Privacy Policy

COMIS AB, reg.no 559308-5243 ("COMIS," "we," "us" or "our") will process your personal data when you are visiting and using the services provided at www.comis.com or purchase products in our stores. We strive to be transparent in what we do with our visitors' and customers' personal data and have therefore adopted this privacy policy. Below you will find information on what kind of personal data we process, why we do it, what we use it for and how we may share it. COMIS is the data controller of any processing of your personal data, unless otherwise stated in this privacy policy.

What personal data do we process?
We collect personal data when you (i) purchase our products (ii) sign up for our newsletter, invites and offers, (iii) request support and (iv) are browsing our website. Such personal data will include your name, e-mail address, telephone number, delivery address, payment details, IP address, behavior on the website and other information that you voluntarily provide us. If we deliver a product to you which is purchased by someone else than yourself, we process your contact details as provided by the purchaser.

Purpose, legal ground and strorage period
We will only use your personal data for the purposes and on the legal grounds set out below. Further, we will only use your personal data during the period set out under "Storage period", after which period your personal data will be erased.

Purchases
Purpose of processing: When you purchase our products, we will process your personal data to fulfil our contractual obligations towards you.

Categories of personal data: Identity (first name and second name), delivery address/billing address, telephone number, e-mail address, order information, payment details, payment history, credit card information and payment reference number.

Legal ground for processing: The processing is necessary for our performance of the contract with you (i.e. Terms of Use).

Storage period: We will process your personal data during the term of our contract (including the statutory warranty period of three years) and we will thereafter erase your personal data. The storage period also applies to any unsuccessful purchase due to lack of funds in your account. We also save your personal data due to legal requirements (accounting legislation) for 7 years.

Direct Marketing
Purpose of processing: When you sign up for news, invites and offers (direct marketing), we will process your personal data to provide the services as requested by you. Our direct marketing may be based on profiling, which means that we will customize the information that you receive from us based on certain factors. We use the following types of personal data to compile a profile: your gender, your location, your previous purchases, your behavior on our website, and/or your previous behavior when receiving direct marketing from us.

Categories of personal data: Any data collected in connection with a purchase (see "Purchases" above), e-mail address, location (based on the physical store or COMIS website that you use to sign up for our marketing communications), any communication sent to you, order history and the e-mails that you have clicked on and your interactions with our website if you have followed a link in any e-mails sent to you.

Legal ground for processing: The processing is necessary for our legitimate interests to maintain good customer relations.

Storage period: If you opt-out or unsubscribe from our marketing (including profiling), we will no longer process your personal data for this purpose. Unless there is another legal ground for keeping your data (such as a valid purchase contract), we will also erase your personal data if you have not actively engaged with any of our direct marketing communications for a period of thirty (30) months.

Competitions and events
Purpose of processing: If you participate in a competition, lottery or event organized by us, we will process your personal data in order to be able to communicate with you (i) before or after participation in the competition, lottery or event (ii) for the purposes of identification and age control, or (iii) to elect a winner and to distribute the relevant benefit or price.

Categories of personal data: Depending on which type of competition, lottery or event that that you participate in, we may collect your name, e-mail address, location and date of birth, as well as your shipping address for the purposes of distributing the relevant benefit or price. More details on exactly what data we are collecting will be provided in connection with each such competition, lottery or event.

Legal ground for processing: The personal data is required for the legitimate interest we have to administrate your participation in connection with competitions, lotteries or events.

Storage period: We will keep your personal data only during the competition, lottery or event (including a possible evaluation thereof).

Support
Purpose of processing: When you request support through our live chat or our other support channels, we will process your personal data to be able to assist you with the relevant matter.

Categories of personal data: Your name, e-mail address and other contact details, order details, purchase amount, purchase history, place of purchase, invoice, payment method, our correspondence with you, technical data about devices and operating system used. At your initiative, we may also process personal data such as ID, bank account details, work place, phone number, health data (such as allergy reactions or other health data that you provide us with), pictures attached by you or social status, if mentioned by you in our dialogue.

