Privacy Policy (GDPR – Processing of Personal Data)

When you shop with us, we process your personal data in accordance with the GDPR (General Data Protection Regulation, EU 2016/679). By using our website and making a purchase, you agree to this Privacy Policy.

1. Data Controller

AB Smadi Interior & Studio
Org. no: 556813-1188
VAT no: SE556813118801
Address: Biblioteksgatan 16C, 831 34 Östersund, Sweden
Email: service@nordicbutik.com

2. Personal Data We Collect

We process the data necessary to complete orders and deliveries, including:

  • Name and contact details (address, phone number, email)
  • Payment information (card details, Klarna, PayPal, etc.)
  • Order and delivery history
  • Account information (if you create a customer account)
  • Communication with customer service

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

  • Order processing & delivery (including booking shipments with carriers) → necessary for the performance of a contract.
  • Payment & invoicing → necessary for the performance of a contract and for compliance with legal obligations (e.g., bookkeeping laws).
  • Customer service → legitimate interest and contract performance.
  • Marketing/newsletters → only with your explicit consent.

4. Retention Period

  • Customer data is stored for a maximum of 12 months after the customer relationship has ended.
  • Invoice and bookkeeping data are stored for 7 years in accordance with accounting legislation.
  • Data processed based on your consent (e.g., newsletters) is deleted once you withdraw your consent.

5. Sharing of Personal Data with Third Parties

We never sell your data. However, to fulfill our contract with you, we share your data with trusted partners:

  • Shipping companies/carriers (DHL, UPS, Schenker, etc.) → to book and manage delivery, including notifications.
  • Payment providers (Klarna, PayPal, Stripe, banks) → to process payments.
  • IT and service providers → for operating our website and order management.

All partners are bound by GDPR and may only process your data according to our instructions.

6. Your Rights

As a customer, you have the right to:

  • Request access to the data we hold about you.
  • Request rectification or completion of incorrect data.
  • Request erasure (“the right to be forgotten”) in certain cases.
  • Restrict the processing of your data.
  • Request data portability (receive your data in a structured, commonly used format).
  • Object to processing for direct marketing purposes.

To exercise your rights, contact us at service@nordicbutik.com.

7. Complaints

If you believe that we are processing your personal data incorrectly, you have the right to lodge a complaint with the supervisory authority:

Swedish Authority for Privacy Protection (IMY)
Box 8114, 104 20 Stockholm
www.imy.se

8. Security

We use SSL encryption and other technical and organizational measures to protect your data against unauthorized access. Only authorized staff have access to personal data.