Privacy Policy

1. General information about personal data

Heyscent.co ("HeyScent" "Elevate Digital Media AB", "we", "us" or "our") strives to always protect your privacy and your personal data in the best possible way. The purpose of this policy is, among other things, to help you understand what personal data Heyscent.co collects and how we use your personal data.

We always try to be as transparent as possible about how we process your personal data. Do you still have questions about how we process your data after reading this policy? Please feel free to contact us! Email: hi@heyscent.co

2. Changes

We continuously work to ensure that your personal data is handled in the best possible way. Heyscent reserves the right to make changes to this privacy policy. All changes are published on the Website.

3. Who is responsible for the personal data we collect?

Elevate Digital Media AB, organization number 559416-7792, Fagerstagatan 58, Stockholm 16353 (not a visiting address), is the data controller for the processing of your personal data.

4. What personal data do we collect about you and why do we collect it (purpose)?

The personal data we have collected about you is used for various purposes. In this section, we explain:

  • Why we use your personal data.
  • What processing activities we carry out to fulfill the purpose.
  • What personal data is used to fulfill the purpose.
  • What legal basis we base the processing on.
  • How long we retain your data.

4.1 Purpose – To be able to manage orders/purchases online. Categories of personal data stored and processed for this purpose:

  • Name
  • Personal identity number (personnummer)
  • Contact details (e.g., residential or delivery address, email and mobile number)
  • Payment history
  • Payment information
  • Purchase information (e.g., which product has been ordered or whether the product is to be delivered to a different address)

Examples of processing activities:

  • We deliver your product or service (including communicating with you regarding your delivery).
  • We verify your identity and age.
  • We administer your payment (this also includes analyses of which payment solutions we can offer you by checking your payment history or obtaining credit reports from credit reporting agencies).
  • We verify your address against external sources, e.g., Qliro, Ratsit or similar.
  • We administer and communicate with you in the event of complaint and warranty matters relating to your purchase.

Legal basis: The processing is necessary to fulfill our obligations under the purchase agreement (terms of purchase) that we have entered into with you. Your personal identity number (personnummer) is processed based on the importance of secure identification. Personal identity numbers are processed in connection with orders on behalf of or upon request from payment and credit companies, and for the purpose of credit reporting.

Retention period: Until the purchase has been completed (including delivery and payment) and for a period of 3 years thereafter in order to be able to handle any complaint and warranty matters.

4.2 Purpose: To be able to market ourselves and our products and services

Categories of personal data stored and processed for this purpose:

  • Email address, used as the primary means of communication.
  • Delivery address and phone number, used as secondary communication channels.
  • Order history, date of birth and gender, used to tailor our communication and offers for you and thereby make them better and more relevant to you.
  • Personal data collected through cookies (not personally identifiable information).

Examples of processing activities:

  • We display relevant product recommendations, send interest-based articles, provide suggestions for shopping lists or other similar measures.
  • We simplify your use of our services, e.g., by saving your shopping lists/wish lists or your chosen payment method to make your future purchases smoother or reminding you of forgotten/abandoned shopping carts.
  • We send direct marketing via email, SMS, social media or other similar digital channels and postal mail.
  • We send offers from collaboration partners.
  • We carry out tailored campaigns/send offers to you based on your purchase history.
  • We carry out general campaigns or send general offers and invitations to events.

For this purpose, we perform analyses based on your or other members' data.

Read more about this under the heading "analyses, statistics and other data that we use".

Legal basis: Legitimate interest. The processing is necessary for our legitimate interest in being able to market our company and our products and services if you have previously purchased a product from us or created a user account but did not complete the purchase. If you are not a customer of ours, we will ask for your prior consent, e.g., when you sign up for our newsletter.

Remember that you can contact us at any time to object to our direct marketing. All our newsletters include an unsubscribe button. You can reach us at hi@heyscent.co

Retention period: No later than 1 year after your last activity (e.g., when you last made a purchase, opened and clicked on a link in our newsletter or logged into your user account).

