KARO HEALTHCARE GROUP PRIVACY NOTICE 

Your privacy is important to us here at Karo Healthcare AB (together with our affiliated companies, “Karo”, “us” or “we”). This policy aims to inform you about how we process your personal data and what your rights are. Information that can be linked to you personally, such as your name and contact details, is termed “personal data”. 

In summary, we process your personal data: 

  • To the extent necessary to process and deliver your order. 
  • To provide you with offers and inspiration. For this, we use newsletters, text messages and targeted personalised marketing on social media, as well as other online and offline activities. 
  • To communicate with you and answer your questions. 
  • To ask you about Karo and what you think of us. 
  • To remind you of any shopping basket that you’ve abandoned. 
  • To create and maintain your customer account. 
  • For compliance with laws and regulations (such as consumer and accounting law). 

You have a number of rights under the Data Protection Act. You always have the right to object to marketing, for instance. You can also find out about your rights, how you can influence our processing of your personal data. 

Would you like to find out more? Detailed explanations are provided below. Information is given on how we process your personal data, why and for how long. 

 

Who is responsible for the processing of your personal data? 

Karo Healthcare AB, company registration number 556309-3359, is the data controller for the processing of your personal data.  

Please note that our payment solution providers process personal data that they obtain from our website when purchases are made, and they themselves are responsible for their own processing of personal data.  


Contact details 

Please get in touch by sending an email to info@karo.com if you would like to contact us about the processing of your personal data. Our address is Klara Norra Kyrkogatan 33, SE-111 22 Stockholm, Sweden. 


From what sources do we obtain your personal data? 

We process personal data that you have shared with us, or that we receive from you when you make a purchase or visit our website.  


Who is able to access your personal data? 

Your personal data is mainly processed by us here at Karo. We will never sell your personal data on to anyone else. We share your personal data in some cases. Further details on the purposes for which we share your personal data, and which personal data we share, are set out below. We may need to share your personal data for effective, efficient fulfilment of our obligations to you, such as: 

  • Our payment solution providers will have access to your personal data so that we can be sure that you pay us. 
  • We will share your personal data with shipping companies so that we can deliver your products to your home address or collection point, and so that we can deal with returns. 
  • We share your personal data with the supplier who provides us with technical solutions for collecting and publishing reviews so that we can collect and publish your reviews on our website. 
  • We share your personal data with companies that provide us with marketing services so that we can market relevant products and make our website as relevant as possible. These companies include Facebook and Google. 
  • We will share your personal data with IT providers who process personal data on our behalf, acting as assistants to help us with IT services. 

Please contact us if you would like to receive more detailed information on who we share your personal data with. 


Do we transfer your personal data outside the EU/EEA? 

Karo generally processes your personal data within the EU/EEA, but occasionally we may use providers from outside the EU/EEA. Karo ensures that there is a sufficiently high level of protection whenever we transfer your personal data outside the EU/EEA so as to ensure that the transfer takes place in accordance with the GDPR. Karo may transfer your personal data to the US, to our newsletter provider and to our service providers in order to market relevant products and make our website as relevant as possible. If you have any questions about how we share your personal data, please get in touch with us. 


How can you influence the processing of your personal data? 

 You have a number of rights under the Data Protection Act that will allow you to influence our processing of your personal data. More details on your rights are provided below. Please get in touch with us if you have any questions about this or would like to exercise any of your rights. 

Right to withdraw consent 

You have the right to withdraw your consent to the processing of your personal data at any time, insofar as we base the processing of your personal data on consent. Your withdrawal will take effect from the moment you withdraw your consent.  

Right to object 

You have the right to object at any time to the processing of your personal data based on legitimate interest with regard to reasons that can be attributed to your own particular situation. More information on balancing interests is set out below. You always have the right to opt out of receiving our direct marketing, such as newsletters. There is no right to object in certain cases, such as when we are required by law to retain your personal data. 

Right of access 

You have the right to receive confirmation of whether we are processing personal data that relates to you. Enquiries can be sent to info@karo.com. If we process your personal data, you have the right to access a copy of the personal data we process and information about how we process it. 

