SWEDENCARE’S DATA PRIVACY POLICY

This Data Privacy Policy (‘privacy policy’) explains how Swedencare AB (‘Swedencare’, ‘we’ or ‘us’) collects and uses your personal data when you use Swedencare's services or otherwise interact with us. This privacy policy also describes what rights you have towards us and how you can exercise such rights. You can always contact us with questions about privacy and data protection by sending an e-mail to info@swedencare.co.uk Swedencare is the controller of your personal data and we process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (‘GDPR’). We therefore encourage you to read this privacy policy in its entirety to ensure that you fully understand how we process your personal data in connection with the products and services which we provide you with. Personal data means any information relating to you as a data subject that can directly or indirectly identify you, such as your name, date of birth and social security number. Processing means any operation on personal data, such as the use, collection and organisation of personal data.  ere

Company name: Swedencare AB
Registration number: 556470-3790
Postal address: Per Albin Hanssons väg 41 214 32 Malmö Sweden
E-mail: info@swedencare.co.uk

We process personal data that you provide to us, as well as personal data generated when you use our products and services. You may directly or indirectly provide us with the following categories of personal data:

Category of personal data             Type of personal data 
Identification data                           Name, birthday, social security number, etc.
Contact data                                    E-mail address, invoice address, delivery address, phone number, etc.
Payment information                     Credit and debit card information, etc.
Online identifiers                             IP address, device-ID, etc.
Behavioural data                             Purchase history, website heat map data, etc.

In the tables below, you will find information regarding;

1. the purposes for which we process your personal data, i.e. why the processing is necessary,
2. the types of personal data we use for each purpose, and whether such personal data is obtained directly from you or from a third party,
3. what legal basis we have under the GDPR to process personal data about you,
4. and what retention period we have for each processing activity, i.e. after how long Swedencare deletes the personal data for each respective purpose.

When you contact us via phone, e-mail or any of our social medias, we will collect the personal data which you provide us with for the purpose of being able to answer any of your questions, handle your requests, or interact with you.

Purpose 

When you contact our customer support via phone or e-mail, we will process your personal data in order to assist you in your customer support matter.
Personal data
Identification data, contact data
Legal basis for processing (‘why is the processing activity necessary’)
We base our processing on article 6.1 (b) GDPR. The processing is necessary in order for us to assist you with your customer support matter, thereby performing our part of the contract in which you are part in.
Retention period
In order to perform our part of the contract in which you are part of, Swedencare will store your data for three (3) years, after which your personal data will be deleted immediately.


Purpose 

When you contact us on social medias, we will process your personal data in order for us to answer any of your question and/or interact with you.
Personal data
Identification data, contact data
Legal basis for processing (‘why is the processing activity necessary’)
We base our processing on article 6.1 (f) GDPR. We have a legitimate interest of being able to process your personal data in order to answer any of your questions and/or interact with you on social medias. After careful consideration, Swedencare makes the assessment that our legitimate interest of processing your personal data for these purposes outweighs your interest of us not processing your personal data. Furthermore, we deem that the processing in question is necessary in order to fulfil the purpose behind the processing.
Retention period
Swedencare will process your personal data for three (3) years, after which your personal data will be deleted immediately.

When you make purchases from us, we will collect the personal data which you provide us with for the purpose of being able to provide you with our products, process your payments and send you an invoice.

Purpose
When you purchase products from us, we will process your personal data in order for us to provide you with our products, process your payments and send you an invoice.
Personal data
Identification data, contact data, online identifiers, payment information  
Legal basis for processing (‘why is the processing activity necessary’)
We base our processing on article 6.1 (b) GDPR. The processing is necessary in order for us to provide you with our products,
thereby performing our part of the contract in which you are part in.
Retention period
In order to perform our part of the contract in which you are part of, Swedencare will store your data for three (3) years, after which your personal data will be deleted immediately. To the extent that your personal data must be stored in order for us to fulfil our legal obligations according to the Swedish Accounting Act (1999:1078) (Sw: Bokföringslag (1999:1078), Swedencare will store your personal data for seven (7) years after such accounting has been consolidated.

When you interact with our website, Swedencare will collect your personal data in order for us to provide you access to our website, and to analyse how you use our website. Swedencare uses cookies and other tracking technologies on our website in order to improve your user experience. You can find more information regarding our usage of cookies in our cookie policy.