4.3 Purpose – To be able to fulfill the company's legal obligations

Categories of personal data stored and processed for this purpose:

  • Name
  • Contact details (e.g., address, email and phone number)
  • Payment history
  • Payment information
  • Your correspondence
  • Information about time of purchase, place of purchase, any defects/complaints

Examples of processing activities:

We may be required to process your personal data in order to fulfill legal obligations, as required by laws, court rulings or government decisions. The requirements may relate to our product liability or the safety of our products. In these cases, we may need to produce general communications and information or specific information to you regarding product alerts and product recalls. The requirements may also relate to our obligations under the Swedish Accounting Act (bokföringslagen) or the Swedish Anti-Money Laundering Act (penningtvättslagen).

Legal basis: Legal obligation. This processing of your personal data is required under applicable law. For example, the following personal data is processed on the basis that it is necessary to fulfill our accounting obligations under the Swedish Accounting Act (bokföringslagen, 1999:1078):

  • Your name
  • Delivery address
  • Invoice number
  • Type and quantity of goods

Retention period: For the time necessary to fulfill the relevant legal obligation or in accordance with applicable legal requirements. For example, the Swedish Accounting Act requires that the above information be retained for 7 years. Another example is matters relating to product liability where the retention period corresponds to the maximum warranty/complaint period of 3 years.

4.4 Purpose: To be able to handle customer service matters. Categories of personal data stored and processed for this purpose:

  • Name
  • Contact details (e.g., address, email and phone number)
  • Your correspondence
  • Information about time of purchase, place of purchase, any defects/complaints
  • User data for your user account

Examples of processing activities:

  • We communicate with you and answer your questions that you send to us by phone or through digital channels.
  • We verify your identity (if necessary).
  • We investigate your complaints and support cases. A support case may, for example, concern technical support.

Legal basis: Legitimate interest. The processing is necessary to satisfy our and your legitimate interest in handling customer service matters.

Retention period: No later than 12 months after the customer service matter has been concluded.

4.5 Purpose: To be able to evaluate, develop and improve our services, products and systems

Categories of personal data stored and processed for this purpose:

  • Age
  • Gender
  • Place of residence
  • Correspondence and feedback regarding our services and products.
  • Purchase and user-generated data (e.g., click and browsing history)
  • Technical data regarding devices used and their settings (e.g., language settings, IP address, browser settings, time zone, operating system, screen resolution and platform)
  • Information about how you have interacted with us, i.e., how you have used the service, login method, where and how long various pages were visited, response times, download errors, how you reach and leave the service, etc.
  • Personal data collected through cookies (not personally identifiable information).

Examples of processing activities:

  • We make our services more user-friendly.
  • We produce data to improve our company by evaluating, streamlining and planning new store and warehouse establishments, purchasing, inventory management and deliveries, or developing our product range.
  • We give you and other customers the opportunity to influence our product range, e.g., through customer and market surveys.
  • We produce data for the purpose of improving IT systems in order to enhance security for the company and for visitors/customers in general.

Read more about this under the heading "analyses, statistics and other data that we use".

Legal basis: Legitimate interest. The processing is necessary to satisfy our and our customers' legitimate interest in evaluating, developing and improving our services, products and systems.

Retention period: For this purpose, it is difficult for us to specify in advance how long your personal data will be retained. Instead, we have implemented procedures to regularly check whether your personal data is still necessary for this purpose. Personal data that we have not used during a period of 12 months will be deleted because we then no longer consider your personal data to be necessary. Of course, we take measures to protect your privacy. When we perform analyses based on your personal data, the employee performing the analysis will not know that the personal data belongs to you, even though we could make the connection to you based on data we hold in another system.

4.6 Purpose – To be able to prevent misuse of a service or to prevent, deter and investigate crimes against the company

Categories of personal data stored and processed for this purpose:

  • Personal identity number (personnummer)
  • Name
  • Purchase and user-generated data (e.g., click and browsing history)
  • Technical data regarding devices used and their settings (e.g., language settings, IP address, browser settings, time zone, operating system, screen resolution and platform)
  • Information about how our digital services are used
  • Any correspondence

Examples of processing activities:

  • We investigate and prevent fraud or other legal violations.
  • We take measures to prevent spam, phishing, harassment, attempts at unauthorized login to user accounts or other actions that are prohibited under our terms of use.
  • We take measures to protect and improve our IT environment against attacks and intrusions.

