Designtorget Privacy Policy
At Designtorget, we protect your privacy and always strive to maintain a high level of data protection (for example, we would never sell your personal information to another company). This privacy policy explains how we collect and use your personal information. It also describes your rights and how you can exercise them.
It is important that you read and understand this privacy policy and feel confident in how we handle your personal data. You are always welcome to contact us if you have any questions.
Using the table of contents below, you can easily navigate to the sections that are of particular interest to you.
Table of Contents
Designtorget Privacy Policy ............................................................................................. 1
Who is responsible for the personal data we collect? ...................................................... 2
What is personal data, and what does “processing of personal data” mean? ..................... 2
What personal data do we collect about you as a customer or visitor to designtorget.com—and for what purpose (why)? ............................................................................................. 2
For the purpose of processing orders/purchases ........................................................... 2
To fulfill the company’s legal obligations ................................................................... 3
To handle and follow up on customer service inquiries ................................................ 4
For training and quality assurance purposes during or after contact with customer service .............. 5
For marketing in digital channels (search engines, social media, banners) ............... 6
To provide information about and market products and services ......................... 8
To conduct and manage participation in contests ...................................................... 8
To evaluate, develop, and improve our services, products, and systems
for our customer base as a whole ..................................................................................................... 9
To prevent misuse of a service, conduct product liability investigations
or to investigate/prevent crimes or accidents ...................................................................... 10
To provide a personalized experience ........................................... 11
From which sources do we collect your personal data? ............................................................. 12
Automated decision-making and profiling ...................................................................... 12
With whom might we share your personal data? ................................................. 12
Where do we process your personal data? ...................................................................... 13
What rights do you have as a data subject, and how can you exercise them? .............................. 13
How to Exercise Your Rights .................................................................................... 13
How do we handle personal identification numbers? ......................................................................... 14
How is your personal data protected? .................................................................................... 14
What does it mean that the Swedish Data Protection Authority is the supervisory authority? ..................... 14
Who is responsible for the personal data we collect?
Designtorget AB, corporate ID number: 556508-3267, located at Dalagatan 100, 113 43 Stockholm, Sweden is the data controller for the company’s processing of personal data.
What is personal data, and what does “processing of personal data” mean?
Personal data is any information that can be directly or indirectly attributed to a living natural person. For example, images and audio recordings that are processed may constitute personal data even if no names are mentioned. Encrypted data and various types of electronic identifiers (e.g., IP addresses) are personal data if they can be linked to natural persons.
Processing of personal data refers to any action taken with regard to such data. Every action taken with personal data constitutes processing, regardless of whether it is performed automatically or not. Examples of common processing activities include collection, recording, organization, structuring, storage, adaptation, transmission, and erasure.
What personal data do we collect about you as a customer or visitor to designtorget.com, and for what purpose (why)?
For the purpose of processing orders/purchases
Categories of Personal Data
Name
Social Security Number
Contact information (e.g., address, email, and phone number)
Payment history
Payment information
Purchase information (e.g., which item was ordered, from which supplier it was purchased, or whether the item is to be delivered to a different address)
IP address, geographic information about the device, and browser settings
Processing operations performed
Delivery (including providing delivery options, notifications, and communications regarding the delivery)
Payment processing (including analysis of possible payment solutions, which may involve a check against payment history)
Handling of complaints and warranty claims
Legal basis
Fulfillment of the purchase agreement
This collection of your personal data is necessary for us to fulfill our obligations under the purchase agreement.
If the information is not provided, we cannot fulfill our obligations and will therefore be forced to deny your purchase.
Are you required to provide personal data to us?
Yes, according to the purchase agreement
If we are not permitted to process your personal data, we cannot complete your purchase
Is it necessary to provide personal data to enter into a contract?
Yes
If we are not permitted to process your personal data, it is not possible to enter into a purchase agreement
Retention period
Until the purchase is completed (including delivery and payment)
Thereafter, for 36 months to handle any complaints or warranty claims
Recipients of data
IT service providers, such as:
e-commerce platform
CRM systems
systems for selecting and booking delivery
Payment service provider
Freight forwarders
Transfer of personal data to third countries
Yes
The data is collected from
You, when you make a purchase
An external source, in connection with verifying your address
Automated decision-making (including profiling)
No
To fulfill the company’s legal obligations.
