Privacy and Data Protection Policy (GDPR)

Processing of Personal Data

Vou You AB, 556998-1318, Åbäcksgatan 6, 431 67 Mölndal, Sweden (hereinafter referred to as You.se) is the data controller for the processing of your personal data. You.se is committed to respecting and protecting your personal data and your privacy in accordance with applicable legislation (including the EU General Data Protection Regulation), industry regulations, and other relevant standards.

What is personal data and what does the processing of personal data entail?

Personal data is any information that can be directly or indirectly related to a living individual. This includes names, addresses, social security numbers, email addresses, and phone numbers. It may also include order numbers, shipment numbers, and IP addresses if they can be linked to individuals.

The processing of personal data includes any type of handling of personal data, such as collection, registration, storage, transfer, and deletion.

Collection of Information

We collect and process personal data about/when you:

• register as a customer with us
• place an order with us
• initiate an order with us
• subscribe to our newsletter
• contact us via email, contact form, or SMS

By registering as a customer or for our newsletter, or by ordering goods from us, you consent to You.se storing and using the information about your purchases as well as the contact details you provide.

When you place an order with us, we never have access to credit card information, bank account information, or your personal identification number. However, our payment partners may have access to such information when you provide it.

Security

You.se protects your personal data with several technical security measures. If you have your own account registered on you.se, a personal password is required for access. To prevent unauthorized access to your password and account, we use salt and one-way encryption for passwords. You are also responsible for ensuring that no unauthorized individual gains access to your password.

All our payment solution providers meet the security requirements of PCI-DSS (Payment Card Industry Data Security Standard), which is a security standard for handling card information, developed by the payment card industry, including MasterCard, Visa, Amex, and Diners. The standard applies to all those handling payment transactions for debit and credit cards.

Use of Personal Data

For us to handle your data, one of the following legal grounds must be fulfilled:

• Requirements to fulfill the contract with you.
• Requirements to fulfill a legal obligation for You.se.
• The processing serves both your and You.se's interest.
• Consent from you for the specific processing.

Below, you can read what we use your data for, as well as the legal basis for the processing.

Receiving and fulfilling orders

The data is stored and used so that we can fulfill our obligations to you, such as receiving payment, delivering goods to your address, and if necessary, contacting you regarding your order.

Legal basis: Fulfillment of a contract.

Communication and support

We may use personal data from your orders with us and previous communication with us to better meet your needs as a customer and provide you with better service.

If you communicate with us through public channels of your choice, we have the right to disclose personal information from your order and communication from you that has occurred through private channels, to the extent necessary to assist you, or any information from your order and communication from you if it concerns responding to negative criticism or accusations.

If you have consented to receive our newsletter via email, the data will also be used for this. Of course, you have the option to inform us at any time that you no longer wish to receive our newsletter.

Legal basis: Balancing of interests, consent, and fulfillment of a contract.

Marketing and analysis

In order to market relevant products to you based on your needs, we process data about which products you have previously purchased from us, as well as products that you have placed in your shopping cart but not completed the purchase of.

Legal basis: Balancing of interests and consent.

Who do we share personal data with

Partners and subcontractors

We handle your personal data with the utmost care. We strive to never share more personal data than absolutely necessary with each respective partner. We guarantee that no data about you is sold or used for promotional mailings from third parties. We take appropriate protective measures to ensure that your personal data is processed in accordance with applicable laws regarding security and personal privacy. The same requirements apply to our subcontractors. We may share certain data with the following partners and subcontractors for the purposes outlined below.

Purpose: Marketing and analysis

Partner: Google
Personal data shared and why: Analytics data via third-party cookies for marketing and analysis to be able to offer our customers better services.
When the data is shared: If you visit our website and accept cookies.

Partner: Onesignal
Personal data shared and why: An anonymous ID (linked to your browser) for marketing via push notifications.
When the data is shared: Only if you have actively accepted push notifications.

Partner: Mailjet
Personal data shared and why: Email address. We send transactional emails through their SMTP relay.
When the data is shared: If you register as a customer or place orders with us.

Partner: Mailjet
Personal data shared and why: Order data and email address, for general and personalized newsletters.

