Privacy policy

The web shop Carin Blom Design on the website with organization number SE680630894301 based in Sweden; processes personal data provided by the customer to fulfill and confirm the conditions for processing electronic orders and deliveries and for the necessary communication during a statutory period. 

General provisions 

1. The person responsible for personal data, in accordance with the GDPR (hereinafter referred to as "Ordinance") is Carin Blom Design, organization number SE680630894301, based in Sweden (hereinafter referred to as the "Person responsible for personal data")

2. The contact information for the Personal Data Controller is Carin Blom e-mail: tel: +46 (0)73-049 079 5.

3. Personal data is any information relating to an identified or identifiable natural person.

The source of personal data 

1. The person responsible for personal data processes obtained with the consent of the customer and collects through contracts to purchase and fulfill the electronic order created in the web shop 

2. The person responsible for personal data only processes identification and contact information for customers that is possible for the contract to be fulfilled 

3. The data controller processes personal data for shipping and accounting and for possible communication between the contracting parties during the time required by law. Personal data will not be published and will not be transferred to other countries.

The purpose of data processing 

The person responsible for personal data processes at the customer's for the following purposes: 

1. Registration on the Carin Blom Design website in accordance with Chapter 4, Section 2 of the GDPR

2. To fulfill the electronic order created by the customer (name, address, e-mail, telephone number)

3. To comply with laws and regulations arising from the contractual relationship between Customer and Personal Data Controller

4. Personal data is necessary for contracts to be procured. Contracts cannot be entered into without personal data.

Duration of storage of personal data 

1. The Data Controller stores personal data for the period necessary to fulfill the rights and obligations arising from the contractual relationship between the Data Controller and the Customer and for 3 years after the conclusion of the agreement

2. The personal data controller must delete all personal data after the end of the period required for the storage of personal data. 

Recipient and personal data controller of personal data 

Third parties that process personal data at the Customer are subcontractors of the Personal Data Manager. The services of these subcontractors are indispensable for the contract to be carried out, to purchase and process the electronic order between the Personal Data Controller and the Customer. The subcontractors of the Personal Data Controller are: 

  • Webnode AG (e-shop system)
  • Carrier; Google 
  • Analytics (Website Analysis)

Customer rights in accordance with the regulation

The customer has the following rights: 

1. the right of access to personal data

2. the right to the correction of personal data

3. the right to delete personal data

4. the right to object to the processing of personal data

5. family of data transferability

6. the right to revoke consent to the processing of personal data in writing or by e-mail sent to: 

7. the right to lodge a complaint with the supervisory authority in the event of a suspected breach of the Regulation.

Security of personal data 

1. The data controller shall ensure that all technical and organizational security measures are taken to protect personal data

2. The data controller has taken technical security measures to secure data storage spaces, in particular secure access to the computer with a password, use antivirus software and perform regular computer maintenance. 

Final provisions 

1. By placing an electronic order on the website, the Customer confirms that it has been informed of all the conditions for personal data and accepts them in full

2. the Customer accepts these rules by checking the check box in the order purchase form

3. The data controller may update these rules at any time. New, updated version must be published on its website. 

The rules come into force on: 2020-07-20