Privacy Policy
1. GENERAL 1.1 Delicard Group AB, reg.no. 556528-9856 (”Delicard”) respects and cares about your personal integrity. We want you to feel safe when we process your personal data. By way of this privacy policy (“Privacy Policy”), we want to inform you about how we ensure that your personal data is processed in the right way 1.2 To be able to provide you as a subscriber with our services, we must process personal data about you. This Privacy Policy applies to you who:
• Orders a gift card from our website,
• Redeems an ordered gift card,
• As a representative of a company orders gift cards over telephone or e-mail, and
• Is a contact person of a company that we have flagged as a potential customer.
2. DATA CONTROLLER Delicard is the data controller for the processing of your personal data and is responsible for ensuring that the processing is made in compliance with applicable law. You find our contact details at the last page of this Privacy Policy.
3. OUR PROCESSING OF YOUR PERSONAL DATA
3.1 At Delicard, we process your personal data to provide you with the services we offer in the best way possible. We use your personal data to:
• Administer and carry out our obligations towards you and safeguard our legal interests,
• Marketing of our services and products, including customer adapted advertising,
• Administration in connection with company takeovers, restructuring, etc. of Delicard, and
• Comply with our legal obligations and prevent and take measures against crimes. 3.2 In the tables below, you are provided with more information regarding e.g. why we process your personal data, which personal data we store to achieve the purposes of the processing and for how long we store your personal data.
PURPOSE:
Administer and carry out our obligations towards you and safeguard our legal interests.
PERSONAL DATA:
Contact information such as name, address, email address and company. Orders and payment information such as order history and payment information. Login information such as email address and password. Work-related information such as company name and registration number.
WHAT WE DO:
We process your personal data to be able to administer and provide you with our services, offer customer services and secure and facilitate delivery. In case of a dispute regarding e.g. payment, we are entitled to process your personal data to establish, exercise or defend the legal claim.
LEGAL BASIS:
Performance of a contract. In case of a dispute, we are entitled to process your personal data with legitimate interest as legal basis.
RETENTION PERIOD:
Your personal data is kept during the entire contract period, i.e. until your order has been delivered and during the warranty period of 24 months and 12 months thereafter. In total your personal data is stored for 36 months. We may keep your personal data for a longer time period if necessary to establish, exercise or defend a legal claim in case of a dispute regarding e.g. payment.
YOUR RIGHTS:
You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 9 below if you want to read more about your rights.
PURPOSE:
Marketing of our services and products, including customer adapted advertising
PERSONAL DATA:
Contact information such as name, telephone number and email address. Orders and payment information such as order history and payment information. Work-related information such as company name and registration number.
WHAT WE DO:
We process your personal data within the scope of our B2B marketing. All personal data that we process is within the scope of your employment with a company that is a present or potential customer.
LEGAL BASIS:
Legitimate interest, as we assess that our interest of marketing our services and products overrides your interest of protection of your privacy.
RETENTION PERIOD:
If you are a customer of ours: The personal data is stored and processed during the entire contract period, i.e. until your order has been delivered and during the warranty period of 24 months and 12 months thereafter. In total your personal data is stored for 36 months. If you are not yet a customer of ours: We have the right to store your personal data in the purpose of sending you marketing for 12 months from us obtaining your personal data. This is preconditioned upon you not having opposed direct marketing. If you choose to become a customer of ours what is stated below the heading “If you are a customer of ours” applies.
YOUR RIGHTS:
You always have the right to demand that we stop using your personal data for direct marketing. You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 9 if you want to read more about your rights.
PURPOSE:
Administration in connection with acquisition or restructuring of Delicard, etc.
PERSONAL DATA:
Contact information such as name, telephone number and email address.
WHAT WE DO:
If Delicard is to be restructured, e.g. be split into several parts, or if a third party wishes to acquire Delicard or our customer database, Delicard will share yours and other customers’ personal data to the acquiring company. That company will in that case continue to process your personal data for the same purposes as the ones stated in this Privacy Policy, unless you receive different information in connection with the acquisition.
LEGAL BASIS:
Legitimate interest, as we assess that our interest of facilitating a company acquisition or restructuring overrides your interest of protection of your privacy. This is conditioned on the acquiring company being in a similar line of business as Delicard.
