2. Who is responsible for your personal data?
Bare Collective is mostly responsible for the personal data which is processed in the context of barecollective.se. When you shop with us, we may have to disclose your data to others in order to provide our service. In such cases the data recipient may be independently responsible for personal data, more info on this is laid out in section 5.
3. Where does the personal data come from?
We process, primarily, information on you which we collect or have collected in connection with both your use of, and purchases via, our website. Bare Collective is part of a group of companies which also includes ImseVimse Aktiebolag org. no. 556350–3621, Esska of Sweden AB org. no. 556044–3128, and JaBaDaBaDo AB org. no. 556578–7784. Owing to the fact that Bare Collective has taken over the sale of products from these companies, certain data may have been collected in connection with your use of these companies’ websites. In such cases we have informed you specifically about this.
4. What data do we collect about you and for what purposes?
4.2 Bare Collective
5. Transfer of personal data
In order for our services in the context of barecollective.se to operate, we may need to share some personal data with others. In some cases, we remain responsible, and recipients of such personal data are our data processors for the processing thereof. In other cases the recipient is independently responsible for the processing of personal data. It may also be the case that a recipient is the independent data controller for some processing but processor for another aspect. Certain processing scenarios may arise that mean that the recipient is joint personal data controller together with Bare Collective. In this section you’ll find more information on what applies to each type of recipient.
5.1 Recipients who are independently responsible for personal data
When your personal data are processed by independent personal data controllers, the respective personal data controller personal data control policy applies.
Examples of independent data controllers:
Klarna Bank AB. When you pay for your goods on barecolletive.se, Klarna Bank AB will process your personal data as the personal data controller. For more information on this processing, see here.
Suppliers of online marketing services where you have consented to use of your personal data.
Subcontractors of logistics and transport services, a number of transport providers we use as subcontractors of logistics and transport services for delivery to agents are independent data controllers. For more information on this processing, see respective subcontractor privacy policies.
5.2 Recipients who are personal data processors
Data can be processed by so-called data processors, i.e. companies with which Bare Collective works with regard to IT, analytics, distribution, and marketing. These companies may nevertheless not use information on you for any other reason than for providing services for which they are contracted and only according to the terms & conditions set by Bare Collective. We have concluded written agreements (so called personal data processor agreements) with all parties who process personal data on our behalf.
Examples of personal data processors:
Subcontractors who supply or maintain our IT and business systems
Subcontractors of logistics and transport services for home delivery (in addition to those who are independent data controllers as per section 5.1)
Subcontractors who provide marketing services
5.3 Recipients who are joint personal data controllers
Suppliers of online marketing services, where you have consented to use of your personal data.
5.4 Where your data is processed
Your personal data is processed mainly within the EU/EEA but, for some processing, personal data is handled in a country outside of the EU/EEA, for example, when one of our subcontractors conducts its business from a country outside of the EU/EEA. In the case of such transfers, we will take all suitable technical and legal measures to safeguard the privacy of transferred personal data and to ensure that the security for the processing of these meets an adequate level of protection in accordance with data protection legislation. We do this, for example, by using standard contractual clauses that have been approved by the European Commission in our agreements with such subcontractors, combined with appropriate safeguards. Click here to view these clauses. Otherwise, we only transfer data to countries covered by a decision on an adequate level of protection.
6. Security measures
Bare Collective attaches great importance to safe handling of your information. We use adequate physical, technical, and administrative processes and procedures to manage the information we collect. Special attention is paid to information security to prevent, impede, and detect if data is disseminated to outsiders or is lost. Access to personal information is only given to those that need it for their professional duties. Data processing is logged and controlled systematically.
7. Automated decision-making and profiling
Profiling means automatic processing of personal information which involves the personal information being used to assess certain of your personal characteristics, for example personal preferences, interests, behaviour, or place of residence.
Profiling can be used to optimize your experience on barecollective.se and within the framework of Collective, for example, by suggesting relevant products based on how you use barecollective.se. This is done through gathering data from you and then, with the help of algorithms and AI technology, comparing that information with what other customers consider to be of interest.
Profiling won't be used to make automated decisions which have legal consequences or ones that significantly affect you in a similar way.
8. How long is personal data stored?
We do not retain any personal data for longer than is necessary to fulfil the purposes for which the data is processed, or as long as required by law and according to the principles set out in section 4 above. After that, the data is deleted or anonymized. In order to determine the periods during which we retain personal data, we pay particular attention to the requirements arising from data protection legislation, regulations and recommendations from authorities, and industry practices. Information on retention periods for the various purposes that personal data are processed is listed above under the respective purpose in section 4.
9. What are your rights?
9.1 Access to your personal data
You have the right to request a register extract of the processing that we carry out regarding your personal data. This is cost-free once per year. The register extract is sent to you within one month from receipt of the request.
9.2 Rectification, erasure, restriction, and objection
You can ask us to correct incorrect information we have about you. You can also ask us to delete information that is no longer necessary for the purpose for which it was collected, request restriction of processing and/or object to the processing of your personal data. However, certain legal obligations may prevent us from immediately deleting certain information.
9.3 Objection to processing for marketing purposes
You can request that we not process your personal data for marketing purposes. In practice, you will usually expressly, in advance, agree that we may use your personal data for marketing purposes, and/or we will give you an opportunity to decline (“opt-out”) from the use of the personal data for marketing purposes.
9.4 Withdrawal of consent
If we process your personal data based on consent, you can withdraw your consent at any time. Should you wish to withdraw your consent, you can do so through contacting our customer service via firstname.lastname@example.org. However, consent to cookies is most easily revoked through your browser, see section 10 for more information about cookies.
9.5 Data portability
You can exercise your right to data portability, in certain circumstances, by transferring your personal data that you have provided to us to another data controller.
You can at any time submit a complaint to the Swedish Authority for Privacy Protection or another competent supervisory authority if you believe that we are processing your personal data in violation of applicable data protection legislation.
11. Third-party websites
13. Contact us