Privacy Policy

Privacy Policy


When you come into contact with Delicato Bakverk AB ("Delicato") in any way, it may mean that your personal data (such as name, address, e-mail, social security number, telephone number, etc.) is processed by us at Delicato. We protect your privacy. Therefore, we have also drawn up this personal data policy, which aims to describe in which situations we process your personal data, how we process them, which obligations we have and which rights you have. You only need to read the part that is relevant to you.

For the personal data processing described in this policy, Delicato (Delicato Bakverk AB, org. no: 556119-4720, Grenvägen 9, 141 71 Segeltorp, e-mail address: info@delicato.se) is responsible for personal data. This privacy policy describes how Delicato processes your personal data in accordance with the EU Data Protection Regulation (EU 2016/679) ("GDPR").  If you have any questions or concerns about this policy and/or our processing of your personal data, you are always welcome to contact us at info@delicato.se.


1. WHICH PERSONAL DATA DOES DELICATO PROCESS AND WHY?

Personal data refers to any information relating to an identified or identifiable natural person, which can be anything from contact details to financial data, provided they can be linked to a natural person. The processing of personal data refers to an action or a combination of actions relating to personal data, for example collection, storage or transmission.

Delicato processes personal data for the following main purposes:

- Enter, fulfill and administer purchases

- Newsletter subscribers

- When you participate in one of our competitions

- General communication

- Comply with laws and authority decisions

- Marketing

- When you contact us via social media or email one of our employees

- For customers and suppliers

- Personal data processing when you use our website

- When you create a user account


In the following tables, you get more information about our personal data processing, including for which specific purposes your personal data is processed, which categories of personal data Delicato processes, on which legal basis Delicato supports the processing and how long Delicato stores this personal data.

1.2 ENTER, COMPLETE AND MANAGE CLIENT ASSIGNMENTS AND REQUESTS

Personal data

- Identity data - such as name and social security number

- Contact details - such as address and phone number

- Financial information - such as bank account and payment information

- Work-related information - such as job title and workplace

- Special categories of personal data and privacy-sensitive personal data - such as membership in trade unions

- Other information that you provide to us in connection with client assignments

Purpose

Complete client assignments and associated administrative work.

Legal basis


The processing is necessary to fulfill an agreement.



Storage time

Three (3) years from the date of completion of the assignment, after which the personal data is deleted.


Personal data appearing in our accounting material may continue to be processed for up to seven (7) years after the end of the accounting year.



    1. NEWSLETTER SUBSCRIBERS



Personal data

- Identity data - such as first and last name

- Contact details - such as email address

Purpose

We process your personal data in order to send out the newsletter you sign up for.


Legal basis

The treatment is based on consent. If you wish to withdraw your consent, you can do so by contacting info@delicato.se.

 

Storage time


As long as we have your consent and one (1) year after termination of the newsletter.



    1. WHEN YOU PARTICIPATE IN ANY OF OUR COMPETITIONS



Personal data


  • Identity information - such as name
  • Contact information - such as email address and phone number
  • Image collected in connection with the competition


Purpose

We process your personal data in order to assess your competition entry and select a winner. If you win the competition, we will also process your personal data in order to be able to communicate with you as the winner and send you the competition prize.


If you win, we need your social security number to be able to register the win on you.

Legal basis

We process your personal data in order to assess your competition entry. In order to take part in the competition, you must meet the established competition conditions. When you submit your entry, we have entered into an agreement where we have undertaken to assess your entry and select a winner based on all competition entries. To do this, we need to process your personal data.


In the event of a win, we process your social security number in order to fulfill the legal obligations we have to deal with regarding e.g. profit tax.

Storage time

Three (3) months after the winner has been selected.


Personal data appearing in our accounting material may continue to be processed for up to seven (7) years after the end of the accounting year.


    1. GENERAL COMMUNICATION


Personal data


  • Identity data - such as name and email address
  • Contact details - such as address and phone number


Purpose

Receive and administer your question/complaint/opinion.

Legal basis

Delicato's legitimate interest in administering the case and being able to respond to you.





