Privacy Policy
This privacy policy was updated on September 28th 2022.
BACKGROUND
At Sesamy AB ("Sesamy ", "we " or "us ") we protect your personal privacy. This privacy policy explains how and why we use your personal data in connection with your use of one of our services, for example when you visit our website www.sesamy.com , make a purchase from one of our partners or via our application (the “service ”). It also describes your rights and how you can enforce them. If you have any questions about our handling of your personal data, you are always welcome to contact us using the contact details at the end of this privacy policy.
Throughout this privacy policy, the term "processing " is used, which includes all actions involving personal data, including without limitation, the collection, handling, storage, sharing, access, use, transfer and deletion of personal data.
"Applicable Data Protection Legislation " means the legislation, regulations and regulations in force from time to time, including regulations issued by the relevant supervisory authorities, regarding the protection of the fundamental rights and freedoms of natural persons and in particular the right to the protection of their personal data that is applicable to the current processing, including the European Parliament's and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation) ("Data Protection Regulation ") as well as legislation, ordinances and regulations that supplement the Data Protection Regulation.
"Personal data " refers to any information relating to an identifiable or identified natural person.
WHO IS RESPONSIBLE FOR THE PERSONAL DATA WE COLLECT?
Sesamy AB, org. no. 559241-5227, Eriksbergsgatan 8B, 114 30 Stockholm, is the personal data controller for the processing of personal data as stated in this privacy policy.
FROM WHERE DO WE COLLECT PERSONAL DATA?
We collect personal data directly from you . This may be information that you either provide to us yourself (e.g. in connection with a purchase) or that we collect automatically from your device in connection with your visit to our website (e.g. via cookies and similar technologies).
WHEN AND WHY DO WE PROCESS PERSONAL DATA?
Administer the customer relationship
We process your personal data in order to manage the customer relationship with you in connection with your order in our service. Such handling includes i.a. to fulfill your order, organize shipping/delivery and provide invoices and/or order confirmations.
Categories of personal data:
· Identity
information
· Contact details
·
Information about purchase
Legal basis: Agreement. The processing is necessary to fulfill our obligations according to the purchase agreement with you. If the information is not provided, our obligations cannot be fulfilled and we are therefore forced to refuse you the purchase.
Balance of interests. The processing can also take place to fulfill our commitments according to agreements with our partners, among other things to enable access to the service. The processing is then necessary to satisfy our legitimate interest in being able to fulfill such agreements in connection with your purchase.
Shelf life : Personal data is kept until the purchase has been completed (including delivery and payment) and up to 10 years thereafter for the purpose of establishing, asserting and defending any legal claims.
Create and manage your user account
If you choose to create a personal user account when using the service, we will process your personal data to, among other things, help you set up the account and otherwise administer the user account. You can e.g. use your account for a smoother checkout process when using the service. We can also process your personal data if you (while logged in) choose to rate or publish a comment/review about a certain product related to the service.
Categories of personal data:
· Identity
information
· Login details
· Contact
details
· Your communication
· Image
material (if you register your account through a Google account that contains a profile
picture of you)
Legal basis: Agreement. The processing is necessary to fulfill our obligations and rights according to our general terms and conditions linked to the administration of your user account.
Retention period : Personal data is kept until you choose to close your account with us.
Handle and answer your questions and any complaints
If you contact us, e.g. via our support form, we will process your personal data that you provide us with to communicate with you and answer and investigate your possible questions and/or complaints.
Categories of personal data:
· Identity
information
· Contact details
· Your
communication
· Information about purchase
Legal basis: Legitimate interest. The processing is necessary to satisfy our legitimate interest in handling and answering your questions and/or complaints that you submit.
Retention period : Personal data is retained until the support case has been closed and thereafter for the time necessary for us to establish, assert and defend legal claims.
Provide you with information about our activities via newsletter
We may process your personal data to manage and send you newsletters. These newsletters can e.g. contain information and updates regarding our operations and our products. You can unsubscribe from our mailings at any time by clicking on the unsubscribe link in the mailing or by contacting us.
Categories of personal data:
· Identity
information
· Contact details
Legal basis: Legitimate interest. The processing is necessary to satisfy our legitimate interest in sending you our newsletter.
Retention period : Your personal data is kept for this purpose until you unsubscribe from the newsletter. If we send newsletters to you as a customer of ours, your personal data will be kept for a period of a maximum of 12 months from the time when our contractual obligations towards you have been fulfilled, unless you have chosen to unsubscribe from the newsletter earlier.
Evaluate and monitor the use of the service
In order to analyze and better understand how you use the service, we process your personal data that we e.g. have collected via cookies and similar technologies as well as from our partners. This happens by e.g. collecting information about the individual web pages or products you visited, which websites or keywords referred you to the Website (including whether you were referred to the Service through, for example, an external affiliate link) and information about how you interact with the Website.
Categories of personal data:
· User Generated Data
· Identity information
· Geographic
information
Legal basis: Legitimate interest . The processing is necessary to satisfy our legitimate interest in evaluating and monitoring the use of our website.
