Privacy Policy
At OnePan, we value your privacy and always strive for a high level of data protection, in accordance with the GDPR. This privacy policy explains how we collect and utilize your personal information when you visit www.onepan.se. It also outlines your rights and the process for asserting them.
It is imperative that you read and comprehend the privacy policy, understand what information we gather about you during your visit to our website, and feel secure in our handling of your personal data. You are always welcome to reach out to us if you have any questions.
Your visit to this website is subject to this privacy policy; for visitors from the UK or Ireland, the same terms and conditions apply.
1. Introduction
1.1. What is personal data and what is the processing of personal data?
Personal data is any information that can be directly or indirectly linked to a living individual. For instance, images and audio recordings processed on a computer can be considered personal data, even if no names are explicitly mentioned. Encrypted data and various forms of electronic identifiers (such as IP numbers) are classified as personal data if they can be associated with a living individual. Any action performed involving personal data constitutes processing, regardless of whether it is conducted through automated means. Common processing activities include collection, recording, organization, structuring, storage, processing, transfer, and deletion.
1.2. Who is responsible for the personal data that we collect?
OnePan AB, org. nr 559229-9761, with the address Bögatan 1, 412 72 Gothenburg, is responsible for the company's processing of personal data.
2. What does OnePan use your personal data for?
The following section explains what OnePan uses your personal data for and why.
2.1. Order Management
Inclusive of:
- Delivery (including notifications and communication related to delivery).
- Identification and age verification.
- Payment management (including analysis of potential payment solutions, which might involve checks against payment history and obtaining credit information from credit institutions or payment intermediaries).
- Address comparison with SPAR.
- Management of complaints and warranty matters.
For this purpose, we collect the following data;
- Your name
- Personal identification number
- Contact details (e.g. address, email and phone number)
- Payment history
- Payment information
- Credit reports from credit reporting agencies
- Purchase information (e.g. the specific items ordered or if the items are to be delivered to a different address)
- My Product Registration details (if you have registered)
Legal basis: Performance of the purchase contract. The processing of your personal data is necessary for us to fulfill our obligations under the purchase agreement. If the requested information is not provided, we will be unable to fulfill our obligations and, consequently, we will be compelled to decline your purchase..
Period of retention: Until the purchase has been finalized (including delivery and payment), and for a duration of 36 months thereafter, to handle potential complaints and warranty matters.
2.2. Fulfilling the Company's Legal Obligations
Necessary management to fulfill the company's legal obligations under legal requirements, judgments, or decisions by authorities, as well as regulations concerning product liability and product safety. This may involve developing communication and providing information to the public and customers about product alerts and recalls in cases such as defective or hazardous products.
For this purpose, we process the following data;
- Your name
- Personal identification number
- Contact details (e.g. address, email and phone number)
- Payment history
- Payment information
- Correspondence related to your inquiries.
- Information about the time and location of purchase, as well as any errors/complaints.
- User data for My Product Registration (if you have registered)
Legal basis: Legal obligation. The processing of your personal data is mandated by law. Failure to provide this data will prevent us from fulfilling our legal obligations, and thus, we would be compelled to deny your purchase.
Period of retention: Information is retained until the completion of the purchase (including delivery and payment), and for a duration of 36 months thereafter. Data subject to treatment in accordance with the Swedish Bookkeeping Act may be retained for up to 7 years.
2.3. Management of Customer Service Requests
This includes:
- Communication and response to customer service inquiries, conducted through phone conversations or digital platforms, including social media.
- Identification and resolution of user account-related matters.
- Examination of complaints and support issues, encompassing technical assistance.
- Addressing queries and offering guidance pertaining to purchases, products, returns, modifications to orders, and comparable topics.
For this purpose, we process the following data;
- Your name
- Personal identification number
- Contact details (e.g. address, email and phone number)
- Correspondence exchanged in the context of your inquiries.
- Purchase details (time of purchase, location of purchase, any errors or complaints).
- User data from My Product Registration (if you have registered).
Legal foundation: Legitimate interest, and in instances involving sensitive data, explicit consent. The collection of your personal data is essential to satisfy our and your justified interest in managing customer service inquiries.
Period of retention: Data will be retained for a span of 36 months following the closure of the respective customer service case.
2.4. Evaluation, Development, and Improvement of Services
This involves:
- Tracking advertisements, both online and on our website, to gauge the ads and products you've encountered. This allows us to tailor the website according to your interests and present relevant ads in the future.
- Adapting services for enhanced user-friendliness, like altering the user interface to streamline information flow or highlighting frequently used features in our digital channels.
- Customizing marketing services such as Google Search, Google Ads, Display, Video, and Facebook to align with our communication strategy. This might include excluding existing customers from Facebook or Google marketing.
- Data preparation to optimize goods and logistics management, such as forecasting purchases, stocks, and deliveries.
