant for you, and may be stored for a longer period of time. For more information about cookies, and how to disable them, visit http://www.allaboutcookies.org.

- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
In addition to Device Data, when you make a purchase or attempt to make a purchase through the Site, we need to collect certain information from you, including:
- Your name, billing address, shipping address, payment information (including credit card numbers and bank details), email address, and a phone number.
We are unable to fulfill your order, and you cannot enter into a purchasing agreement with us without providing us with this information.
We refer to this information as “Order Data”.

When we talk about “Personal Data” in this Privacy Policy, we are talking both about Device Data and Order Data.
Finally, we process information regarding your subscription to our services (Hem PRO), information you provided to us by completing online forms on the Site, or information you submit to us regarding claims.


HOW DO WE PROCESS YOUR PERSONAL INFORMATION?

By default, we only process the minimal amount of personal data necessary to operate our business properly. We do not collect any sensitive personal data such as data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership.
Your personal data may be processed either:
- By you giving us consent with the processing of your data, or
- To enable a performance of a contract between us and you, or
- Where the processing is necessary for our legitimate business interests (such as for example the development of our business, providing information about our business to potential customers, identifying fraudulent claims, or the improvement of the customer experience on the Site).


FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?

We use the non-directly identifiable Device Data to screen for potential risk and fraud (particularly your IP address), and more generally to improve and optimize our Site (for example, by analyzing how our customers browse and interact with the Site, or to assess the success of our marketing and advertising campaigns). Additionally, we use the Device Data that we collect for advertising and retargeting, in order to optimize the user experience on the Site.

We use the Order Data that we collect generally to fulfill any orders placed through the Site (including processing your payment data, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Data to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with data or advertising relating to our products or services.


SHARING YOUR PERSONAL INFORMATION

We share your Personal Data with third parties to make sure that we can sell our products properly, and that shopping is a comfortable experience for you. We use Shopify to power our online store--you can read more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy .
We use MailChimp to maintain subscriptions to our newsletters – you can read more about how MailChimp uses your data here: https://mailchimp.com/legal/privacy/ . We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Data here: https://www.google.com/intl/en/policies/privacy/ and you can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
In order to process payments, we need to share some of your personal data with our payment solutions providers, such as PayPal and Braintree.
Furthermore, we share your personal data with our logistics and warehouse operators to ensure proper delivery of the products ordered.

Finally, we may also share your Personal Data to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for data we receive, or to otherwise protect our rights.



TRANSFER OF DATA TO A THIRD COUNTRY

While all of our servers are hosted within the EU, due to the nature of the services we are using to power our site, your personal data  may be transferred outside of the EU - namely into to Canada and into the US.


BEHAVIOURAL ADVERTISING AND OPT-OUT LINKS

As described above, we may use your Personal Data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work .
You can opt out of targeted advertising / communication by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
- Mailchimp Hem Pro Europe: https://hem.us13.list-manage.com/unsubscribe?u=8b6f74da1e1f401c90d020ab3&id=addaed014d
- Mailchimp Hem Newsletter Europe: https://hem.us13.list-manage.com/unsubscribe?u=8b6f74da1e1f401c90d020ab3&id=3d26074663
- Mailchimp Waiting list 2018 EU Pro: https://hem.us13.list-manage.com/unsubscribe?u=8b6f74da1e1f401c90d020ab3&id=8d9853c405
- Mailchimp Waiting list 2018 EU: https://hem.us13.list-manage.com/unsubscribe?u=8b6f74da1e1f401c90d020ab3&id=c29359f6a5
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.


MANAGING YOUR COOKIES:

After you give us consent to store cookies on your device, this information will be stored for when you browse the Site next time.
You can withdraw this consent at any time by deleting cookies for each of the browsers, that you use (such as Google Chrome, Mozilla Firefox, Safari, Internet Explorer or Microsoft Edge).


DO NOT TRACK

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.


YOUR RIGHTS

If you are a European resident, you additionally have the following rights:
- The right to access the personal data we hold about you
- The right to receive your data in a portable and structured format. Please note, that we may apply a reasonable fee for any copies of your data after the first one that we provide you with.
- The right to have your data kept accurate and have it corrected on request
- The right to have your data erased, in cases where it is no longer necessary for the purpose for which we collected it, or if you believe we have collected it unlawfully. You might also have your data erased in cases when you gave your consent for its processing, and you withdraw such consent, or if you use your right to object (see further). Please note, that in some situations we might not be able to erase your data because of legal regulations which require us to keep copies of it. We will notify you about such rules at the time of your request.
- The right to have processing restricted (apart from storage), in cases where for example you request a correction of the data
- The right to object to processing, if it is carried out based on our legitimate interest (for example in cases of direct marketing)
- The right to withdraw consent at any time, when the processing is based on you giving us consent to process your personal data
- The right to lodge a complaint with the relevant supervisory authority. The Swedish Data Protection Authority (DPA) / Datainspektionen is available for contact at https://www.datainspektionen.se/in-english/contact-us/ . However, we would appreciate if you contacted us beforehand to see if we can help you resolve your concerns as well.
- In cases where we don’t have the data directly from you, the right to know where the personal data has been collected from
We will communicate any requests to correct or erase personal data to each of the third parties we have shared it with, and you have the right to be informed about these third parties, should you request it.
You may exercise all the above-mentioned rights by writing to us on the contact information written below, and we will do our best to reply to you without any unnecessary delay, however at the latest within one month from such request.


AUTOMATED DECISION MAKING

In general, we do not carry out automated decision making, including profiling, that produces legal effects with regards to you. We do, however need to automatically modify some aspects of our offers (such as the VAT, for example) based on your location, in order to comply with laws in different countries.



DATA RETENTION

We will maintain your Order Information only for as long as it is necessary to comply with legal obligations in the respective countries. We will maintain other types of data unless or until you ask us to delete it.



DATA BREACH

In case of a data breach, we inform the necessary authority without unnecessary delay, at the latest within 72 hours of becoming aware of it, as well as to you in case such breach could result in a high risk to your rights and freedoms. We will also document and maintain records of any such breach.



CHANGES

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.



MINORS

The Site is not intended for individuals under the age of 18, and we do not knowingly process their personal data.



CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, or unsubscribe from any of our services please contact us by e-mail at info@hem.com or by mail using the details provided below:



Privacy Compliance Officer
Hem Design Studio
Torsgatan 16
111 23 Stockholm
Sweden