Categories of personal data
Payment history
Payment information
Your correspondence relevant to Designtorget’s fulfillment of the legal obligation in question
Information regarding the date of purchase, place of purchase, and any defects or complaints
Processing activities performed
Processing necessary to fulfill the company’s legal obligations under statutory requirements, court rulings, or decisions by public authorities
Examples: the Accounting Act, the Anti-Money Laundering Act, and regulations regarding product liability and product safety
May include the preparation of communications and information for the public and customers regarding product alerts and recalls (e.g., in the case of defective or hazardous products)
Legal basis
Legal obligation
This collection of personal data is required by law
If the information is not provided, we cannot fulfill our legal obligation, which means we must deny your purchase
Are you required to provide personal data to us?
Yes
We must be able to fulfill our legal obligations under, for example, the Accounting Act and the Product Liability Act
Is it necessary to provide personal data to enter into a contract?
No
Retention period
Until the purchase is completed (including delivery and payment)
Thereafter for 36 months, unless required by law to retain the data for a longer period
Recipients of data
Carriers
Suppliers of:
IT systems
E-commerce platforms
Business systems
CRM systems
Payment service provider
Transfer of personal data to third countries
Yes
The data is collected from
You, when making a purchase or when contacting Designtorget
Automated decision-making (including profiling)
No
To handle and follow up on customer service cases.
Categories of personal data
Name
Social Security number
Contact information (e.g., address, email, and phone number)
Your correspondence regarding the matter and any feedback you provide
Information regarding the date of purchase, place of purchase, order number, and any defects or complaints
Details regarding your customer service case
Technical information about your equipment
Information you provide to us regarding the matter, such as health data including allergic reactions and medical conditions
Treatments performed
Communication and responses to customer service inquiries via phone
through digital channels (including social media)
Identification
Investigation of any complaints and support cases (including technical support)
Follow-up on Designtorget’s handling of your case
Legal basis
Legitimate interest
The processing is necessary to fulfill our and your legitimate interest in handling customer service cases
Are you required to provide personal data to us?
No
However, if you do not provide your personal data, we will not be able to handle your customer service matter
Is it necessary to provide personal data to enter into a contract?
No
Retention period
Until the customer service case is closed
Thereafter, for 36 months
Recipients of data
Our suppliers of:
case management system
CRM system
E-commerce platform
Email system
Telephony system
Secure messaging
Payment service provider
External customer service agents
Transfer of personal data to third countries
Yes
The data is collected from
You, when making a purchase or when contacting Designtorget
Automated decision-making (including profiling)
No
For training and quality assurance purposes during or after contact with Designtorget’s customer service.
Categories of personal data
Name
Contact information (e.g., address, email, and phone number)
Your correspondence regarding your inquiry
Details of your customer service case
Your responses to completed customer satisfaction surveys
Services provided
Sending out a customer satisfaction survey to follow up on Designtorget’s handling of your case
Review of the number of responses received from the customer satisfaction survey to improve our service
Legal basis
Legitimate interest
The processing is necessary to fulfill our legitimate interest in recording phone calls for training and quality assurance purposes, as well as for security reasons
Are you required to provide personal data to us?
No
However, if you do not provide your personal data, we will not be able to handle your customer service request over the phone
Is it necessary to provide personal data to enter into a contract?
No
Retention period
Information regarding completed surveys is stored for 90 days after the customer service case is closed
Recipients of data
Our provider of:
case management system
secure messaging
External customer service agents
Transfer of personal data to third countries
Yes
The data is collected from
You, when you communicate with Designtorget’s customer service
Automated decision-making (including profiling)
No
For marketing in digital channels such as search engine marketing, social media, and banner advertising.
Categories of personal data
Information collected via cookies, such as:
IP address
Information about your browser
The device you are using
User ID
Processing operations performed
Collection and transfer of personal data to marketing partners
To display targeted ads on social media and other digital platforms and websites
Analysis and evaluation of ad campaigns
Making decisions regarding changes to campaigns to optimize their results
Legal basis
Consent
Collected via the cookie banner when you visit designtorget.se
Are you required to provide personal data to us?
No
Is it necessary to provide personal data to enter into a contract?
No
Retention period
See Designtorget’s Cookie Policy for information on the retention period for cookies
Recipients of data
Keyword advertising provider
Digital strategy partner
Media agency
Transfer of personal data to third countries
Yes
For the purpose of providing information about and marketing products and services, as well as providing personalized offers.
