Emma S. is a Swedish skincare company. Emma S. respects your privacy and strives to protect your personal information when you are using our digital services and online shop. Please observe that this policy is subject to change and that you will always find the current policy by visiting this page.
Who is responsible for your personal information?
The Swedish company Emma S. is the controller for personal data and is responsible for your data under applicable data protection law (GDPR).
Why are we collecting data?
We are collecting the personal data you voluntarily share with us when you e.g. place an order in our online shop, contact customer service, participate in an online contest, sign up for our newsletter or in any other way contact us or interact with our online services. We collect the data necessary to complete an agreement (e.g. to deliver your products or send you an invoice) or in any other way complete a commitment (e.g. send you a newsletter with tips or offers).
What personal data do we collect?
We collect and store the data you voluntarily share with us such as name, address, e-mail and phone number. We do not have any access to your credit card number or your social security number. This data is handled by our secure payment partners Klarna (SE, NO), Paypal (SE, NO, EU) and Stripe (EU). You will find their individual integrity policies by clicking on the respective company name above.
How may your data be used?
To create and handle your personal account at emmas.com
To process and deliver your order when you shop with emmas.com
To contact you regarding your order if there is a problem or delay
To answer your questions when you contact customer service
To process possible refunds or exchanges
For marketing analyses purposes
To send you e-mails with news, tips and offers if you register for our newsletter
To inform winners in any online contest
To keep in contact during a recruiting process if you apply for a job at Emma S.
Who can access your data?
Your data may be shared internally at Emma S. Emma S. never shares, sells or trades your personal data for marketing purposes or any other purposes. We only share data with a third party to provide any of the services listed above such as running the online shop, payment methods, delivery by our shippers and marketing from Emma S. that you have signed up for (e.g. distribution of newsletter).
Where is your data stored?
The personal data we collect is stored within the European Economic Area (EEA), but could be transferred and processed in a country outside the EEA. All forms of transfers are made under applicable law and are in these cases protected by the “Privacy Shield” that guarantees you the same security as within the EEA.
How long is your data stored?
We will store your submitted data for as long as it takes to fulfill any of the purposes listed above, as long as it is demanded by Swedish or International law or to fulfill any other relevant commitments. Thereafter, they will be deleted.
How do I get information about/delete my personal data?
You have the right to contact us at any time to request information about the personal data we have stored about you (free of charge once a year). You can thereafter ask to have them updated, changed or deleted. We can delete all personal data that applicable law does not require us to save (e.g. the Swedish Accounting Act) or if we have any other legal reasons or duties to store your data. You can contact us by post (Emma S. AB, Birger Jarlsgatan 58, 114 29 Stockholm, Sweden), via e-mail (firstname.lastname@example.org) or through telephone weekdays between 9am-5pm (+46 8 35 35 18).
If you want to delete your e-mail address from our mailing list you just open any received e-mail from us and click on the link ”klicka här för att avsluta din prenumeration” at the bottom of the e-mail. Please observe that your e-mail could occur in more than one mailing list depending on how and where you registered. To make sure you are deleted from all lists please contact us according to the above.
How do we protect your data?
We apply both digital and physical safety measures to protect your personal data and avoid data interference or unauthorized access. If data trespass occurs despite implemented safety measures this will be reported to the Data Protection Administration within 3 days.