Right of rectification 

You have the right to demand that any inaccurate personal data relating to you should be rectified, and also to ask us to complete any incomplete personal data. 

Right to erasure (“right to be forgotten”) and restriction of processing 

You have the right to have your personal data deleted under certain circumstances. if your personal data is no longer necessary for the purposes for which it was collected or processed, for instance, or when you withdraw your consent on which the processing is based and there is no other lawful basis for continuing to process the data. You also have the right to ask Karo to restrict the processing of your personal data. You can do this when you are contesting the accuracy of the personal data, for instance, or if the processing of the data is unlawful and you oppose the erasure of your personal data and ask for its use to be restricted instead. This is also applicable while we are checking a balance of interests test in instances where you object to our processing of your personal data. 

 Right to lodge a complaint with a supervisory authority 

You always have the right to lodge a complaint with a supervisory authority. This can be done in the EU/EEA Member State where you reside, where you work or where an alleged breach of applicable data protection legislation has taken place. In Sweden, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) is the supervisory authority.  

Right to data portability 

You have the right to instruct us to transfer certain elements of the personal data that we hold about you to another company (data portability). This right is applicable to any personal data provided to us by you in a structured, commonly used, machine-readable and compatible format if: 

  • The processing of this data is based on consent or a contract; and 
  • The data is processed automatically 

When exercising your right to data portability, you have the right to have personal data transferred directly from Karo to another data controller, where this is technically possible. 


How do we process your personal data, and why? 

We aim to be as transparent as possible when it comes to how we process your personal data, and why we process it. The tables below provide more details on why we process your personal data (purposes of processing), what personal data we process, our lawful basis for processing your personal data and how long we process your personal data for each purpose.  

 

Processing necessary for making purchases  

We process your personal data so that we can fulfil your purchase. This includes ensuring we can deliver your products.  

Please note that our payment solution providers also process your personal data so that they can administer the payment for your order. Our payment solution providers are independent data controllers for such data processing. Some of our payment solution providers will allow you to choose an easier way to make purchases by automatically entering your personal details or being remembered on your device. 
Purpose - Making Purchases
Processing Personal Data Lawful Basis Storage Time
To manage your purchase, confirm your purchase, deliver your purchase, communicate with you regarding your shipment, and gather information about your experience. Name Email Order Information Chosen Payment Method Address Phone Number Contract Processing is necessary for the fulfillment of our contract with you We store your personal data for 36 months after your order.
Recipients of Personal Data We share your personal data with our payment service provider, who processes your personal data in connection with your purchase. Our payment service provider is an independent controller of your personal data processing. For more information, please refer to the privacy policy of our payment service provider provided during your purchase. Additionally, we share your name, address, contact information, and order information with our storage provider, who processes your personal data on our behalf as a data processor. We share your name, address, and contact information through our storage provider with the carrier chosen by you during purchase so that your products can be delivered. The carriers we use are independent data controllers for the processing of your personal data. If you have questions about the processing of your personal data, please refer to their respective privacy policies.
Purpose - Handling Inquiries About Your Purchase, Returns, etc.
Processing Personal Data Lawful Basis Storage Time
To contact you if you have questions about your purchase, such as if a product has been recalled or is no longer available, or to provide similar information. Name Email Order data (which items you ordered) Legitimate Interest Processing your personal data is necessary to contact you regarding questions about your purchase. From the time of purchase and for a further 36 months thereafter.
If you wish to exercise your right of withdrawal, use our exchange and return policy, or exchange your product to comply with consumer protection laws. Name Email Order data Address Phone number Contract Processing is necessary for the fulfillment of our contract with you.
Legal Obligation Processing is also necessary for us to act in accordance with consumer protection laws.		 From the time you make your purchase and for a further 12 months thereafter. If you decide to exercise one of your rights, we will process your personal data until we have made a decision regarding your right of withdrawal, the application of our exchange and return policies, or the exchange of a product and have issued any refund or sent you the new product.
To handle complaints, claims, and/or legal disputes against us. Name Contact details (email, phone, and address) Order information Relevant information you have provided in connection with the complaint, claim, and/or legal dispute, such as details about the problem with the product Legal Obligation Processing is also necessary for us to act in accordance with consumer protection laws. From the time we become aware of your complaint, claim, and/or legal dispute, and as long as it persists. If we deny your claim, we will retain the information for 36 months in case you decide to have the dispute reviewed by another organization.
Recipients of Personal Data We will share your personal data with our e-commerce platform provider and our customer service provider, who process personal data on our behalf as data processors.

