Information on processing of customers’ personal data
Systembolaget Aktiebolag, reg.nr 556059-9473 (”we”, ”us” and ”our”), with address Kungsträdgårdsgatan 14, 103 84 STOCKHOLM, is the data controller of the processing of your personal data.
Personal data we process about you
We process your personal data that you provide to us when you purchase our products or use our services.
Purposes and legal basis for the processing of your personal data
For the following purposes, we process your personal data for the performance of our contract or in order to take steps at your request prior to entering into a contract:
Your personal data that you provide to us – when you place an order for products to a store or an agent, create a user account on our website or through our app, order goods through your user account, order home delivery, make a request for private import or book a beverage test – is processed for the purposes of us being able to deliver and provide our products and services to you as a customer and to perform and administer our contract with you.
For example, we process your personal data that you provide to us when you create a user account to administer your use of the website, the client relation, history (on My Pages), and to inform you about conditions that affect your use of the website and perform contracts with you, follow up deliveries or otherwise take actions that you have requested.
For the following purposes, we process your personal data to comply with a legal obligation:
Your personal identification number (or date of birth) that you provide to us when you create a user account is processed for the purpose of ensuring that the person making the customer order or requesting a private import is above 20 years in accordance with the Swedish Alcohol Act (Sw: alkohollagen) (2010:1622).
Your personal data that you provide to us in connection with a complaint of goods, repurchase, property damage and payment of compensation is processed for the purpose to comply with our legal obligations according to the Swedish Accounting Act (Sw: bokföringslagen) (1999:1078).
For the following purposes, we process your personal data based on a balance of interests between yours and our legitimate interests*:
Your e-mail address that you provide to us when you create a user account on our website or through our app may be used for the purpose of sending out forms and surveys. Your e-mail address and other personal data provided to us are not used for any marketing purposes.
For the purpose of carrying out internal analyses and surveys we create a unique CustomerID that is used together with your postal number that you provide to us when you place customer orders. The data is processed for the purpose of following up and developing our organisation (range of products, communication, health and workload) and in particular to improve our offers.
Your personal data that you provide to us when you contact our customer service, use our function “Leave a comment” (Sw: “Tyck till”) on our website or in or app, chat or through social media is processed for the purpose of improving Systembolaget’s service and to improve our customer satisfaction. We may also record your phone call when you call our customer service for the same purpose. In such case you will receive information about this before your phone call is recorded.
If you use our wireless network (Wi-Fi) when you visit our stores your IP-address and the information of your computer name are stored for the purpose of us being able to provide our Wi-Fi to you. This is in order for you to easily visit our website or use our app.
We use CCTV in our stores and recorded camera material is processed for the purpose of creating and maintaining a safe workplace for our staff, and otherwise to protect our property and persons on our premises.
*Our legitimate interest of processing your personal data is, in accordance with Announcement (2012:623) of Agreement between Systembolaget Aktiebolag and the State (Sw: tillkännagivande (2012:623) av avtal mellan Systembolaget Aktiebolag och staten), to conduct a rational business and to provide our customers with a good service. Furthermore, to ensure that Systembolaget is a good and safe workplace.
If you are obligated to provide your personal data to us
The provision of personal data to us, is neither a statutory nor a contractual requirement. You are not obliged to provide your personal data to us. However, if you do not provide your personal data to us, this may affect our ability to enter into a contract, deliver and provide our products and services to you, and subsequently administer the contractual relationship and perform our obligations towards you.
Who will receive your personal data?
Your personal data is as a general rule only processed by us. Your personal data may be shared with parties which who process personal data on behalf of us, in the capacity of data processors.
- Our system- and operation suppliers and partners have access to the receipt information that is registered in connection with: purchase of our products, personal data that you provide to us when you place an order for goods to a store or an agent, create a user account on our website or through our app, order goods through your user account, order home delivery, make a request for private import or book a beverage test, as well as personal data registered in case of damage to property.
- If you pay with card, the card information is encrypted in the payment terminal and sent directly to the acquiring bank (Swedbank Card Services AB) for authentication, approval and settlement of the card transaction and sent from there to the card issuing bank.
- We use the company Bisnode AB to control your personal identification number (or date of birth) that you provide to us when you create your user account.
