We only process personal data when we have a legal basis for doing so. We do not process personal data other than when it is necessary in order to meet our obligations in accordance with law or other statutory requirements. 

Here are a few examples of your personal data that we need to process:

• Name and surname
• Address
• E-mail address
• Phone number
• Personal ID number
• Gender
• Bank account number and other payment information

In addition to the information that you submit to us or that we collect from you based on your purchasing behaviour and how you use our services, we may also collect personal data from another source (a ‘third party’). This data may include address information taken from public records in order to ensure that we have your correct address details or, where invoicing is involved and VAT numbers checked, the correct company details.

Personal data that has to be processed may be transferred to other companies that partner with Weland AB, e.g. in respect of marketing (media agencies, etc.), payment solutions and IT services, manufacturer complaints, and direct deliveries from suppliers. In addition to this, Weland AB may be legally required to submit information to state authorities, e.g. police and the Swedish Tax Agency. We may also release personal data to companies that deal with general product transports (e.g. logistics companies). In such instances, partner companies process data as standalone personal data managers in accordance with their own policy.

Weland AB endeavours to process personal data within the EU/EEA, and to collaborate with partners and suppliers that process personal data within the EU/EEA. Where this is not possible, processing of personal data may take place outside the EU/EEA in countries considered to have an adequate level of protection as determined by the EU Commission or through the use of appropriate protection measures, e.g. standard agreement clauses, binding internal company rules, or US Privacy Shield. Irrespective of the country in which personal data is processed, we implement all reasonable technical, legal, and organisational measures in order to ensure that the level of protection is the same as that afforded within the EU/EEA.

We never keep your personal data for longer than is necessary for the relevant purpose. 

We are open and transparent about how we process your personal data. If you would like to know specific details about which items of your personal data that we process, you may request access to your file. You will receive a record extract showing the purpose, category of personal data, categories of personal data recipient, storage period, and information about from where the data in question has been collected. Upon on receipt of such a request, we will request additional information in order to ensure which data you want to see and that we release that data to the correct person.

In instances where the data is found to be inaccurate, you may request that your record is corrected. Within the framework of the specified purpose, you are also entitled to supplement any incomplete personal data.

You may request that your personal data we process is deleted if:

• The data is no longer necessary for the purposes for which it was collected or processed.
• You have withdrawn the consent on which processing is based and there is no other legal basis for processing to go ahead.
• You object to a stakeholder evaluation of legitimate interest that we have made and that this is not outweighed by any legitimate interest that Weland AB may have.
• You object to processing for direct marketing purposes.
• Personal data has been processed in an illegal manner.
• Personal data must be deleted in order to satisfy a legal obligation to which we are subject.
• Personal data has been collected from a child (below the age of 13) for whom you bear parental responsibility in connection with an offer made through services promoted through information society infrastructure, e.g. social media.

There may be reason for us to reject your request for deletion in instances where there are legal obligations that prevent us from doing so. This may be due to the fact that processing of the data in question is required in order to exercise our right to free speech and for freedom of information purposes, to satisfy a legal obligation to which we are subject, or to be able to establish, enforce, or defend legal claims.

You are entitled to request that our processing of your personal data is limited. This involves us flagging the data in question so that we only process it for certain specified purposes in the future.

You are entitled to object to processing that is based on a legitimate interest that we have if you have personal reasons for doing so. However, we may continue to process your personal data despite you having raised objections in instances where we have pressing legitimate reasons for processing that outweigh your privacy concerns.

You may object to your personal data being processed for direct marketing campaigns. Your objection may also cover the analysis of personal data (‘profiling’) carried out for direct marketing purposes. If you object to direct marketing, we will desist from processing your personal data for that purpose and stop all types of associated direct marketing efforts.

Where our right to process your personal data is contingent on you giving consent or the satisfaction of undertakings in an agreement with you, you are entitled to request to have the information you have provided us with to be transferred to another personal data manager (‘data porting’).

About cookies

A cookie is a small text file that the website you visit saves on your computer. Cookies are used on many websites in order to give a visitor access to various functions. The information contained in a cookie may be used to track a user’s browsing habits.

In accordance with the Swedish Electronic Communications Act, which came into force on
25 July 2003, all visitors to a website that uses cookies shall be notified that:

• the website contains cookies,
• what these cookies are used for, and
• how cookies can be blocked

Weland AB uses cookies. In purely technical terms, cookies are used to identify what a user does on the page, logs in, places something in their cart, etc. We also use cookies to measure traffic, to assess the effectiveness of marketing initiatives, and to further develop Weland AB. Rejecting cookies in your web browser will result in a lot of the functionality of the pages on the website being lost.

