Privacy policy

At Smiling Monkey, we protect your privacy and always strive for a high level of data protection - in accordance with the GDPR. This privacy policy explains how we collect and use your personal information. It also describes your rights and how you can enforce them. It is important that you take note of and understand our privacy policy and feel secure about the processing of your personal data. You are always welcome to contact us with any questions.

Personal data and cookies

WHAT IS PERSONAL DATA AND WHAT IS A PROCESSING OF PERSONAL DATA?

Personal data is all kind of information that can be directly or indirectly attributed to a physically living person. For example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (eg IP numbers) are personal data if they can be linked to natural persons. Every action taken with personal data constitutes a processing, regardless of whether it is performed automatically or not. Examples of common treatments are collection, registration, organization, structuring, storage, processing, transfer and deletion.

Who is responsible for the personal data we collect?

Smiling Monkey By Sweden AB, org. No. 559153-7997, is responsible for personal data for the company's processing of personal data.

HOW IS YOUR PERSONAL DATA USED?

To be able to provide our products and services.

Your personal data is used to give you the best possible products and services. Examples of how your personal data is used related to this purpose:

Administrate your orders/purchases/returns in our shop.
Information/adjustments about your orders/purchases/returns from our shop.
Answer your questions and messages connected to a purchase.

We process the following information:

Name
Social security number
Contact information (eg address, e-mail and telephone number)
Payment history
Payment information
Credit information from credit information companies
Purchase information (e.g. which item has been ordered or whether the item should delivered to another address)
Legal basis: Fulfillment of the purchase agreement. This collection of yours personal data is required for us to be able to fulfill our obligations under the purchase agreement. If the information is not provided, our commitments will not be fulfilled and we are therefore forced to deny you the purchase.
Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter for the purpose of handling any complaints and warranty issues.

TO BE ABLE TO COMPLETE THE COMPANY'S LEGAL OBLIGATIONS

Necessary handling for fulfillment of the company's legal obligations according to legal requirements, judgments or government decisions (eg the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require development of communication and information to the public and customers about product alarms and product recalls in the event of, for example, a defective or hazardous product). We treat for this purpose;

● Name

● Social security number

● Contact information (eg address, e-mail and telephone number)

● Payment history

● Payment information

● Your correspondence

● Information about the time of purchase, place of purchase, any errors / complaints

● Legal basis: Legal obligation. This collection of your personal data required by law. If the information is not provided, our legal obligation can not fulfilled and we are therefore forced to deny you the purchase.

● Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter, or up to seven years for data which are processed in accordance with the Accounting Act.

TO BE ABLE TO HANDLE CUSTOMER SERVICE ISSUES which includes:

● Communication and answering any questions to customer service (via telephone or in digital channels, including social media).

● Identification and questions regarding user account.

● Investigation of any complaints and support matters (including technical support).

● Questions and advice on and before purchases, questions about products, return handling, change of order and similar matters. We process the following information;

● Name

● Social security number

● Contact information (eg address, e-mail and telephone number)

● Your correspondence

● Information about purchase (time, place of purchase, possible error / complaint)

● Legal basis: Legitimate interest, as well as express consent in the cases we processes sensitive data. The treatment is necessary to satisfy our and your legitimate interest in handling customer service matters.

● Storage period: 36 months after the customer service case has been closed.

TO BE ABLE TO PREVENT ABUSE OF A SERVICE OR TO PREVENT, PREVENT AND INVESTIGATE CRIMES AGAINST THE COMPANY AND CUSTOMERS

Prevention and investigation of possible fraud or other violations of the law. Prevention of spam, phishing, harassment, attempted illegal login on user accounts or other actions that are prohibited by law or our purchasing, membership or service conditions. Protection and improvement of our IT environment against attacks and infringement. For this purpose we treat:

● Social security number

● Purchase and user-generated data (for example, click and visit history)

● Technical data concerning the devices used and their settings (to such as language setting, IP address, browser settings, time zone, operating system, screen resolution and platform)

● Information on how our digital services are used

● Legal basis: Fulfillment of legal obligation (if any) alternatively legitimate interest. If there is no legal obligation is treatment necessary to satisfy our legitimate interest in prevent the misuse of a service or to prevent, prevent and investigate crime against the company.

● Storage period: From the collection and for a period of 36 months thereafter.

FROM WHICH SOURCES DO WE COLLECT YOUR PERSONAL INFORMATION?

In addition to the information you provide to us, or which we collect from you based on yours purchase and how you use our services, we may also collect personal data from someone else (so-called third party). The information we collect from third parties are the following:

● Address information from public registers to be sure that we are right address information for you Credit rating information from credit rating agencies, banks or information companies

● When you choose to log in via your Facebook account, Facebook will appear in some case to share email address, name and photo with us. However, the picture will not be saved. You can read more about Facebook's privacy policy here.