- Data collection for the enhancement of our product range.
- Data collection for improved environmental and sustainability efficiency, for instance, by optimizing purchasing and delivery planning.
- Data collection for planning potential new warehouses or decommissioning existing ones.
- Providing customers with the opportunity to influence and assess our product assortment.
- Establishing a foundation for IT system improvements aimed at enhancing overall company and visitor/customer security.
- Analysis of collected data for the above purposes. This involves categorizing you into a customer group (a "customer segment") based on data like purchase history, age, and gender. This analysis, conducted using de-identified or pseudonymized data, provides insights into purchasing patterns. It enables us to automatically offer tailored information, including articles, offers, and advertisements on our website that are pertinent to you, as determined by our analysis of your interests and user behavior (referred to as "profiling").
For this purpose, we process the following data;
- Name
- Age
- Gender
- E-mail address
- Place of residence
- Payment information
- Correspondence and feedback regarding our services and products
- Purchase and user-generated data (e.g. click and visit history)
- Customer satisfaction surveys and questionnaires
- Technical data related to devices used and their settings (e.g., language setting, IP address, browser settings, time zone, operating system, screen resolution, and platform).
- Information about your browsing habits and how you have interacted with us, including, among other things, your geographical location, previously visited external pages, pages visited on our site, how you have used the service, login method, response times, download errors, your interests, and how you access and exit the service, etc.
- Information about how you use our websites through "cookies". You can learn more about what cookies are and how we use them here.
Legal basis: Legitimate interest. The data is necessary to satisfy our and our customers' legitimate interest in evaluating, developing, and improving our services, products, and systems.
Period of retention: From the time of collection and for a period of 36 months thereafter.
2.5. Prevention of Misuse and Investigation of Offences
This involves:
Preventing and investigating potential fraud or other violations of the law. This encompasses thwarting activities like spamming, phishing, harassment, illegal attempts to access user accounts, or other actions prohibited by law or our terms of purchase, membership, or service. Additionally, safeguarding and enhancing our IT environment against attacks and unauthorized access.
For this purpose, we process the following data;
- Personal data
- Purchase and user-generated data (e.g. click and visit history)
- Technical data related to devices used and their configurations (such as language settings, IP address, browser preferences, time zone, operating system, screen resolution, and platform).
- Data regarding the usage of our digital services.
Legal basis: Compliance with legal obligations (if applicable) or legitimate interest. If there is no legal obligation, the data is necessary to fulfill our legitimate interest in preventing service misuse and investigating offenses against the company.
Period of retention: Data is retained from the point of collection and for a duration of 36 months thereafter.
2.6. Opt-In Management
If you decide to participate during the onepan.se My Product Registration process or at other instances when you provide personal information, the information you furnish might be employed to generate and deliver direct marketing materials to you.
Direct marketing encompasses various forms of promotional outreach, including our routine email distribution, SMS notifications, and physical mailings. These communications may encompass promotions, exclusive discounts, new product introductions, forthcoming updates, product suggestions, and other pertinent information ("Opt-In Communications").
3. From which sources does OnePan collect your personal data?
In addition to the information you provide to us or that we gather from your purchases and usage of our services, we may also obtain personal data from other sources (referred to as third parties). The types of data we gather from third parties include:
Address information retrieved from public records to ensure the accuracy of your address details. Credit rating information sourced from credit rating agencies, banks, or credit reference agencies.
4. Who has access/processes your personal data?
4.1. With whom may we share your personal data?
Data Processors. In cases where it is necessary for us to provide our services, we may share your personal data with companies that act as data processors on our behalf. A data processor is a company that processes information on our behalf and according to our instructions. We have data processors that assist us with:
1) Transportation (logistics companies and freight forwarders)
2) Payment Solutions (card processing companies, banks, and other payment service providers)
3) Marketing (print, social media, media agencies, or advertising agencies)
4) IT Services (companies that handle necessary operations, technical support, and maintenance of our IT solutions)
When your personal data is shared with data processors, it only occurs for purposes that are compatible with the purposes for which we collected the information (such as fulfilling our obligations under the purchase agreement). We assess all data processors to ensure they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all data processors, through which they ensure the security of the processed personal data and commit to adhering to our security requirements, as well as limitations and requirements concerning the international transfer of personal data.
Companies that are independent data controllers. We also share your personal data with certain companies that are independent data controllers. The fact that a company is an independent data controller means that we do not dictate how the information provided to the company should be processed. Independent data controllers with whom we share your personal data include:
1) Government authorities (police, tax authorities, HMRC, or other agencies) if required by law or in cases of suspected criminal activity.
2) Companies handling general merchandise transportation (logistics companies and freight forwarders).
3) Companies providing payment solutions (card processing companies, banks, and other payment service providers).
When your personal data is shared with an independent data controller company, their privacy policy and data handling practices apply.