Our website uses third party system CookieBot to manage Cookies. You can find information about Cookies, your current consent, and change your consent by clicking the chain link icon in the
bottom left hand corner of the website. 

If you do not want to accept cookies, your web browser can be set so that you automatically reject storage of cookies or be informed every time a website asks to store a cookie. You can also delete previously stored cookies through your web browser. See the help pages of your browser for more information. You can read more about cookies on the PTS website (in Swedish).

We only process your personal ID number in instances where doing so is clearly justified bearing the purpose in mind, is necessary to ensure secure identification, or for any other noteworthy reason. In instances where doing so is sufficient, we use your customer number instead in order to minimise the use of your personal ID number.

Only those individuals who actually need to process your personal data in order to achieve our stated purposes have access to that data.

The Swedish Authority for Privacy Protection, which is the official supervisory authority, monitors the application of legislation. You are entitled to submit a complaint to the Authority if you believe that we are processing your personal data in an incorrect manner. 

This Personal Data Policy may be updated. The most recent version of the policy is always available on this page. Date last amended: 24-02-26.

Personal data is processed for the following purposes:

• To show relevant product recommendations.
• To send direct marketing via e-mail, SMS, social media, or other similar digital communication channels, as well as via standard post. This includes carrying out campaigns or sending offers and invitations to events to: all customers, a particular customer segment  (e.g. men/women aged 30-40 in Sweden), or to a specific customer.

The categories of personal data processed are:

• Name
• Contact details (e.g. address, e-mail, telephone number).
• Age
• Town/city of residence
• Information about how the customer uses the company’s website and other digital channels.
• Social identity
• Information about completed purchases.
• User-generated data (e.g. click and visitor history).

In order to be able to understand which type of marketing or direct marketing is to be used,
analyses are carried out on the following items of information:

• How websites and other digital channels are used (e.g. which pages and parts of pages are visited and what searches are carried out).
• Age and location.
• Results of customer satisfaction or marketing surveys.
• Ålder och bostadsort.
• Resultat från kundnöjdhets- eller marknadsundersökningar.

Legal basis: Recipients of newsletters and website visitors – legitimate interest.

Processing is necessary in order to satisfy your and our interest of being able to market our products and services.

Storage time: Data is stored for 12 months from the date of collection, and 12 months from the date of interaction via digital media (e.g. clicks in newsletters).

Unsubscribing: You can unsubscribe from receiving newsletters by clicking the link provided in the newsletter. In order to prevent statistics being collected via social media, you need to change your settings and preferences in your social media accounts. If you do not want your browsing statistics collected, block cookies in your web browser and refrain from participating in surveys on our website. If you have any questions, please get in touch with us using the contact details shown in this page. 

Personal data is processed for the following purposes:

• To communicate with competition participants.
• To communicate with participants before and after an event (e.g. confirmation of registration, questions, or evaluations).
• To be able to make identity and age checks.
• To choose winners and issue prizes.

The categories of personal data processed are:

• Name
• Personal ID number or age.
• Contact details (e.g. address, e-mail, telephone number).
• Information provided in competition submissions.
• Information provided in event evaluations.

Legal basis is legitimate interest. Communication and processing is necessary in order to satisfy your and our interest in conducting and managing competitions and events, as well as to ensure compliance with any legal requirements.

Storage time: During the period in which the competition/event runs, including any evaluation.
Maximum of 12 months.

Unsubscribing: You can unsubscribe from receiving newsletters by clicking the link provided in the newsletter. In order to prevent statistics being collected via social media, you need to change your settings and preferences in your social media accounts. If you do not want your browsing statistics collected, block cookies in your web browser and refrain from participating in surveys on our website. If you have any questions, please get in touch with us using the contact details shown in this page. 

Personal data is processed for the following purposes:

• To communicate with customers and to answer questions received by customer services and the sales department by telephone or through digital channels (including social media).
• To verify identity.
• To investigate complaints and handle support cases (including technical support).
• To arrange direct deliveries.
• To receive and address complaints.

The categories of personal data processed are:

• Name
• Contact details (e.g. address, e-mail, telephone number).
• Your correspondence
• Information about date of purchase, place of purchase, fault/complaint about the product.
• User information for My Pages, e.g. to address login problems.
• Technical information about your equipment that is required in order to provide support.
• Personal ID number

Legal basis: Legitimate interest. Processing is necessary in order to satisfy your and our interest of being able to manage customer service cases.