WHO HAS ACCESS / TREATS YOURS PERSONAL DATA? WHO CAN WE COME TO SHARE YOUR PERSONAL INFORMATION WITH?

Personal data assistants. In cases where it is necessary for us to be able to offer ours services, we share your personal information with companies that are so-called personal data assistants for us. A personal data assistant is a company that processes the information on our behalf and in accordance with our instructions. We have personal data assistants who help us with:

● Transport (logistics companies and freight forwarders)

● Payment solutions (card redeeming companies, banks and others payment service providers)

● Marketing (print, social media, media agencies or advertising agencies)

● IT services (companies that handle necessary operations, technical support and maintenance of our IT solutions)

When your personal data is shared with personal data assistants, it only happens for purposes that are consistent with the purposes for which we have collected the information (for example, to be able to fulfill our obligations under the purchase agreement). We check all personal data assistants to ensure that they can provide adequate guarantees regarding the security and confidentiality of personal data. We have written agreements with all personal data assistants, through whom they guarantee the security of them personal data that is processed and undertakes to comply with our security requirements, and restrictions and requirements regarding the international transfer of personal data.

Companies that are independently responsible for personal data. We also share yours personal data with certain companies that are independently responsible for personal data. To the company is independently responsible for personal data means that we are not in control how the information provided to the company is to be processed. Independent personal data controllers with whom we share your personal data are:

Government agencies (police, tax authorities or other agencies) if we are obliged to do so by law or on suspicion of crime
Companies that handle general goods transport (logistics companies and freight forwarders)
Companies that offer payment solutions (card-redeeming companies, banks and others payment service providers) When your personal information is shared with a company that is independent the person responsible for personal data applies to the company's privacy policy and personal data management.

KLARNA'S PROCESSING OF PERSONAL DATA

When buying from us, Klarna's cash register is used as standard, Klarna therefore processes yours personal data as personal data controller. Personal data is processed among other for the fulfillment of the agreement, as well as for via external and internal databases carry out identification and credit checks. For more detailed information on Klarna's processing of personal data and your rights in connection with treatment see: Klarnas data protection policy WHERE DO WE PROCESS YOUR PERSONAL DATA? We always strive for your personal data to be processed within the EU / EEA and everyone our own IT systems are located within the EU / EEA. For systemic support and maintenance however, we may have to transfer the information to a country outside the EU / EEA, to example if we share your personal data with a personal data assistant who, either itself or through a subcontractor, is established or stores information in a country outside the EU / EEA. In these cases, the assistant may only take part in that information relevant to the purpose (for example, log files). No matter in which country your personal data is processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as within the EU / EEA. In cases where personal data is processed outside the EU / EEA the level of protection is guaranteed either by a decision of the European Commission that the country in question ensures an adequate level of protection or through the use of such called appropriate safeguards. Examples of suitable protective measures are approved code of conduct in the recipient country, standard contractual clauses, binding intra-corporate rules or Privacy Shield.

YOUR RIGHTS & CONSENT

WHAT RIGHTS DO YOU HAVE AS REGISTERED?

Right of access (so-called register extract). We are always open and transparent with how we process your personal data and if you want to get a deeper insight into which personal data we process about you, you can request access to the data. The information is provided in the form of a register extract stating the purpose, categories of personal data, categories of recipients, storage periods, information about where the information was collected from and the presence of automated decision making. Keep in mind that if we receive a request for access, we may ask additional information to ensure the efficient handling of your request and that the information is provided to the right person.

Right to rectification. You can request that your personal information be corrected if the information is wrongfully. Within the framework of the stated purpose, you also have the right to supplement possibly incomplete personal data. You have the right to withdraw any consent you have given us at any time. For example consent to send newsletters. Right to delete. You can request deletion of personal data we process about you if:

● The information is no longer necessary for the purposes for which it was collected in or treated

● You object to a balance of interests we have made based on justified interest and your reason for objection outweighs our legitimate interest

● You object to processing for direct marketing purposes

● Personal data is processed illegally

● Personal data must be deleted in order to fulfill a legal obligation vi covered by

● Personal information has been collected about a child (under the age of 13) that you have parental responsibility for and collection has taken place in connection with the offer of information society services (eg social media) Keep in mind that we may have the right to deny your request if there are legal obligations such as prevents us from immediately deleting certain personal data. These obligations comes from accounting and tax legislation, banking and money laundering legislation, but also from consumer law. It may also be that the treatment is necessary for us to be able to establish, assert or defend legal claim. Should we be prevented from accommodating a request for deletion coming we instead block personal data from being used for purposes other than the purpose that prevents the requested deletion.

