Even though this policy might seem long and daunting to read, I have sectioned everything in a way to make it easy to understand what section contains what information. Also, I have written everything myself, so it should be easy to understand and “jargon-free”.
What data is collected and why
I collect data about you as a visitor to this site for different purposes depending on your actions. I also use third party services which also collects data about you when you visit and interact with this website such as for statistical purposes.
You can read below what data I collect about you, as well as what third-party services I use and why I use them.
There will also be links to the privacy policies for each third-party service I use below where you can get information and contact details for each of them.
When you contact me through the contact form, the data in the form is collected. This includes:
- Your name (optional)
- Your email address(required)
- Your message subject (required)
- Your message (required)
This data is collected in order for me to be able to respond to your message such as in the case of providing support, answering a question or otherwise provide you with information regarding your message to me.
Generally, no information you supply through the contact form is shared with third-parties, except for cases in which they are involved in your request. This could be cases such as if you request deletion of your data. In such a case, third parties that might hold data about you as well will be notified of this and handed relevant data about you for this purpose. Your data might also be shared with relevant entities such as if requested as necessary by law.
Contact form data is also checked for spam with the third-party service called Askimet. Please read the third party section below for more information about Askimet.
The legal basis is: legitimate interest.
Ordering of services or products
When you order a service or product from me in the shop, I collect data about you in order to:
- provide such service or product to you
- provide you with your order information
- notify you of any changes in your customer account
- be able to invoice you for payment
- provide you with any purchase related service/support like in the case you request a refund or otherwise exercise your rights in regards to your order/purchase.
The data I collect about you is that which you supply to me through the billing information on the checkout page. This includes but are not limited to:
- Your first name and last name
- Your organization number or national identification number/SSN (if applicable)
- Your street address
- Your country
- Your town/city
- Your state/county (if applicable)
- Your Postcode/ ZIP
- Your email address
Other information such as your IP-address is also collected in order to help verifying your location for tax/VAT purposes.
An account is also automatically created for you when you place an order using the information stated above that you provide at checkout. The account is created to provide you with ability to have an overview of you purchase history and order details and so you can edit your shopping/ordering settings and preferences such as in cases you want to subscribe to product update notifications or not.
Email Subscription Choices
At checkout, you can choose if you want to receive product update notifications to your email address. Please read more about what data is collected for this purpose in the “Email Subscriptions/Newsletters” section below.
Browsing and interacting with the shop
Legal basis is: Legitimate interest.
At different places on this site, you can choose to subscribe to different newsletters or other email notifications of your choice. This includes in your personal account, in the sidebar of the site and on checkout to name a few. If you choose to sign up for any of these, some data about you will be collected and stored in order to fulfill this service to you. This data includes:
- Your email address
- Your IP-address
This data is required in order to be able to send emails to you and to be able to verify your subscription choices.
Legal basis: Consent
Your control over this data
You can at any time cancel your subscription to any of the newsletters or email notifications you have previously subscribed to by clicking the link “Manage subscriptions” in the newsletter emails you receive, or by contacting: kontakt(at)aurorakreativ(dot)com or by using the contact form available on this site and requesting it. You can also, via the same link in the subscription emails you receive, change your email address.
If you have an account on this site, you can also log in to it and manage your subscriptions or change your email address by clicking the link “Manage Email Subscriptions”.
Who your data is shared with
I never sell any data about you to third parties. I do however use third-parties that provide different services to me that helps me run this website or my business, and sometimes I use affiliate links that may result in compensation for me when used by a visitor. Some of these services uses data about you in order to provide their services to me. For example, I use an umbrella company in order to invoice my customers. They invoice my customers on my behalf, as well as handle all income-taxes etc. and then pays me as an employee. This simplifies my work so I can focus on running this site and provide my services and products.
These third-parties have their own privacy policies that I do not have control over. They are their own companies and as such they have their own regulations. That said, I make sure to keep my self updated with the data-practices of the third-party services I use. You can read each of their privacy policies as described below.
I use an analytical service called Google Analytics for this website. It helps me analyze how many views I get on different pages, what content is interacted with and how the visitor journeys through the sites pages for example. I only use this service to be able to better my websites content and the statistics gathered is not sold or otherwise shared with any other third-parties. It also isn’t combined with any other service or data that would allow me to identify you personally. The service requires data about my website visitors in order to be able to provide the statistics, however, this data is anonymous and cannot identify you as a person. For example, your IP-address is collected and sent to the analytic service but is anonymised in the process before it can be used for statistical purposes.
