Privacy Policy Heatit.com

 

1. General
The protection of your personal privacy is crucial for Heatit Controls AB and we therefore aspire to the highest possible standard for data protection. We process personal data in accordance with the European Data Protection Regulation (EU) 2016/679 and other applicable laws and regulations on data protection.This Privacy Policy provides details on how Heatit Controls AB collect and use personal information. The policy also describes what rights customers have and how they may exercise their rights.

2. Personal data controller
Heatit Controls AB (organization number 559108-9866), Läkarvägen 4, 454 31 BRASTAD, SWEDEN, is responsible for the personal data processing described in this policy.

3. Use of personal information
The following areas are used when gathering, storing and using personal data:

3.1 Order and Purchases
Purpose
To be able to handle orders/purchases

Treatments performed

  •  Delivery (including notification and contacts regarding delivery).
  • Identification and age control
  •  Payment processing (including analysis of possible payment solutions, which may include checking against payment history and obtaining credit reports)
  • Address Control
  • Handling of complaints and warranty cases.

Categories of personal data

  • Name and social security number
  • Contact information (eg. address, email and phone number)
  • Eventual payment history
  • Payment Information
  • If necessary, credit reports from credit reporting agencies
  • Purchase information (eg. which item was ordered or if the goods should be delivered to another address)
  • User information for your account with us

Legal basis: Completion of the purchase agreement. This collection of your personal data is required in order for us to be able to fulfill our obligations under the purchase agreement. If the information is not provided, no purchase agreement can be entered into.

Storage time: Until the purchase is completed (including delivery and payment) and for an additional period of 36 months in order to be able to handle any claims and warranty cases[PHG1] [PHG2] .

We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.

 
3.2 Legal Obligations
Purpose
In order to fulfill Heatit Controls ABs legal obligations.

Treatments performed
Necessary handling for fulfilling our legal obligations according to legal requirements, court decisions or other authority's decisions (eg. the Accounting Act, the Money Laundering Act or the rules on product liability and product safety which may require the preparation of communication and information to the public and customers about product alarms and product recalls at, for example, a defective or hazardous product).

  • Categories of personal data
  • Name and social security number
  • Contact information (eg address, email and phone number) Any payment history
  • Payment Information
  • Your correspondence with us
  • Information about the time of purchase, place of purchase, any errors / complaints.
  • User information for your account with us.

Legal basis: Legal obligation. This storage of collected personal data is required by law.

Storage time: Until the purchase is completed (including delivery and payment) and for the additional time required by the current legislation[PHG3] .

We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.


3.4 Customer Service
Purpose
To be able to handle customer service issues.

Treatments performed

  • Communication and answering of any questions to customer service (via telephone or in digital channels including social media).  
  • Identification
  • Investigation of any complaints and support cases (including technical support).
  • Categories of personal data
  • Name and social security number
  • Contact information (eg address, email and phone number)
  • Any payment history
  • Payment Information
  • Your correspondence with us
  • Information about the time of purchase, place of purchase, any errors / complaints.
  • User information for your account with us.

Legal basis: legitimate interest. The treatment is necessary to satisfy our interest in being able to handle customer service issues.

Storage period: Until the customer service case has been completed and for an additional period of up to 12 months.

We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.

 
3.5 Abuse and Crime Prevention
Purpose
In order to prevent abuse of a service or to prevent, prevent and investigate crimes against us.

Treatments performed

  • Prevention and investigation of any fraud or other law violations.
  • Prevention of spam mail, harassment, attempted unauthorized login to user accounts or other measures that are prohibited by law or our purchase and delivery terms.
  • Categories of personal data
  • Name and social security number
  • Contact information (eg address, email and phone number)
  • Payment History
  • Payment Information
  • Your correspondence with us
  • Information about the time of purchase, place of purchase, any errors/complaints.
  • User information for your account with us.

Legal basis: Compliance with legal obligation (if any) or legitimate interest. If there is no legal obligation, the processing is necessary to meet our legitimate interest in preventing abuse of a service or in preventing and investigating crimes against us.

Storage time: From collection and for a period of 12 months thereafter. If the treatment is due to a legal obligation, the data is stored for the time required by the current legislation.

We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.


3.6 Marketing Purposes
Purpose
Marketing

Treatments performed

  • Promotional messages
  • Communication with customers and potential customers regarding our offers and goods.
  • Organization and structuring of contact information for existing and potential customers.
  • Categories of personal data
  • Name
  • Contact information (eg address, email and phone number)
  • Your correspondence with us
  • Information about previous purchases

Legal basis: legitimate interest. We have a legitimate interest in marketing our offerings and goods and building and maintaining good relations with our customers.

Storage time: Data is stored for marketing purposes for up to 12 months after the last mailing or the termination of the customer relationship.

We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls AB legitimate interest.

 

3.7 User- and Customer Account Management
Purpose
To provide an account with Heatit Controls AB.

Treatments performed

  • Providing and updating your customer profile.
  • Providing your order history.
  • Simplification of your use of our services (eg by keeping a lookout for products to facilitate future purchases or by saving goods that you are interested in, in a wish list).
  • Registration of information you submit when you grade different articles on the website.
  • Categories of personal data
  • Name
  • Contact information (eg address, email and phone number)
  • Your correspondence with us
  • Order history
  • Transaction Data
  • Which goods you have rated and what grade you have given
  • Which goods you are interested in that are saved in your wish list
  • User information for your account with us.

Legal basis: legitimate interest. We have a legitimate interest in giving you access to your customer information, offering some functionality and overview of your customer history.

Storage time: Information is stored for marketing purposes for up to [24 months after the last login] or until you have chosen to delete your profile on your account with us.

We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.

 

3.8 Evaluation and Development of Services
Purpose
To be able to evaluate, develop and improve our services, products and systems for the customer collective in general.

