Privacy Policy

1. GENERAL INFO


1.1 What does this policy cover?

This privacy policy (the “Privacy Policy”) governs the processing of personal data collected from individual users (“you”, “your” and ”data subjects”) through the e-commerce website, https://mockberg.eu (the “Website”). The Privacy Policy does not cover any other websites, applications or software that integrate with the Website or any other third-party products and services (for example, our social media service providers that may be linked to or from the Website).


1.2 What is personal data?

Personal data consists of all information that directly, or indirectly together with other information, can be connected to a living (physical) person. A non-exhaustive list with examples of personal data consists of, among others:


  • Name
  • Personal ID number
  • Home address
  • Email address
  • IP address
  • Phone number
  • Order information

1.3 What does processing of personal data mean?

The processing of personal data includes every action connected to the use of the personal data, regardless of whether such an action is performed automatically or not. This includes:


  • Collection
  • Registration
  • Alteration
  • Disclosure by transmission
  • Storage
  • Deletion

1.3 Who is responsible for your personal data?

The Website is owned and operated by Mockberg AB, a company registered in Sweden at the Swedish Companies Registration Office (Sw. ”Bolagsverket”) with the following information:


Company name: Mockberg AB
Swedish organization number: 556989-7159
Registered address: c/o KIVRA, KIVRA: 556989-7159 106 31 Stockholm Sweden
VAT number: SE556989715901
E-mail: contact@mockberg.com


A data controller is a legal person or other entity that determines the purpose and means for the processing of personal data. Mockberg is responsible for the processing of your personal data on the website and is therefore defined as the data controller.


1.4 Why are we allowed to process personal data?

For the processing of personal data to be lawful, we must always have lawful grounds under the GDPR. Such lawful grounds include:


  • Your consent.
  • The necessity of processing personal data to fulfill an agreement (in this case, the Website’s terms of use and our contract based on your purchase of products).
  • The necessity to fulfill a legal obligation, such as retaining data due to accounting requirements.
  • After a weighing of interests, determining that Mockberg’s interests in processing personal data outweigh those of the data subject and that the processing is necessary for the purpose in question.

2. PERSONAL DATA COLLECTED THROUGH THE WEBSITE


2.1 What personal data do we collect?

At Mockberg, we only collect the minimal amount of personal data necessary for your use of the Website (also known as ”data minimization”). We use your personal data for limited, specified and legitimate purposes, which are explicitly mentioned in this Privacy Policy. In general, your personal data is used for the purposes of providing you with access to the Website, assuring its maintenance and improvement, processing your product orders, replying to your inquiries, and looking after our legitimate interests.


Below, you can find an overview of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing it.


Product orders

Type of personal data: When you place an order on our Website, we collect your first name, last name, billing and delivery address, email address, and telephone number.


Legitimate purpose: We use this information to send you transactional receipts, deliver your product orders, contact you, if necessary, handle customer service-related inquiries and maintain our business records.


Lawful grounds: Our contract with you.


Time of storage: We will store your data for as long as required by applicable legislation (at least 7 years).


Payments

Type of personal data: When you make a payment, our payment processors collect your personal data, such as first name, last name, billing and delivery addresses, and payment details (for example, credit card details). Please note that the types of personal data that you need to submit depend on which payment processor you choose. We do not have access to your full payment data since only parts of your personal data is made available to us by the payment processors.


Legitimate purpose: Your data is used to send you transactional receipts, deliver your product orders, contact you, if necessary, and maintain our business records.


Lawful grounds: Our contract with you.


Time of storage: We will store your data for as long as required by the applicable legislation (at least 7 years).


Reviews

Type of personal data: When you leave a review about your product purchase, we collect your name and any other information that you decide to provide in your review.


Legitimate purpose: We use your data to feature your review on the Website and give other customers an unbiased opinion regarding our products.


Lawful grounds: Your consent.

Time of storage: We will store your review until you ask us to delete it or until we determine that it is no longer relevant (for example, if the product reviewed is no longer sold by us).


Inquiries

Type of personal data: When you contact us by email, we collect your name, email address, and any additional information that you decide to share in your message and subsequent correspondence. When you contact us through our contact form, we collect your first name, last name, email address, phone number, and any additional information that you decide to share in your message and subsequent correspondence. When you contact us through our chat widget, we collect your first name, last name, email address, phone number, and any additional information that you decide to share in your message and subsequent correspondence.


Legitimate purpose: We use this data to respond to your inquiries and provide you with the requested information.


Lawful grounds: Our legitimate interest in helping you with your inquiry and (for optional personal data) your consent and (if the inquiry is concerning a product that you have purchased from us) our contract.


Time of storage: We will store this data until you stop communicating with us and we determine that the inquiry has been sufficiently handled.


2.2 Commercial correspondence

We send you our commercial communication only if (i) you opt-in for our newsletter, (ii) subscribe for a newsletter by giving us your email address, or (iii) purchase something from our Website and we want to inform you about our similar products. In such cases, you will receive information about our new products and special offers. The lawful grounds on which we rely are your consent or our legitimate interests in growing our company’s business. At any time, you can opt-out from receiving our commercial communication by clicking the “unsubscribe” link included in our newsletters/emails or by contacting us directly.


2.3 Transactional notifications

We may send you important informational messages through email or SMS, such as order updates, payment receipts, invoices, shipping information, and other technical or administrative information. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial correspondence that may require your prior consent. You cannot opt-out from service-related notices.


2.4 Feedback and miscellaneous inquiries

If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records). If your personal data is de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any legitimate purpose.


2.5 Sensitive personal data

Certain personal data is inherently particularly sensitive and therefore has stronger protection. These are referred to as sensitive personal data. This includes information about health, genetic and biometric data, religious or philosophical beliefs, political opinions, ethnic origin, sexual orientation and sex life, as well as trade union membership. We do not collect sensitive personal data.


