Privacy Policy

This policy establishes how Hasta AB (including the brands Hasta, Lectus Sängar, and Descotex) processes your personal data.

What is personal data?
Personal data is any information that can be used, individually or together with other information, to identify a person. That is, any type of information that is directly or indirectly attributable to a living natural person. This can include, for example, names and e-mail addresses, but also images and audio recordings that are processed using a computer, even if no names are used. Encrypted data and various types of electronic identifiers, such as IP numbers, are considered personal data if they can be linked to natural persons.

What does personal data processing entail?
All handling of personal data is considered processing, regardless of whether it is automated. This includes actions such as collecting, recording, storing, adapting, organizing, transmitting, and erasing personal data.

Data controller
Hasta AB, Swedish company no. 556477-7828, Fabriksgatan 12, SE-731 50 Köping, Sweden.

Providing personal data is voluntary. If you wish to erase or restrict the processing of your personal data, please e-mail [email protected], call +46 (0)221 345 00, or write to Hasta AB, Fabriksgatan 14, SE-731 50 Köping, Sweden to inform us of your wishes. Please note that the processing of some of your personal data is required if you are to buy from us and use our website.

1. Which personal data are collected, for what purposes, and for how long are they kept?

1.1 Purpose: Manage purchase/order.

Personal data

  • Name
  • Contact details (e.g., address, e-mail, phone number)
  • Payment history
  • Payment information
  • Credit ratings from credit rating agencies
  • Purchasing information (e.g., ordered products, delivery address)
  • User details of those who have entered this information under “My account”

Processing

  • Delivery (including notification and contact regarding delivery)
  • Identification and age verification
  • Payment processing via Klarna
  • Managing complaints and warranty claims

Legal basis: Performance of the sales agreement.
We collect these personal data because they are required to fulfil our obligations under the sales agreement. We may be forced to refuse your purchase if this information is not provided as we are then unable to fulfil our obligations.

Data retention period:We keep the data until the purchase is completed, delivered, and paid for and for a further 36 months in order to fulfil our warranty obligations and to manage any complaints.

1.2 Purpose: Fulfil the company’s legal obligations

Personal data

  • Name.
  • Contact details (e.g., address, e-mail, and phone number)
  • Payment history
  • Payment information
  • Your correspondence
  • Details about the time of purchase

Processing

  • Processing necessary to fulfill the company’s legal obligations as per legal requirements, judicial decisions, and government decisions (e.g., Swedish acts on accounting and money laundering or Swedish regulations on product liability and safety, such as to be able to contact customers concerning product recalls in the event of defective or hazardous products).

Legal basis: Legal obligation.
We collect these personal data because it is a legal requirement. We may be forced to refuse your purchase if this information is not provided as we are then unable to fulfil our legal obligation.

Data retention period:We keep the data until the purchase is completed, delivered, and paid for and for a further 36 months in order to fulfil our warranty obligations and to manage any complaints.

1.3 Purpose: Manage customer service cases

Personal data

  • Name
  • Contact details (e.g., address, e-mail, and phone number)
  • Your correspondence
  • Details about the time of purchase, place of purchase, any faults/complaints
  • Technical details about your product
  • User details of those who have entered this information under “My account”

Processing

  • Identification
  • Communication and responses to any questions addressed to customer service, which encompasses both telephone calls and digital channels, including social media.
  • Investigation of customer service cases, including technical support.

Legal basis: Legitimate interest.
We collect and process these data as they are necessary if we are to fulfil our and your legitimate interest in managing customer service cases.

Data retention period:We keep the data for 36 months from the closing of the customer service case.

1.4 Purpose: Evaluate, develop, and improve our services, products, and systems for our customers

Personal data

  • Age
  • Sex
  • City
  • Purchase and user-generated data (e.g., click and page visit history)
  • Information about devices and settings, including IP address, web browser settings, language settings, operating system, and screen resolution.
  • Information about your behavior on our website, such as how you found the website, how long you visit various pages, response times, and more.

Processing

  • To make our website more user-friendly and easily navigated for you as a customer
  • To collate material to help to develop and improve our product offering and to enable customers to influence our offering
  • To collate material to help to develop and improve our resource efficiency in terms of the environment and sustainability (e.g., by optimizing our purchasing and planning deliveries)
  • To collate material to help to improve IT security for the company and our customers

Legal basis: Legitimate interest.
We collect and process these data as they are necessary if we are to fulfil our and your legitimate interest in ensuring a simple and straightforward purchasing process and a user-friendly experience of our services, products, and systems.

Data retention period:We keep the data for 36 months from the date of collection.

1.5 Purpose: To send digital newsletters featuring special offers and information to our subscribers

Personal data

  • E-mail address
  • IP address
  • Date of registration
  • Web browser and/or e-mail client

Processing

  • Transfers to the MailChimp platform that provides the solution for sending our newsletters
  • Creation of your personalized special offers and general special offers for all members.
  • Creation of personalized and relevant mailings via MailChimp
  • Analysis of newsletter results to see who opened the e-mail and who clicked the links

Legal basis: Legitimate interest.
The processing is necessary to fulfil the legitimate interest in special offers and information sent in mailings of both ourselves and our subscribers who have given their consent to receive such newsletters.

Data retention period: Until consent is withdrawn by manually unregistering from our newsletter mailing list.

1.6 Purpose: To provide a personalized experience of our services

Personal data

  • Name
  • Username
  • Age
  • Sex
  • City
  • Purchase history

Processing

  • Creation of personalized content on our website
  • Improving your user experience of our website by, for example, saving your favorites and cart contents to simplify future purchases
  • Creation of relevant product recommendations/ads on Facebook
  • Creation of relevant Google search results

Legal basis: Legitimate interest.
We collect and process these data as they are necessary if we are to fulfil our and your legitimate interest in personalized special offers and relevant marketing.