Legal ground for processing: If we provide this service on the basis of an agreement with you, we consider the processing of your personal data to be necessary for the performance of the contract to which you are party. In other cases, we consider the processing of your personal data in the above context to be based on our legitimate interest to provide you with the best customer service possible.

Storage period: We will erase your data within three years after the relevant matter has been finally resolved, except for sensitive data (such as ID, bank account details, health data (such as allergy reactions or other health data that you provide us with), pictures attached by you, social status, if mentioned by you in our dialogue) which will be erased immediately after your case has been resolved.

Customer experience surveys
Purpose of processing: If you have made a purchase from us, we are interested to hear about your experience of our website, the product, our service or any other experience you may have had while interacting with us. For this reason, you may receive an email from us where you are invited to answer some questions and give us feedback. You can also choose if you want us to contact you based on the feedback you have provided. Participating in the survey is voluntarily.

Categories of personal data: email address, order number, purchased products, gender (optional) and age (optional).

Legal ground for processing: The surveys are part of our customer service work and ensuring that customers have the best experience, and for this reason, we consider that we have a legitimate interest for this processing of your personal data. If we provide further service based on your feedback about purchased products this will be made on the basis of the purchase agreement we have with you.

Storage period: We will erase your data within twelve months after you have participated in the survey, unless there is another legal ground for keeping your data (such as a valid purchase contract or an ongoing customer service matter, please refer to the information under the heading Support above). Opt-out from survey invitations is possible through a link in the email invite or by contacting dataprotection@comis.com

Checkout reminder
Purpose of processing: If you have initiated a purchase at our website and if you have provided your e-mail address in connection therewith but have not completed the final step of your purchase, we will send you an e-mail with a link to your shopping cart for the purposes of reminding you of your uncompleted purchase.

Categories of personal data: Any details that you have entered in your shopping cart in connection with the uncompleted purchase (please refer to "Purchases" above for more details on what details we collect in connection with any purchase).

Legal ground for processing: The processing is necessary for our and your legitimate interest to remind you of your uncompleted purchase.

Storage period: We will erase your data, within one month after the checkout reminder, unless there is another legal ground for keeping your data (such as a valid purchase contract). Opt-out is possible by contacting dataprotection@comis.com

Browsing
Purpose of processing: When browsing our website, we will process your personal data to improve our website and for marketing purposes.

Categories of personal data: IP-address, user generated data from cookies (e.g. clicks, page viewed, page visits, time spent, products viewed and clicked on, orders, average order value).

Legal ground for processing: The processing is based on the consent that you provide to us if you accept our Performance Cookies and Targeting Cookies (see "Cookies" below). In relation to Strictly Necessary Cookies, our processing is necessary for our legitimate interest in being able to provide you with a functioning website when you visit and use the services provided at comis.com. Please see more under "Cookies".

Storage period: The storage period for each of our cookies can be found in our Cookie Settings .

Fraud prevention
Purpose of processing: We will process your personal data for the purposes of carrying out risk analysis, fraud prevention and risk management.

Categories of personal data: Identity (first name and second name), delivery address/billing address, telephone number, e-mail address, order history, payment history, purchase- and user generated data (clicks and user history), information about how our digital services are used.

Legal ground for processing: The processing is necessary for our legitimate interests to prevent fraud and to handle risks.

Storage period: We will erase any personal data used for this purpose on a six-month basis, unless there is another legal ground for keeping your data. Upon a purchase that has been cancelled due to fraud prevention, we will delete your personal data two years after the unsuccessful purchase.

Analysis of data
Purpose of processing: We will analyze your personal data, in order to compile aggregated tracking data (including to analyze visitors' use of our sites by tracking information such as page views, traffic flows, search terms and click throughs) for the purposes of to continuously being able to offer a more user-friendly experience.

