Loading

Last modified: 17 April, 2019

Privacy Policy – GDPR

Introduction

I wrote this privacy policy to help you as a visitor to understand what data is collected about you when you visit and interact with this site in different ways, as well as what security measures are in place to keep that data safe and what control you have over this data. I also tell you about what third-party services I use and provide links to their privacy policies so you can read and/or get in touch with them.

Even though this policy might seem long and daunting to read, I have sectioned everything in a way to make it easy to understand what section contains what information. Also, I have written everything myself, so it should be easy to understand and “jargon-free”.

That said, if you feel something is unclear after reading this privacy policy, you are very welcome to contact me. Contact details can be found at the bottom of this privacy policy.

What data is collected and why

I collect data about you as a visitor to this site for different purposes depending on your actions. I also use third party services which also collects data about you when you visit and interact with this website such as for statistical purposes.

You can read below what data I collect about you, as well as what third-party services I use and why I use them.

There will also be links to the privacy policies for each third-party service I use below where you can get information and contact details for each of them.

Contact Form

When you contact me through the contact form, the data in the form is collected. This includes:

  • Your name (optional)
  • Your email address(required)
  • Your message subject (required)
  • Your message (required)

This data is collected in order for me to be able to respond to your message such as in the case of providing support, answering a question or otherwise provide you with information regarding your message to me.

Generally, no information you supply through the contact form is shared with third-parties, except for cases in which they are involved in your request. This could be cases such as if you request deletion of your data. In such a case, third parties that might hold data about you as well will be notified of this and handed relevant data about you for this purpose. Your data might also be shared with relevant entities such as if requested as necessary by law.

The legal basis is: legitimate interest.

Ordering of services or products

When you order a service or product from me in the shop, I collect data about you in order to provide such service or product to you, to provide you with your order information, to provide you with product updates, to be able to invoice you for payment as well as to provide you with any purchase related service/support like in the case you request a refund or otherwise exercise your rights in regards to your order/purchase.

The data I collect about you is that which you supply to me through the billing information on the checkout page. This includes but are not limited to:

  • Your first name and last name
  • Your organization number or national identification number/SSN (if applicable)
  • Your street address
  • Your country
  • Your town/city
  • Your state/county (if applicable)
  • Your Postcode/ ZIP
  • Your email address

If any required billing details given at checkout is incomplete or incorrect or other problems have arisen after your order has been sent in which prevents the order from completing, you may be contacted directly via email regarding the issue.

The legal basis is: contract with customer.

Browsing and interacting with the shop

When you browse or otherwise interact with the shop in different ways such as clicking on a product to view it or adding a product to the cart, a few different cookies are set in your browser. Please refer to the cookie policy to know which these cookies are and what control you have over them.

You can also leave a review on products, in which the data you have entered into the review form will be stored.

Legal basis is: Legitimate interest.

Who your data is shared with

Third-party Services

I never sell any data about you to third parties. I do however use third-parties that provide different services that uses data about you in order to provide their services to me. For example, I use an umbrella company in order to invoice my customers. They invoice my customers on my behalf, as well as handle all income-taxes etc. and then pays me as an employee. This simplifies my work so I can focus on running this site and provide my services and products.

These third-parties have their own privacy policies that I do not have control over. They are their own companies and as such they have their own regulations. That said, I make sure to keep my self updated with the data-practices of the third-party services I use. You can read each of their privacy policies as described below.

Jetpack Features – Automattic

I use a number of features/services that are made by the company Automattic to enhance the performance, security etc for this site. For these services to work, Automattic receives some data about you depending on your actions on this site. In this section, you can read more about what these services are and there are also relevant links to pages where you can read more about the specific data which is collected about you for these services. I highly recommend you read each of those pages as well.

Statistical Service (Jetpack Stats): I use a statistical service to help me improve my site with relevant articles, other site content and for SEO (search engine optimization). This service collects data about you (such as your IP-address) when you visit my site, as well as when you interact with it (such as when you click a link). That data is then used by Automattic in order to provide me anonymous statistical data (such as what link on my page was clicked, what search terms was used in a search engine before the user entered my site etc.). In other words, I can’t tell who you are (I can’t see your IP-address or other identifying information about you) through the statistics as I do not have any access to such data.

Your control over this data

This site honors your DNT(Do Not Track) settings in regards to this statistical service. That means if you have the Do Not Track setting turned on in your browser, the statistical service will not track you on this site. Please refer to the manual for your specific browser to know how to turn DNT on/off.

You can read the privacy notice of Automattic here: https://automattic.com/privacy-notice/
You can also read about the exact data that Automattic collects about you for this statistical service here: https://jetpack.com/support/wordpress-com-stats/#privacy

Comments & Comment Spam Detection (Askimet): I also use a comment service which allows visitors to post comments on my website through a comment form. In conjunction with this comment form service I use a comment spam detection service. This service helps with detecting spam comments on my site to filter them away from the other legitimate comments. That means that when you as a visitor to this site use the comment form on any page or article post, the data of that comment might be sent to Automattic for spam detection as well as some other data that is not visible in the comment form such as your IP-address, user-agent etc. As a user to this service, I have direct access to your IP-address and email address when you leave a comment.

You can read more about what data is collected about you when you leave comments here:  https://jetpack.com/support/for-your-privacy-policy/#jetpack-comments
You can read the privacy notice of Automattic here: https://automattic.com/privacy-notice/

Brute-force login protection (Protect): Automattic also provides a service which I use for protection against unauthorized attempts at logging in to the back-end of the site. This service uses visitors data when an attempt is made at logging in to the back-end in order to function. In other words, it does not collect any data automatically without attempting to log in. As a user to this service, I do not have access to any personally identifiable information about you.