Storage time

The data is deleted as soon as Delicato has dealt with the matter to which the communication relates unless there is a legitimate interest in preserving the data.


In that case, the data is saved for a maximum of six (6) months after the last contact with Delicato.


In the event of compensation due to error, we process your contact details to pay out any compensation.

Delicato's legitimate interest in administering the case and being able to respond to you.


The processing is necessary to fulfill a legal obligation.


The data is deleted as soon as Delicato has dealt with the matter to which the communication relates unless there is a legitimate interest in preserving the data.


In that case, the data is saved for a maximum of six (6) months after the last contact with Delicato.


Data that has been handled to investigate a claim in accordance with the Product Liability Act is processed for up to three (3) years after compensation was paid or not, as you are legally entitled to take legal action within this time.


In the event that you have suffered damage due to our products (dental damage and other damage cases), we process your personal data to investigate whether we should compensate this damage or not. In this work, there may be sensitive personal data about your health.

Delicato's legitimate interest in administering the case and being able to respond to you.


The processing is necessary to fulfill a legal obligation.

The data is deleted as soon as Delicato has dealt with the matter to which the communication relates unless there is a legitimate interest in preserving the data.


In that case, the data is saved for a maximum of six (6) months after the last contact with Delicato.


If you provide information about your allergies in connection with a question, this information is never saved - sensitive information is deleted immediately after we have answered your question.

If your question concerns allergies and you state in your message that you are asking because you are allergic, this means that you are providing us with sensitive personal data.


We don't really need to process this data, but when you let us know, it means we process it.

Delicato's legitimate interest in administering the case and being able to respond to you.


If you provide information about your allergies in connection with a question, this information is never saved - sensitive information is deleted immediately after we have answered your question.


    1. FOLLOW LAWS AND AUTHORITY DECISIONS


Personal data

  • Identity information - such as name
  • Contact details - such as address and phone number
  • Work-related information - such as job title and workplace
  • Special categories of personal data and privacy-sensitive personal data - such as information about violations of the law


Purpose

Archiving of documents collected in connection with the administration of purchases.




Legal basis

The processing is necessary to fulfill a legal obligation.





Storage time

Ten (10) years from the date of completion of the assignment, alternatively the longer period required by the nature of the assignment.


Archiving of accounting records in accordance with the Accounting Act (1999:1078).

The processing is necessary to fulfill a legal obligation.

Seven (7) years from the end of the calendar year in which the fiscal year ended.

Report data to authorities according to legal obligation, such as the Tax Agency and law enforcement authorities.

The processing is necessary to fulfill a legal obligation.

Ten (10) years from the date of completion of the assignment, or the longer period required by the individual situation.


    1. MARKETING


PERSONAL DATA

  • Identity data - such as name and social security number
  • Contact details - such as address and phone number
  • Work-related information - such as job title and workplace



Purpose

Sending information and invitations about events and seminars and other information about Delicato via e-mail and SMS.

Legal basis

Delicato's legitimate interest in marketing its services.


Storage time

One (1) year after you signed up for mailings or otherwise indicated your interest in receiving mailings from Delicato.

Marketing via social media such as Facebook, Instagram, LinkedIn, Youtube and Pinterest.

Delicato's legitimate interest in marketing its services.

One (1) year after last contact with Delicato.

Marketing via Delicato's website and via partners.

Delicato's legitimate interest in marketing its services.

One (1) year after last contact with Delicato.


    1. WHEN YOU CONTACT US VIA SOCIAL MEDIA OR EMAIL ANY OF OUR EMPLOYEES


Personal data

  • Identity data - such as name and email address
  • Other information that you provide to us in connection with your contact with us.

Purpose

We process your personal data in order to respond to your e-mail, and/or comment/activity on social media.

Legal basis

Delicato's legitimate interest in answering and responding to your questions and comments

Storage time

The data is deleted as soon as Delicato has dealt with the matter to which the communication relates.


