Privacy policy
Changing attitudes takes the personal integrity of our members and customers very seriously. This privacy policy explains how we are collecting and processing your personal information following GDPR*.
*The General Data Protection Regulation (Regulation (EU) No 2016/679 of the European Parliament and the Council), abbreviated GDPR (General Data Protection Regulation), is an EU regulation that entered into force throughout the EU on May 25th, 2018. GDPR replaces the Swedish Personal Data Act.
This privacy policy also describes your rights and how you can enforce them. You are always welcome to contact us with any questions.
Personal data and processing of personal data
Personal information is any information that can be directly or indirectly attributed to a physical person. Even images and sound recordings processed on a computer can be classified as personal data even if no names are mentioned. If different types of electronic identities (eg, IP numbers) and encrypted data can be linked to a person, this can also be counted as personal data.
Processing of personal data is everything that happens with the personal data. Every action taken with personal data constitutes a process, regardless of whether it is performed automatically or not. Examples of typical processing of personal data are collection, registration, organization, structuring, storage, transfer, and deletion.
Responsibility for collected personal data
Changing attitudes: organization number 802465-3480, with address Svartbäcksgatan 26, 753 32 Uppsala, Sweden, is responsible for the organization's processing of personal data.
Personal information that we collect about you as a member/customer and for what purpose:
Order/purchase
To be able to handle orders/purchases, data is collected for the following:
Delivery (including notification and contacts regarding delivery)
Payment handling
Handling of complaints and warranty matters
In order to be able to handle orders/purchases, the following categories of personal data are collected:
E-mail
First name
Surname
Contact information (eg, address and phone number)
Purchase information (eg, which item(s) have been ordered or whether the item(s) is to be delivered to another address)
Legal basis: Fulfillment of the purchase agreement. This collection of your personal information is required for us to be able to fulfill our obligations within the purchase agreement. If the information is not provided, our commitments cannot be fulfilled, and we are therefore forced to deny the customer to make the purchase.
Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter in order to be able to handle any customer service matters.
Customer service
To be able to handle Customer service matters, data is collected for the following:
Communication and answering any questions to customer service (by phone or in digital channels, including social media)
Identification of member/customer
Investigation of any complaints and support matters (including technical support)
In order to be able to handle customer service matters, the following categories of personal data are collected:
E-mail
First name
Surname
Contact information (eg address and telephone number)
Your correspondence
Information about the time of purchase, place of purchase, any errors/complaints
Legal basis: Legitimate interest. The processing is necessary to satisfy our and your legitimate interest in handling customer service matters.
Storage period: Until the customer service case has been closed.
Competitions/events
To be able to implement and manage participation in competitions and/or events, data is collected for the following:
Communication before and after participation in a competition or event (eg, confirmation of entries, questions or evaluations)
Selection of winners and mediation of any prize (eg, payouts, or travel bookings)
In order to be able to carry out and manage participation in competitions and/or events, the following categories of personal data are collected:
E-mail
First name
Surname
Contact information (eg, address and telephone number)
Information provided in competition entries
Legal basis: Legitimate interest. The data is necessary to satisfy our and your legitimate interest in managing your participation in competitions and/or events.
Storage period: During the time the competition/event (including any evaluation) is in progress.
Sources we collect your personal information from
In addition to the information you provide to us, or which we collect from you based on your purchase(s) or as you choose to become a member of Changing attitudes and how you use our services, we may also collect personal information from someone else (so-called third party).
The information we collect from third parties is as follows: Address information from public registers to ensure that we have the correct address information on you.
Here we process your personal data
Your personal data is processed within the EU/EEA and in MailChimp, which is located within the US.
How long do we save your personal information?
We never store your personal information for longer than what is necessary for each purpose. See more about the specific storage periods under each purpose.
This is how we handle e-mail
We always limit the use of your personal information (photo, name, address, etc.) in an email to what is necessary to fulfill the purposes.
We are following the so-called data minimization principle, which means that we actively take a position on who needs to receive emails that contain personal data: As a general rule, only those people who need access to personal data to be able to perform their work will have access to them.
We always consider what emails are sent and who should be the recipients of a copy.
We have clear routines for the deletion of emails. We only process personal data for as long as it is needed to fulfill the purpose for which it was collected.