RETENTION PERIOD:
If Delicard ceases to exist, e.g. by way of a fusion, liquidation or bankruptcy, or if Delicard’s customer database will be transferred to an acquiring company we will delete your personal data as long as we are not required to keep in order to comply with legal obligations. If Delicard is acquired by a company or split into several parts in connection with a restructuring we will continue to store and process your personal data in accordance with the terms and conditions of this Privacy Policy, unless you receive different information in connection with the acquisition.
YOUR RIGHTS:
You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 9 if you want to read more about your rights.
PURPOSE:
Comply with our legal obligations and take measures against crimes.
PERSONAL DATA:
Invoice information such as name on invoice and transaction history.
WHAT WE DO:
We process your personal data to comply with our legal obligations under applicable law, e.g. legislation regarding accounting, audit and tax. We will also give out your information if we receive a request from prosecutor or police.
LEGAL BASIS:
Compliance with a legal obligation. Public interest in the purpose of preventing and taking measures against crimes.
RETENTION PERIOD:
Your personal data is kept for as long as necessary to comply with applicable legal obligation such as e.g. 7 years according to the accounting act., counted from the close of the calendar year of the financial year to which the information belonged is concluded.
YOUR RIGHTS:
Please see section 9 below.
4. WHERE WE COLLECT YOUR PERSONAL DATA FROM
1.1 The personal data we process about you is obtained from different sources. You provide us with information such as your name, personal identification number, address, telephone number, email address and company name in connection with the registration of your user account, when ordering our products and services and when you leave instructions for the performance of our services. If we have identified the company you work for as a potential customer, we might buy e-mail addresses to use for marketing purposes. 1.2 To be able to enter into an agreement with us at Delicard and to enable us to provide you with our services, you must provide us with this personal data. If you do not provide us with this personal data, we unfortunately cannot enter into an agreement with you or provide you with our services.
5. AUTOMATED DECISION-MAKING
We do not use any automated decision-making which has significant effects on you.
6. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA? 6.1 We only keep your personal data for as long time as necessary to achieve the purposes for which they were collected in accordance with this Privacy Policy. When we do not longer need your personal data, we remove the data from our systems, databases and backups. In the tables above under section 3, you may read more information about for how long time we keep your personal data for different purposes. 6.2 We may be required to keep your personal data for other reasons, such as to comply with legal obligations or to safeguard our legal interest, or for any other important public interest. The access to this personal data is restricted so that only a limited amount of persons are authorised to access the data.
7. WITH WHOM DO WE SHARE YOUR PERSONALD DATA WITH?
7.1 Delicard may share your personal data with third parties such as our services providers and companies with which we cooperate with to provide our services. We will therefore share your personal data with some of our service providers, such as IT vendors and card vender in order to carry out our obligations to you or to assist you if you redeem a gift card. We may also in certain cases be required to share your personal data with public authorities or other third parties in connection with court proceedings, corporate acquisitions or similar reasons. 7.2 We will not sell your personal data to any third party.
8. WHERE DO WE PROCESS YOUR PERSONAL DATA?
Delicard only processes your personal data within the EU/EEA and does not share or facilitate access to your personal data with any operator outside of the EU/ EEA.
9. YOUR RIGHTS
9.1 Our responsibility for your rights 9.1.1 Delicard is in the capacity as data controller responsible for ensuring that your personal data is processed in accordance with applicable law and that your rights have an impact on the processing. You may at any time contact us to exercise your rights. You find our contact details at the last page of this Privacy Policy.