    1. FOR CUSTOMERS AND SUPPLIERS


Personal data

  • Identity data - such as name and social security number
  • Contact details - such as address, email address and phone number
  • Work-related information - such as job title and workplace


Purpose

To communicate with the companies and suppliers to complete purchases.


Legal basis

The processing is necessary to fulfill an agreement.

Storage time

We process your personal data as long as the company/organization you are the contact person for has an active contractual relationship with us.



Sending information and invitations about events and other information about Delicato via e-mail.

Delicato has a legitimate interest in marketing its products.


One (1) year after mailing or otherwise indicating your interest in receiving mailings from Delicato.

When handling complaints, we process your social security number.

The processing is necessary to fulfill an agreement.

The data is deleted as soon as Delicato has dealt with the matter to which the communication relates unless there is a legitimate interest in preserving the data.


In that case, the data is saved for a maximum of six (6) months after the last contact with Delicato.


    1. PROCESSING OF PERSONAL DATA WHEN YOU USE OUR WEBSITE


Personal data

  • Identity data - such as age and IP address
  • Contact details - such as address and email address


Purpose

We process your personal data (through cookies) in order to direct our communication and make it more relevant to you, to be able to analyze and follow up the statistics, campaign statistics and to be able to analyze the interaction on our website in order to streamline and improve our business.

Legal basis

Delicato's legitimate interest in being able to conduct market and customer analysis, method and business development as well as collect statistical data and make our marketing as relevant as possible to you.



Storage time

One (1) year from the submission date, after which the data is deleted.


    1. WHEN YOU CREATE A USER ACCOUNT


Personal data

  • Identity data - such as name and email address
  • Contact details - such as address, email address and phone number


Purpose

We process your personal data to provide you with a user account for our online store as well as associated services for the user account, such as "My Wish List".


Legal basis

The processing is necessary to fulfill a user agreement.


Storage time


One (1) year after you deleted your user account with Delicato.




  1. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

If you wish to exercise your rights, contact us at our email info@delicato.se. If you wish to withdraw your consent, you can do so by contacting info@delicato.se.


Right to be informed

You have the right to be informed about how Delicato processes your personal data. The information is primarily provided in this privacy policy.

Right of access

You have the right, upon request, to receive confirmation as to whether or not Delicato is processing your personal data. In the event that Delicato processes your personal data, you have the right to receive information about the processing, as well as access to your personal data through a free register extract of which personal data is registered about you and how these are processed. If a request for a register extract is made repeatedly, Delicato has the right to charge a reasonable fee to administer the request.

Requests for register extracts can be sent by e-mail to info@delicato.se. Delicato reserves the right to take measures to ensure the identity of the person requesting the extract.

Right to rectification

You have the right to have inaccurate personal data concerning you corrected without undue delay upon request. You also have the right to have incomplete personal data concerning you supplemented.

Right to erasure

In certain cases, you have the right to have the personal data Delicato processes about you deleted without undue delay. This applies if:

- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

- you withdraw your consent on which the processing is based and there is no other legal basis for continued processing;

- you object to processing based on Delicato's legitimate interest and there is no legitimate reason to continue the processing that outweighs your interest;

- the processing takes place for direct marketing and you object to the data being processed;

- the personal data has been processed in an illegal manner; or

- it is required to fulfill a legal obligation.

To the extent that it is necessary to continue processing your personal data to, for example, fulfill a legal obligation, Delicato is not obliged to delete your personal data.Rätt till begränsning av behandling

You have the right in certain cases to demand that our processing of your personal data be limited. This applies if:

  • you dispute the correctness of the personal data, you can request limited processing during the time that we check whether the data is correct;
  • the processing is illegal and you object to the deletion of the data and instead request restriction of the use of the data;
  • Delicato no longer needs the personal data for the purposes of processing but you need the personal data to establish, assert or defend a legal claim; or
  • you have objected to processing based on balancing of interests that we have used as a legal basis for a purpose, you can request limited processing of personal data while we work to assess whether our legitimate interests outweigh your legitimate interest.


