How we treat your personal data

Our community is built on trust. Trust in information, trust in a fair market, trust in the principles of the rule of law. Among other measures, we at Law Off The Shelf build trust through being clear about how we use your personal data and protect your human right to privacy.[1]

1     What is personal data?

”Personal data” are all types of information that can be related directly or indirectly to a living natural person. Law Off The Shelf AB is the “data controller” of the data that you provide or that we retrieved from another source. Law Off The Shelf AB always processes personal data with the greatest respect for personal integrity. The guidelines applied by Law Off The Shelf AB, methods for managing and storing information and your rights are described below. The guidelines never restrict the rights that apply according to the Data Protection Regulation or any other legally binding provision.

Contact details for the data controller and the Data Protection Officer can be found under Contacts.

2     Collection of your personal data

2.1    We collect your personal data using the following methods:

•                         You personally enter your data, such as when becoming a customer, via our website, in contacts with customer services or sales, by e-mail, letter, contact forms and through login services.

•                         Information is created based on your purchases, how you use our services, how you and when you submit a support ticket to us.

•                         We may also retrieve data about you from other third party sources. Later on we plan to collect the following data from third parties:

•                         Contact details and demographic data from public sources such as SPAR, to make it easier for you to complete a purchase.

•                         Data regarding credit ratings from banks or credit institutions, to help us keep our business sustainable in the long run.

2.2    Law Off The Shelf’s websites

Normally, www.lawofftheshelf.com can be visited without triggering collection of personal data. In these cases, we only collect information that is used for statistical purposes and the visitor remains anonymous. Such information may include time of visit, duration of visit and which pages were accessed. In addition, Law Off The Shelf AB uses so-called cookies to enable proper functioning of certain website functions and services.

When customers visit Law Off The Shelf’s login services, the visit can be connected to the logged in person’s customer number or username. This allows Law Off The Shelf AB to conduct more relevant and personal communication with individual customers.

2.3    Personal data categories

The following categories of personal data are normally collected:

•                         Customer information, that is, the requisite information for becoming a customer. For example, name, phone number, e-mail address, choice of communications channel.

•                         Purchase information, that is, purchased products and services, credit rating, payment history, customer number and password.

•                         Service information, that is, specific ticket correspondence, information on purchases and any complaints or claims.

•                         Customer survey results and feedback on our products and services. Where applicable, data obtained through competitions.

•                         Website traffic information of login services, that is, purchase and user-generated data, password, technical data of the device used, interaction data (duration of visit, response times, access and log out methods, etc.)

Special categories of personal data (defined in Article 9(1) of the General Data Protection Regulation) are only processed in exceptional cases, for example your dietary restrictions when we offer food at an event. To process personal data in these cases, we must obtain your consent.

2.4    Purpose and legal ground for processing

We only collect personal data for purposes that are supported in the current General Data Protection Regulation. Most commonly, data are collected for processing to support the legal ground for fulfilling the agreement. Examples of purposes:

•                         to become a customer

•                         to purchase a product/service

•                         to manage customer service queries

With our legitimate interest as grounds, we process data for several purposes, such as:

•                         for marketing and profiling, that is, to communicate relevant offers to our customers

•                         for sales of our own and our partner’s offers

•                         to send newsletters

•                         to develop and improve our products and services

•                         for statistics and analyses.

Other purposes for processing personal data may have their legal ground in legal requirements, i.e. when we must fulfil a legal obligation. Examples of such purposes are processing personal data for invoicing in accordance with accounting legislation or when we inform of changed agreement terms.

You can also give consent for processing in certain cases when none of the above applies. The provision of consent is an affirmative action on your part and can be withdrawn. We will then discontinue processing your personal data for that purpose.

We do not process personal data for purposes that are inconsistent with the original purpose. More information on the purpose for which personal data are used can also be provided when the data is collected, for example, in connection with e-mail forms or in agreement terms.

3     Transfer of personal data

Under certain circumstances, we may also pass on personal data to personal data processors, partners or another third party.

The parties that may process collected personal data are:

•                         IT suppliers (i.e. Microsoft and Google (US))

•                         Web page platform (i.e. Squarespace (US))

•                         Sales partners/other partners

•                         Technical service contractors

•                         Telemarketing companies

•                         Printing and digital communications partners

•                         Media and advertising agencies

In certain cases, we may be obligated by law or authority decision to pass on personal data to e.g. the police, for crime prevention and criminal investigation.

Personal data is data may be passed on to and processed in countries outside the EU/EEA by suppliers or subcontractors. In such cases, a particular investigation is conducted to ensure that the legal conditions are fulfilled, and that technical and organisational measures have been taken to ensure that personal data are processed securely and with an adequate level of protection that is comparable to the level of security offered in the EU/EEA.