Purpose
When you interact or otherwise use our website, we will process your personal data in order for us to provide you access to our website and analyse your usage of our website.
Personal data
Identification data, contact data, online identifiers, behavioural data
Legal basis for processing (‘why is the processing activity necessary’)
We base our processing on article 6.1 (f) GDPR. We have a legitimate interest of being able to process your personal data in order to provide you access to our website and to analyse how you use our website. After careful consideration, Swedencare makes the assessment that our legitimate interest of processing your personal data for these purposes outweighs your interest of us not processing your personal data. Furthermore, we deem that the processing in question is necessary in order to fulfil the purpose behind the processing.
Retention period
Swedencare will process your personal data for six (6) months, after which your personal data will be deleted immediately.

We may process your personal data in order for us to communicate relevant information and marketing to you regarding products which you have previously purchased, or similar products which we sell which may be of interest to you. If you do not want to receive such communication from us, you may at any time request that we stop processing your personal data for these purposes by send an e-mail to info@swedencare.co.uk

Purpose
In order for us to market our products, send you other relevant information and to develop and improve our business, we may process your personal data.
Personal data
Identification data, contact data
Legal basis for processing (‘why is the processing activity necessary’)
We base our processing on article 6.1 (f) GDPR. We have a legitimate interest of being able to process your personal data in order to market our products, send you other relevant information and improve our business. After careful consideration, Swedencare makes the assessment that our legitimate interest of processing your personal data for these purposes outweighs your interest of us not processing your personal data. Furthermore, we deem that the processing in question is necessary in order to fulfil the purpose behind the processing.
Retention period
Swedencare will process your personal data for six (6) months, after which your personal data will be deleted immediately.

Purpose
We may conduct surveys and ask you to participate. For this purpose, we may process your personal data.
Personal data
Contact data
Legal basis for processing (‘why is the processing activity necessary’)
We base our processing on article 6.1 (f) GDPR. In case that you participate in our surveys, we have a legitimate interest of being able to process your personal data in order to follow up any of your answers for business development purposes. After careful consideration, Swedencare makes the assessment that our legitimate interest of processing your personal data for these purposes outweighs your interest of us not processing your personal data. Furthermore, we deem that the processing in question is necessary in order to fulfil the purpose behind the processing.
Retention period
Swedencare will process your personal data for three (3) months, after which your personal data will be deleted immediately.

When you apply for a job with us, we will process your personal data to manage your job application

Purpose
If you apply for a job with us, we will process your personal data so that we can manage your request.
Personal data
Identification data, contact data
Legal basis for processing ( ‘why the activity is necessary processing’)
We base our processing on article 6.1 (f) of the GDPR. In the event that you apply for a job with us, we have a legitimate interest in being able to process your personal data to administer your application and conduct follow-up interviews. After careful consideration, Swedencare assesses that our legitimate interest in processing your personal data for these purposes outweighs your interest in us not processing your personal data. Furthermore, we consider that the processing in question is necessary to fulfill the purpose behind the processing.
Retention period
Swedencare will process your personal data for three (3) months, after which your personal data will be deleted immediately.

4. YOUR RIGHTS REGARDING swedencare’s PROCESSING OF YOUR PERSONAL DATA

As a data subject, you have several rights in relation to your personal data under the GDPR. These rights are listed below. If you wish to exercise your rights, you can contact us at the contact details provided above in section 1 of this privacy policy.

4.1. Right to information

You have the right to receive information regarding how Swedencare processes your personal data. Such information is provided through this privacy policy in connection with the collection of your personal data and is always available at our website se.swedencare.com. You also have the right to receive specific information in the event of a personal data breach that affects your personal data and there is a risk of e.g. fraud or identity theft. We will communicate such information directly to you by e-mail.

4.2. Right of access

You have the right to receive a summary of your personal data which Swedencare processes (register extract). However, under certain conditions, Swedencare may deny your request for access, e.g. if you request access many times over a short period of time.

4.3. Right to rectification

You have the right to have inaccurate or incomplete personal data rectified or completed. The right to rectification applies to both personal data collected from you or a third party and your possible profile created by Swedencare through profiling. You can notify us by e-mail to info@swedencare.co.uk if you want us to rectify or complete your personal data.