Data retention period:For a period of 26 months after you have visited our website.

2. Who has access to your personal data?

Personal data may be disclosed to Hasta’s business partners provided this is necessary in order to offer our services. Personal data is disclosed to the authorities only where required by law or government decisions. We share your personal data with the following business partners:

  • Shipping companies and shipping agents in order to deliver your goods
  • Payment solution providers such as Klarna (see section 2.1)
  • Marketing companies (such as advertising agencies, printers, social media)
  • IT services (companies that manage the operation, maintenance, and development of our website)
  • Google Analytics (see section 2.2)
  • Facebook (see section 2.3)
  • MailChimp (see section 2.4)

2.1 Klarna

We share your personal data with Klarna through the WooCommerce Klarna Gateway plugin in order to manage payments. Klarna uses your personal data to, among other things, check your credit rating when paying by invoice or instalment.

2.2 Google
Your personal data is disclosed to Google because we use Google Analytics, which means that your personal data may be forwarded to and stored on Google’s servers. These servers are located in different parts of the world; you can read more about storage in section 5.

The data we share with Google are your IP address and your behavior on our website. These are used on an aggregated level for analysis by Google Analytics in order to improve the service and user experience offered via our website. They are also used to personalize search results and marketing so as to improve their relevance to you. Google may also use your personal data to evaluate their services. You can read more in section 1.6.

2.3 Facebook
Since we share your personal data with Facebook, they may be stored on some of Facebook’s servers located outside Europe. You can read more about storage in section 5.

We use Facebook’s proprietary Facebook for WooCommerce plugin that, via a Facebook pixel, collects your IP address and details about your behavior on our website (which pages you have visited, which products you have added to the cart, and which products you have purchased). These data are used on an aggregated level for analysis and on an individual level for personalized and relevant ads. You can read more in section 1.6.

2.4 MailChimp
We share your personal data with MailChimp to send mailings to those who have subscribed to our newsletter. Accordingly, your personal data may be forwarded to, and stored on, MailChimp’s servers.

The newsletters distributed via MailChimp contain so-called web beacons, which enable us to collect information about when you opened the e-mail, your IP address, your web browser and/or e-mail client, and other related information. This information helps us to evaluate the outcome of the mailing, such as to see who has opened the newsletters and who has clicked links in the newsletter content. MailChimp uses this information to generate reports about newsletter outcomes and the actions taken by our subscribers. These reports are also available to MailChimp, which may collect and review the information therein. These reports are also available to MailChimp, which may collect and review the information therein.

3. Cookies

Hasta uses cookies to improve its website. Some cookies are necessary for the website to function properly while others are used to enable us to improve the website and user experience or for marketing purposes.

Cookies are small files containing data that most websites you visit send to your browser, where they are stored. Normally, cookies are used to improve the user experience by remembering which language you prefer to use, whether you are logged in, which screen resolution you are using, and so on.

We use cookies:
– To keep you logged in during your visit to our website
– To improve your user experience by, for example, saving the items you add to your cart between sessions
– For marketing purposes

You can also manage how cookies are used in your web browser or device settings. Blocking or deleting cookies may cause our website and services to function incorrectly or not at all.

4. Where do we process your personal data?

We strive to process your personal data within the EU/EEA. All of our own processing of your personal data takes place within the EU/EEA. The data we share with, and which are processed by, MailChimp, Facebook, and Google may be transferred to and stored in countries outside the EU/EEA.

MailChimp, Facebook, and Google comply with the GDPR and ensure the same security for your personal data as within the EU/EEA.

5. How long do we keep your personal data?

You can read how long we keep personal data for each purpose for which we collect personal data in section 1. However, we never keep personal data any longer than necessary.

6. Your rights

Right of access: You have the right to at any time request information about the personal data we have on you. You have the right to know which data we collect, where it is stored, how it is used, and why we collect, process, and store your data.

Right to rectification:In the event of incorrect or incomplete data, you have the right to request that they be rectified. If you are a registered member at Hastahome.se, you can edit certain data under My account.

We may need to keep some data regardless, if they are necessary for the purposes for which they have been collected or processed. We are also entitled to refuse your request if legal obligations prevent us from erasing certain data immediately.

Right to restriction: You also have the right to restrict our processing of your personal data.

Right to data portability: You have the right to request that the personal data we have on you be transferred to another data controller.

Right to erasure:You may at any time withdraw your consent to our use of your personal data and you are also entitled to have your personal data erased and to block any future collection and use of your data. If you would like us to erase your personal data, you can e-mail [email protected], call +46 (0)221 345 00, or write to Hasta AB, Fabriksgatan 14, SE-731 50 Köping, Sweden.

7. How is your personal data protected?

We want you to have peace of mind as regards our processing of your personal data and use IT systems to secure the confidentiality, privacy, and accessibility of your data. We take the necessary security measures to protect your personal data against unlawful or unauthorized processing. We do not collect more data than necessary and your personal data are not processed by, or accessible to, more persons than necessary to meet our stated purposes.

Swedish Data Protection Authority
The Swedish Data Protection Authority is responsible for monitoring compliance with the applicable legislation. You can also contact this authority if you believe that a company processes personal data in an incorrect manner.

8. Changes to this policy

We reserve the right to make changes to this policy and will provide reasonable notice of any such changes. If you do not find the changes acceptable, you may decline to consent or withdraw any previously given consent.