Categories of personal data
First and last name
Email address
Phone number
Order information
Purchase history
Information collected via cookies, such as:
IP address
Information about your browser
The device you are using
User ID
Your interaction with us, such as:
Whether you opened an email from us
Whether a purchase was made as a result of a newsletter
Which information in the newsletter was of interest to you
Information about abandoned shopping carts
Processing activities performed
Sending newsletters
Develop and share relevant offers with you
For example, based on your interaction with us or in connection with your birthday
Matching completed purchases with existing customers
To link purchases to customers where relevant
Analysis of collected data
You are categorized into a customer group (known as a customer segment) based on, for example, purchase history, contact information, place of residence, age, and gender
Analysis is conducted both:
at the aggregated level (using de-identified or pseudonymized data)
at the individual level
The insights are used for:
Product Recommendations
Personalized Offers
Business Planning
Customer Experience Optimization
Legal Basis
Consent, obtained when you choose to subscribe to the newsletter
Legitimate interest, as the processing is necessary to create a better customer experience and more personalized offers
Are you required to provide personal data to us?
No
However, without your personal data, you cannot receive newsletters or personalized offers
Is it necessary to provide personal data to enter into a contract?
No
Retention period
Until you unsubscribe from our mailings
Or if you have been inactive for 24 months
In systems for matching and integration between e-commerce platforms and CRM systems, the information is deleted no later than 30 days
Recipients of data
E-commerce platform provider
CRM system
Systems for matching and integration between e-commerce platforms and CRM systems
Transfer of personal data to third countries
Yes
The data is collected from
You, when you make a purchase or choose to subscribe to a newsletter
Automated decision-making (including profiling)
No
To facilitate and manage participation in contests.
Categories of personal data
Name
Contact information (e.g., address, email, and phone number)
Information provided in contest entries, including the date of submission
Name or alias (e.g., on social media) that you provide to participate in the contest
Information about purchases made (when relevant to the contest)
Processing activities performed
Communications before and after participating in a contest
E.g., confirmations of entries, questions, or evaluations
Selection of winners and distribution of any prizes
E.g., prize payments or travel reservations
Collection of statistics on contest participation
The statistics are compiled on a completely anonymous basis
Legal basis
Legitimate interest
The processing is necessary to fulfill our and your legitimate interest in managing participation in competitions
Are you required to provide personal data to us?
No
However, if we are not permitted to process your personal data, you may not be able to participate in the contest
Is it necessary to provide personal data to enter into a contract?
No
Retention period
For the duration of the contest, game, or event (including any evaluation)
Recipients of data
IT service providers such as:
CRM System
Competition Management System
Potential partners for the competition
Social media
Transfer of personal data to third countries
Yes
The data is collected from
You, in connection with your participation in the contest
Automated decision-making (including profiling)
No
To evaluate, develop, and improve our services, products, and systems for our customer base as a whole.
Categories of personal data
Age
Gender
Place of residence
Contact information (e.g., email and phone number)
Correspondence and feedback regarding our services and products
Purchase and user-generated data (e.g., click and visit history)
Technical data about devices and their settings, such as:
Language setting
IP address
Browser settings
Time zone
Operating system
Screen resolution
Platform
Information about how you have interacted with us, such as:
How you used the service
Where and how long pages were visited
Response times
Download errors
How you access and exit the service
Processing operations performed
Customizing services to make them more user-friendly
For example, modifying the user interface to simplify the flow of information or highlight frequently used features
Developing documentation to:
Improve product and logistics flows (forecasting purchases, inventory, and deliveries)
Develop and improve our product range
Develop our resource efficiency from an environmental and sustainability perspective
Plan new store and warehouse openings and potential closures
Improve IT systems and security
Give customers the opportunity to influence the product assortment
Analysis of collected data
You are assigned to a customer segment (group) based on factors such as purchase history, contact information, age, and gender
Analysis is conducted at an aggregated level using de-identified or pseudonymized data
Insights are used for:
Purchasing
Business planning
Optimizing the customer experience
Legal basis
Legitimate interest
This processing is necessary to fulfill our and our customers’ legitimate interest in evaluating, developing, and improving our services, products, and systems
Are you required to provide personal data to us?
No
Is it necessary to provide personal data to enter into a contract?
No
Retention period
From the date of collection and for 36 months thereafter
Recipients of data
Providers of:
IT systems
E-commerce platform
Business systems
CRM systems
Payment service providers
BI systems
Analytics services
Transfer of personal data to third countries
Yes
The data is collected from
You, via cookies
The IT systems used by Designtorget, such as e-commerce systems
Automated decision-making (including profiling)
Yes
We analyze and draw conclusions about our customers’ purchasing behavior (at the group level) to develop our business as well as our products and services
Read more under the heading “Automated Decision-Making and Profiling”
To prevent misuse of a service, conduct product liability investigations, or to prevent, deter, and investigate crimes against the company or accidents that have occurred.
