Privacy policy
We process as little personal data as possible — only what is needed for you to shop with us and for us to comply with the law. This page describes what we process, why, for how long, and the rights you have under the General Data Protection Regulation (GDPR).
Data controller
Ansvar Systems AB
Swedish company reg. no. (org.nr): 559547-2225
Ingemarsboda 565, 841 74 Fränsta, Sverige
Email: info@svalgarden.com
What data we process and why
When you place an order we process your name, delivery address, email address and the details of what you ordered. We do this to:
- Complete and deliver your order — conclude and perform the sales contract with you (Article 6(1)(b) GDPR).
- Meet our bookkeeping obligation — order and payment records are kept as accounting material because Swedish law requires it (Article 6(1)(c) GDPR together with the Swedish Bookkeeping Act, bokföringslagen (1999:1078) ch. 7 s. 2).
- Handle complaints and withdrawals — respond to and process matters concerning defective goods or withdrawn purchases (Article 6(1)(b) and (c) GDPR).
Providing your name, delivery address and email address is necessary to enter into the contract and deliver your order — without them we cannot complete the purchase. We make no automated decisions about you and do no profiling.
Who receives the data
- Stripe Payments Europe, Ltd. — handles the entire payment. Card, Swish, Klarna and PayPal details are entered directly in Stripe's checkout and are processed by Stripe under its own responsibility; they never reach our servers. Stripe sends the receipt to your email.
- Resend, Inc. — the technical provider that sends our transactional emails (the order confirmation and the acknowledgement when you use the withdrawal function), processing your name, email address and order details on our behalf.
- PostNord or DHL — receive your name and delivery address so the parcel can be delivered.
- Accounting — our accounting provider handles the order and payment records that form part of the bookkeeping.
- Public authorities — where required by law, for example the Swedish Tax Agency (Skatteverket).
We never sell your data and share it with no one beyond the recipients above.
Transfers outside the EU/EEA
Stripe may transfer payment-related data to its parent company Stripe, Inc. in the USA, and Resend, Inc. is a US company that may process your name, email address and order details in the USA when sending transactional emails. Such transfers rely on the EU adequacy decision for the EU–US Data Privacy Framework and/or the European Commission's standard contractual clauses (Articles 44–46 GDPR). Beyond this we transfer no data outside the EU/EEA.
How long the data is kept
Order data is kept for as long as needed to perform and follow up the purchase (including the complaint period) and thereafter as accounting material for seven years after the end of the calendar year in which the financial year ended (bokföringslagen ch. 7 s. 2). We keep no marketing database and send no newsletters — your data is used for nothing other than your order.
No cookies, no tracking, no accounts
This site sets no cookies and uses no analytics or tracking services. You need no customer account to shop. Your cart is stored only locally in your own browser (localStorage) — this is storage strictly necessary to provide a service you have explicitly requested and therefore requires no consent (Swedish Electronic Communications Act, lagen (2022:482) om elektronisk kommunikation, ch. 9 s. 28 second paragraph 2, implementing Article 5(3) of the ePrivacy Directive). Its contents are sent to us only when you yourself proceed to checkout — and then only the item numbers and quantities, to create your payment with Stripe; it is never stored with us. You can empty the cart at any time by clearing site data in your browser.
If you use the online withdrawal function, your details (name, email address, order number and any message) are sent by email only — to us, and to you as a confirmation. Nothing is stored on any server of ours.
Your rights
Under Articles 15–21 GDPR you have the right to:
- access the personal data we process about you,
- have inaccurate data rectified,
- have data erased, to the extent we are not legally required to keep it,
- have processing restricted,
- receive your data in a machine-readable format (data portability),
- object to processing.
Contact us at info@svalgarden.com and we will help you. You also have the right to lodge a complaint with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY), Box 8114, SE-104 20 Stockholm, Sweden, www.imy.se (Article 77 GDPR). If you live in another EU country you may instead contact your national data protection authority.
Changes
If we change this policy, the new version will be published on this page. The processing of data already provided will not change without a legal basis.