Categoriesofpersonaldataand processing purposes
You may useour website or appwithout providing any personal data about you. In this case,Essitywill collect only the followingmetadata that result from your usage:
Referral page, data and time of access, data volume transmitted, status of transmission, type of webbrowser, IP-address, operating system and interface,languageand version of browser software.
Your IP-address will be used to enable your access toour website or app. Once the IP-address is no longer necessary for this purpose, we will shorten your IP-address by removing the last octet of your IP-address. The metadata, including the shortened IP-address will be used to improve the quality and services ofour website or appby analyzing the usage behavior of our users.
If you create an account on/inour website or app,youmay beasked to providepersonal dataabout you, for example: Name, postal address, email address, selected password, telephone number,bank account details, credit card details, invoicing and delivery address, interests in certain products/services (voluntary), request to receive marketing emails (voluntary).Essityprocessessuch personal data for purposes of providingour servicestoyou, to provide you with marketing materials to the extent permitted by applicable law, and to analyze your interests for marketing purposes.
If you order a product viaour website or app,Essitycollects and processes the following personal data about you:Your account data,type and amount of product, purchase price, order date, order status,product returns, customer care requests.Essityprocesses such personal data for purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending,establishing,and exercising legal claims,and tailoredmarketing.
If you participate in a sweepstake,Essitycollects and processes the following personal data about you: Name, postal address, email address, date of entry, selection as winner, prize, answer to quiz.Essityprocesses such personal data for purposes of carrying out the sweepstake, informing the winner, delivering the price to the winner,carrying out the event,and marketing.
Health Data:By orderingsomeproducts,Essitymaycollect and process also information about health conditions as implied by product order. Health data are sensitive data within the meaning of the GDPR andEssityis taking all necessary steps to protect such sensitive data as legally required. Subject to consent,Essitycollects and processes healthdata solely for the purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending,establishing,and exercising legal claims, and tailored marketing.
Essitymayengageexternal service providers,who actas a data processorofEssity,to provide certain services toEssity, such as website service providers, marketing service providersorIT support service providers. When providing such services, the external service providers may have access to and/ormay process your personal data.
We request those externalservice providers to implement and apply security safeguards to ensure the privacy and security of your personal data.
Essitymay transfer - in compliance with applicable data protection law -personaldata tolaw enforcement agencies, governmentalauthorities, legal counsel, external consultants, or business partners. In case of a corporate mergeroracquisition, personal data may be transferred to the third parties being involve in the mergeroracquisition.
The Personal Data that we collect or receive about you may be transferred to and processed byrecipientswhich are located inside or outside the European Economic Area ("EEA"). The countries includethose listed athttp://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htmwhich provide an adequate level of data protection from a European data protection law perspective.Other recipients mightbe located inother countrieswhich do not adducean adequate level ofprotectionfrom a European data protection law perspective.Essitywill take all necessary measures to ensure that transfers out of the EEAare adequately protected as required by applicable data protection law.With respect to transfers to countries not providing an adequate level of data protection, we base the transfer onappropriate safeguards, such asstandard data protection clauses adopted by the European Commissionor by a supervisory authority,approved code of conducts together with binding and enforceable commitments of the recipient, orapproved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy ofthesuchappropriate safeguardsby contactingus as set outin Sec.7(Contact us)below.
Legal basis for the processing
We may carry out the processing of yourpersonaldata on the following legal basis:
The processing is necessary for the performance of a contract to which you are a party ortotake steps at your request prior toentering acontract;
The processing is necessary for compliance with a legal obligation to which we are subjectto;
The processing is necessarytoprotect your vital interests of you or of another naturalperson;
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested inus;
Theprocessing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data, in particular if you are achild;
We may carry out the processing of your sensitive personal data on the following legal basis:
The processing is necessary for the purposes of carrying out the obligations and exercising specific rights ofEssityor of the data subject in the field of employment and social security and social protectionlaw;
The processing relates to personal data which are manifestly made public by the datasubject;
The processing is necessary for the establishment, exercise ordefenseof legal claims or whenever courts are acting in their judicialcapacity;
The provision of yourpersonaldataisrequiredbya statutory or contractual obligation, ornecessary toenter intoa contract with us or to receive our services/products as requested by you, orsimplyvoluntary for you.
Not providing yourpersonaldata may result in disadvantages for you,e.g.you may not be able toreceive certain products and services.However, unless otherwisespecified, not providing yourpersonaldata will not result in legal consequences for you.
What rights do you have and how can you assert your rights?
If you have declared your consent regarding certain collecting, processing and use of your personal data, you canrevokethis consent at any time with future effect. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.
Pursuant to the applicabledata protectionlaw youhave the right (i) to request access to your personal data, (ii) to request rectification of your personal data, (iii) to request erasure of your personal data, (iv) to request restriction of processing of your personal data, (v)to request data portability, (vi)to object to the processing of your personalData(including objection to profiling), and (vii) to object to automated decision making (including profiling).
To exercise your rights please contact us as stated under Sec. 7 (Contact us) below.
In case ofcomplaintsyou also have the right to lodge a complaint with the competent data protection supervisory authority.
Cookiesand other tracking technologies
How long do we keep your Personal Data?
Yourpersonaldata will be retainedas long asnecessary to provide you with the services and products requested. Onceour relationship has come to an end,we will either delete your personal data or anonymize yourpersonaldata, unless statutory retention requirements apply (such as for taxation purposes).We may retain your contact details and interests in our products or services for a long period of time ifEssityis allowed to send you marketing materials. Also, wemay be required by applicable law to retain certain of yourpersonaldata for a period of 10 years after the relevant taxation year. We may also retain yourpersonaldata after the termination of the contractual relationship if yourpersonaldata are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on aneed to knowbasis only. To the extent possible, we will restrict the processing of yourpersonaldata for such limited purposes after the termination of the contractual relationship.
EssityAktiebolag(publ),Compliance&EthicsTeam, P.O. Box 200, SE-101 23 Stockholm, Sweden