We only store emails that are absolutely needed to fulfill the purposes and always delete the rest. Saved emails are also deleted when the purposes are fulfilled.
We follow appropriate information security measures regarding e-mail. This includes measures such as protecting e-mail from unauthorized access from outsiders as well as precise requirements for usernames and passwords. To meet GDPR's requirements, we use a secure e-mail system.
Your rights as registered
Right of access
We are always open and transparent with how we process your personal data, and if you want to gain a more-in-depth insight into which personal data we process about you, you can request access to your data (the information is provided in the form of a document stating the purpose, categories of personal data, storage periods, information on where the information was collected and the existence of automated decision-making).
Keep in mind that if we receive a request for access, we may ask for additional information to ensure efficient handling of your request and to ensure the information is provided to the right person.
Right to correction
You can request that your personal information be corrected if the information is incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data.
Right to deletion
You can request deletion of any personal data that we process about you if:
The data is no longer necessary for the purposes for which they were collected or processed
You object to a balance of interests we have made based on legitimate interest, and your reason for objection outweighs our legitimate interest
Personal data is processed illegally
Personal data must be deleted in order to fulfill a legal obligation to which we are subject
Personal data has been collected about a child (under 13 years of age) for whom you have parental responsibility, and the collection has taken place in connection with the provision of information society services (eg, social media)
Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from accounting- and tax legislation, banking- and money laundering legislation, but also from consumer law legislation. It may also be that the processing is necessary for us to be able to establish, assert or defend legal claims. Should we be prevented from meeting a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.
Right to restriction
You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process is correct, you can request limited processing for the time we need to check whether the personal data is correct or not. If we no longer need the personal data for the stated purposes, but you need them to be able to establish, assert or defend legal claims, you can request limited processing of the data from us. This means that you can request that we not delete your information.
If you have objected to a balance of interests of a legitimate interest that we have made as a legal basis for a purpose, you can request limited processing for the time we need to check whether our legitimate interests outweigh your interests in having the data deleted.
If the processing has been restricted according to any of the above situations, we may only, in addition to the storage itself, process the data to establish, assert or defend legal claims, to protect someone else's rights, or if you have given your consent.
Right to object to a certain type of processing
You always have the right to avoid direct marketing and to object to any processing of personal data based on a balance of interests.
Legitimate interest
In cases where we use a balance of interests as a legal basis for a purpose, you have the opportunity to object to the processing. In order to continue processing your personal data after such an objection, we need to be able to show a compelling, justified reason for the processing in question that outweighs your interests, rights, or freedoms. Otherwise, we may only process the data to establish, exercise, or defend legal claims.
If you object to direct marketing, we will discontinue the processing of your personal data for that purpose as well as discontinue all types of direct marketing measures.
Remember that you always have the opportunity to influence which channels we will use for communication. In that case, you should not object to the processing of personal data as such but instead limit our communication channels (by contacting customer service).
Right to data portability
If our rights to process your personal data is based either on your consent or performance of an agreement with you, you have the right to request that the data concerning you and which you have provided to us be transferred to another data controller (so-called data portability). A prerequisite for data portability means that the transfer is technically possible and can be automated.
Cookies
When you use changingattitudes.co, we collect data relating to your visit in the form of cookies. A cookie is a text file that is stored in your browser, giving us information about what parts of our page you visited and if you added something to your shopping cart. Cookies are anonymous in the way that no personal information is associated with them.
We use third-party cookies to analyze who visits our site and how they behave. We use cookies from Google in order to analyze the traffic on the site through Google Analytics.
You can block cookies in your browser, and you can also see a list of which cookies are saved and delete them.
By using changingattitudes.co, you agree to the use of cookies.
About the Swedish Data Inspectorate as a supervisory authority
The Swedish Data Inspectorate is responsible for monitoring the application of the legislation, and anyone who believes that a company mishandles personal data can submit a complaint to the Data Inspectorate.
We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. For updates that are crucial to our processing of personal data (for example, changes to stated purposes or categories of personal data) or updates that are not crucial to the processing but may be crucial to you, you will receive information on changingattitudes.co and by email (if you have specified your email address) well before the updates comes into effect. When we make information available about updates, we will also explain the meaning of the updates and how they may affect you.
Feel free to contact us with any questions you might have.