- We may provide your e-mail address, which you provide to us when you create a user account on our website or in our app, to our partners which help us to carry out our surveys.
Transfer of personal data outside of EU/EEA
We as well as our suppliers and partners generally only process your personal data within the EU/EEA. If your personal data is transferred outside of the EU/EEA, the transfer is either subject to an adequacy decision by the Commission, i.e. the Commission has decided that the third country in question ensures an adequate level of protection, or appropriate safeguards, e.g. standard contractual clauses, binding corporate rules or Privacy Shield, which guarantee that your rights are enforceable and that effective legal remedies are available. If you wish to obtain a copy of the appropriate safeguards taken by us or information as to where these have been made available please contact our data protection officer.
How long will we store your personal data?
We never process your personal data for a longer period of time than permitted by applicable law, regulation, case law or authority decisions. The personal data we process for the purpose of performing our contract with you is as a general rule processed for the time necessary for us to administrate the contractual relationship, exercise our rights and perform our obligations in relation to you.
Cash register system
Your purchases, cash purchases as well as card purchases, are registered in our cash register system. If you pay by card, a masked card number is registered (only the first six and the four last digits of the card number are registered). We only store receipt information, such as time of purchase, store, amount and what goods you purchased. We are unable to identify you and your purchase based on receipt information and masked card number. Receipt information is stored, in accordance with the Swedish Accounting Act, for seven (7) years after the calendar year at which the fiscal year ended.
Customer orders, home delivery and requests for private import
Your personal data - which you provide to us when you place an order for goods to a shop or agent, purchase goods through your user account on our website or through our app, order home delivery or make a request for private import - is anonymised in our ERP system from all personal data after 30 days from when the goods was collected by you from the store or delivered home to you.
The anonymised customer order, home delivery order or private import request is stored for 13 months.
Internal analysis and surveys
A unique CustomerID is used together with your postal number for analysis. Other personal data that you have provided in connection with your order is encrypted and erased after five (5) years.
Your user account on our website or in our app
When your personal data that you provided to us when you created your user account has been verified, your personal identification number (or date of birth) will be erased from our and Bisnode AB:s system.
If you have not been logged in for a twelve-month period you will receive information regarding the automatic deletion of your user account if you do not log in within a month. You may also request the deletion of your account by contacting our customer service.
History for My Orders (part of My Pages) will be erased at your request, however, no later than 15 months after your order. History for My Bookings (part of My Pages) will be erased no later than three (3) months after the booking date.
Our function ”Leave a comment” on our website and in our app
Your e-mail address and the information you provide when you communicate your opinions about Systembolaget is erased after 13 months.
Your personal data is erased after 30 days from completed beverage test. In the event of cancellation of a paid beverage test, your personal data will be erased by us after it has been refunded or at the latest after twelve (12) months.
Wireless network (Wi-Fi)
Your IP-address and information of computer name data is erased after twelve (12) months.
CCTV in our stores
Recorded camera material from our stores is erased no later than after 60 days.
Customer service queries are erased after three (3) years from the query is closed. Phone calls recorded when you call our customer service are erased after three (3) months.
Repurchase, complaint, damage to property and payment of compensation
Day reports with attached repurchase receipts, complaint receipts, cancelled receipts, error receipts, damage to property form and form for compensation to customer, as well as information about damage to property in our cash register system are erased, in accordance with the Swedish Accounting Act, seven (7) years after the calendar year at which the fiscal year ended.
Signature receipts that are 18 months or older are shredded monthly in document shredders.
In accordance with applicable data protection legislation, you have a right to obtain information from us regarding the personal data that we process about you and a right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
You also have a right under certain conditions, to request the erasure or restriction of personal data concerning you or to object to our processing. Additionally, you have the right under certain conditions to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller (data portability).
If you have any complaints regarding our processing of your personal data, you have a right to lodge a complaint to the Swedish Data Protection Authority or other competent supervisory authority monitoring companies processing of personal data.
If you wish to exercise your rights as above or wish to get in contact with us by reason of our processing of your personal data, you can do this by contacting our data protection officer by telephone 08 - 503 300 00 (Switchboard) or by e-mail firstname.lastname@example.org.
This information on processing of personal data was established by Systembolaget AB on the 25 May 2018.