Our Privacy Policy was last updated on 13/10/2022.
In order for us to provide you with our services and support, we need to process your personal data. This privacy policy describes how we collect, use and retain your personal data, as well as which rights you have and how you can exercise those rights.
We use cookies and other similar technologies. Please refer to Section 8 below (Cookies) and visit our cookie policy for more information about the cookies and other similar technologies that we use.
We value your privacy. It is therefore very important to us that you understand this privacy policy and how and why we process your personal data.
Our connected merchants
We may process your personal data in different situations. We provide a delivery experience platform to e-commerce companies/web shops which we have partnered with (we refer to them as our "connected merchants" below). For example, when you are in the process of purchasing a product from one of our connected merchants, the connected merchant will share some personal information about you so that we can ensure that your order will be fulfilled, tracked and shipped to you. Other examples are when we may assist our connected merchants with providing their customers (i.e. you) with personalized delivery options and extended tracking possibilities via our website https://www.ingrid.com/ (our "Website").
When you purchase a product from one of our connected merchants, we are in almost all cases not the data controller. The data controller will typically be the connected merchant who operates the web shop you have purchased the product from. We will, however, act as a data processor to the connected merchant. This means that we may receive and process your personal data, but solely subject to the connected merchant's instructions and for purposes that the connected merchant has determined. In other words, the merchant is responsible for your personal data that we process in this situation.
For more information about the processing of your personal data when we act as a data processor, please visit the connected merchant's website where you have purchased a product from and read their privacy policy or privacy notice.
We (Ingrid)
Please note that this privacy policy describes the processing activities undertaken by us in our capacity as data controller only. A data controller is essentially the company who is responsible for your personal data. We have detailed the processing activities that we are responsible for below in Section 4 (For what purposes and on what legal grounds do we process your personal data?), but we have for your convenience below listed the main situations where we process your personal data:
(a) when you visit our Website;
(b) when you contact us; and
(c) when we auto-fill your name, and contact and shipping information in our connected merchants' checkout because you are in the process of purchasing a product.
1.2 The data controller for the activities listed above under "We (Ingrid)" is In-Grid AB, with registration number 556940-2661, and with address at Sveavägen 21, 111 34 Stockholm,Sweden. In this privacy policy we may refer to the data controller as "Ingrid", "we", "us" or"our".
"Personal data" means any information relating to an identifiable natural person, for example a name, a personal registration number, an email address, location data or an online identifier.
"Processing " of personal data is a reference to what we do with your personal data, for example collection, use, structuring, storing and erasure of personal data.
You can read about the different categories of personal data that we collect from you in the table below. We have listed some examples of personal data in each category.
We may process your personal data for different purposes, on the basis of different legal grounds and store your personal data for different periods of time. The processing activities we undertake also depend on whether you are acting in your capacity of a consumer (i.e. for your own purposes), or a natural person on behalf of a company (i.e. for business purposes).
We have made efforts to distinguish these activities from each other by providing information in two separate tables, one for consumers and one for business representatives. Please note that we have done this solely for your convenience. In practice, it is possible that processing activities in both tables may apply to your personal data. For this reason, we recommend that you read this section in full.
You have the right to withdraw your consent at any time if our processing of your personal data is solely based on your explicit consent. Please note that if you withdraw your consent, this will not affect the legality of the processing that we have undertaken prior to you withdrawing your consent. If you would like to withdraw your consent, please send an email to privacy@ingrid.com. You can also contact us using the contact information below in Section13 (How to contact us).
We will always ensure that third parties can provide sufficient guarantees in protecting your personal data before we share any of your personal data. We have listed the categories of third parties with whom we may share your personal data below.
We may need to share your personal data to a public authority for the purpose of complying with applicable law. The legal ground is to comply with a legal obligation.
We may need to share your personal data for the purpose of selling Ingrid, or all or parts ofIngrid's assets, to a potential buyer who wishes to acquire the same, or if we are otherwise subject to a merger with another company. The legal ground is our legitimate interest to complete such transactions, which we have determined overweighs your interest not to have your personal data processed for this purpose.
In order to provide, and for the sole purpose of providing, our services to you, we may need to share your personal data with certain carefully selected suppliers and contractors. Such suppliers and contractors could be consultants or providers of legal, technical and IT support/functionalities, and storage providers (such as cloud storage). They will only process your personal data based on our instructions to them, and we will always ensure that the necessary agreements (for example a so called data processing agreement) are in place to protect your personal data at all times. The legal ground is our legitimate interest in conducting our business by accessing these services and functionalities, which we have determined overweighs your interest not to have your personal data processed for this purpose.
We use HubSpot's email marketing services to manage our direct marketing. If you opt-in to receive direct marketing via email from us, we will therefore share your email address withHubSpot Ireland Limited and HubSpot, Inc. The legal ground is your explicit consent to receiving direct marketing from us.
