Privacy policy

PRIVACY POLICY

We respect your privacy and are committed to protecting your personal information. We are bound by the General Data Protection Regulation (GDPR). KMP Online AB 559069-5945, (the ”Company”) operates within the market of mail order and e-commerce (the ”Service”). The Company is the data controller for certain processing made regarding your personal data in connection with:

  • You as a customer is provided with the Service;
  • You as a supplier, or representative of these, enter into cooperation with the Company; and
  • You apply for a position at the Company.
  • The Company is responsible for ensuring that all personal data is processed correctly and in accordance with applicable data protection legislation.

This privacy policy (hereinafter referred to as the ”Privacy Policy”) describes the Company’s processing of your personal data and has the purpose of assuring you that the Company is processing your information in accordance with applicable data protection legislation.

Personal data means all types of information that may, directly or indirectly, be associated with a living natural person. Within the scope of the Company’s activities, there may occur personal data relating to, e.g., given names and surnames, personal ID numbers, telephone numbers, addresses, postal codes, e-mail addresses, etc. (hereinafter collectively referred to as ”Personal Data”).

If you cannot find answers to your questions, please contact the Company. Information on how to contact the Company may be found under the heading “Contact Information” below.


COOKIES
When you visit mountainworks.se, we and/or third parties may place cookies on your browser to better understand customer behaviour. We and/or third parties may use this information to optimize our site and place ads. Please read more about our cookies in the Cookie Policy section below.


PROCESSING OF PERSONAL DATA
In this section, we describe how we process your Personal Data more in detail.

Customers and potential customers
A) Purpose: Processing orders from customers.
Type of processing: This includes processing for delivery (including notifications and contacts concerning the delivery), processing of orders from customers, identifying customers, processing payment and processing complaints and warranty claims.
Categories of personal data: Name, social security number, contact information (such as e-mail address and phone number), payment information, purchase information (i.e. which product has been ordered or whether the product should be delivered to another address).
Categories of data subjects: Customers.
Source: Customer.
Lawful basis: Completion of order. This gathering of your personal data is required in order for us to be able to fulfil our commitments as agreed. If the information is not provided, our commitments cannot be fulfilled and we may terminate the agreement.
Automated decision making: This processing does not mean that decisions will be made based on automated processing of personal data.
Data retention: Until the agreement has been performed (including delivery and payment) and for a time of up to 36 months thereafter with the purpose of processing complaints or warranty claims.

B) Purpose: To fulfil the company’s legal obligations regarding the purchase of goods or services.
Type of processing: This includes the necessary processing for fulfilling the company’s legal obligations according to law, court rulings (e.g. the Book-keeping Act) or decisions by authorities.
Categories of personal data: Name, social security number, contact information, payment history, payment information.
Categories of data subjects: Customers.
Source: Customer.
Lawful basis: Legal obligation.
Automated decision making: This processing does not imply that decisions will be made based on automated processing of personal data.
Data retention: Until the purchase had been completed (including delivery and payment) and for a time of up to 7 years thereafter.

C) Purpose: Processing customer service matters.
Type of processing: The processing includes communication and answers to potential questions related to customer service (by phone or in digital channels, including social media), identifying the customer and investigation of potential complaints.
Categories of personal data: Name, social security number, contact information, correspondence with the customer or customer’s representative. Information on purchase time, potential defects/complaints.
Categories of data subjects: Customers.
Source: Customer.
Lawful basis: Legitimate interest. The processing is necessary to meet ours and the data subject’s legitimate interest in processing information regarding customer service matters.
Automated decision making: This processing does not imply that decisions will be made based on automated processing of personal data.
Data retention: Until the customer service matter has been settled.

D) Purpose: Marketing.
Type of processing: This includes e.g. marketing mailings regarding our products and services via e-mail, text message (SMS) and by post.
Categories of personal data: Name, contact information.
Categories of data subjects: Customers, potential customers.
Source: Customer or representatives of customers, potential customers.
Lawful basis: Consent and legitimate interest. The processing is necessary to cater to our interest in marketing our products and services.
Automated decision making: This processing does not imply that decisions will be made based on the automatic processing of personal data.
Data retention: One year from the last contact. Longer after consent.

