Data protection policy
BACKGROUND AND AIMS
Löfbergs Lila AB, 556290-7088, is one of Scandinavia’s largest family-owned coffee roasters. Löfbergs was established in 1906 by the brothers Anders, John and Josef Löfberg. In 1911, we began to roast our own coffee in Karlstad, Sweden. Today we are one of Scandinavia’s largest family-owned coffee roasters and produce the equivalent of close to ten million cups of coffee every day. In Sweden, company sales are managed by Löfbergs Lila AB. Production and logistics are managed by the sister companies Kaffehuset i Karlstad AB and Löfbergs Logistics AB. The parent company for the coffee business is AB Anders Löfberg.
We are pleased that you have found your way to our homepage and hope that you will find all the information you need. When you browse our website, we will be processing data that can be traced back to you. This also applies if you choose to contact us in any way, e.g. by filling out our contact form, by purchasing something from our webshop or by entering one of our competitions; we will be processing your personal data. For you to feel safe when visiting our website or when you share your personal data with us in other ways, we have created this data protection policy to help you understand how we handle your personal data.
The policy contains the following:
· Background and aims
· Your rights
· In which situations do we need your personal data?
· How do we get information on you?
· With whom could we share this information?
· Where are your personal data processed?
· Contact us
According to current data protection regulations, personal data may only be collected for “specified and legitimate purposes”. The collected data cannot then be processed in ways that are incongruent with these purposes. In addition, the processing of data must be legally justified, a so-called legal basis. The processing of your data is governed by one or more of the following legal bases:
• processing is necessary for the performance of a contract with you (“contract”),
• processing is necessary for us to fulfil an obligation stipulated by another law (“legal obligation”),
• processing is necessary for our legitimate interests, unless such interests are overridden by your interests or rights for data protection (“balance of interests”); or
• in certain specific cases, after you give your consent to the processing of the data in question (“consent”).
In most cases, the legal basis is decided by contract, legal obligation or the balance of interests. In certain cases, your consent is required for processing and for such cases we will ask for your consent for the processing of the data in question before any processing is started.
You can always contact us if you have any questions on data protection issues by sending an e-mail to us at firstname.lastname@example.org
According to current data protection regulations you have the right to obtain information about when and how we process your personal data. You are also entitled in certain cases to see the data or to have it moved, amended or erased. More information can be found here:
· Right to access
· Right of rectification
· Right to erasure
· Right to the restriction of processing
· Right to data portability
· Right to object
· Compensation and liability
Right of access
You have the right to obtain information, free of charge, regarding the data we have on you (a copy of records). A request for such information should be submitted in writing and be signed by you. Please note that we will only disclose such information that we, with certainty, know to be yours. We cannot disclose information which violates someone else’s rights. You should send the request to the address below. Mark the envelope “Data protection”.
Löfbergs Lila AB
651 21 KARLSTAD
To ensure that the copy of records is not sent to the wrong person, it is sent to your registered address.
Right of rectification
We continually strive to ensure that your personal data are correct and updated. If we discover inaccuracies or incomplete data, we endeavour to correct or remove them.
If your data are rectified on your request, we must inform those that we have shared your information with of the changes. This, however, does not apply if the task is deemed impossible or carries an all too great a burden for us. Your right of access gives you the right to know with whom we have shared your information.
Right to erasure
If we have collected your personal data, you have the right to request erasure of your data. We are obligated to erase information in the following cases:
If the data are no longer required for those purposes for which they were originally collected
If the processing if based on your consent and you withdraw that consent
If the data are used for direct marketing and you oppose the processing of the data in this way
If you oppose the personal data processing that occurs after a balancing of interests and there is no legitimate reason that outweighs your interests
If the personal data are handled illegally
If erasure is required to satisfy a legal obligation
If we need the data for the performance of a contract with you or if there are legal requirements for us to retain the personal data, we are therefore unable to erase them.
If the data are erased upon your request, we are obligated to inform those with whom we have shared the data. This, however, does not apply if the task is deemed impossible or carries an all too great a burden for us. You also have the right to request information about with whom we have shared your information.
Right to the restriction of processing
You may in certain cases have the right to restrict the processing of your personal data. The restriction means that the personal data are marked in our system as being only available for processing for certain limited purposes.
The right to restriction applies for example when you consider the information to be inaccurate and have requested rectification. For such cases, you can also request that processing is restricted during the period where the accuracy of the data is investigated.
When the restriction is lifted, you will be informed.
Right to data portability
The data subject has in certain cases the right to receive their personal data and to use it elsewhere (data portability). The data controller is obligated to facilitate such transfer of personal data. A condition for data portability is that the controller processes the data based on consent from you or for the performance of a contract with you and that it applies only to those data you yourself have provided.
Right to object
The data subject has the right to object the data controller’s processing of his or her data.
The right to object applies when personal data is processed after a balancing of interests.
