CONTROLLER OF PERSONAL DATA
SACHAJUAN Haircare AB (556646-8152) is the legal entity responsible as controller of personal data as outlined by the General Data Protection Regulations (GDPR). SACHAJUAN is the “data controller” of any personal data it may collect, process and hold about you, unless we inform you otherwise. If you are based in the European Union, you have the right to make a complaint at any time to your local supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority, so please contact us in the first instance.
It is important for you to understand and be able to exercise your “data rights”, we have listed them below;
Request for an extract from the register: You have the right to, at any time, request information on the personal data we have about you (an extract from the register). If you request this more than once in each calendar year, we will charge you an administrative fee to provide the information.
A request for an extract from the register shall be sent to email@example.com and we answer your requests without undue delay and within one (1) month. If we for any reason cannot fulfill your wishes, a justification will be provided and we will inform you of how long we will need to answer your request.
Your extract from the register will be sent to your registered address or to the e-mail address you left in connection with the start of the processing activities.
Request for rectification: If your data is inaccurate, incomplete or irrelevant, you are entitled to request to have them rectified.
Erasure: Under certain circumstances (ref: art. 17 of the GDPR), you have the right to have your personal data erased. This, however, is not the case if we e.g. are obliged by law to keep the data.
Withdraw a consent: If we process your personal data based on the legal basis consent, you have the right to withdraw your consent at any time regarding future processing.
Objecting to processing: You have the right to object to processing based on the legal ground weighing of interests, i.e. where we have set a legitimate interest as the basis for the processing.
Data portability: If you wish to transmit the personal data that you have shared with us to someone else, you have the right to receive a copy of the personal data concerning you in a structured, commonly used and machine-readable format.
Restriction of processing: You can also have the right to request that the processing of your personal data is restricted when possible. However, if you request such restriction of the processing, it may lead to us not being able to fulfill our commitments toward you during the ongoing restriction.
The right to lodge a complaint: We ask you to contact us at firstname.lastname@example.org if you are dissatisfied with the way we treat your personal data.
You also have the right to lodge complaints to the Swedish Data Protection Authority.
SECURITY OF YOUR PERSONAL INFORMATION
SACHAJUAN takes reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
WHAT PERSONAL DATA DO WE COLLECT?
All personal information is treated with confidentiality and processed only for the purposes below and always on a lawful basis and on some occasions based on our legitimate interest as a business. Under no circumstances will SACHAJUAN forward your personal data to third parties for any other reason than the ones outlined in the section below on how we handle data to third-party services.
PERSONAL INFORMATION INCLUDES:
• Your name and physical address, email addresses, and telephone numbers
• Behavioral or demographic attributes, when tied to personal identifiers
• Past transactional behavior on our website
• Information about your company such as the name, size and location of your company and your role within the company
WE ALSO COLLECT OTHER INFORMATION THAT INCLUDES:
• Internet Protocol address (“IP address”) and information derived from your IP address such as your geographic location browser type and version, operating system, referral source, length of visit, page views, and website navigation.
• Behavioral data about your usage of the SACHAJUAN website, such as web pages clicked, websites and content areas visited, date and time of activities
• The web search you used to locate and navigate to the SACHAJUAN website
• In some instances, we may combine other information with personal information, such as deriving geographical location from your IP address and combining behavioral data about your usage of the channels with your name. If we combine other information with personal information, we will treat the combined information as personal information.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL INFORMATION
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
• Where we need to perform the contract, we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
MORE ABOUT RETENTION
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal information are available upon request by contacting us. In some circumstances, you can ask us to delete your information (art.17 GDPR)
In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
OPT-OUT FROM DIRECT MARKETING
You will receive marketing communications from us if you have requested information or purchased goods or services from us in the past, or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that communication. If you do not wish to receive any more emails from us you have the right to opt-out at any moment and free of charge, either use the unsubscribe link that is included in all our messages, or contact us by email at email@example.com.
WITHDRAWING YOUR CONSENT
You may withdraw your consent as the legal basis for processing your personal information at any time regarding future processing, without affecting the lawfulness of processing based on consent before its withdrawal. To do this, please contact us at firstname.lastname@example.org.
INTERNATIONAL TRANSFER OF DATA / DATA SHARED WITHIN SACHAJUAN
SACHAJUAN is a global company with its parent SACHAJUAN Haircare AB in Sweden and it’s subsidiary SACHAJUAN Inc. in the US. In order to fulfill business needs, our performance and our contractual agreements, SACHAJUAN may share resources and data between the two legal entities. The data is shared under intra-group service agreement between the companies with a strict section about confidentiality.
SACHAJUAN may share personal information and other information with third parties who provide services to SACHAJUAN, such as analytics, event/campaign management, website management, information technology and related infrastructure provision, customer service, email delivery, auditing, and other similar services. When SACHAJUAN shares personal information with third-party service providers, we require that they use your personal information and other information only for the purpose of providing services to us and subject to terms consistent with this Policy. Data Processing Addendums (DPA) are in place with our third-party vendors. We may also disclose your personal information to a third party if and only if we are forced to do so in order to conform to legal requirements or to comply with a legal process. We use software service providers for storing data, providing support to our services, managing and administering customer relations and managing and administering our marketing and sales activities. All contracted third-party service providers are obliged to keep your details securely, and to use them only to fulfill the service they provide us or our customers on our behalf. To ensure the safety of your personal data, we only use third-party service providers in the EU or the U.S., bound to compliance with either the European Data Protection legislation (including the EU General Data Protection Regulation 2016/679 “GDPR”) or the EU – U.S. Privacy Shield, which requires them to provide similar protection to personal information shared between Europe and the US. Please note, however, that we can provide access to your personal data in case of illegal or abusive use, or in case we receive orders from a competent legal authority
We ask that you do not send or share any sensitive personal information (e.g., government-issued or financial account numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background, or trade union membership with us. If this kind of information is shared with us, we will delete it immediately.
CHANGE OF PURPOSE
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, or ask for your consent if needed. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
CHANGES TO THE POLICY
Please note that we may be able to make some minor changes to this policy that are not crucial for the data subject affected by this policy. The latest version of this policy can always be found at www.sachajuan.com Effective: November 1, 2021 Last edited: November, 2021