9.1.2 Delicard is obliged to answer your request to exercise your rights within one month from our receipt of your request. If your request is complicated, or if we have received a large extent of requests, we are entitled to prolong our response period with two additional months. If we assess that we cannot perform the actions you have requested, we will within one month explain why and inform you about your right to lodge a complaint with the data protection authority. 9.1.3 All information and communication, and all actions we carry out, is at no cost for you. If the action you request is manifestly unfounded or excessive, we are entitled to charge you an administrative fee to provide you with the requested information or carry out the requested action, or refuse to meet your request. 9.2 Your right to access, rectification and erasure of personal data and restriction of processing 9.2.1 You have the right to request: a) Access to your personal data. This means that you have the right to request an abstract from our data record regarding our use of your personal data. You also have the right to request a copy of the personal information being processed at no cost. However, we may charge you a reasonable administrative fee to provide you with additional copies of the personal data. If you make your access request by electronic means such as email, we will provide you with the information in a commonly used electronic format. b) Rectification of your personal data. We will at your request, or at our own initiative, rectify, anonymise, erase or complement personal data that you or we discover is inaccurate, incomplete or misleading. You also have the right to complement the personal data with additional data if relevant information is missing. c) Erasure of your personal data. You have the right to request that we erase your personal data if we do no longer have an acceptable reason for processing the data. Given this, erasure shall be made by us if: (i) the personal data is no longer necessary for the purposes for which it was collected, (ii) you object to the processing of your personal data based on our legitimate interest and there is no overriding legitimate ground for the processing, (iii) the personal data has not been lawfully processed, (iv) we are required to erase the personal data due to a legal obligation, or (v) you are a child and we have collected the personal data in relation to the offer of information society services. However, there might be requirements under applicable law, or other weighty reasons, that entail in that we cannot immediately erase your personal data. In such case, we will stop using your personal data for any other reasons than to comply with the applicable law, or the relevant weighty reason.
d) Right to restrict processing: This means that we temporarily restrict the processing of your personal data. You have (from the 25th of May 2018) the right to request restriction of the processing when: (i) you have requested rectification of your personal data in accordance with section 9.2.1 b) above during the time period we are verifying the accuracy of the data, (ii) the processing is unlawful and you do not want the personal data to be erased, (iii) Delicard, in its capacity as data controller, does no longer need the personal data for the purposes for which it was processed,
but you require us to retain the information for the establishment, exercise or defence of legal claims, or (iv) you have objected to our legitimate interest for the processing in accordance with section 9.3 below during the time period we determine whether the legitimate interest overrides your privacy rights. 9.2.2 At Delicard, we will (from the 25th of May 2018) take all reasonable and possible actions to notify any recipients of your personal data as set out in section 7 above regarding any rectification, erasure or restrictions carried out by us. At your request, we will also inform you of which third parties we have shared your personal data with.
9.3 Your right to object to the processing 9.3.1 You have the right to object to such processing of your personal data based upon our legitimate interest (please see section 3 above). If you object to such processing, we will only continue with the processing if we have a compelling legitimate reason for the processing that outweighs your interest, rights or freedoms, or unless continued processing is necessary for the establishment, exercise or defence of a legal claim. 9.3.2 If you do not want Delicard to process your personal data for direct marketing you always have the right to object to such processing by getting in touch with us. When we have received your objection we will cease to process your personal data for this marketing purpose. 9.4 Your right to portability You have the right to portability. This means that you have the right to receive certain of your personal data in a structured, commonly used and machinereadable format and have the right to transmit those data to another controller. You only have this right when your personal data is processed by automated means and our legal basis for the processing is performance of a contract between you and Delicard. This means e.g. that you have the right to receive and transfer all of the personal data that you have provided us with to create a user account at our web page. 9.5 Your right to lodge a complaint with the data protection authority You have the right to lodge any complaints regarding our processing of your personal data with the data protection authority.
10. WE PROTECT YOUR PERSONAL DATA
You shall always feel safe when providing us with your personal data. Therefore, Delicard has implemented appropriate security measures to protect your personal data against unauthorised access, alteration and erasure. In the case of a security breach that may significantly affect you or your personal data, e.g. when there is a risk of fraud or identity theft, we will contact you and inform you of what you can do to reduce this risk.
11. AMENDMENTS TO THIS PRIVACY POLICY Delicard has the right to amend this Privacy Policy at any time. When we make any amendments that are not only linguistic or editorial, you will be provided with clear information of the amendments and which impact they will have on you before the amendments are effective.
12. CONTACT INFORMATION
Do not hesitate to contact us at Delicard if you have any questions regarding this Privacy Policy, our processing of your personal data, or if you want to exercise your rights. Delicard Group AB, reg.no. 556528-9856 Postal address: SE-105 40 Stockholm, Sweden Visiting address: Liljeholmsstranden 3, SE-117 43 Stockholm, Sweden Email: ERSE-DPO@edenred.com Telephone: 08-681 81 00 Webpage: https://www.delicard.se/.