Categories of personal data
Contact information such as:
Name
Address
Phone number
Social Security number
Images
Purchase and user-generated data (e.g., click and visit history)
Technical data about devices and their settings, such as:
Language setting
IP address
Browser settings
Time zone
Operating system
Screen resolution
Platform
Information on how our digital services are used
Information about your customer service cases
Reason for the access ban
Information resulting from a granted restraining order
Processing activities carried out
Preventing and investigating potential fraud or other violations of the law
E.g., incident reporting in stores and follow-up on customer service cases
Preventing spam, phishing, harassment, or other illegal activities
As required by law or our terms and conditions of purchase and service
Protecting and improving our IT environment against attacks and intrusions
To protect and improve the environment in our stores
For the purpose of preventing and investigating accidents, as well as investigating product liability
To apply for and enforce a court-ordered restraining order
In accordance with applicable law
Legal basis
Compliance with a legal obligation (if applicable)
Establishment of legal claims (if any)
Legitimate interest
If there is no legal obligation, the processing is necessary to prevent misuse of a service and to prevent and investigate crimes against the company
Are you required to provide personal data to us?
Yes
Is it necessary to provide personal data to enter into a contract?
No
Retention period
From the date of collection and for up to 36 months thereafter
Recipients of data
Authorized third parties for the purpose of:
Prevent and investigate accidents
Conduct product liability investigations
Transfer of personal data to third countries
Yes
The data is collected from
Cookies
Designtorget’s e-commerce IT system, etc.
Automated decision-making (including profiling)
No
To provide a personalized experience of our services
Categories of personal data
Cookies that store:
IP address
User ID
IP address
Purchase and user-generated data
E.g., click and visit history
Processing operations performed
Creating personalized content
E.g., relevant product recommendations and other measures to simplify the user experience
Analysis of collected data
Based on, for example, purchase and click history
Analysis is performed both:
At the aggregate level
At the individual level
The insights are used to:
Present relevant content to you
Optimize the experience for you as an individual and for the customer base as a whole
Legal basis
Consent
Obtained via the cookie banner when you visit designtorgets.se
Are you required to provide personal data to us?
No
Is it necessary to provide personal data to enter into a contract?
No
Retention period
See Designtorget’s consent banner on the website for information about the retention period for cookies
Recipients of data
Designtorget’s providers of:
E-commerce platform
Website
Analytics systems used for the aforementioned purposes
Transfer of personal data to third countries
Yes
The data is collected from
Cookies
Designtorget’s e-commerce and website IT systems
Automated decision-making (including profiling)
Yes. We analyze and draw conclusions about your purchasing behavior based on:
Previous Purchases
Demographics
Geography
Your interactions with us and our communications
The purpose is to predict which offers may be of most interest to you
Read more under the heading “Automated Decision-Making and Profiling”
From which sources do we collect your personal data?
In addition to the information you provide to us yourself, or that we collect from you based on your purchases and how you use our services, we may also collect personal data from another party (a so-called third party).
Information about:
where the data was obtained, and
whether it comes from a third party
is provided in each box under the heading:
“What personal data do we collect about you as a customer or visitor to designtorget.se, and for what purpose (why)?”
Automated Decision-Making and Profiling
Profiling means that we analyze information about you to assess your personal characteristics. This allows us to understand you as a customer and create the best possible offers for you.
Information about the purposes for which we perform profiling can be found under the heading:
“What personal data do we collect about you as a customer or visitor to designtorget.se, and for what purpose (why)?”
Profiling activities we perform:
Analyzing and understanding your purchasing behavior
(based on past purchases, demographics, geography, and your interactions with us and our communications)
Predicting which offers may be most interesting to you
Understand which purchasing channels you prefer (e.g., online or in-store) and tailor offers accordingly
Analyzing and drawing conclusions about the customer base as a whole and at the individual level
(to develop our business as well as our products and services)
Who might we share your personal data with?
Data Processors
In certain cases, we share your personal data with companies that act as data processors—that is, they process the information on our behalf and in accordance with our instructions.
Information about these parties can be found in the respective box under the heading:
“What personal data do we collect about you as a customer or visitor to designtorget.se, and for what purpose (why)?”