Legal basis: Our legitimate interest in preventing misuse of a service or preventing, deterring and investigating crimes against the company.

Retention period: From the time of collection and for a period of (at most) 12 months thereafter. If we suspect misuse of a service or that a crime has been committed, we will retain the data for the time necessary to establish, assert or defend our (or third party) legal claims.

5. Analyses, statistics and other data that we use

For certain purposes, we perform analyses and produce data based on our customers' and members' personal data. We do this for the purposes of being able to market the company and the company's products and services, and to evaluate, develop and improve our services, products and systems.

The analyses and production of data can either result in us segmenting our customer database or in us specifically analyzing how you as a customer experience our company and our services and products (in this case, we create a customer profile about you).

If we only segment our customer database, this means that we do not gain any significant customer insight about you specifically; rather, segmentation is about being able to gain better insight into how different customer groups experience our services and products. In these cases, we use limited customer data such as purchase history, age and residential address. This is the case when we perform analyses and produce data to evaluate, develop and improve our services, products and systems, and for parts of our marketing.

For other marketing purposes, we use more personal data so that we can tailor our offering specifically to you. We naturally want you to benefit from the perks, offers, advertisements and other tips that are relevant to you!

In order for us to ensure that you receive relevant content, we need to perform customer-specific analyses based on more personal data. The data may relate to how you use our websites and other digital channels (e.g., which pages and parts of pages you have visited and which searches you have made), your purchase and order history, age, place of residence, stated customer preferences (e.g., regarding products/services, industries), marital status, language and other technical settings, as well as location information from the customer's mobile devices (e.g., mobile phone or tablet), or results from customer satisfaction or market surveys. We may also supplement our data with statistical data (i.e., never data linked specifically to you) from other sources (e.g., other companies) to obtain as accurate a picture as possible of your interests and preferences based on the customer group you belong to.

We have great respect for your privacy and we do not wish to process your personal data for customer-specific analyses if you do not feel comfortable with it. However, we hope that you find our perks, offers and personalized content valuable enough to allow us to continue processing your personal data for these purposes.

If you want us to stop performing customer-specific analyses, you can always object to our marketing to you as a customer (including our customer-specific analyses, i.e., profiling). If you exercise your right to object, it unfortunately means that you will miss out on your personalized perks, offers and personalized content.

6. From which sources do we collect your personal data?

In addition to the data you provide to us yourself, or that we collect from you based on your purchases and how you use our services, we may also collect personal data from third parties. The data we collect from third parties is as follows:

Address information from public registers to ensure that we have the correct address details for you.

7. Companies to which we may disclose your personal data

Data processors. Your personal data may be shared with parties that process personal data on our behalf in their capacity as data processors (personuppgiftsbiträden). In cases where your personal data is disclosed, data processing agreements are in place to ensure that our data processors work in a manner that protects your personal data. We have data processors that assist us with:

Marketing (e.g., solutions for sending marketing to you and optimizing our offering). IT services (companies that handle necessary operations, technical support and maintenance of our IT solutions or store our personal data). Independent data controllers. In addition to this, we may also disclose your personal data to other companies that will be independently responsible for their processing of your personal data. We disclose your personal data to the following companies that are independent data controllers:

Logistics companies and freight carriers (for delivery of your order). Payment solution partners (Qliro and any other companies that assist us with our payment solutions). Credit reporting agencies (for offering various payment methods). If all or part of our business is sold or integrated with another business, your personal data may be disclosed to our advisors, potential buyers and their advisors.

8. Transfer of personal data to a country outside the EU/EEA

We and our suppliers and collaboration partners process your personal data as a general rule only within the EU/EEA. In cases where personal data is processed outside the EU/EEA, there is either a decision from the European Commission that the third country in question ensures an adequate level of protection, or appropriate safeguards are in place, in the form of standard contractual clauses, binding corporate rules or Privacy Shield, which ensure that your rights are protected. If you wish to obtain a copy of the safeguards we have taken or information about where these have been made available, you can do so by contacting us. If you wish to obtain a copy of the safeguards that have been taken or information about where these have been made available, you are welcome to contact us.

9. How long do we retain your personal data?

We never retain your personal data longer than what is necessary for each respective purpose. See more about the specific retention periods under each respective purpose.