Partner: MO-SMS (Paytechsystem Europe AB)
Personal data shared and why: Mobile number as we send all transactional SMS and marketing SMS through MO-SMS.

Partner: Trustpilot
Personal data shared and why: Email address, name, address, and order data. To collect reviews.
When the data is shared: Shortly after purchase.

Partner: OpenAI / Microsoft
Personal data shared and why: Email address, name, address, and order data. For the chatbot based on OpenAI's GPT to provide relevant and correct responses.
When the data is shared: If you share your email address and order ID while chatting with our chatbot, information about your address and order may be shared. Nothing you write is collected by OpenAI/Microsoft. Nothing you write is used to train GPT.

Purpose: To fulfill orders (payment and shipping)

Partner: Svea
Personal data shared and why: Order information and data (including address details and contact details) necessary to complete purchases/payments.
When the data is shared: If an order is completed at our standard checkout which uses Svea's Checkout.

Partner: PayPal
Personal data shared and why: Order information and data (including address details and contact details) required to complete payment.
When the data is shared: If an order is paid in our alternative checkout with PayPal.

Partner: Stripe
Personal data shared and why: Order information and data necessary to complete payment.
When the data is shared: If an order is paid in our alternative checkout, directly with a card via Stripe.

Partner: PostNord
Personal data shared and why: Address details and contact details to send orders.
When the data is shared: If orders are shipped with PostNord.

Partner: DHL Freight
Personal data shared and why: Address details and contact details to send orders.
When the data is shared: If orders are shipped with DHL.

Partner: BudBee / InstaBee
Personal data shared and why: Address details and contact details to send orders.
When the data is shared: If orders are shipped with BudBee / InstaBee.

Purpose: Other

Partner: Oderland
Personal data shared and why: Manages the servers that run our e-commerce system, hence order data and customer information is stored here.

Partner: Hjorten Revision
Personal data shared and why: For audit purposes, accounting documents such as customer invoices may be shared.

If all or part of You.se's business is sold or integrated with another business, your personal data may be disclosed to our advisors, any buyer, and their advisors and passed on to the new owners of the business.

Authorities

Upon request, we may, according to law and regulatory decisions, be required to disclose certain personal data to e.g. the Police or the Tax Agency.

How long do we store your personal data

We retain personal data as long as there is a purpose for the processing and for the duration required for us as a provider to fulfill our obligations or for the period we are obliged to do so by law.

Your rights regarding personal data

When we process your personal data, you have certain rights according to law (EU General Data Protection Regulation). Please note that the exercise of these rights is subject to certain requirements and conditions specified in the law.

You have the right:

• to access your personal data and information about how they are used;
• to correct or complete your personal data;
• to have your personal data deleted;
• to restrict the use of your personal data;
• to access your personal data in a manageable format;
• to object to the use of your personal data;
• to withdraw your consent to the use of your personal data.

If you wish to exercise any of the above rights, please contact us.

We cannot remove personal data and information required under accounting laws.

Policy Changes

This policy may be updated at any time by You.se. We encourage you to review this policy to stay informed about how You.se processes your personal data.

Last modified 2023-11-22

About Cookies

A cookie is a small text file that a website saves on a visitor's computer (computer here refers to all types of devices with a browser, including smartphones, tablets, smart TVs, etc.). A cookie stores various types of information about the visitor and settings and choices the visitor makes on the website. Cookies are essential for an online store to function. Cookies are harmless and cannot damage your computer.

By visiting you.se with a browser set to accept cookies, you agree that your browser and computer accept and store cookies from you.se. In your browser (such as Chrome, Safari, Firefox, Edge, Opera), you can adjust the settings for how it accepts and stores cookies. You should also be able to set it to not accept cookies at all. Note that parts of you.se may not function fully if you disable cookies.

You.se uses cookies to ensure that the online store functions as well as to improve visitors' experience of the website. Cookies are necessary, among other things, to keep track of which products are added to the shopping cart, which shipping method is selected, and how the products should be displayed (grid/list) and sorted. Additionally, information about which language and currency are chosen and should be displayed to you as a visitor is saved in our cookies. Cookies also help us collect statistics and traffic data about our visitors.