If the data subject objects to the processing, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
The individual always has the right to object to the processing of personal data concerning him or her for the purpose of direct marketing. Such an objection may be raised at any time. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
If you think that we are processing your data in contravention of the applicable data protection regulations, you are asked to notify us as soon as possible. You can also go directly to The Swedish Data Protection Authority and lodge a complaint.
Compensation and liability
Any person who has suffered material or non-material damage as a result of an infringement of the data protection regulation shall have the right to receive compensation from the controller or controllers who have participated in the processing.
The individual may claim for damages from the controller or the processor, or bring a damages claim in court.
IN WHICH SITUATIONS DO WE NEED YOUR PERSONAL DATA?
We may process your personal data in the following situations:
• Purchase of goods from our webshop
• Participation in consumer competitions
• Consumer contact
• Visits to our websites
• Social media
• Job vacancies
Purchase of goods from our webshop
In order to be able to deliver products that you have ordered through our webshop, we must process your personal data.
We process your details partly to fulfill the contract with you or the organization you represent, but also if we, contrary to expectations and our intentions, must live up to our obligations arising from the Product Liability Act. In other words, we can have the obligation of contacting you if there is something wrong with the item you ordered. When contacting you, we will use the address that you provided at the time of ordering.
So, the legal bases of our processing here are the fulfillment of contract and legal obligation.
We will retain your personal information for as long as you are a customer of ours. When the customer relationship ceases, we will delete your customer information within twelve months.
In that your personal data is processed in conjunction with a purchase, which resulted in an invoice, we are duly obligated by law to retain your contact details over a longer period (seven years as stipulated in the Accounting Act).
Participation in consumer competitions
If you participate in one of our consumer competitions, we must process your personal data in many of these situations, such as:
• to be able to let you know if you have won
• to be able to confirm that you meet the competition requirements as regards age
• to be able to see if you are related to one of our, or our partners’, employees; or
• to be able to see if you abide by the conditions stated in the competition rules, e.g. the number of permitted competition entries
The data that are processed are those data you provide us with in conjunction with entering the competition, usually contact details (name, address, e-mail and telephone number) and whether you are 18 or over.
In order to pick a winner, we assume that our interest in processing your data outweighs your interest in not having your data processed. The legal basis for processing is, therefore, the balance of interests.
If you have participated in a consumer competition, your data will be stored for six months from the date a winner is chosen.
Consumer contact and claims
If you contact our consumer contact, we must be able to identify you as a consumer of our goods and in many cases, we will need information about your purchase to be able to handle claims, complaints, and inquiries. The data that are processed are those data you provide us with when contacting us, usually contact details (name, address, e-mail and telephone number).
If there is a claim from someone, we create a claims case that contains information about the claim. This usually contains the claimant’s identity, but in some situations, the case also requires the processing of the identities of other people that have a bearing on the case.
If the claim concerns one of our employees or one of our distributors’ employees, then we often have to reveal the identity of the claimant to the person the claim pertains to. If the claimant does not wish for this information to be revealed, we will of course respect this. However, it may be impossible to process such complaint on an anonymous basis.
The processes described above are essential for providing information about the product you purchased. Our obligation to rectify errors can be stipulated in contracts and/or legislation, including consumer-protection regulations. The legal basis for processing here can, therefore, be both fulfillment of contract and legal obligation.
From time to time, telephone calls to our consumer contact may be recorded for training purposes. Information about this will be given before the call is routed to our consumer contact. Recordings are saved for one month.
If you have a case registered by our customer service, we will store your information during the whole processing time and for three months thereafter.
If you have provided us with your e-mail address, we may use it to send you a newsletter for marketing purposes or to provide information about our products. Every newsletter will include instructions on how to decline future communication.
We collect statistics regarding the opening of mail and this helps us monitor and improve our e-newsletter.
If you are a customer, the legal basis for our mailings can be a balance of interests. You may also have given your consent for newsletters at one of our events or in some other contact situation with us or one of our retailers (shops) or cafés. Irrespective of which legal basis our processing is founded on, you have the right at any time to decline further emails just by telling us.
Your e-mail address will be processed for the above purposes until you decline further e-mails. If you chose to unsubscribe from our newsletter, we will immediately remove your details from these e-mail lists.
Visits to our websites
When someone visits one of our websites we use a third-party service, Google Analytics, to collect information and details about visitors’ behavioral patterns. We do this to find out the number of visitors to the different parts of the website. This information is processed in a way that does not identify any individual.
We make no attempt to learn the identity of those who visit our site, and we also do not allow Google to do so. If we wish to collect personally identifiable information via our website, we will provide information about this in advance. We will state when we are going to collect data and explain what we are going to do with it.
If you send a message to us via social media, the message will be stored by us for three months. The message will not be shared with any other companies or organizations.
The legal basis for processing is, therefore, the balance of interests.
The information that you provide us with in conjunction with a job application will only be used for:
· evaluating the application
· contacting you
· meeting legal requirements
We will not share any of the data you provide during the recruitment process with any third party for marketing purposes. Neither will we store your data outside the European Economic Area (EEA).