Suppliers
Purpose: In order to communicate with contact persons for suppliers and partners.
Type of processing: This includes e.g. processing deliveries and cooperation as well as providing an organizational chart and telephone list to collaborate internally within the company. Supplier directory for easier access to contact information.
Categories of personal data: Name, contact information.
Categories of data subjects: Suppliers and their representatives.
Source: From suppliers.
Lawful basis: Legitimate interest. The company has a legitimate interest in processing the personal data necessary to communicate with contact persons for suppliers and partners.
Automated decision making: This processing does not imply that decisions will be made based on automated processing of personal data.
Data retention: Until we have received information that the contact person has quit or changed contact information, or for as long as the contractual relationship remains.

Job seekers
Purpose: In order to administer a recruitment process.
Type of processing: This includes e.g. to review the application or to communicate with the applicant.
Categories of personal data: Name, social security number, contact information, proof of identity, information on jobseeker’s performances and prior work experience.
Categories of data subjects: Jobseekers.
Source: Jobseeker and jobseeker’s employer.
Lawful basis: Until the position is appointed: completion of the agreement. After the position has been appointed: legitimate interest (or consent).
Automated decision making: This processing does not imply that decisions will be made based on automated processing of personal data.
Data retention: Up to two years from when the position was appointed. Following the completed recruitment process, the information is filed in order to be used at a potential appeal of the recruitment in accordance with e.g. non-discrimination legislation. When there is no longer a possibility to appeal, the information will be destroyed unless there is consent to continued processing.


RECIPIENTS OF PERSONAL DATA AND TRANSFERS TO COUNTRIES OUTSIDE THE EU/EEA
In our capacity as Personal Data Controller, we may assign the processing specified above to a partner or supplier. Such processing will not be done for other purposes than what is described above. Some partners and suppliers may have parts of their businesses in countries outside of the EU/EEA (so-called Third Countries). Transfer of Personal Data will only be made to such countries that offer an adequate level of data protection, as decided by the EU Commission, or if the supplier has a legally binding and enforceable instrument that guarantees the safety of the Personal Data.

You can be assured that we will not share or sell personal information to third parties for marketing purposes. We mainly use partners and third parties within the EU / EEA area to process and store the information.

Please note that our webshop may contain links to external web pages. We are not responsible for the privacy policy or processing of your personal data on any external websites. We recommend that you read the privacy policy that applies to the specific website.

DATA PROCESSING RULES
We process your personal information in compliance with the General Data Protection Regulation. In accordance with GDPR, the personal data shall be:

  1. processed lawfully, fairly and in a transparent manner.
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay.
  5. kept in a form that permits identification for no longer than is necessary for the purposes for which the personal data is processed.
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.


YOUR RIGHTS AS DATA SUBJECT
You have the right to:

  1. Request information about what type of Personal Data we process, and you may request a copy of these (extract from registry);
  2. Have incorrect Personal Data corrected and, under certain circumstances, ask us to erase your Personal Data;
  3. Have your personal data transferred to another controller (right to data portability);
  4. Withdraw your consent to the processing of your Personal Data; and
  5. Object against the processing of certain Personal Data and request that the processing of your Personal Data be limited.
  6. If you are unhappy with the way we process your Personal Data, you may file a complaint with the Data Inspection Board, which is the supervisory authority.

See contact information for asserting your rights under ”Privacy Disclaimer and Contact Information”. However, please note that such limitation or deletion of your Personal Data may result in the Company not being able to provide the Service.


PERSONAL DATA PROTECTION
The Company has undertaken appropriate technical and organizational measures in order to protect Personal Data against loss, abuse, unauthorized access, disclosure, alteration and destruction. The Company’s employees, subcontractors and its suppliers are bound by confidentiality agreements and are obligated to follow the Company’s rules for information and IT security, this Privacy Policy and other internal rules which further regulate the processing of Personal Data.


AMENDMENTS TO THIS PRIVACY POLICY
The Company retains the right to revise this Privacy Policy from time to time. The date of the latest amendment is indicated at the end of this Privacy Policy. If the Company amends this Privacy Policy, the Company will publish these amendments at www.mountainworks.se. You are therefore recommended to regularly review this Privacy Policy in order to be updated on any amendments. If this Privacy Policy is substantially amended compared to what was stated when the Company obtained your consent, the Company will notify you of these amendments and, if necessary, obtain new consent to the Company’s processing of your Personal Data.


CONTACT INFORMATION
If you have any questions regarding the Privacy Policy or our processing, please contact us by e-mail: info@mountainworks.se or by post: KMP Online AB, Ljusslingan 4, 120 31 Stockholm, Sweden.
KMP Online AB, reg. no. 559069-5945
+46 (0)8 587 916 00
KMP Online AB is part of MnO International AB (556497-9457)

The Privacy Policy was last updated May 2022.