You can read more about how this service works in regards to collecting data about you as a visitor to my site here: https://support.google.com/analytics/answer/6004245
The relevant parts are under the Google Analytics sections.
Jetpack Features – Automattic
I use a number of features/services that are made by the company Automattic to enhance the performance, security etc for this site. For these services to work, Automattic receives some data about you depending on your actions on this site. In this section, you can read more about what these services are and there are also relevant links to pages where you can read more about the specific data which is collected about you for these services. I highly recommend you read each of those pages as well.
Statistical Service (Jetpack Stats): I use a statistical service to help me improve my site with relevant articles, other site content and for SEO (search engine optimization). This service collects data about you (such as your IP-address) when you visit my site, as well as when you interact with it (such as when you click a link). That data is then used by Automattic in order to provide me anonymous statistical data (such as what link on my page was clicked, what search terms was used in a search engine before the user entered my site etc.). In other words, I can’t tell who you are (I can’t see your IP-address or other identifying information about you) through the statistics as I do not have any access to such data.
Your control over this data
This site honors your DNT(Do Not Track) settings in regards to this statistical service. That means if you have the Do Not Track setting turned on in your browser, the statistical service will not track you on this site. Please refer to the manual for your specific browser to know how to turn DNT on/off.
You can read the privacy notice of Automattic here: https://automattic.com/privacy-notice/
You can also read about the exact data that Automattic collects about you for this statistical service here: https://jetpack.com/support/wordpress-com-stats/#privacy
Comments & Comment Spam Detection (Askimet): I also use a comment service which allows visitors to post comments on my website through a comment form. In conjunction with this comment form service I use a comment spam detection service. This service helps with detecting spam comments on my site to filter them away from the other legitimate comments. That means that when you as a visitor to this site use the comment form on any page or article post, the data of that comment might be sent to Automattic for spam detection as well as some other data that is not visible in the comment form such as your IP-address, user-agent etc. As a user to this service, I have direct access to your IP and email address when you leave a comment.
Contact Form Spam Detection (Askimet): I also use the Askimet spam detection service for the contact form submissions in which the contact form data is sent to Automattic for spam detection. All fields that you fill in will be sent to Automattic for this service. The contact form in question can be located at the page: Contact.
You can read more about what data is collected about you when you leave comments here: https://jetpack.com/support/for-your-privacy-policy/#jetpack-comments
You can read the privacy notice of Automattic here: https://automattic.com/privacy-notice/
Brute-force login protection (Protect): Automattic also provides a service which I use for protection against unauthorized attempts at logging in to the back-end of the site. This service uses visitors data when an attempt is made at logging in to the back-end in order to function. In other words, it does not collect any data automatically without attempting to log in. As a user to this service, I do not have access to any personally identifiable information about you.
You can read more about what data is collected for this purpose here:https://jetpack.com/support/for-your-privacy-policy/#protect
You can read the privacy notice of Automattic here:https://automattic.com/privacy-notice/
Other third-party services
Web-hosting service: I use a web-host to host my site named One.com (B.one). They collect data about you as a visitor to my site in order to provide their hosting service for purposes such as securing their servers etc. This includes data such as your IP-address.
Payment Solution: I use an umbrella company by the name Frilans Finans Sverige AB when I sell my services and products. They invoice customers on my behalf and then pay me in form of a salary as a temporary employee. They use the data that I collect from you from the billing form you fill in at checkout in order to invoice you. I provide this data to them manually.
If any information that you have given for the purpose of this invoicing service is lacking or incorrect (such as you gave an incorrect name or other details), Frilans Finans Sverige AB might ask for additional/correct details from you in order to be able to provide their service.
Affiliate Networks: I use affiliate networks to link to products and services that may be of interest to you as a visitor to my website. Affiliate networks allows companies a way to pay people who help them sell their products by linking to them via an affiliate link provided by the affiliate network. If a visitor clicks on the affiliate link and decides to purchase a product from the company’s website, the company then pays the person a specified fee via the affiliate network. You can read more in depth about affiliate marketing here: https://adtraction.com/blog/what-is-affiliate-marketing
If you follow a link of this nature on this website and make a purchase on the website it leads to, I may receive monetary compensation from the affiliate network (at no extra expense/cost to you).