You can read more about what data is collected for this purpose here:https://jetpack.com/support/for-your-privacy-policy/#protect
You can read the privacy notice of Automattic here:https://automattic.com/privacy-notice/

Other third-party services

Web-hosting service: I use a web-host to host my site named One.com (B.one). They collect data about you as a visitor to my site in order to provide their hosting service for purposes such as securing their servers etc. This includes data such as your IP-address.
You can read more about the privacy policy of One.com here: https://www.one.com/static/info-privacy-notice.do

Payment Solution: I use an umbrella company by the name Frilans Finans Sverige AB when I sell my services and products. They invoice customers on my behalf and then pay me in form of a salary as a temporary employee. They use the data that I collect from you from the billing form you fill in at checkout in order to invoice you. I provide this data to them manually.

If any information that you have given for the purpose of this invoicing service is lacking or incorrect (such as you gave an incorrect name or other details), Frilans Finans Sverige AB might ask for additional/correct details from you in order to be able to provide their service.

You can read more about the privacy policy of Frilans Finans Sverige AB here:https://www.frilansfinans.se/en/privacy-policy/

Publicly shown data

Some data you post on this site is shown to the public that visits this site. As such, your data is shared with the public when:

You post a comment on a post/article or page. The data you provide in the comment form is the data that is shown to the public except for your email address which is not shown. No other comment data is available for the public/visitors to see.

Product reviews: If you leave a product review on a product page, the data you provided in the review form will be visible to the public who visits this site.

Information shared as requested by law

If requested by law, some information about you might be disclosed to appropriate entities.

How long your data is retained for

Data is retained for different lengths of time depending on their purpose for being stored. For example, when you use the contact form to ask me a question, your contact form details will be stored for as long as it’s needed to answer your question. This will obviously depend on the individual conversation, one might take longer to be deemed as “complete” than others. I never store data for longer than I need it for the different purposes I have outlined in this privacy policy. The third-party services I use have different retention times, so you should refer to the privacy policies of these third-party services. I will refer to data I store, have access to and can control as data “on my end”.

Contact form

When you use the contact form to send a message to me, the data associated with the form is stored for two reasons (read more in the first-party section) and have two different retention times as outlined below.

To provide support/answer questions: The retention time varies depending on the purpose of the message. If it’s a question for example, the retention time will be for however long it takes for the question to be deemed answered. If the visitor doesn’t continue the conversation within 30 days of their last message, then that conversation will be deemed as complete and therefore all data pertaining that conversation will be deleted. Also if the conversations is for example, particularly long, and older messages pertaining that conversation isn’t necessary for the context anymore, they will be also deleted. This does not include any information that is needed to be retained for legal reasons as appropriate by law.

To prevent misuse: If it’s deemed that someone is misusing the contact form, their IP-address will be retained for 6 months in order to prevent the misuse of it. After the 6 months retention time for this purpose, the data will be deleted unless needed for legal reasons such as if it is requested by law authorities.

Comments (Jetpack)

Comment spam detection service (Askimet):
You can read about how long Automattic stores data about you with this service here: https://akismet.com/gdpr/

No personally identifiable data about you is stored on my end with this service.

Comments: Any comments that shows on this site is stored on my end for as long as the article/post or page it is posted on exists or commenter requests removal of their comment(s).

Ordering of products or services

When you order a product or service from me, your data is stored for maximum 6 years on my end in order to be able to provide you with support in cases such as if you experience defects in your purchased products in regards to the European Consumer Guarantees.

The company which I use to invoice my customers with is called Frilans Finans Sverige AB, and they might store your data for longer or shorter time.
You can read their privacy policy here: https://www.frilansfinans.se/en/privacy-policy/

Browsing and interacting with the shop

No data is retained about you on my end when you browse or interact with the shop without making an order. However, some cookies are set in your browser, which you can read more about in the cookie policy.

Statistics (Jetpack)

The data stored by the site statistics service as provided by Automattic is stored indefinitely and contains no personally identifying data about you on my end. However Automattic stores such data on their end for 28 days. You can read about that here: https://jetpack.com/support/wordpress-com-stats/#data-visibility-and-retention

Protect (Jetpack)

No data about you is stored on my end with this service. To learn how long Atomattic stores data about you, please refer to this page: https://jetpack.com/support/security-features/#privacy

Web-hosting

Please refer to the privacy policy of One.com (B-one) with regards to how long they retain data about you as a visitor to my site: https://www.one.com/static/info-privacy-notice.do

What rights you have over your data

If you want to request an excerpt of the data that is held about you, want to update any data that is held about you or want to delete any of your data, you can contact me with the appropriate request. To do this, please contact: kontakt@aurorakreativ.com. I will respond to your inquiry within one month.

Where your data is sent (Outside of Europe)

Below I have specified which third-party services I use that processes data in third-countries.

Services by Automattic (as specified in this privacy policy)

Automattic processes the data for the services I use in Ireland and USA and have measures in place to make sure any data they transfer outside of the EEA is adequately protected. You can read more about this in their privacy policy: https://automattic.com/privacy/#transferring-information

Invoicing service (Frilans Finans Sverige AB)

Frilans Finans Sverige AB processes the data for the service I use in Sweden but might also transfer some data outside of the EU/EEA region. In such cases, they take appropriate safeguards to make sure that the level of protection is the same as within the EU/EEA region.
You can read more about this in their privacy policy here: https://www.frilansfinans.se/en/privacy-policy/

Changes to this privacy policy

This privacy policy might come to change from time to time. As such, please check it regularly. At the top of this privacy policy, there’s a time-stamp “Last modified” that shows you when the last modification was made to it.

Contact details

I, the site owner, am the data controller for this website and my name is Sara Rennelöv. I operate this website from Sweden. If you wish to contact me, you can do so by emailing me at: kontakt@aurorakreativ.com.