Retention period : Reports at an overall level that do not contain any personal data and statistics are stored indefinitely.
Improve your experience of the service
In order to improve your experience of the service and provide you with tailored content when appropriate, we will collect and process your personal data, e.g. via cookies and similar technologies. This means that we may save information about your browsing history and selected settings on the website (such as language and display settings) for the purposes just mentioned.
Categories of personal data:
· User Generated Data
· Identity information
· Geographic
information
Legal basis: Legitimate interest . The processing is necessary to satisfy our legitimate interest in improving your experience of the service and providing you with tailored content.
Retention period : Reports at an overall level that do not contain any personal data and statistics are stored indefinitely.
Provide you with customized marketing
We process your personal data to provide you with personalized marketing that we believe may be of interest to you. This happens e.g. with the help of cookies and similar technologies that help us and our partners to display relevant advertisements on various websites based on e.g. your visit and click history (interest-based advertising).
Categories of personal data:
· User Generated Data
· Identity information
· Geographic
information
Legal basis: Consent . The processing that enables us and our partners to provide you with customized marketing takes place with the support of your consent.
Retention period : Your personal data is kept for a period of 12 months from the time the last consent was given. Reports at an overall level that do not contain any personal data and statistics are saved indefinitely.
To adapt our marketing to you, we use e.g. of the Facebook pixel. For the processing that takes place in connection with both the collection and transfer of your personal data to Facebook and for the subsequent processing for the purpose of providing customized communication on Facebook's platform, Sesamy and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook ") joint data controller. For information about Facebook's processing of your personal data, see the following link: https://facebook.com/about/privacy .
Within the framework of the joint responsibility for personal data between Sesamy and Facebook, the parties have entered into a so-called mutual arrangement, see more about this at the following link: https://www.facebook.com/legal/controller_addendum . This mutual arrangement shows, among other things, that Sesamy must provide you with the information described in this processing and that Facebook is responsible for satisfying your rights according to articles 15-20 of the Data Protection Regulation regarding the personal data stored by Facebook after the joint processing.
Manage and respond to legal requirements
In order to handle and respond to legal requirements, e.g. in connection with a dispute or a legal process, we must, where applicable, process your personal data.
Categories of personal data:
All information that is necessary to handle and respond to the legal requirement, e.g.
· Identity information
· Social security
number
· Contact details
· Your
communication
· Details of purchase
·
Details of the legal requirement
Legal basis: Legitimate interest. The processing is necessary to satisfy our legitimate interest in handling and responding to legal requirements, e.g. in the event of a dispute and legal proceedings.
The processing of social security numbers is necessary with regard to the purpose of the processing.
Exceptions for sensitive personal data: Any sensitive personal data, including information about a crime or suspected crime, is only processed if it is necessary to establish, assert and defend legal claims.
Retention period : Personal data is kept for the time necessary to handle and respond to the legal requirement.
Fulfill legal obligations
We process your personal data in order to fulfill legal obligations that apply to us, e.g. relating to accounting and reporting as well as requirements according to the Data Protection Regulation.
Categories of personal data:
All information that is collected and that is necessary to fulfill the respective legal
obligation, e.g.
· Identity information
· Contact details
· Details of purchase
Legal basis: Legal obligation. The processing is necessary to fulfill legal obligations that apply to us.
Retention period : Personal data is kept for the time necessary for us to be able to fulfill the legal obligations that apply to us, e.g. personal data is saved for seven years after the end of the financial year in order to comply with current legislation regarding accounting.
Manage and protect systems and services
To manage and protect our IT systems and services, e.g. when logging, troubleshooting, backup, identification of potential risks and fraud, change and problem management in systems and in connection with possible IT incidents, we process your personal data if necessary.
Categories of personal data: All information stated above.
Legal basis: Legitimate interest. The processing is necessary to satisfy our legitimate interest in managing and protecting our IT systems and services.
Retention period : Personal data is kept for the same period as stated in relation to the respective purpose stated above. Personal data in logs is kept for troubleshooting and incident management for a period of 12 months from the time of the log event.
RECIPIENTS WITH WHICH WE SHARE PERSONAL DATA
When necessary, we share personal data with the recipients below. Unless otherwise stated, named recipients are independently responsible for their own personal data processing.
Receiver: Companies that provide public transport of goods
Purpose: In
order to be able to deliver your ordered product and thereby fulfill our obligations according
to the purchase agreement.
Legal basis: Agreement. The
processing is necessary to fulfill our contractual obligations with you as a customer.
Receiver: Authorities (e.g. the Police and the Swedish Tax Agency) and external auditors
Purpose:
To fulfill any legal obligations to which we are subject, e.g. in connection with
requests from authorities or other legal requirements.
Legal basis: Legal obligation.
The processing is necessary to fulfill legal obligations to which we are subject.
Receiver: Companies that offer payment solutions
Purpose: To mediate and
enable your payment of the service with our payment service providers and thus enter into a
purchase agreement with you.
Legal basis: Agreement. The
processing is necessary to take measures at your request before entering into a purchase
agreement.
Receiver: Authorities (including courts) and legal representatives
Purpose:
To establish, assert and defend legal claims.