We have written agreements with all data processors, in which they:
guarantee the security of the personal data being processed
undertake to comply with our security requirements
comply with our restrictions and requirements regarding international transfers
Personal data may also be shared with third parties for the purpose of:
prevent and investigate accidents
handle product liability investigations
This is done based on our legitimate interest in protecting our customers’ health and safety.
Independent Data Controllers
We also share data with companies that are independent data controllers. These companies determine how the information is processed, and their own privacy policies apply.
Examples of such recipients:
Government agencies, such as the Police and the Swedish Tax Agency (if we are required to do so by law or in cases of suspected criminal activity)
Logistics companies and freight forwarders (for general goods transport)
Companies that offer payment solutions (card processors, banks, and other payment service providers)
Insurers (for products covered by insurance)
Companies within the Åhléns Group (to be able to offer their products and services)
Where do we process your personal data?
We strive to ensure that your personal data is processed within the EU/EEA.
When processing outside the EU/EEA, we implement legal, technical, and organizational safeguards to ensure the same level of protection.
This level of protection is guaranteed by:
the European Commission’s decision on an adequate level of protection, or
the use of so-called appropriate safeguards
Want to learn more? Contact us at:
[email protected]
What rights do you have as a data subject—and how can you exercise them?
You have several rights under the General Data Protection Regulation (GDPR).
These are briefly described in the table below (on the website).
More information is available on IMY’s website: Data Subjects’ Rights
If you have any questions:
[email protected]
Your Rights
Right to Information
You have the right to receive information about how we process your personal data.
You can find this information in our privacy policy.
Right of Access (Record Extract)
You have the right to access the personal data we process about you.
You can do this by requesting a data subject access report.
Right to rectification
You may request that your personal data be corrected if it is inaccurate.
You also have the right to have any incomplete personal data supplemented within the scope of the specified purpose.
Right to erasure
In certain cases, you may request that your personal data be erased.
If we cannot erase the data, it will instead be blocked so that it cannot be used for other purposes.
Right to restriction of processing
In certain cases, you may request that the processing of your personal data be restricted.
This may apply, for example, if you have objected to the processing or if there is a balancing of interests.
A restriction means that, for a certain period of time, we will not use the data for any purpose other than, for example, defending legal claims.
You may also prevent the data from being deleted, for example, if you need it to claim damages.
Right to Withdraw Consent
If the processing of your personal data is based on consent, you may withdraw your consent at any time.
You can do this, for example, by changing your cookie settings on designtorget.se, or by following the instructions provided when you gave your consent.
Withdrawal does not affect the lawfulness of processing that took place before the withdrawal.
Please contact us if you are unsure how to withdraw your consent.
Right to Data Portability
If the processing is based on your consent or a contract, you have the right to request that your data be transferred to another data controller.
This applies only if it is technically feasible and the transfer can be carried out automatically.
Right to object to certain processing
You always have the right to:
Opt out of direct marketing
Object to processing based on a balancing of interests
Legitimate interest: You may object to the processing when we use legitimate interest as the legal basis.
Direct marketing: You may object at any time to the use of your personal data for marketing purposes.
How do we handle Social Security numbers?
We will only process your personal identification number when it is clearly justified in light of the purpose, necessary for secure identification, or if there is another compelling reason. We always minimize the use of your personal identification number as much as possible by using your birth number instead, whenever sufficient.
How is your personal data protected?
We use technical and organizational measures to protect the confidentiality, integrity, and access to personal data. We have implemented specific security measures to protect your personal data against unlawful or unauthorized processing (such as unauthorized access, loss, destruction, or damage). Only those individuals who actually need to process your personal data in order for us to fulfill our stated purposes have access to it. We continuously evaluate our systems, procedures, and policies to ensure they are secure and protected.
What does it mean that the Swedish Data Protection Authority is the supervisory authority?
The Swedish Data Protection Authority is responsible for overseeing the application of the law, and anyone who believes that a company is handling personal data improperly may file a complaint with the Swedish Data Protection Authority. You can do this via [email protected]. For more information on how to contact the Swedish Data Protection Authority, see: https://www.imy.se/om-oss/kontakta-oss/.
We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. In the event of updates that are of critical importance to our processing of personal data (such as changes to the stated purposes or categories of personal data) or updates that are not of critical importance to the processing but may be of critical importance to you, you will receive information on åhlens.se and via email (if you have provided an email address) well in advance of the updates taking effect. When we publish information about updates, we will also explain at what the updates entail and how they may affect you.
Email: [email protected]
Website: https://designtorget.com/en/
*The Privacy Policy was adopted by Designtorget AB on 01/20/25.