As a main rule, we will process your personal data only within the European Union (EU) and the European Economic Area (EEA). In some situations, for example when the services and functionalities we need are provided outside of the EU/EEA, we may need to transfer your personal data outside of the EU/EEA.
Regardless of whether your personal data is processed within or outside the EU/EEA, we will at all times ensure that the same level of technical and organizational measures are in place to protect your personal data. Should we transfer your personal data outside of the EU/EEA, we will take additional appropriate measures to safeguard your personal data, which may as amain rule include one of the following measures.
In addition to one of the above measures, we will always seek to take any additional security measures that we deem appropriate and necessary to safeguard your personal data at all times.
We use cookies and other similar technologies on our Website and on our connected merchants' websites. Cookies are small files that are placed and stored on your web browser or device when you visit our Website and/or our connected merchants' websites.
When you visit our Website, these files store information that are used for, for example, functionality purposes to make it easier to use our Website.
Transfer of personal data only to countries that, according to the European Commission, provide an adequate level of protection. This means that those countries offer a similar level of protection as provided under the GDPR in the EU.
We will enter into standard contractual clauses adopted by the European Commission with the recipient of your personal data. This means that the recipient is required to comply with the same level of protection as provided under the GDPR in the EU.
When you visit our connected merchants' websites, these files store information about some of your personal information to provide you with a fast and straight forward shopping experience, which includes auto-filling some of your information in the checkout when you are in the process of purchasing a product from one of our connected merchants.
For more information about the cookies that we use, please read our cookie policy here.
We will keep your personal data for as long as it is necessary in order for us to fulfill the purpose for which we collected your personal data. We have indicated the necessary storage periods in the table in Section 4 (For what purposes and on what legal grounds do we process your personal data?).
Please note, however, that Ingrid may be required to retain personal data for a longer period if we are required to do so pursuant to applicable law or a binding decision by a public authority or court of law. If that is the case, we will retain it for the period required under law or such decision.
We take the protection of your personal data seriously. We have reasonably and appropriate technical and organizational measures in place in our business to ensure that your personal data is safeguarded and protected against loss, destruction, misuse, and unauthorized access and disclosure, at all times.
Our employees work under strict confidentiality and follow clear instructions on how to manage your personal data in accordance with applicable data protection laws and our own policies. We only grant employees access your personal data when it is necessary in order for them to perform their duties.
We continuously evaluate our security measures to remedy any vulnerabilities we may identify in an effort to make sure that your personal data is safe with us.
You have rights with regard to your personal data. Please read this Section to understand them, as well as how you can exercise them. You are always welcome to contact us if you need more information about your rights. You can also read more about your rights on the Swedish Authority for Privacy Protection's website here.
You have the right to be informed about how we process your personal data. We respect this right by being transparent with you in our communication, on our Website and by providing you with the information in this privacy policy.
You have the right to obtain a confirmation from us as to whether or not we process your personal data. If we do process your personal data, you also have the right to obtain access to the personal data by requesting a copy showing which data we have about you, and how we use it. Please note that we may ask for additional information in order to identify you to ensure that personal data is disclosed to the correct individual.
You have the right to request that we correct inaccurate information about you, as well as to complete any incomplete information.
You sometimes have the right to request the erasure of personal data that concerns you. We are required to erase the personal data in question, for example if the personal data is no longer necessary in relation to the purposes for which the personal data was initially collected.
Please note that we are not obliged to delete your personal data if it is necessary to retain it to comply with legal obligations, or for the establishment, exercise or defense of legal claims.
You have the right to request that we restrict our processing of your personal if you for example believe that the information we have about you are inaccurate, our processing is unlawful, or we no longer need the information for the purposes they were collected.
You have the right to object to our processing of your personal data if our processing is based on a legitimate interest. You always have the right to object to our processing of your personal data for direct marketing purposes.
You have the right to request a copy of the personal data in a machine-readable format that concerns you and which we process to perform a contract or based on your consent. You can then have such personal data transmitted to a different data controller.
You have the right to withdraw your consent. Please refer to Section 5 (How can you withdraw your consent?) for more information.
If you have any complaints about the way in which we process your personal data, you are always welcome to reach out to us. You also have the right to lodge a complaint to a supervisory authority (such as the Swedish Authority for Privacy Protection) here.
We reserve the right to introduce updates and make amendments to this privacy policy. This is necessary to ensure that we have the ability to constantly improve our services to you and to introduce new functionalities. We may also be required to make changes to the way in which we process your personal data pursuant to applicable law or a decision issued by a public authority or court of law. If we make any changes to this policy, we will update the "Last updated" date at the top of this policy, so please make sure to check in from time to time.
If you have any questions about the processing of your personal data, this privacy policy or if you have concerns regarding our processing of your personal data, please contact us using the following contact information:
In-grid AB
Sveavägen 21
111 34 Stockholm
Sweden
Email: privacy@ingrid.com
Website: https://www.ingrid.com/