4     Personal data retrieved from other parties

We may purchase personal data from other sources, primarily to discover target groups for our offers. This processing is based on you having requested an offer or entered into an agreement with us through the source or, that you have given the source your consent to transfer data to us.

Partners may send information about you that you have provided to the partner, thereby giving consent to transferring the information to us because of your interest in becoming our customer or to obtain an offer from us.

5     Access to your personal data

Only those who need access to your personal data to perform the agreed service will be given authorisation to access and process the data.

6     Retention

We do not keep personal data for longer than necessary. When your contract is terminated and you are no longer our customer, we retain your data for 24 months. The same applies to data regarding representatives of our corporate customers.

However, certain data may be retained for longer in order to fulfil other legal requirements, such as accounting legislation that dictates that information must be retained for 7 years. There is also reason to save data for a longer period of time in the case of an ongoing investigation or dispute, even if the customer relationship has ceased.

7     Security

We take special physical, technical and organisational measures to protect the personal data that are processed to ensure that the data are not lost, destroyed, manipulated or subjected to unauthorised access. The measures aim to achieve a suitable security level with respect to available technology.

Personal data breaches are always managed in accordance with internal processes, reported to The Swedish Data Inspection Authority, where applicable, and to the individual in accordance with data protection legislation. If you suspect a personal data breach – please contact the Data Processing Officer at hello@lawofftheshelf.com.

8     Your rights

8.1    Right of access

You are entitled to receive information on the extent to which your personal data are processed by Law Off The Shelf AB. If your personal data are kept by Law Off The Shelf AB, you may request information on the categories of personal data that are processed, from where they were obtained, for what purpose they are processed, what the legal grounds are for processing and with whom data has been shared. We will send a transcript to you within 1 month from receiving the request.

8.2    Right to rectification

You have the right to request rectification of your own customer information if it is incorrect or processed contrary to applicable law.

8.3    Right to erasure

We delete your personal data when legal grounds for keeping the data no longer exist. You are entitled to immediate deletion of your personal data if any of the following apply:

•                         processing is based only on your consent, and you have revoked that the data are no longer necessary for the purposes they were processed

•                         the processing is for the purpose of direct marketing and you object to your data being used for this purpose

•                         the information has not been processed in accordance with applicable data protection legislation

•                         you object to processing after your interest is deemed to override the legitimate interest of ours

•                         deletion is required to meet a legal obligation

8.4    Right to object to automated decision-making

Law Off The Shelf does not use automated decision-making.

8.5    Right to data portability

Each individual who has personal data registered with Law Off The Shelf has the right to receive their personal data in a commonly used and machine- readable format for e.g. transfer to another party. Usage history is provided via the export to Excel function under the My Profile pages.

8.6    Right to restriction of processing

In certain cases, you have the right to demand that the processing of your personal data be restricted. For example, this applies when you have determined that your personal data is incorrect, and you have demanded correction. While the investigation is ongoing, you can demand that the processing of your personal data is restricted.

8.7    Right to object

If we processes your personal data with legitimate interest as ground, you can make objections to the processing. In order to do so, you must specify what type of processing you object to. For us to be able to continue processing this way, we must be able to show that there are legitimate reasons for processing your personal data that override your interests.

8.7.1     Marketing, newsletters and profiling

When your personal data are to be processed for the purpose of direct marketing or newsletters, it is indicated when the personal data are collected. You can, at any time, unsubscribe from receiving marketing material from us by contacting our customer service.

8.8    Right to compensation

You may have a right to compensation in certain cases, such as if our processing of your personal data has led to damages for you. Claims can be made directly to Law Off The Shelf AB.

8.9    Linking

Information on this page applies to Law Off The Shelf AB and to the www.lawofftheshelf.com web site.

Should this website contain links to other websites in or outside the Law Off The Shelf Group, the information does not generally apply to those websites. Nor does Law Off The Shelf AB take responsibility for the contents of such websites.

8.10                   Changes to the privacy policy

Should Law Off The Shelf AB make changes to the policy for managing personal data, a notification will be posted on this website. The policy may change, for example, if the legislation or application changes. If the processing of personal data has been settled in an agreement with the customer, the terms will continue to apply until they are changed as long as they do not contradict your rights according to the above or are inconsistent with law or other legally binding regulation.

8.11                   Contacts

The data controller is Law Off The Shelf AB, Swedish corporate identity number 559440-6737. The Data Protection Officer for Law Off The Shelf AB can be reached via e-mail at hello@lawofftheshelf.com.

Questions concerning our personal data processing can be put to our Data Protection Officer or via the general contact form on the website. Send requests for register entries by e-mail to: hello@lawofftheshelf.com.

8.12                   Appeals

Should you be dissatisfied with a decision following an appeal, you can turn to the Swedish supervisory authority via www.integritetsskyddsmyndigheten.se.


[1] Article 12, Universal Declaration on Human Rights, https://www.un.org/en/about-us/universal-declaration-of-human-rights