Storage time: Until the customer service case has been closed. Maximum of 12 months.

Unsubscribing: Contact us if you do not want your details included in our registers linked to a case. Please note, pursuant to the provisions of the Swedish Accounting Act and the Swedish Consumer Sales Act, certain documentation may need to be stored – also see paragraph pertaining to Legal Obligations below. Get in touch and we will help you with your query about what data we have saved about you.  

Personal data is processed for the following purposes:

• To be able to comply with legal obligations in accordance with the requirements of laws, judgements, or official decisions. (Examples include the Swedish Book-keeping Act, the Swedish  Money Laundering Act, or regulations pertaining to product liability and product safety, which may require the communication with and the release of information to the general public and customers concerning product alerts or recalls).

The categories of personal data that may be processed are:

• Name
• Contact details (e.g. address, e-mail, telephone number).
• Your correspondence
• Information about date of purchase, place of purchase, fault/complaint about the product.
• User details for My Pages.
• Personal ID number
• Payment information

Legal basis: Legal obligation. This collection of personal data is required by law.

Storage time: Until the purchase has been completed (including delivery and payment) and for
a period of 84 months.

Personal data is processed for the following purposes:

• To make services more user friendly, e.g. changing the user interface in order to simplify the information flow or to highlight functions that are frequently used in our digital channels.
• To produce documentation with the aim of improving our product and logistics flows, e.g. by being able to forecast procurement, stocks, and deliveries.
• To produce documentation with the aim of developing and improving our range.
• To produce documentation with the aim of developing and improving our resource efficiency from an environmental and sustainability perspective, e.g. by streamlining procurement and delivery planning.
• To produce documentation with the aim of planning the establishment of new outlets and
  warehouses.
• To give you the opportunity to influence the range of products we provide.
• To produce documentation with the aim of improving IT systems so that our visitors and
  customers can feel confident of a higher level of security.

The categories of personal data processed are:

• Purchase and user-generated data (e.g. click and visitor history).
• Age
• Town/city of residence
• Your correspondence and feedback in respect of our products and services.
• Technical data concerning units used and settings, e.g. language settings, IP address, browser settings, time zone, operating system, screen resolution, and platform.
• Information about how you interacted with the company, i.e. how services have been used, login method, where and how long various pages have been visited, response times, download errors, how services can be accessed, and when you leave the service, etc.

Legal basis: Legitimate interest. Processing is necessary in order to satisfy our and your legitimate interest in evaluating, developing, and improving our products, services, and systems.

Storage time: 12 months from the date of collection.

Personal data is processed for the following purposes:

• To investigate or prevent fraud or other breaches of law by, for example, in-store reporting.
• To prevent the sending of spam, harassment, or other actions that are forbidden.
• To protect and improve our IT ecosystem against attacks and breaches.

The categories of personal data processed are:

• Purchase and user-generated data (e.g. click and visitor history).
• Personal ID number
• CCTV video recordings.
• Data concerning units that customers use and settings, e.g. language settings, IP address,
  browser settings, time zone, operating system, screen resolution, and platform.

Legal basis: Legal obligation if such exists. Alternatively, legitimate interest (if there is no legal obligation) if processing is necessary in order to satisfy our legitimate interest in preventing misuse of a service, or to hinder, investigate, and prevent crime against the company.

Storage time: 12 months from the date of collection.

If you have any questions, enquiries, or concerns relating to the processing of your personal data and our privacy policy, please contact our Data Protection Officer:

• Questions about what items of your personal data we hold.
• Requests to correct or delete your personal data.
• Information about how we collect, use, share, and store your personal data.
• Questions about consent and how you can withdraw it.
• Any other data protection-related questions or concerns.

We endeavour to answer all queries within a reasonable time frame and in accordance with applicable data protection laws

The Chief Executive Officer of the company (CEO) is the person who bears ultimate responsibility for nsuring that the company operates in compliance with laws and regulations pertaining to data protection. The CEO has overall responsibility for creating and maintaining a culture of privacy and data protection within the company. This means that the CEO is obliged to understand and communicate the company’s privacy policy to all employees and to ensure that the necessary resources and training are available to support compliance with the policy. 

Furthermore, the CEO shall work together with the company’s Data Protection Officer or equivalent function in order to ensure that the company keeps itself informed about changes to privacy legislation and implements the necessary measures to maintain compliance with said laws and protect the personal data of customers and users.