Processing is carried out to ensure we can meet legal requirements. In some cases, we need to process your personal data to comply with our legal obligations or other requirements, such as data retention requirements under the Accounting Act, the Anti-Money Laundering Act, and consumer protection laws. If you do not provide us with your personal data for these purposes, we cannot fulfill your purchase with us.
Purpose - Compliance with Legal Obligations
Processing Personal Data Lawful Basis Storage Time
To comply with laws such as the Accounting Act and Anti-Money Laundering laws Transaction information, payment behavior, and other information included in your invoice such as name and contact details. IP address Legal Obligation. To meet the legally established requirements. From the time of purchase and for seven (7) to eight (8) years in accordance with the Swedish Accounting Act and five to ten (5-10) years in accordance with anti-money laundering regulations.
Recipients of Personal Data We share your personal data with our IT provider, who processes personal data on our behalf as a data processor.

Processing with regard to the management of reviews

Purpose - Managing Reviews
Processing Personal Data Lawful Basis Storage Time
Publishing your review on our website. Name Email Order information Review Consent We will always ask for your consent before publishing your review. You have the right to withdraw your consent at any time. However, this does not affect the processing of information prior to your withdrawal. We process your personal data to send you a request after your purchase. Your review will remain on the review platform until you remove it.
Recipients of Personal Data We share your personal data with our marketing platform, which processes personal data on our behalf as a data processor.

Processing for Managing Your Customer Account

You have the option to create a customer account on our website, and a customer account will be automatically created when you make a purchase with us. We process your personal data to fulfill our contract with you, enabling us to manage your customer account. If you do not provide us with personal data for this purpose, we will not be able to provide you with a customer account.
Purpose - Managing Your Customer Account
Processing Personal Data Lawful Basis Storage Time
To manage the customer account you created and provide you with the ability to log in and view your past purchases. This includes sending you updated information about your account and our privacy policy. It also includes processing to implement security measures related to your account. We use cookies to identify you when you log in, allowing you to stay logged into your customer account. Name Username Email Order information Purchase history Returns and complaints Address Phone number Login details Contract Processing is necessary to fulfill our contract to provide you with an account if you chose to create one. Processing is also necessary to send you updates on our privacy policies to comply with laws and regulations. We retain your personal data until you ask us to delete your account, or at most two (2) years after your last purchase, or until you decide to delete your customer account.
Recipients of Personal Data We will share your personal data with our marketing platform, which processes personal data on our behalf as a data processor.

Processing to Send You News, Suggestions, and Relevant Offers

We use cookies, pixels, and similar technologies to collect your personal data so that we can analyze how you use our website and for marketing purposes. Our Cookie Policy [=insert link] contains more information about the cookies we use and the purposes for which we use them.
Purpose - Newsletter and Other Marketing
Processing Personal Data Legal Basis Storage Period
To send you newsletters and relevant offers upon request Email
Phone number
Address
Order information
Purchase history
Visit history (based on your interaction with the newsletter)		 We process your personal data based on your consent when you sign up for our newsletter We will process your personal data for sending newsletters and relevant offers until you unsubscribe from our newsletters.
To send you marketing information after you have made a purchase Email
Order information
Purchase history
Age
Visit history (based on your interaction with the newsletter)		 We process your personal data based on our legitimate interest to send you relevant direct marketing. We will do this only if you have made a purchase and have not objected to receiving marketing messages. We will process this marketing based on our legitimate interest for up to two (2) years after your last purchase, unless you opt out of receiving marketing messages before then.
To conduct targeted marketing for you on social media and third-party websites Name
Email
Purchase history
Search history
Click history
Interaction data		 Our legitimate interest is to use your personal data for direct marketing purposes and to make our marketing more relevant to you. We will do this only if you have made a purchase with us and have not objected to receiving marketing. We will process your personal data from the time of your purchase for up to two (2) years, unless you object to our marketing before then.
We may publish any photos/videos of the product that you have shared on your social media to market our products on our website The photo/video you shared on social media, your username, and text. This may also include personal information about you. Our legitimate interest is to publish material that you have tagged with our brands. Until you inform us that you no longer want us to display your photo/video on our website.
Recipients of Personal Data We will disclose your personal data to our e-commerce platform provider and our marketing platform provider who process personal data as data processors on our behalf. If you agree, we will transmit pixels to advertising service platforms such as Meta and Google, with whom we collaborate to optimize our purchased advertisements. We will then provide aggregated information about pseudonymized personal data.