4.4. Right to erasure (’right to be forgotten’)

You have the right to request the erasure of your personal data when it is no longer necessary to process it for the purpose for which it was collected. You can notify us by e-mail to info@swedencare.co.uk if you wish us to delete your personal data. However, there are legal requirements and obligations set forth in laws that may prevent us from deleting certain information, such as the Swedish Accounting Act (1999:1078) (Sw: Bokföringslag (1999:1078)). We then ensure that such personal data is not processed other than to the extent required for us to fulfil these obligations and limit the access of Swedencare's employees to such personal data. You may also have the right to have certain personal data erased when you object to processing under section 4.6 below provided that Swedencare does not have an overriding legitimate ground for the processing.

4.5. Right to restriction of processing

You have the right to request the restriction of our processing of your personal data in certain cases. If you believe that the personal data we process about you is inaccurate and you have requested rectification, you may request a restriction of processing of your personal data. In such cases, restricted processing will take place during the time we are working on verifying whether or not the personal data is accurate. You may also request the restriction of our processing of your personal data if the processing is unlawful and you oppose the erasure of the personal data and instead request a restriction of its use. Another scenario where you have the right to request restriction of or processing of your personal data is if we no longer need the personal data for the purposes of the processing, but you need it for the establishment or defence of legal claims. You can also request that our processing of your personal data is restricted if you have objected to processing based on a balance of interests (legitimate interest), in which case the processing of personal data will be restricted during the time we establish whether our legitimate interests outweigh your legitimate interests. In case the processing has been restricted under any of the above situations, we may only process your personal data, in addition to the retention itself, for the establishment, exercise or defence of legal claims, for the protection of the rights of another person or because you have given us your consent to do so.

4.6. Right to object and automated decision-making

You have the right to object at any time to our processing of your personal data if such processing is based on a legitimate interest. The further processing of your personal data requires us to demonstrate a legitimate reason for the current processing activity. Otherwise, we may only process the data for the establishment, exercise or defence of legal claims. For reasons related to your specific situation, you also have the right to object to profiling and other processing of personal data concerning you, when the processing of the information is based on the customer relationship between you and Swedencare. You always have the right to object to direct marketing without a balancing of interests. As a data subject, you also have the right not to be subject to decisions based solely on automated decision-making, where such decision-making results in legal consequences or similarly significantly affects you. You have the right to object to such processing, including profiling. However, this right does not apply if the decision-making is necessary for the conclusion or performance of a contract with you or if you have provided us with your explicit consent. Swedencare does however not conduct any automated decision-making or profiling.

4.7. Right to data portability

In certain cases, you have the right to have your personal data transferred to you in a structured, commonly used and machine-readable format to another controller (register extract), provided that the transmission is technically feasible and can be automated. This applies to personal data that you have provided to us and that we process with the legal basis of performance of a contract or based on your consent. You can contact us by e-mail at info@swedencare.co.uk if you wish to receive a register extract of your personal data.  

4.8. Right to withdraw consent

Where you have given your consent for the processing of your personal data, you have the right to withdraw such a consent at any time. You can withdraw your consent by notifying us via the contact details provided in section 1 above.

4.9. THE RIGHT TO LODGE A COMPLAINT

If you believe that we are processing your personal data in breach of the GDPR, you have the right to lodge a complaint with the Swedish Data Protection Authority (Sw: Integritetsskyddsmyndigheten, ‘IMY’) via the contact details provided in section 8 below. For more information on how to lodge a complaint, please visit the IMY website at https://www.imy.se.

5. WHO MIGHT WE SHARE YOUR INFORMATION WITH?

Transfers of your personal data within the EU/EEA

Swedencare does not sell information about you to third parties. However, in the conduct of our business, it is necessary for us to share your personal data with certain third parties in order to, among other things, provide you with our services and products and fulfil our agreement with you. We then take all reasonable technical, legal and organisational measures to ensure that your personal data is handled securely and with an adequate level of protection. The following categories of third parties may receive and process your personal data.