2.6 Where we get your personal data

We collect personal data from the following sources:


  • Directly from you: for example, if you submit your personal data when you purchase something from us or contact us;
  • Directly/indirectly through your activity on the Website: when you use the Website, we automatically collect technical information about your use; and
  • From 3rd parties: we may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a legal basis for disclosing your personal data to us (for example, for payment processing purposes).

2.7 Consequences of refusal to provide personal data

If you choose not to provide your personal data when requested, we may be unable to carry out the requested action (such as processing your order), and you may not be able to fully access the Website’s features, obtain the information you requested, or receive our response. If you believe any of the personal data we collect is excessive or unnecessary for its intended purpose, please inform us immediately.


3. STORAGE OF PERSONAL DATA


3.1 Time of storage (personal data)

We store your personal data only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to update or delete your personal data, whichever comes first. For more details about the period for which each type of personal data is stored, please refer to section 2.1. After your personal data is no longer necessary for its purposes and we do not have other lawful grounds for storing it, we will immediately securely delete your personal data from our systems. We do not store any personal data longer than strictly necessary.


3.2 Time of storage (non-personal data)

We retain non-personal data (i.e., any information not classified as personal data) related to you for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Duration will vary depending on our legitimate purpose, which could be to evaluate our business activities, meet our contractual obligations, pursue legitimate interests, conduct audits, comply with legal requirements (and demonstrate such compliance), resolve disputes, and enforce our agreements.


3.3 Legal requirements regarding time of storage

When we are legally required to retain your personal data for a specified period (e.g., for maintaining accounting and business records), we will store your data for the duration mandated by applicable law (typically 7 years) and securely delete it once the retention period has ended.


4. PROTECTION AND DISCLOSURE OF PERSONAL DATA


4.1 How we protect your personal data

We apply both technical and organizational security measures to protect your personal data against loss, misuse, unauthorized access and disclosure. These measures include secure networks, robust passwords, obfuscated URLs, restricted access for our staff, data anonymization where possible, regular updates and security patches, along with carefully chosen data processors.


4.2 When we share your personal data

We maintain strict confidentiality of your personal data. However, when necessary to fulfill our legitimate purposes of processing your personal data, we may disclose it to entities that provide services on our behalf or support our business operations (our data processors). This may include sharing your personal data with entities that offer technical support services, such as hosting, payment processing, shipping, and email distribution. We do not sell your personal data to third parties and have no intention of doing so in the future. Disclosure of your personal data is limited to the following purposes:


  • Ensuring the proper functioning of the Website;
  • Delivering your products;
  • Responding to your inquiries;
  • Processing your payments;
  • Pursuing our legitimate interests;
  • Enforcing our rights, preventing fraud, and for security purposes;
  • Fulfilling our contractual obligations;

4.3 How we share your personal data

Although we are based in Sweden, a country that belongs to the European Economic Area (EEA), some of our data processors may be based outside the EEA or the country where you reside. Therefore, we may need to transfer your personal data outside your country. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data. We may also enter into an agreement with the data processor that ensures such protection (for example, a data processing agreement based on pre-approved standard contractual clauses).


5. YOUR RIGHTS AS A DATA SUBJECT


5.1 You have great control of the processing of your personal data

You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:


  • Right of access - you can obtain a copy of the personal data we hold about you and a list of the purposes for which your personal data is processed;
  • Right to data portability - you can request a copy of your personal data in a structured, commonly used, and machine-readable format, ready to be transferred to another processor;
  • Right to erasure - you can request the deletion of your personal data from our systems;
  • Right to object - you can request that we stop processing your personal data;
  • Right of restriction - you can request that we limit the processing of your personal data;
  • Right of rectification - you can ask us to correct any inaccurate or incomplete data we hold about you;
  • Right to withdrawal of consent - you have the right to withdraw any consent that you have provided us with; or
  • Right to complaint - you can file a complaint regarding our processing of your personal data.

5.2 Exercising your rights

If you wish to exercise any of your rights as outlined above, please contact us by email (contact@mockberg.com), with the subject line 'GDPR – Request,' and provide a detailed explanation of your request. To verify the legitimacy of your request, we may ask you to provide identifying information so that we can confirm your identity in our system. We will respond to your request as soon as possible and always within a reasonable timeframe of up to 30 days. If you are not satisfied with how we handle your personal data, you also have the right to report our processing of your personal data to the relevant authority. For more information about the relevant authority in your country of residence, please visit here. However, for a smooth and efficient resolution, we recommend that you first reach out to us so that we can assist with any questions or concerns.


6. MISCELLANEOUS


6.1 Validity

This version of the Privacy Policy is valid as of the date indicated at the top of the Privacy Policy and remains in force until it is terminated or updated by us.


6.2 Changes and updates to the privacy policy

We reserve the right to update this Privacy Policy periodically. Changes may be made to reflect adjustments in our business practices, Website functionalities, relevant laws, regulations, and industry standards. Any updated version of the Privacy Policy will be posted on this page, and if we have your email address, we will notify you of the changes. We encourage you to review our Privacy Policy regularly to stay informed. For substantial changes or where required by law, we may seek your consent.


6.3 Children’s personal data

The Website is not intended for use by persons under the age of 18. Therefore, we do not knowingly collect children’s personal data. If you become aware that a child has provided us with his or her personal data and you are a parent or a legal guardian of the child, please contact us immediately and we will remove the child’s personal data from our systems.


6.4 Contact information

Please do not hesitate to contact us through email (contact@mockberg.com) if you have any questions about this Privacy Policy, the processing of your personal data, or if you wish to request an access request.