Processing of personal data when you contact us

We need to process your personal data when you contact our customer service via email or other channels.
Purpose - Customer Services
Processing Personal Data Legal Basis Storage Period
To respond to your inquiries when you contact us through forms on our website, by phone, via social media, or any other channel. Name Contact information (phone number and email) Address Social media username Case information and photos submitted to us, along with any other information provided by the individual. Legitimate Interest Our legitimate interest in managing and tracking our communication with you. We will retain your personal data from our communication with you for 12 months after concluding our contact with you on this matter.
To communicate with you when you contact us and provide feedback. Email We will also process information you send us when providing feedback. Legitimate Interest Our legitimate interest in managing and tracking our communication with you. We will retain your personal data from our communication with you for 12 months after concluding our contact with you on this matter.
Recipient of Personal Data We will disclose your personal data to our customer service provider, who processes your personal data as a data processor on our behalf.

When you visit our website, your personal data is collected from your mobile phone, computer, or other devices that you use to access our website, provided you have consented to this. We use cookies, pixels, and similar technologies to collect your personal data so that we can analyze how you use our website and for marketing purposes. This process is referred to as profiling. Our Cookie Policy [=insert link] contains more information about the types of cookies we use and their purposes. We and our providers take measures to protect your personal data.
Purpose - When You Visit Our Website
Processing Personal Data Legal Basis Retention Period
To improve our website and its functionalities, customize and enhance user experience, and analyze how you use our website. Information on how you use our website, such as products clicked, geographical areas from which you access our website, visit history. Consent We store personal data for up to 24 months after your visit to our website or until you withdraw your consent.
To save your abandoned shopping cart and remind you of products still in the cart when triggered by entering your email address. Email
Information about products in your shopping cart.		 Legitimate Interest
Our legitimate interest is to make it as easy as possible for you to purchase the product you are interested in by placing it in your cart.		 From the moment you add the product to your cart until the completion of the purchase, but no longer than five (5) days.
To market offers for our products on social media pages you visit based on your use of our website. Digital identifier
Information on how you use our website.
Click history.
Purchase history.
Web browser.
Screen resolution.
Information on how you use our website, such as products clicked, geographical areas from which you access our website, visit history.		 Consent
When you visit our website, we obtain your consent to process your personal data for marketing purposes.
You have the right to withdraw your consent at any time.		 We may send you marketing messages for up to 24 months after your visit to our website.
Recipient of Personal Data We share your personal data with our e-commerce platform provider and our marketing platform provider, who process personal data as data processors on our behalf.
We use Google Tag Manager to obtain information on how you use our website. If you consent, we transmit pixels to advertising service platforms such as Meta, Tiktok, and Google, with whom we collaborate to optimize our purchased ads. We then share aggregated information about pseudonymized personal data.

HOW DID WE CONDUCT THE BALANCING TEST WHEN THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA IS OUR LEGITIMATE INTERESTS?

Karo processes your personal data for specific purposes and relies on our legitimate interests as the legal basis for data processing. We conducted a balancing test when evaluating this legal basis. We have specified our legitimate interests in the tables above. Please contact us if you would like to learn more about how we conducted this test. You can find our contact details at the beginning of this privacy policy.


CHANGES TO THIS PRIVACY POLICY
Karo reserves the right to amend this privacy policy. The current policy is available on our website. This privacy policy was last updated by Karo on [Date] 2024.