Suppliers and sub-contractors

Suppliers and sub-contractors are companies that provide Swedencare with the services and functionalities required for us to provide you with our services and products. In most cases, suppliers and/or sub-contractors are companies that only have the right to process the personal data they receive from Swedencare on behalf of Swedencare, so-called processors. Examples of such suppliers and sub-contractors are financing partners, e-mail-, print- and logistics companies. However, in some instances some of these suppliers and/or sub-contractors process your personal data for their own purposes and are thus separately responsible for that part of the personal data processing as independent controllers. To learn more about how these companies process your personal data, we refer you to their privacy policies which you can find in the tables below under section 5.2. Swedencare needs access to services and functionality from other companies that Swedencare cannot provide itself. We may therefore share your personal data with suppliers or sub-contractors to access these services and functionalities in the performance of our contractual obligations to you or to fulfil our legitimate interest and for the other purposes set out in this privacy policy. We ensure that the processing involved is necessary to fulfil such interests, and that our interests outweighs your interests not to have your data processed. Based on the circumstances of your individual case, you have the right to object to our processing of your personal data where we rely on legitimate interest to support the transfer. More information on your rights can be found in section 4 above.

Advertisement Companies

In order for Swedencare to create and realise marketing and advertisement strategies and/or campaigns, it is necessary for us to share your personal data with advertisement companies. We base such transfers of your personal data on our legitimate interests to market our products and business to you and other potential customers. You have the right to object to transfers of your personal data which we base on our legitimate interests. Such objections will be evaluated on a case-by-case basis. You can find more information regarding your rights in section 4 above.

Payment Service Providers, Financial Partners and other Financial Service Providers

We will share your personal data with our payment service providers, financial partners and other financial service providers. This is necessary in order for us to administer your purchases. Our legal basis for such transfers is performance of the contract which you have entered into with us when purchasing any of our products.

Transport and Logistics Companies

We ship all of our products, therefore it is necessary for Swedencare to share your personal data with transport and logistics companies in order for your parcels to be delivered. We base such transfers of your personal data on the performance of the contract which you have entered into with us when purchasing any of our products.

Recruitment Services Providers

We always strive for having the most competent employees and will therefore initiate recruitment campaigns from time to time. Swedencare uses several recruitment services for this purpose and will share your personal data with the providers of such recruitment services which is necessary in order to administer your job application. We base such transfers of your personal data on our legitimate interests to administer yours’s and other prospect’s job applications. You have the right to object to transfers of your personal data which we base on our legitimate interests. Such objections will be evaluated on a case-by-case basis. You can find more information regarding your rights in section 4 above.

Whistleblowing Service Providers

In order for us to comply with whistleblowing legislation, we will share your personal data to providers of our whistleblowing service in cases where you have filed a whistleblowing report. We base such transfers of your personal data on our legal obligation to do so according to e.g. the Swedish Whistleblowing Act (2021:890) (Sw: Lag (2021:890) om skydd för personer som rapporterar om missförhållanden).

Providers of Shareholder Management Systems

We may have to share our shareholder’s personal data with providers of our shareholder management systems. Such transfers are necessary in order for us to e.g. comply with the Swedish Companies Act (2005:551). We base such transfers of your personal data on our legal obligation to do so according to e.g. the Swedish Companies Act (2005:551) (Sw: Aktiebolagslag (2005:551)).

Digital Signature Providers

In order for us to streamline and digitalise our contractual processes, we will share your personal data with digital signature providers when your sign digital agreements with Swedencare. We base such transfers of your personal data on our legitimate interests to streamline and digitalise our contractual processes. You have the right to object to transfers of your personal data which we base on our legitimate interests. Such objections will be evaluated on a case-by-case basis. You can find more information regarding your rights in section 4 above.

Survey Service Providers

We may conduct surveys in order to improve our business. In such cases where you participate in such surveys, we will share your personal data with our survey service providers. Such a transfer is necessary for us to administer your answers in our surveys and we base such transfers on our legitimate interests to improve our company. You have the right to object to transfers of your personal data which we base on our legitimate interests. Such objections will be evaluated on a case-by-case basis. You can find more information regarding your rights in section 4 above.

Collaboration Brokers

A part of Swedencare’s marketing and advertisement strategy is to collaborate with content creators. We use collaboration brokers for this purpose and will transfer your personal data to such collaboration brokers during any collaborations that have been entered through said collaboration broker. We will base such transfers of your personal data on the performance of contract which you have entered with us through the collaboration broker within the scope of the collaboration.
 