Categories of personal data: IP-address, user generated data from cookies (e.g. clicks, page viewed, page visits, time spent, products viewed and clicked on, orders, average order value), geographic location (country only), correspondence and feedback relating to our products and services, technical data (e.g. language, IP-address, device type, browser settings, time zone, operating system, platform), information about how you have interacted with us, i.e. how you have used our services, response times, page errors, how you reach and how you leave the site etc.

Legal ground for processing: The processing is based on the consent that you provide to us if you accept our Performance Cookies (see "Cookies" below). Please see more under "Cookies".

Storage period: The storage period for each of our Performance Cookies can be found in our Cookie Settings.

Targeted messages on third party advertising platforms
Purpose of processing: We use third-party advertising platforms, such as Meta, Google, YouTube, Instagram, etc. to send you messages that are targeted at you, based on your behaviour and browsing pattern, at specific times and locations of these platforms to increase the efficiency of our advertising campaigns. Your personal data is shared with the third-party advertising platforms, and they will attempt to match your profile in their database to determine the optimal time and place (the page you are browsing) to show you an advertisement from COMIS. We also need to analyse necessary information to understand the impact of our advertising. If you don't accept that we track your data for this purpose, you may still see COMIS advertisements on other platforms at random.

You can learn more about how our advertising partners help us achieve this purpose by visiting their sites.

Categories of personal data: IP-address, user generated data from cookies (e.g. clicks, page viewed, page visits, time spent, products viewed and clicked on, orders, average order value), geographic location (country only).

Legal ground for processing: The processing is based on the consent that you provide to us if you accept our Targeting Cookies (see "Cookies" below).

Storage period: The storage period for each of our Performance Cookies can be found in our Cookie Settings.

Who do we share your personal data with?
Only the people who need to process personal data for the purposes mentioned above have access to your personal data. We further may need to allow our suppliers access to your personal data when they perform services on our behalf, mainly to provide support and maintenance of IT systems, storage services and marketing. Any transfer of data outside the EU/EEA is made in line with data protection laws. Our international transfers of personal data (including transfers to our group companies and suppliers outside the EU/EEA) are based on the EU Commission's standard contractual clauses. The standard contractual clauses may be found here. (LINK)

We do also share your personal data with other controllers of personal data. Such controllers could be authorities (police, tax authority or other authorities), if we are obliged to share it according to law or suspected criminal activities, and transport companies in order for them to handle and deliver your order. When your personal data is shared with other controllers, they will be responsible for your personal data and we refer to them for more information on how they process your personal data.

Your rights
You are entitled to the following rights under applicable laws:

  • The right to access: you may at any time request to access your personal data. Upon request, we will provide a copy of your personal data in a commonly used electronic form.
  • The right to rectification: you are entitled to obtain rectification of inaccurate personal data and to have incomplete personal data completed.
  • The right to erasure ("right to be forgotten"): under certain circumstances (including processing on the basis of your consent), you may request us to delete your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
  • The right to object: to certain processing activities conducted by the us in relation to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to processing of your personal data for direct marketing purposes.
  • The right to restriction of processing: you may under certain circumstances request from us to restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
  • The right to data portability: you are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format.

Finally, you also have the right to lodge a complaint with the supervisory authority in Sweden, which currently is Integritetsskyddsmyndigheten.

Cookies
We use cookies on our website. Please see our separate policy for cookies.

Data security
We employ appropriate technical and organizational security measures to help protect your personal data against loss and to guard against access by unauthorized persons. Appropriate security measures we have taken include implementing secure private connections, traceability, disaster recovery and access limitations. We regularly review our security policies and procedures to ensure our systems are secure and protected.

Contact information
If you have any questions relating to our handling of your personal data or our use of cookies or if you would like to invoke any of your rights under applicable privacy legislation, please contact us at: dataprotection@comis.com

Changes to this website's privacy policy
If we change how we handle your personal data or how we use cookies, we will promptly update this website privacy policy and publish it on this website.

Last updated Nov 2022