Right to restriction. You have the right to request our treatment of yours personal data is limited. If you dispute that the personal data we process is correct, you can request a limited treatment for the time we need to check whether the personal data is correct. If we no longer need personal data for the stated purposes, but you need them for to be able to establish, assert or defend legal claims, you can request limited processing of the data with us. That means you can request that we does not delete your data. If you have objected to a balance of interests interest that we have made as a legal basis for a purpose you can request limited treatment for the time we need to check whether our eligible interests outweigh your interests in having the data deleted. If the treatment has been limited according to any of the situations above, we can only, in addition to the actual storage, process the data to determine, assert or defend legal claims, to protect someone else's rights or if you have have given your consent. The right to object to a certain type of treatment. You always have the right to escape direct marketing and to object to any processing of personal data such as based on a balance of interests. Legitimate interest: In cases where we use a balance of interests as a legal basis for one purpose, you have the opportunity to object to the treatment. To be able to continue process your personal data after such an objection, we need to be able to show one compelling justified reasons for the current treatment that weigh heavier than yours interests, rights or freedoms. Otherwise, we may only process the data in order to establish, exercise or defend legal claims. Direct marketing (including analyzes performed for direct marketing purposes): You have the opportunity to object to your personal data processed for direct marketing. The objection also includes the analyzes of personal data (so-called profiling) which is performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (for example via mail, e-mail and SMS). Marketing measures where you as a customer actively chose to use one of our services or otherwise contacted us to find out more about our services does not count as direct marketing (for example product recommendations or other features and offers). If you object to direct marketing, we will stop processing of your personal information for that purpose as well as cease all types of direct marketing measures. You can change this by changing the settings via unsubscribe link in marketing mail or contact customer service. Right to data portability. If our right to process your personal data is established either with your consent or the performance of an agreement with you, you have the right to request to have the information concerning you and which you have provided to us transferred to another personal data controller (so-called data portability). A condition for data portability is that the transfer is technically possible and can be automated.

HOW LONG DO WE SAVE YOUR PERSONAL DATA?

We never store your personal information longer than is necessary for each purpose. See more about the specific storage periods under each purpose.

HOW DOES SMILING HANDLE MONKEY PERSONNEL & -TASKS? HOW DO WE HANDLE PERSONAL NUMBERS?
We will only process your social security number when it is clearly justified consideration of the purpose, necessary for secure identification or if there is any another notable reason. We always minimize the use of your social security number in this way as much as possible by, where necessary, using yours instead birth number.

HOW IS YOUR PERSONAL DATA PROTECTED?
We use IT systems to protect confidentiality, integrity and access to personal data. We have taken special security measures to protect yours personal data against unlawful or unauthorized processing (such as unlawful access, loss, destruction or damage). Only the people who actually need to treat yours personal data for us to be able to fulfill our stated purposes have access to them.

COOKIES
WHAT ARE COOKIES AND HOW DO WE USE THEM?
Cookies are a small text file consisting of letters and numbers sent from our web server and saved on your browser or device. On Smiling Monkey uses we the following cookies:
● Session cookies (a temporary cookie that expires when you close yours browser or device)
● Permanent cookies (cookies that remain on your computer until you delete them or they go out)
● First-party cookies (cookies set by the website you visit)
● Third-party cookies (cookies set by a third-party website. With us these are primarily used for analytics, such as Google Analytics)
● Similar technologies (technologies that store information in your browser or in your device in a manner similar to cookies) The cookies we use normally improve the services we offer. Some of ours services need cookies to work properly, while others improve the services for you. We use cookies for overall analytical information regarding yours use of our services and to save functional settings such as language and other information. We also use cookies to be able to target relevant marketing to you.

CAN YOU CONTROL THE USE OF COOKIES YOURSELF?
Yes! Your browser or device allows you to change the settings for the use and scope of cookies. Go to your browser settings or device to learn more about how to adjust cookie settings. Examples of what you can adjust are blocking of all cookies, to only accept first-party cookies or to delete cookies when you close your browser. Keep in mind that some of our services may not work if you block or delete them cookies. You can read more about cookies in general at the Swedish Post and Telecom Agency website, pts.se.

DATA INSPECTION WHAT DOES IT MEAN THAT THE DATA INSPECTION IS SUPERVISORY AUTHORITY?
The Data Inspectorate is responsible for monitoring the application of the legislation, and anyone who believes that a company handles personal data incorrectly can provide lodged a complaint with the Data Inspectorate.

DO YOU HAVE QUESTIONS ABOUT DATA PROTECTION?

You can always ask your questions to customer relations at [email protected]. We may make changes to our privacy policy. The latest version of The privacy policy is always available here on the website. For updates that are off crucial for our processing of personal data (e.g. change of specified purposes or categories of personal data) or updates that are not crucial for the treatment but which may be crucial for you, you will receive information on smilingmonkey.se and via email (if you have specified email address) in good time before the updates take effect. When we make available information about updates, we will also explain the meaning of the updates and how they may affect you.