Transfer of your personal data outside the EU/EEA

Where applicable, we may share your personal data with other companies in a country outside the EU/EEA, a so-called ‘third country’. In a third country, the GDPR does not apply, which may entail an increased risk from a privacy perspective regarding, among other things, the possibility for authorities in a third country to gain access to your personal data and for your ability to exercise control over the personal data. In order to protect your personal data and to maintain an adequate level of protection of your personal data, such transfers are based either on an adequacy decision of the European Commission or through appropriate safeguards such as binding corporate rules approved by the competent supervisory authority, or the European Commission's standard contractual clauses in combination with organisational and technical safeguards. You can read more about which countries are considered to have an adequate level of protection on the European Commission's website by following this link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. You can read more about standard contractual clauses by following this link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. We always intend to carry out a risk assessment before a transfer to a third country and take both technical and organisational safeguards to ensure an adequate level of protection. We always strive to transfer as little personal data as possible to countries outside the EU/EEA, and if possible, in anonymised form. For more information on the safeguards that Swedencare takes, please see section 6 of this privacy policy. The tables below show which companies outside of the EU/EEA which might receive your personal data.

Suppliers and sub-contractors

In some cases, your personal data may be shared with suppliers and sub-contractors outside the EU/EEA. This may involve suppliers of, e.g. marketing services, IT services and financial services required to conduct our business, with a registered office or server in a country outside the EU/EEA.

Personal data which may be shared
Online identifiers, behavioural data, purchase history, contact data
Description
Google LLC provides Swedencare with the analytics software Google Analytics and the advertisement software Google Ads. The usage of these services are necessary for Swedencare’s continued business development and marketing, and a transfer of your personal data to Google LLC is necessary in order for Swedencare to make use the services. Google LLC has its registered offices in the USA, a third country where the GDPR is not applicable. Google LLC is however certified under the EU-USA Data Framework Regulation which forms the basis for the third country transfer. For more information regarding how Google LLC processes your personal data, please visit their data privacy policy: https://policies.google.com/privacy?hl=en-US
Contact information
1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA

Personal data which may be shared
Online identifiers, behavioural data
Description
Microsoft Corporation provides Swedencare with the analytics software Microsoft Clarity and the advertisement software Microsoft Ads. The usage of these services are necessary for Swedencare’s continued business development and marketing, and a transfer of your personal data to Microsoft Corporation is necessary in order for Swedencare to make use the services. Microsoft Corporation has its registered offices in the USA, a third country where the GDPR is not applicable. Microsoft Corporation is however certified under the EU-USA Data Framework Regulation which forms the basis for the third country transfer. For more information regarding how Microsoft Corporation processes your personal data, please visit their data privacy policy: https://privacy.microsoft.com/en-us/privacystatement
Contact information
One Microsoft Way, Redmond, WA 98052, USA

Personal data which may be shared
Online identifiers, behavioural data, contact data
Description
Microsoft Corporation provides Swedencare with the analytics software Meta Pixel. The usage of this service is necessary for Swedencare’s continued business development, and a transfer of your personal data to Meta Platforms, Inc. is necessary in order for Swedencare to make use the service. Meta Platforms, Inc. has its registered offices in the USA, a third country where the GDPR is not applicable. Meta Platforms, Inc. is however certified under the EU-USA Data Framework Regulation which forms the basis for the third country transfer. For more information regarding how Meta Platforms, Inc. processes your personal data, please visit their data privacy policy: https://www.facebook.com/privacy/policy/
Contact information
1601 Willow Road Menlo Park, CA 94025, USA

Personal data which may be shared
Online identifiers, behavioural data
Description

NextRoll, Inc. provides Swedencare with the marketing platform Adroll. The usage of this service is necessary for the execution of Swedencare’s marketing activities, and a transfer of your personal data to NextRoll, Inc. is necessary in order for Swedencare to make use of the service. NextRoll, Inc. has its registered offices in the USA, a third country where the GDPR is not applicable. NextRoll, Inc. is not certified under the EU-USA Data Framework Regulation. The legal basis for the third country transfer is Standard Contractual Clauses accepted by the EU Commission. You can read more about NextRoll, Inc’s usage of Standard Contractual Clauses here: https://www.nextroll.com/terms/data-protection For more information regarding how NextRoll, Inc. processes your personal data, please visit their data privacy policy: https://www.nextroll.com/terms/data-protection
Contact information
201 California St Floor 5, Suite 500, San Francisco, CA 94111, USA

