Geggamojas personal data policy

At Geggamoja your privacy is important. We only collect the data we need and never share it with unauthorized parties.

  • When you shop with us we need your data to deliver your order, process payment, and assist you with questions or complaints.

  • When you contact us we use your data to provide you with fast and accurate service.

  • When you participate in competitions or receive offers we use your data to stay in touch and send relevant news.

  • When the law requires it we store data, for example for accounting.

You always control your personal data: you can access it, correct errors, opt out of marketing, or ask us to delete it.

Read our full policy below

What is meant by personal data?

Personal data is information that can be linked to you as a person, such as name, address, email, phone number, or personal identity number. Orders and purchase history can also be considered personal data.

That we “process” personal data simply means that we store or use it in some way – for example, to be able to send your order or answer questions from customer service.

Why we collect data

We use your data to provide you with the best service. Here are the most common reasons:

  • When you shop with us
    We need data to be able to deliver your order, take payment, send notifications, and handle any complaints.

  • When you contact customer service
    To be able to answer questions and help you, we need access to information about your purchase and your contact details.

  • When you participate in competitions or events
    We use your data to confirm registrations, keep in touch, and deliver prizes.

  • When we send news and offers
    If you have given your consent, we use your data to send inspiration, product news, offers, and invitations.

  • When the law requires it
    Some data we must save by law, for example for accounting and product safety.

  • To make your experience better
    We sometimes use your purchase history or how you use our webshop to show relevant products and remind you of shopping carts you have left behind.


How long do we keep your data?

We never save data longer than necessary. For example:

  • Orders must be saved for 7 years according to the Accounting Act.

  • Customer service cases are saved for up to 12 months.

  • Marketing data is saved until you say stop, or for a maximum of 3 years after your last purchase.

  • Competitions and events are deleted no later than 6 months after completion.

When do we share information?

We only share your data with trusted partners who help us deliver our services, for example:

  • Payment providers (Qliro, Klarna).

  • Delivery companies (PostNord, DHL, etc.).

  • IT and system providers who operate our webshop.

They may only use the data in the way we have determined and in accordance with GDPR.

If data is stored outside the EU

Sometimes personal data may be processed outside the EU/EEA (e.g., if we use an IT provider with servers there). In such cases, we always ensure that there is an approved protection, such as the EU's standard contract clauses.

Your rights

As a customer, you always have control over your data. You have the right to:

  • Find out what data we have about you.

  • Get incorrect data corrected.

  • Ask us to delete your data (if we are not required to keep it by law).

  • Say no to direct marketing.

  • Obtain your data in a format that can be transferred to another party (data portability).

  • Withdraw your consent if you have previously agreed to, for example, newsletters.

If you want to use any of your rights, just contact us at kundtjanst@geggamoja.com

 

Frequently asked questions about personal data

  • Cookies are a small text file consisting of letters and numbers sent from our web server and stored on your browser or device. On geggamoja.com we use the following cookies: 1) Session cookies (a temporary cookie that expires when you close your browser or device). 2) Persistent cookies (cookies that remain on your computer until you delete them or they expire). 3) First-party cookies (cookies set by the website you visit). 4) Third-party cookies (cookies set by a third-party website. With us, these are primarily used for analytics,

    e.g. Google Analytics.). 5) Similar technologies (technologies that store information in your browser or on your device in a way similar to cookies). The cookies we use generally improve the services we offer. Some of our services require cookies to function properly, while others enhance the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings such as language and other details. We also use cookies to be able to target relevant marketing to you.

    Can you control the use of cookies yourself? Your browser or device allows you to change the settings for the use and scope of cookies. Go to the settings of your browser or device to learn more about how to adjust the cookie settings.

    How are your personal data protected? Only those individuals who actually need to process your personal data in order for us to fulfill our specified purposes have access to them.

    We may make changes to our privacy policy. The latest version of the privacy policy is always available here at www.geggamoja.com

  • We are open and transparent about how we process your personal data, and if you want to gain deeper insight into which personal data we process about you specifically, you can request access to the data.