Legal basis: Legitimate interest.
To satisfy our legitimate interest in having disputes and matters handled by competent
courts and agents.
Receiver: Buyers, sellers and external advisors/other involved parties
Purpose:
Enable operational changes, e.g. sale or merger of the business or investments in
general.
Legal basis: Legitimate interest. To satisfy our
legitimate interest in implementing business changes.
Receiver: Marketing partners
Purpose: Enable customized marketing for
you, including sharing data for further processing by our marketing partners.
Legal basis:
Consent .The processing takes place with the support of your
consent.
Receiver: Media service partners
Purpose: Simplify the purchase process
for you as a customer when you take advantage of some of our and our partners' services.
Legal basis: Legitimate interest. The processing is necessary to
facilitate the purchase process for you.
Service providers
In order to fulfill the purposes of the processing of personal data, we share your personal data with service providers that we have engaged. These suppliers provide e.g. IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions and IT systems), financial services (e.g. accounting systems) and statistical services. The service providers we have engaged may only process your personal data according to our express instructions and may not use your data for their own purposes. They are also obliged by law and contract to take appropriate technical and organizational security measures to protect your data.
Appropriate safeguards for transfers of personal data to third countries
If Sesamy transfers or discloses your personal data to a recipient in a country outside the EU/EEA area (third country), Sesamy will ensure that appropriate protective measures have been taken (such as the European Commission's standard contractual clauses and other necessary measures) to protect the personal data.
According to the applicable data protection legislation, you have the right, upon request, to receive a copy of the documentation that demonstrates that the necessary protective measures have been taken in order to protect your personal data when transferred to a third country.
If you want to know more about the processing of your personal data and if your personal data is transferred to a third country, please contact us at the contact details shown below.
YOUR RIGHTS
Rights in relation to your personal data
In connection with our processing of your personal data, you have, under certain conditions, the right to assert the following rights:
Access
You can request confirmation of whether or not your personal data is processed and, if processed, request access to your personal data and additional information such as the purpose of the processing. You also have the right to receive a copy of the personal data being processed. If the request is made electronically, the information will also be obtained in a commonly used electronic format unless you request otherwise.
You can read more about the right of access to personal data here .
Object to special treatment
You can object to the processing of your personal data based on a legitimate interest, in light of the particular situation and to processing that takes place for direct marketing purposes. If we cannot demonstrate a compelling legitimate reason for continuing the processing that outweighs your interests, or if the processing is not necessary to establish, assert and defend legal claims, then we are obliged to cease the processing.
You can read more about the right to object here .
Deletion
You can have your personal data deleted under certain circumstances, e.g. when the personal data is no longer needed to achieve the purpose for which the personal data was collected.
You can read more about the right to erasure here .
Limitation of treatment
You can ask us to limit the processing of your personal data to only include the storage of your personal data under special circumstances, e.g. when the processing is illegal but you do not want your personal data to be deleted.
You can read more about the right to limitation here .
Withdraw consent
You always have the right to withdraw your consent to the processing of personal data to the extent that the processing is based on your consent.
Data portability
You have the right to request to receive a machine-readable copy of the personal data processed on the basis of your consent or when the processing is necessary to fulfill a contract with you, and when personal data have been obtained by you (data portability), and to request that the information be transferred to another personal data controller (if possible).
You can read more about the right to data portability here .
Complaint to supervisory authority
You are welcome to contact us with questions or complaints regarding the processing of your personal data. However, you also always have the right to submit a complaint regarding the processing of your personal data to the Swedish Privacy Protection Agency.
You can read more about the right to lodge a complaint with the Privacy Protection Authority here .
CONTACT US
If you have any questions regarding the processing of your personal data or if you wish to exercise any of your rights under Applicable Data Protection Legislation, please contact Sesamy at the contact details below. We reserve the right to change and supplement the privacy policy if necessary.
The personal data controller is:
Sesamy AB
Eriksbergsgatan 8B
114 30 Stockholm
E-mail address:
[email protected]
The privacy text was last updated:
September 28, 2022
CATEGORIES OF PERSONAL DATA
Below you will find an explanation of the categories of personal data that we can collect and save about you.
Category of personal data: User Generated Data
Example of personal data:
Click and visit history, technical data relating to devices used and their settings
(e.g. language setting, IP address, browser settings, time zone, operating system, screen
resolution and platform), information about how you have interacted with us, login method,
where and how how long different pages have been visited, response times, how you reach and
leave the service, etc.
Category of personal data: Image material
Example of personal data:
Profile picture from connected Google account
Category of personal data: Your communication
Example of personal data:
Personal data that you provide in your communications with us, comments on our
website
Category of personal data: Geographic information
Example of personal data:
Location data from your device such as collected via cookies
Category of personal data: Identity information
Example of personal data:
Name, IP address
Category of personal data: Login details
Example of personal data:
Username: Password
Category of personal data: Contact details
Example of personal data:
Address, e-mail address, telephone number
Category of personal data: Information about purchase
Example of personal data:
Purchase time, payment method, order history, delivery address, billing address,
product issues