Personal data which may be shared
Behavioural data
Description
Victory Square Media Inc. provides Swedencare with the Social Media Management Tool and Media Schedular Later. The usage of this service is necessary for the management of Swedencare’s social media presence, and a transfer of your personal data to Victory Square Media Inc. is necessary in order for Swedencare to make use of the service. Victory Square Media Inc. has its registered offices in the Canada, a third country where the GDPR is not applicable. Canada is however a country with an adequacy decision from the EU Commission which forms the basis for the third country transfer. For more information regarding how Victory Square Media Inc. processes your personal data, please visit their data privacy policy: https://later.com/privacy/
Contact information
88 East Pender Street, Vancouver, British Columbia V6A 1T1, Canada

Personal data which may be shared
Identification data
Description
SurveyMonkey Inc. provides Swedencare with the market research platform Momentive. The usage of this service is necessary for Swedencare’s conduction of surveys and continued business development, and a transfer of your personal data to SurveyMonkey Inc. is necessary in order for Swedencare to make use of the service. SurveyMonkey Inc. has its registered offices in the USA, a third country where the GDPR is not applicable. SurveyMonkey Inc. is not certified under the EU-USA Data Framework Regulation. The legal basis for the third country transfer is Standard Contractual Clauses accepted by the EU Commission. You can read more about SurveyMonkey Inc’s usage of Standard Contractual Clauses here: https://www.surveymonkey.com/mp/legal/subprocessor-list/ For more information regarding how SurveyMonkey Inc. processes your personal data, please visit their data privacy policy: https://www.surveymonkey.com/mp/legal/privacy/
Contact information
2130 W Sam Houston Pkwy N, Houston, TX 77043, USA

Personal data which may be shared
Contact data, identification data
Description
Zoom Video Communications, Inc. provides Swedencare with the video communications platform Zoom. The usage of this service is necessary for Swedencare’s conduction of online webinars, and a transfer of your personal data to Zoom Video Communications, Inc. is necessary in order for Swedencare to make use of the service. Zoom Video Communications, Inc. has its registered offices in the USA, a third country where the GDPR is not applicable. Zoom Video Communications, Inc. is not certified under the EU-USA Data Framework Regulation. The legal basis for the third country transfer is Standard Contractual Clauses accepted by the EU Commission. You can read more about Zoom Video Communications, Inc’s usage of Standard Contractual Clauses here: https://explore.zoom.us/en/privacy/ For more information regarding how Zoom Video Communications, Inc. processes your personal data, please visit their data privacy policy: https://explore.zoom.us/en/privacy/
Contact information
55 Almaden Blvd Fl 6, San Jose, California, 95113, USA

Personal data which may be shared
Identification data, contact data, payment information
Description
UPS Corporate Headquarters provides Swedencare with logistics services for Swedencare’s management of transport and mail. The usage of this service is necessary for the delivery of Swedencare’s products to you, and a transfer of your personal data to UPS Corporate Headquarters is necessary in order for Swedencare to make use of the service. UPS Corporate Headquarters has its registered offices in the USA, a third country where the GDPR is not applicable. UPS Corporate Headquarters is not certified under the EU-USA Data Framework Regulation. The legal basis for the third country transfer is Standard Contractual Clauses accepted by the EU Commission. You can read more about UPS Corporate Headquarters’ usage of Standard Contractual Clauses here: https://www.ups.com/se/en/support/shipping-support/legal-terms-conditions/privacy-notice.page?loc=en_SE For more information regarding how UPS Corporate Headquarters processes your personal data, please visit their data privacy policy: https://www.ups.com/se/en/support/shipping-support/legal-terms-conditions/privacy-notice.page?loc=en_SE 
Contact information
55 Glenlake Pkwy NE, Sandy Springs, GA 30328, USA

Personal data which may be shared
Identification data, contact data, payment information
Description
FedEx Corporation provides Swedencare with logistics services for Swedencare’s management of transport and mail. The usage of this service is necessary for the delivery of Swedencare’s products to you, and a transfer of your personal data to FedEx Corporation is necessary in order for Swedencare to make use of the service. FedEx Corporation has its registered offices in the USA, a third country where the GDPR is not applicable. FedEx Corporation is not certified under the EU-USA Data Framework Regulation. The legal basis for the third country transfer is Standard Contractual Clauses accepted by the EU Commission. You can read more about UPS FedEx Corporation’s usage of Standard Contractual Clauses here: https://www.fedex.com/sv-se/privacy-policy.html For more information regarding how FedEx Corporation  processes your personal data, please visit their data privacy policy: https://www.fedex.com/sv-se/privacy-policy.html
Contact information
942 S Shady Grove Rd, Memphis, TN 38120, USA

Social media When you interact with us on social media platforms such as Facebook, Instagram, LinkedIn and Twitter, these companies will also collect and process your personal data. This means that a transfer of your personal data, e.g. your images and name, will take place to third countries outside the EU/EEA, namely the USA. The transfer is necessary to enable you to contact and interact with us on our social medias.