    Keep in mind that if we receive a request for access, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the correct person.

    Right to rectification. You can request that your personal data be corrected if the data is incorrect.

    Right to deletion. You can request deletion of personal data we process about you if: The data is no longer necessary for the purposes for which it was collected or processed. You object to processing for direct marketing purposes. The personal data is processed unlawfully. The personal data must be deleted to comply with a legal obligation we are subject to.

    Keep in mind that we may have the right to deny your request if there are legal obligations preventing us from immediately deleting certain personal data. These obligations come from accounting and tax legislation, banking and anti-money laundering legislation, as well as consumer protection legislation.

    Right to object to certain types of processing. You always have the right to avoid direct marketing and to object to any processing of personal data based on a balancing of interests. You have the opportunity to object to your personal data being processed for direct marketing. The objection also covers analyses of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing refers to all types of unsolicited marketing measures (e.g., via mail, email, and SMS).

    Marketing activities where you as a customer have actively chosen to use one of our services or otherwise sought us out to learn more about our services are not considered direct marketing (e.g., product recommendations or other features).

    If you object to direct marketing, we will cease processing your personal data for that purpose as well as stop all types of direct marketing activities. Contact us at kundtjanst@geggamoja.com.

    Remember that you always have the option to influence which channels we use for mailings and personal offers—by opting out of the service. Contact kundtjanst@geggamoja.com

    Right to data portability. If our right to process your personal data is based either on your consent or the fulfillment of a contract with you, you have the right to request that the data concerning you and that you have provided to us be transferred to another data controller (so-called data portability).

    A prerequisite for data portability is that the transfer is technically possible and can be done automatically.

    How do we handle your personal identification number? In cases where it is necessary for us to provide our services, we share your personal ID with data processors for payment solutions (card acquiring companies, banks, and other payment service providers).

  • We never save your personal data longer than necessary, maximum 5 years.

  • We always strive to ensure that your personal data is processed within the EU/EEA and all our own IT systems are located within the EU/EEA. However, in the case of system support and maintenance, we may be required to transfer the information to a country outside the EU/EEA, for example, if we share your personal data with a data processor who, either themselves or through a subcontractor, is established or stores information in a country outside the EU/EEA. In these cases, the processor may only access the information relevant to the purpose (e.g., log files). Regardless of the country in which your personal data is processed, we take all reasonable legal, technical, and organizational measures to ensure that the level of protection is the same as within the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision by the EU Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate safeguards.

  • In addition to the information you provide to us yourself, or that we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else. The data we collect from third parties are as follows: 1) Address information from public registers to ensure that we have the correct address information for you. 2) Creditworthiness information from credit rating agencies, banks, or information companies.

    Who might we share your personal data with? Data processors. When necessary for us to provide our services, we share your personal data with companies that act as data processors for us. A data processor is a company that processes the information on our behalf and according to our instructions. We have data processors who assist us with: 1) Transportation (logistics companies and freight forwarders). 2) Payment solutions (card acquiring companies, banks, and other payment service providers). 3) Marketing (print and distribution, social media, newsletter providers). 4) IT services (companies that manage necessary operations, technical support, and maintenance of our IT solutions).

    When your personal data is shared with data processors, it is only for purposes compatible with the purposes for which we collected the information. We check all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data.

    We have agreements with all data processors through which they guarantee the security of the personal data processed and undertake to comply with our security requirements.

    Companies that are independently responsible for personal data. We also share your personal data with certain companies that are independently responsible for personal data. Being independently responsible for personal data means that we do not control how the information provided to the company is processed. Independently responsible data controllers with whom we share your personal data are: 1) Government authorities (the police, the tax agency, or other authorities) if we are required to do so by law or in case of suspected crime. 2) Companies that handle general goods transportation (logistics companies and freight forwarders). 3) Companies that offer payment solutions (card acquiring companies, banks, and other payment service providers). When your personal data is shared with a company that is independently responsible for personal data, that company's privacy policy and personal data management apply.



  • Geggamoja AB, org. nr 556761-4671, is the data controller for the company's processing of personal data.