10. How is your personal data protected?

We work to keep all personal data that we collect and process in a secure manner. To this end, we have implemented a number of security measures.

We use the SSL protocol, which means that your personal data is private when sent to the Website. This is indicated in the address bar with a green lock. By clicking on the green lock, you can get more information about this, how it works, and see a complete list of all cookies on the Website. You should check that SSL has not been disabled in your browser settings.

We have appropriate antivirus software, firewalls and encryption to prevent unauthorized access to our network and data. Personal data is backed up.

Only authorized personnel who need access to your personal data to perform their duties have access to your personal data. Such duties are covered by the various purposes for which we store and process the personal data. Access to the locations where personal data is stored and processed is restricted to authorized personnel, who must identify themselves to gain access. Personnel have been instructed on the measures they must take to process personal data in a secure manner.

In the event of any personal data breaches, we will report these to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) within 72 hours, and inform the affected individuals when required under applicable law.

11. Your rights

When we process your personal data, you have certain rights as described in the table below. If you wish to exercise any of your rights, please contact us at hi@heyscent.co.

Your right of access. We strive to be transparent about how we process your data. If you wish to gain insight into the personal data processing that we carry out in relation to you, you have the right to request access to your data. If we receive an access request, we may ask for additional information to ensure that we disclose the data to the correct person.

Your right to rectification. Heyscent works to ensure that your personal data is accurate. If any of the personal data you have provided to us needs to be corrected or updated, e.g., if you change your address or mobile number, we ask that you provide the correct personal data by sending an email to our customer service. You naturally have the right to request rectification of your personal data at any time.

Your right to erasure and restriction. Under certain conditions, you also have the right to request erasure of your personal data or restriction of our processing. Please note that we may have the right to deny your request if there are legal obligations or other legitimate interests that prevent us from erasing certain personal data. Examples of such legal obligations include requirements under accounting and tax legislation, banking and anti-money laundering legislation, or consumer protection legislation. With regard to our legitimate interests, we will not erase your personal data if it is necessary for us to establish, assert or defend legal claims. If we cannot comply with your request for erasure, we will block the personal data to ensure that your data is not used for any other purposes.

Your right to object to our processing (including the right to object to direct marketing and automated decision-making). You have the right to object to our processing (e.g., processing based on our legitimate interests). Your personal data may also not be processed for direct marketing if you object to such processing. The objection also covers the analyses of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (e.g., via postal mail, email and SMS). Marketing measures where you as a customer have actively chosen to use one of our services or otherwise sought us out to learn more about our services are not considered direct marketing (e.g., product recommendations or other features and offers on My Pages).

If you object to our direct marketing, we will cease all forms of mailings to you. If you still wish to receive mailings through certain channels, you do not need to object to our direct marketing. In these cases, you can choose to receive offers from us only through the channels you select, e.g., via email but not SMS.

You have the right to object to a decision that has been made through automated processing when this has legal effects or significantly affects you in a similar way. This does not apply if the decision is, for example, necessary for entering into or performing a contract with you (such as in credit applications).

Your right to withdraw consent. Have you given consent to any processing that we carry out? If so, you have the right to withdraw this at any time. Such withdrawal may be limited to only part of the processing. When you withdraw your consent, we will not collect new data about you for the purpose your consent related to, but we still have the right to process the data we collected about you before you withdrew your consent. If there is no other legal basis requiring us to retain the data, we will erase it.

Your right to data portability. Under certain conditions, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another data controller (data portability). This applies to the processing we carry out based on our agreement with you or if you have given your consent to a certain processing.

Your right to lodge a complaint with the supervisory authority. If you have any complaints regarding our processing of your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) or another competent supervisory authority that supervises companies' handling of personal data.

12. Contact us

If you wish to exercise your rights as described above or otherwise want to get in touch with us regarding our processing of your personal data, you can do so by contacting us via email – hi@heyscent.co

13. Links

On the Website, we may link to other websites that are outside our control and vice versa. Although we aim to ensure that we only link to websites that share our view on your privacy and handling of your personal data, Heyscent is not responsible for the protection or confidentiality of information, including personal data, that customers provide on other websites. We recommend that you read the relevant website's privacy policy.