In case the processing has been restricted, Delicato may only process the personal data with the exception of storage, to establish, exercise or defend legal claims, to protect the rights of someone else or because you have given your consent. If you have had your processing restricted, Delicato will inform you before the restriction of processing ends.

Right to data portability

Under certain conditions, you have the right to obtain the personal data you have provided to Delicato in a structured, commonly used and machine-readable format, and have the right to transfer this personal data to another personal data controller without hindrance from Delicato. The right to data portability requires that the processing is automated, that the transfer is technically possible and that the processing is based on consent or that it is necessary to fulfill an agreement.

Right to object

You have the right to object at any time to processing based on Delicato's legitimate interest. Continued processing of your personal data requires Delicato to show a legitimate reason that outweighs your interest in the current processing. Otherwise, Delicato may only process the data to establish, exercise or defend legal claims.

You also have the right to object at any time to processing carried out for direct marketing, including profiling to the extent that it is related to such direct marketing. If you have objected to processing for direct marketing, we may no longer process your data for such purposes.

Right to withdraw consent

In case Delicato processes your personal data based on your consent, you have a right to withdraw consent at any time. Delicato then stops the treatment. To withdraw your consent, you can send an email to info@delicato.se.

Right to file a complaint

If you have a complaint about Delicato's processing of personal data, you can contact the Swedish supervisory authority Integritetsskyddsmyndigheten (IMY) and present the complaint. The contact details are as follows:

Webbplats: https://www.imy.se/ 
Telefon: 08-657 61 00
E-post: imy@imy.se
Postadress: Box 8114, 104 20 Stockholm

  1. WHERE IS YOUR PERSONAL DATA COLLECTED?

Delicato collects personal data about you from the following sources:

Data that you provide to us yourself: Delicato collects personal data that you provide to Delicato in connection with your contact with Delicato, including in connection with newsletter subscriptions, general communication, marketing, administration of competitions, administration of purchases and administration of applications for employment .


Third party: Delicato does not collect any personal data from third parties.

Publicly available sources: In some cases, personal data is collected from publicly available sources, such as the Swedish Companies Registration Office.

  1. WHO MAY ACCESS YOUR PERSONAL DATA?

Where appropriate, Delicato may share your personal data with third parties. Your personal data is only shared with trusted third parties, such as authorities and business partners, and Delicato will never sell your personal data to anyone else. Sharing your personal data with third parties is based on the same purpose and legal grounds for which it was collected. Below are the categories of recipients with whom your personal data may be shared.

Suppliers and subcontractors: Within the scope of administration of purchases, handling of newsletters or within the scope of daily operations, personal data may be shared with suppliers and subcontractors who then process personal data on Delicato's behalf. It can be about suppliers of IT services, such as for software and data storage, suppliers of financial services such as payment services, and other business consultants, such as advertising agencies.

Social media: When using social media, for example Facebook, LinkedIn, Youtube or Pinterest, your personal data is also collected and processed by these companies. See each company's privacy policy for more information on their processing of your personal data.

5. WHEN MAY DELICATO TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EEA, AND HOW IS THEY PROTECTED THEN?

Delicato always strives to only process your personal data within the EU/EEA. In some cases, however, Delicato may share your personal data with an actor in a country outside the EU/EEA, a so-called "third country". In a third country, the GDPR does not apply, which means that you do not have the same rights and protection for your personal data that the GDPR otherwise guarantees. In order to protect your personal data, the transfer is either based on a decision by the European Commission on an adequate level of protection or covered by appropriate security measures such as the European Commission's standard contractual clauses in combination with organizational and technical safeguards. You can read more about which countries are considered to have an adequate level of protection on the EU Commission's website here and about standard contract clauses here.

Delicato always intends to carry out a risk assessment before a transfer takes place, and takes both technical and organizational safeguards to ensure an appropriate level of protection. Delicato always strives to transfer as little personal data as possible and, if possible, in anonymized form. For more information about which protective measures are taken in the individual case, please send an email to info@delicato.se.