Treatments performed

  • Adaptation of services to become more user-friendly (for example, changing the user interface to simplify the flow of information or to highlight functions often used by customers in our digital channels).
  • Development of documentation in order to improve the flow of goods and logistics (eg by forecasting purchases, inventories, deliveries).
  • Preparation of documentation to develop and improve our range.
  • Provide our customers the opportunity to influence our range.
  • Preparation of documentation to improve IT systems in order to increase security for us and our visitors/customers
  • Categories of personal data
  • Name
  • Contact information (eg address, email and phone number)
  • Payment History
  • Payment Information
  • Your correspondence with us
  • Information about the time of purchase, place of purchase, any errors / complaints.
  • User information for your account with us.

Legal basis: legitimate interest. The handling is necessary to satisfy our legitimate interest in evaluating, developing and improving our services, products and systems.

Storage time: From collection and for a period of up to 12 months thereafter.

We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.


4. From which sources are your personal data collected
In addition to the information that you provide to us, or which we collect from you as a result of correspondence, telephone calls, e-mail and other forms of communication between you and us, we may also collect personal data from someone else, so-called Third Party. The personal data we collect from such third parties is as follows:

  • Your address information from public records to have accurate and up-to-date contact information regarding you;
  • personal data relating to creditworthiness collected from credit institutions, banks and other companies that provide such information in order to, among other things, enter into agreements with you (such information is collected only on condition that the payment method you have chosen assumes this);
  • contact information from social media for marketing purposes given that you interact with us on the social media platforms where we are present.

 

5. Disclosure of your personal data
5.1. In connection with any of the purposes described in section 3. "How we use your personal data" we may disclose information about you to:

  • authorities, when we have a legal obligation to do so;
  • our partners. Such partners are either companies that offer IT solutions including e-commerce and business systems or services for invoice purchase or other payment methods;
  • someone to whom we may assign our rights and obligations; and
  • credit institutions or other organizations that assist us in decisions and / or that help us reduce the risk of fraud.

5.2. The main rule for all personal data processing carried out by Heatit Controls AB is that it must take place in the EU / EEA area. We may transfer your personal data to countries outside the EU / EEA area when.

Note! Heatit Controls AB does not sell nor distribute products to either the United States or Canada.
Because of this the potential for exchange- or export of data are very limited:

  • the transfer to a country considered by the European Commission to provide an adequate level of protection of your personal data;
  • the recipient is in the United States and has joined the self-certification mechanism Privacy Shield;
  • the transfer is protected by standard contractual provisions adopted by a supervisory authority and approved by the European Commission
  • if we are required by law to transfer your information to a country outside the EU / EEA area and we have ensured that the data remains sufficiently protected; or
  • You have given your consent to the transfer.

6. Google-services
Our website, www.heatit.com, uses Google services like Google Analytics etc.
 Google uses the collected personal information to track and investigate the use of www.heatit.com, to produce reports on the activity on the website, to target marketing, and to share the information with other Google services. Google may use the collected personal information in accordance with Google's own privacy policy found here: https://policies.google.com/technologies/partner-sites?hl=en

7. The protection of your personal data
In order to protect your personal data and to keep the protection updated and effective, we have taken a number of measures. These measures include:

  • Training and training of relevant staff to ensure that they are aware of our responsibilities and obligations in processing your personal data;
  • administrative and technical control functions to restrict access to personal data for persons other than those in need of processing such data;
  • Technical security measures, including firewalls, encryption and antivirus software; and
  • Physical security measures, eg access card to enter our premises.

 

8. Your rights
9.1. You have different rights related to the processing of your personal data. Your rights under the Data Protection Regulation are as follows:

8.2 The right to access
You have the right to access to the personal information about you that we process (so-called transcript). Please note that we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person.

8.3 The right to supplement
If your personal data is incorrect, you can have them corrected. You may also have the right to supplement any incomplete information.

8.4 The Right to Erase
You can request erasure of the personal information we possess if:

  • the data are no longer necessary for the purposes for which they were collected or processed;
  • you object to a balance of interests that we have made based on legitimate interest and your reason for the objection weighs heavier than our legitimate interest;
  • you object to personal data processing for direct marketing purposes;
  • the personal data is processed illegally; or
  • the personal data must be erased in order to fulfill a legal obligation covering us.

8.5 Prevention of Erasure
We may be prevented from deleting certain personal data due to requirements according to e.g. accounting or consumer law. It may also happen that the treatment is necessary for us to be able to determine, assert or defend legal claims. Should we be prevented from meeting a request for erasure, you have the opportunity to request that the personal data be blocked from being able to be used for purposes other than for which they must be saved.

8.6 The right to limitation
In some situations, you have the right to request that we limit our processing of your personal data. If the treatment is to be limited, we may only, in addition to the actual storage, process the data in order to establish, enforce or defend legal claims.

8.7 Oppose legitimate interest
You always have the right to avoid direct marketing and to object to the processing of personal data based on a balance of interests. In order to process your personal data after such an objection, we need to be able to show a justified reason for the current treatment that weighs heavier than your interests, rights or freedoms. Otherwise, we may only process the data to determine, exercise or defend a legal claim.

8.8 The right to data portability
If our processing of your personal data is based on your consent or on the fulfillment of an agreement with you, you have the right to request that the information that concerns you and which you have submitted to us transferred to another data controller (so-called data portability). One prerequisite for data portability is that the transmission is technically possible and can be done in an automated way.

9. Competent Authority
10.1. If you are dissatisfied with our processing of your personal data, you are always able to contact the Data Inspectorate at https://www.datainspektionen.se/other-lang/in-english/ in Sweden or Datailsynet in Norway https://www.datatilsynet.no/en/

More information may be found here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en

x