The information you provide will be stored safely by us and/or by our personal data assistant.
The legal basis for the processing of your personal details in connection with your application for employment is therefore consent and/or balance of interests.
What information do we ask for and why?
We do not collect more information than we need to satisfy the given purposes and will not save it any longer than is necessary.
The information that we ask for is then used to assess your suitability for employment. You are not required to provide what we ask for, but it may affect your application if you do not.
If you apply using our online application system, your data may be collected by a recruitment consultant on our behalf.
We will ask you to share personal data, including name and contact details. We will also ask about your previous experience and training relevant to the job you have applied for.
If we cannot offer you employment at the end of the recruitment process, we may ask if you want your data to be stored by us for any future recruitment opportunities for a period of one year from the completion of the current recruitment process. If you say yes, that gives your consent, we may contact you about other suitable jobs that arise.
Engagement of a recruitment consultant
If we engage a recruitment consultant, we will transfer your personal data to them. The recruitment consultant shall be considered a third party with respect to you. For each recruitment consultant, an agreement is drawn up so as to ensure that they abide by our procedures and requirements. These agreements mean that they cannot do anything with your personal data that is contrary to our instructions. Neither will they share your personal data with any other organization apart from us. They are also obligated to store your personal data in a safe manner and for a period no longer than we have decided.
If you have questions regarding a recruitment consultant’s use of your data, you can contact us at email@example.com to get information about which subcontractors have processed your data.
For how long is the information saved?
If you are not offered a job at the end of the recruitment process, the information you have provided to date is kept for twelve months form the end of the recruitment process in order to show that we have met our legal obligations.
Even though we have not advertised a specific job, you have the opportunity of making a spontaneous application using the form on the website designed specifically for that purpose. If you choose to make a spontaneous application, you will have the opportunity at any time to log in and update or erase your data. The legal basis for processing your personal data here is therefore consent. We store this information until you erase it. However, we erase all accounts that have been inactive for more than two years.
HOW DO WE GET INFORMATION ON YOU?
Information that you share with us
We collect information for you in different ways. It can be for example when you provide your details when you contact us, participate in a consumer competition or contact our consumer contact. We may collect the following personal data from you:
• contact details (name, address, e-mail address and telephone number)
The information we collect on you
When you contact us or visit our website, we may automatically collect information on you.
When you visit our website, we may collect the following personal data:
• information about how you interact with us (how you use our services including response time for pages, download errors, how you reached and left the service, as well as delivery notices when we contact you)
• information about your computer or mobile device (such as IP address, language settings, browser settings, time zone, operating system, platform and screen resolution)
We do not collect information containing sensitive personal data (details on race or ethnicity, political opinions, religious or philosophical beliefs, trade-union membership, and also personal data regarding health or sex life).
A social security number does not constitute sensitive personal data under applicable legislation, but to the extent that social security numbers are stored by us, we will treat them as particularly worthy of protection.
WITH WHOM COULD WE SHARE THIS INFORMATION?
In order to protect your rights when we share your information to service providers or other business partners, all sharing is undertaken in accordance with written agreements governing the beneficiary’s rights and obligations with regard to the processing of your personal data.
We will never sell your personal data to third parties if we do not have your permission to do so. Neither will we share your personal data with a third party to be used for the purpose of marketing if we have not received your consent. As applies to unwanted e-mails from us, you have a legal right to oppose future marketing e-mails from a third party that we have transferred your personal data to after your consent. You must, however, contact this third party directly if you want to oppose the continued processing of your data for this purpose.
We may share your data with the following parties:
1. Our suppliers
2. Our business partners
We may share your personal information with our suppliers, which in relation to you constitute a third party. In order to provide the services we purchase or to develop our products and services, our suppliers must, in some situations, process your personal data.
In the agreements that we draw up with our suppliers are clear regulations on how your personal data is to be used. Löfbergs Lila AB and suppliers, however, are different legal entities. We can therefore not normally be seen to be held responsible if they do not follow applicable legislation. If you have questions regarding a supplier’s use of your data, you can contact us at firstname.lastname@example.org to get information about which suppliers have processed your data.
WHERE ARE YOUR PERSONAL DATA PROCESSED?
We will mainly process your personal data in Sweden. Transfer to another EU country may occur.
Löfbergs Lila AB is registered with the Swedish Companies Registration Office with registered number 556290-7088 and having its registered office in Karlstad with address Box 1501, 651 21 KARLSTAD. Löfbergs Lila AB is the personal data controller for processing of your personal data in accordance with this document and complies with Swedish data protection legislation.
You can always ask us about the way we process of your personal data at email@example.com
This Data Protection Policy was updated 19/05/2018
We may need to update this information, e.g. if we will process your data for a new purpose, collect other data or share your data with other parties than those stipulated in this text. An updated version of this information can always be found here at Löfbergs websites.