The following recipients outside the EU/EEA may be considered:

Suppliers and subcontractors: In some cases, your personal data may be shared with suppliers and subcontractors outside the EU/EEA. This may involve suppliers of marketing services, IT services and suppliers of financial services to conduct Delicato's operations with a seat or server in a country outside the EU/EEA.

Microsoft Office 365

By using the service, your personal data is processed by the company Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). In connection with Microsoft receiving personal data about you, the personal data may be transferred, among other things, to the United States. You can read more about personal data processing here: https://privacy.microsoft.com/sv-se/privacystatement

Microsoft Corporation is covered by the EU-US Data Privacy Framework List and obtains the certificate required to provide for the transfer of personal data from the EU. Thus, Microsoft follows the necessary guidelines to ensure an adequate level of protection for the data subjects' personal data. You can read more about Microsoft's certification here: https://www.dataprivacyframework.gov/ 

Google

By using the service, your data is processed by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). We use Google Marketing Platform, Google Tag Manager and Google Analytics for marketing services such as; display reports, demographic and interest data reports, advertising. Use of these functions requires the use of Google advertising cookies. We do not have access to data from cookies stored on your device, but we can order ads for specific target categories that we choose (based on information about behavior, interests and demographic data), e.g. for all people who have visited our website in the last 7 days. Google processes the data in the manner described here. You can read more about Google's Marketing Platform's processing of personal data here: https://marketingplatform.google.com/about/analytics/terms/us/


Google LLC is covered by the EU-US Data Privacy Framework List and obtains the certificate required to provide for the transfer of personal data from the EU. Thus, Google follows the necessary guidelines to ensure an adequate level of protection for the data subjects' personal data. You can read more about Google's certification here: https://www.dataprivacyframework.gov/

 

Klaviyo

Through our use of the service, your data is processed by Klaviyo, Inc (125 Summer street, 6th floor, Boston, MA 02110, USA). We use Klaviyo's newsletter services and marketing services such as; dispatch via e-mail. You can read more about Klayvio's personal data processing here: https://www.klaviyo.com/legal/privacy/privacy-notice


Klaviyo, Inc is covered by the EU-US Data Privacy Framework List and obtains the certificate required to provide the transfer of personal data from the EU. Thus, Klaviyo follows the necessary guidelines to ensure an adequate level of protection for the data subjects' personal data. You can read more about Klaviyo's certification here: https://www.dataprivacyframework.gov/



Social media: When you visit or otherwise use Delicato on social media such as Facebook, Instagram, LinkedIn, Youtube and Pinterest, your personal data is also collected and processed by these companies. In connection with these companies receiving personal data, the personal data may be transferred to the United States.

Facebook & Instagram:

By using the services, your personal data is processed by the company Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). You can read more about personal data processing here: https://sv-se.facebook.com/privacy/policy/?entry_point=facebook_page_footer


To read more about the transfer of services to third countries and to read the standard contract clauses, you can read more here: https://www.facebook.com/help/566994660333381?ref=dp


LinkedIn:

By using the service, your personal data is processed by LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). You can read more about the processing of personal data here: https://www.linkedin.com/legal/privacy-policy


To read more about LinkedIn's transfer to third countries and to read the standard contract clauses, you can read more here: https://www.linkedin.com/help/linkedin/answer/62533


TikTok

By using the service, your personal data is processed by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) and TikTok Information Technologies (4 Lindsey Street, Barbican, London, EC1A 9HP, United Kingdom) jointly. The personal data may be shared to China.


Read more about personal data processing here:

https://www.tiktok.com/legal/page/eea/terms-of-service/sv-SE



Youtube

By contacting us via Youtube, your personal data is processed by the company Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Read more about personal data processing here: https://policies.google.com/privacy?hl=en



6. HOW DOES DELICATO PROTECT YOUR PERSONAL DATA?

Delicato takes a number of technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, unauthorized disclosure, alteration or destruction. For more information on what these specific measures are, please send an email to info@delicato.se.


7. AUTOMATED DECISION MAKING AND PROFILING

Delicato does not apply any method of automated decision-making, including profiling.



This policy is subject to change. Current policy was updated on June 28, 2024.