Any article, page or other parts of this website that contain these links are clearly marked as containing affiliate links to inform you as a visitor of their existence. When you click on one of these affiliate links, you will for a short moment go through the affiliate networks website before you land on the intended website.
The affiliate networks and the product websites may gather information about you when you go through them. Their privacy polices, just like any other website you visit or interact with, is the one you should turn to when you have questions about their data collecting practices and your rights regarding your data. However, I do make sure to set any settings that I have control over in any of these affiliate networks to gather as little information as possible from my website visitors.
Publicly shown data
Some data you post on this site is shown to the public that visits this site. As such, your data is shared with the public when:
– You post a comment on a post/article or page. The data you provide in the comment form is the data that is shown to the public except for your email address which is not shown. No other comment data is available for the public/visitors to see.
– Product reviews: If you leave a product review on a product page, the data you provided in the review form will be visible to the public who visits this site.
Information shared as requested by law
If requested by law, some information about you might be disclosed to appropriate entities.
How long your data is retained for
When you use the contact form to send a message to me, the data associated with the form is stored for two reasons (read more in the first-party section) and have two different retention times as outlined below.
To provide support/answer questions: The retention time varies depending on the purpose of the message. If it’s a question for example, the retention time will be for however long it takes for the question to be deemed answered. If the visitor doesn’t continue the conversation within 30 days of their last message, then that conversation will be deemed as complete and therefore all data pertaining that conversation will be deleted. Also if the conversations is for example, particularly long, and older messages pertaining that conversation isn’t necessary for the context anymore, they will be also deleted. This does not include any information that is needed to be retained for legal reasons as appropriate by law.
To prevent misuse: If it’s deemed that someone is misusing the contact form, their IP-address will be retained for 6 months in order to prevent the misuse of it. After the 6 months retention time for this purpose, the data will be deleted unless needed for legal reasons such as if it is requested by law authorities.
Comment spam detection service (Askimet):
You can read about how long Automattic stores data about you with this service here: https://akismet.com/gdpr/
No personally identifiable data about you is stored on my end with this service.
Comments: Any comments that shows on this site is stored on my end for as long as the article/post or page it is posted on exists or commenter requests removal of their comment(s).
Ordering of products or services
When you order a product or service from me, your data is stored for maximum 6 years on my end in order to be able to adhere to after-sale responsibilities according to European consumer guarantees.
The company which I use to invoice and collect payment from my customers with is called Frilans Finans Sverige AB, and their data-retention policy might differ.
Browsing and interacting with the shop
The data stored by the site statistics service as provided by Automattic is stored indefinitely and contains no personally identifying data about you on my end. However Automattic stores such data on their end for 28 days. You can read about that here: https://jetpack.com/support/wordpress-com-stats/#data-visibility-and-retention
No data about you is stored on my end with this service. To learn how long Atomattic stores data about you, please refer to this page: https://jetpack.com/support/security-features/#privacy
Newsletter Subscriptions/Email Notifications
Your data will be stored for as long as you are subscribed to one or more newsletters or email notifications or until a newsletter or email notification ceases to exist. In such a case, your data will be removed in conjunction with the ceasing. If you unsubscribe form all newsletters or email notifications, then your data will be deleted as well.
What rights you have over your data
If you want to request an excerpt of the data that is held about you, want to update any data that is held about you or want to delete any of your data, you can contact me with the appropriate request. To do this, please contact: kontakt(at)aurorakreativ(dot)com. I will respond to your inquiry within one month.
Where your data is sent (Outside of Europe)
Below I have specified which third-party services I use that processes data in third-countries.
Invoicing service (Frilans Finans Sverige AB)
Frilans Finans Sverige AB processes the data for the service I use in Sweden but might also transfer some data outside of the EU/EEA region. In such cases, they take appropriate safeguards to make sure that the level of protection is the same as within the EU/EEA region.
I, the site owner, am the data controller for this website and my name is Sara Rennelöv. I operate this website from Sweden. If you wish to contact me, you can do so by emailing me at: kontakt(at)aurorakreativ(dot)com.