Personal data refers to any kind of information that may relate directly or indirectly to a living natural person. Images and sound recordings that are processed in a computer can also be personal data even though no name is mentioned. Encrypted data and different kinds of electronic identities (e.g. IP number) are personal data if they can be associated with natural persons.
Personal data processing is everything that happens to personal data. All action that is taken in regard to personal data constitutes processing, whether or not this is done in an automated way. Examples of common types of processing are collection, registration, organisation, structuring, storage, transfer and deletion.
Miss Mary of Sweden OÜ, Corporate Identity Number 10194063, based at Mahtra 30C, Tallinn City, Harju County, Estonia, is the personal data controller for the company’s processing of personal data.
To implement and manage participation in contests and/or events.
To be able to evaluate, develop and improve our services, products and systems for our customers.
screen resolution and platform).
To be able to prevent misuse of a service, or to hinder, prevent and investigate breaches against the company.
To be able to manage your customer profile and to create My Pages, and to be able to provide a personally tailored experience of our services.
screen resolution and platform).
From what sources do we collect your personal data?
Apart from the data you provide to us yourself or that we collect from you on the basis of your purchases and use of our services, we may also collect personal data from someone else (a so-called third party). The data we collect from third parties are address details from public registers, for us to be sure we have the correct address details for you.
If it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called personal data processors for us. A personal data processor is a company that processes information on our behalf and in accordance with our instructions. We have personal data processors who help us with:
When your personal data are shared with personal data processors, this only happens for the purposes that are consistent with the purposes for which we have collected the information (e.g. to enable us to fulfil our obligations under the purchase agreement or user agreement for My Pages). We check all personal data processors to ensure that they are able to provide sufficient guarantees in respect of the security and confidentiality of personal data. We have written agreements with all personal data processors, through which they guarantee the security of the personal data processed and undertake to fulfil our requirements for security, as well as restrictions and requirements pertaining to the transfer of personal data.
We also share personal data with certain companies that are independent personal data controllers. The fact that the company is an independent personal data controller means that we are not the party who controls how the information that is provided to the company should be processed. Independent personal data controllers that we share your personal data with are:
We always endeavour to ensure that your personal data are processed within the EU/EEA and all of our own IT systems are located within the EU/EEA. We may be forced, however, to transfer information to a country outside the EU/EEA for system support and maintenance, for example, if we share your personal data with a personal data processor that is established or stores information, either itself or through a subcontractor, in a country outside the EU/EEA. In such cases, the processor may only have sight of the information that is relevant for the purpose.
Regardless of what country your personal data are processed in, we take all reasonable legal, technical and organisational measures to ensure that the level of protection is the same as that within the EU/EEA.
If personal data are processed outside the EU/EEA, the level of protection is guaranteed either by a decision of the EU Commission that the country in question ensures an adequate level of protection or through the use of so-called suitable protection measures. Examples of suitable protection measures are an approved code of conduct in the recipient country, EU standard contractual clauses, binding internal corporate regulations or a privacy shield. If you would like a copy of the protection measures that have been taken or information on where these have been made available, you are welcome to contact us.
How long do we store your personal data?
We never store your personal data for longer than is necessary for the respective purposes. See more on specific storage periods under the respective purposes.
We are always open and transparent about our processing of your personal data, and if you would like a deeper insight into what personal data we process about you, you may request to be given access to the data (the information is provided in the form of a register excerpt containing details of the purposes, categories of personal data, categories of recipients, storage periods, information on where the data has been collected from and the existence of automated decision-making).
Bear in mind that if we receive a request for a register excerpt, we may ask for additional information to ensure efficient management of your request and to ensure that the data is provided to the correct person.
You may request that your personal data be corrected if they are erroneous in any way. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data.
Remember that if you have access to My Pages at Miss Mary, you can change some details directly via My Pages.
You may request the erasure of personal data we process about you if:
Please bear in mind that we have the right to deny your request if there are legal obligations that prevent us from immediately erasing certain personal data. These obligations derive from accounting and tax legislation, banking and money laundering legislation, as well as from consumer rights law. It may also be the case that processing is necessary for us to determine, enforce or defend legal claims. If we are prevented from meeting a request for erasure, we will instead block personal data from being used for purposes other than that which prevents the requested erasure.
You have the right to request that our processing of your personal data be restricted. If you contest the accuracy of the personal data we process, you may request a restricted processing for the time we need to check whether the personal data are correct. If we no longer need the personal data for the purposes determined, but you on the other hand need them to be able to determine, enforce or defend a legal claim, you may request restricted processing of your personal data with us. This means that you may request that we do not erase your data.
If you have objected to a balance of interests that we have made in respect of the legitimate interest as a legal basis for a purpose, you may request restricted processing for the time we need to check whether our legitimate interest outweighs your interest in having the data erased.
If the processing is restricted according to one of the situations described above, we may only process the data, in addition to storing them, to be able to determine, enforce or defend a legal claim, to protect another person’s rights, or if you have given your consent to this.
You always have the right to opt out of direct marketing and to object to all processing of personal data that is based on a balance of interests.
Legitimate interest: In cases where we use a balance of interests as the legal basis for a purpose, you have the opportunity to object to the processing. To be able to continue processing your personal data after such an objection, we need to show that we have a compelling legitimate reason for the current processing that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to determine, enforce or defend a legal claim.
You have the option of objecting to your personal data being processed for direct marketing purposes. The objection also covers the analyses of personal data (so-called profiling) that are made for direct marketing purposes. Direct marketing refers to all types of out-reach marketing measures (e.g. via post, e-mail and SMS). Marketing measures where you as the customer have actively opted to use our services or otherwise sought us out to learn more about our services are not counted as direct marketing (e.g. product recommendations or other functions and offers on My Pages).
If you object to direct marketing, we will cease the processing of your personal data for that purpose and also cease all types of direct marketing activity.
Remember that you always have the opportunity to influence which channels should be used for mailings and personal offers. For example, you can choose only to receive offers from us by e-mail, but not catalogues. In such case, you should not object to the personal data processing as such, but instead restrict our channels of communication (by changing the settings on My Pages or contacting customer service).
If our right to process your personal data is based on either your consent or the fulfilment of an agreement with you, you have the right to request to have the information that concerns you and that you have provided to us transferred to another personal data controller (so-called data portability). A prerequisite for data portability is that the transferral is technically possible and can be made automatically.
We will only process your date of birth if there is a clear reason to do so with respect to the purpose that is necessary for secure identification, or if there is another significant reason. We always minimise the use of your date of birth as far as possible.
Cookies are small text files consisting of letters and digits that are sent from our web server and saved on your web browser or computer. At Miss Mary, we use the following cookies:
Yes! Your web browser or computer allows you to change the settings for the use and extent of cookies. Go to the settings for your web browser or computer to learn more about how to adjust the settings for cookies. Examples of adjustments you can make are blocking of all cookies, accepting first-party cookies only, or erasing cookies when you close down your web browser. Bear in mind that some of our services are not likely to function if you block or erase cookies. You can read more about cookies in general on the Swedish Post and Telecommunications Authority’s website, pts.se.
We use IT systems to protect confidentiality, privacy and access to personal data. We have taken special security measures to protect your personal data against illegal or unauthorised processing (such as illegal access, loss, destruction or damage). Only those people who actually need to process your personal data to fulfil our specified purposes have access to them.
Since we take data protection very seriously, we have dedicated members of staff in customer service dealing with this particular issue, and you can reach us at any time at firstname.lastname@example.org. If you feel that our staff are unable to help you or that we are processing your personal data improperly, you may lodge a complaint with the Swedish Data Protection Authority.