Personal data which may be shared
·       Identity information
·       Contact information
Description
By using the services to contact or interact with us, your personal data is processed by the company Meta Platforms Ireland Ltd, a subsidiary of Meta Platforms, Inc. Meta Platforms, Inc. is based in the USA, a third country with an adequate level of protection according to the European Commission, provided that the receiving company is covered by the EU-USA Data Privacy Framework (‘EU-USA DPF’). As of the current date, Meta Platforms, Inc. is covered by the EU-USA DPF and all transfers are thus based on the European Commission's adequacy decision. You can also read more about how Meta Platforms Ireland Ltd. processes personal data in their privacy policy here: https://www.facebook.com/privacy/policy. 
Contact information
Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Personal data which may be shared
·       Identity information
·       Contact information
Description
By using the services to contact or interact with us, your personal data is processed by the company LinkedIn Ireland Unlimited Company, a subsidiary of LinkedIn Corporation. LinkedIn Corporation is based in the USA, a third country with an adequate level of protection according to the European Commission, provided that the receiving company is covered by the EU-USA Data Privacy Framework (‘EU-USA DPF’). As of the current date, LinkedIn Corporation is not covered by the EU-USA DPF. Instead, all transfers are based on the European Commission's standard contractual clauses, which you can read more about on the LinkedIn’s website: https://www.linkedin.com/help/ linkedin/answer/62533. You can also read more about how LinkedIn Ireland Unlimited Company processes personal data in their privacy policy here: https://www.linkedin.com/ legal/privacy-policy/.  
Contact information
LinkedIn Ireland Unlimited Company Wilton Plaza, Wilton Place, Dublin 2, Ireland

Personal data which may be shared
·       Identity information
·       Contact information
Description
By using the services to contact or interact with us, your personal data is processed by the company Twitter International Unlimited Company, a subsidiary of X Corp. X Corp. is based in the USA, a third country with an adequate level of protection according to the European Commission, provided that the receiving company is covered by the EU-USA Data Privacy Framework (‘EU-USA DPF’). As of the current date, X Corp. is not covered by the EU-USA DPF. Instead, all transfers are based on the European Commission's standard contractual clauses, which you can read more about on the Twitter’s website: https://gdpr.twitter.com/en/faq.html. You can also read more about how Twitter International Unlimited Company processes personal data in their privacy policy here: https://twitter.com/en/privacy.
Contact information
Twitter International Unlimited Company One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland

6. How do we protect your personal data?

Swedencare takes a range of technical and organisational security measures in order to protect your personal data against loss, misuse, unauthorised access, unauthorised disclosure, alteration or destruction. By combining organizational measures such as access control and incident response plans, with technical safeguards such as firewalls and encryption, we have created a robust defence strategy to protect personal data on our web server from a wide range of potential threats. Our commitment to continuous monitoring, improvement, and adaptation ensures that we stay ahead of evolving security challenges. For more information about which security measures we take and what they mean for you and your personal data, please send an e-mail to info@swedencare.co.uk

7. Updates to this privacy policy

We are constantly improving and developing our services, products and our website se.swedencare.com, and the content of this privacy policy may therefore change over time. We encourage you to read this privacy policy every time you use our services and products. If significant changes are made to our services, products or this Privacy Policy, we may notify you by e-mail or by other appropriate means.

8. Contact information to Swedencare and the swedish data protection authority

Swedencare is constantly working to ensure that we comply with data protection legislation in all the markets where we offer our products and services. If you have questions or complaints about our processing of your personal data, or if you wish to enact any of your rights as stated above in section 4, you are welcome to contact us at info@swedencare.co.uk In case you are not satisfied with our handling of your query or case, you have the right to file a complaint with the Swedish data protection authority
(Sw: Integritetsskyddsmyndigheten, ‘IMY’). Integritetsskyddsmyndigheten E-mail: imy@imy.se Website: www.imy.se 
This Data Privacy Policy was last updated 2023-08-21.