Other Service Providers. Other companies and individuals may perform functions on our behalf in accordance with our privacy policy. Examples include customer support specialists, web hosting companies, data analysis firms, and email providers. Such third parties may have access to the personal information required to perform their functions but may not use it for any other purpose.
Corporate Transfers. As we continue to develop our business, we may sell certain assets. In such transactions, user information, including personal data, is typically one of the transferred business assets. By providing your personal information on onepan.se, you consent to the transfer of your data to such parties under these circumstances.
4.2. We do not share personal information with a third party without your consent
We will never share your personal information with any third party for them to market their products or services to you without your consent.
4.3. Where do we process your personal data?
We always strive to process your personal data within the EU/EEA, and all our own IT systems are located within the EU/EEA. However, in cases of system support and maintenance, we may need to transfer the information to a country outside the EU/EEA. This may occur, for instance, if we share your personal data with a data processor that is, either directly or through a subcontractor, located or stores information outside the EU/EEA. In such cases, the processor will only access information that is relevant for the purpose, such as log files.
Regardless of the country where your personal data is processed, we take all reasonable legal, technical, and organizational measures to ensure that the level of protection is equivalent to that within the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is ensured either through a decision by the EU Commission stating that the respective country ensures an adequate level of protection, or through the use of appropriate safeguards. Examples of appropriate safeguards include an approved code of conduct in the recipient country, standard contractual clauses, binding corporate rules, or Privacy Shield. If you would like to obtain a copy of the safeguards that have been implemented or information about where these are available, please feel free to contact us.
4.4. How long do we retain your personal data?
We never retain your personal data for a longer period than necessary for each respective purpose. For specific retention periods, please refer to the relevant purposes outlined above.
5. Your rights and consent
What rights do you have as registered?
Right of Access (Known as data subject access request). We are always open and transparent about how we process your personal data. If you wish to gain a deeper understanding of the specific personal data we process about you, you have the right to request access to this information. This information will be provided in the form of a data subject access request, including details about the purposes, categories of personal data, categories of recipients, retention periods, sources of data collection, and the existence of automated decision-making.
Please note that if we receive a request for access, we may ask for additional details to ensure an efficient handling of your request and that the information is provided to the correct individual.
Right to Rectification. You have the right to request correction of your personal data if the information is inaccurate. Within the context of the specified purpose, you also have the right to complete any potentially incomplete personal data.
You have the right to withdraw any consent you have provided to us at any time. For example, consent to receive newsletters.
Right to Erasure. You have the right to request the deletion of personal data we process about you if:
- The data is no longer necessary for the purposes for which it was collected or processed.
- You object to a balancing of interests we have made based on legitimate interest, and your grounds for objection outweigh our legitimate interest.
- You object to processing for direct marketing purposes.
- The personal data is being processed unlawfully.
- The personal data must be deleted to fulfill a legal obligation we are subject to.
- Personal data has been collected about a child (under 13 years old) for whom you have parental responsibility, and the collection has taken place in connection with the offer of information society services (e.g., social media).
Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations arise from accounting and tax legislation, banking and anti-money laundering legislation, as well as consumer rights legislation. It may also be the case that processing is necessary for us to establish, assert, or defend legal claims. If we are prevented from fulfilling a request for erasure, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.
Right to Restriction. You have the right to request that our processing of your personal data be restricted. If you dispute the accuracy of the personal data we process, you can request restricted processing while we verify the accuracy of the data. If we no longer need the personal data for the stated purposes, but you need them to establish, assert, or defend legal claims, you can request restricted processing of the data from us. This means you can request that we do not delete your data. If you object to a balancing of legitimate interests we have made as the legal basis for a purpose, you can request restricted processing while we assess whether our legitimate interests outweigh your interests in having the data deleted.
If processing has been restricted based on any of the situations mentioned above, we may only process the data for the purpose of establishing, asserting, or defending legal claims, protecting someone else's rights, or if you have given your consent, in addition to mere storage.
Right to Object to Certain Types of Processing. You always have the right to opt-out of direct marketing and object to any processing of personal data based on a balancing of interests.
Legitimate Interest: In cases where we use a balancing of interests as the legal basis for a purpose, you have the right to object to the processing. To continue processing your personal data after such objection, we must demonstrate compelling legitimate grounds for the specific processing that outweigh your interests, rights, or freedoms. Otherwise, we may only process the data for the purpose of establishing, exercising, or defending legal claims.
Direct Marketing (Including Profiling for Direct Marketing Purposes). You have the option to object to the processing of your personal data for direct marketing. This objection also includes the analysis of personal data (known as profiling) conducted for direct marketing purposes. Direct marketing encompasses all forms of outreach marketing activities (such as postal mail, email, and SMS). Marketing actions where you, as a customer, have actively chosen to use one of our services or otherwise approached us to learn more about our services, are not considered direct marketing (for example, product recommendations or other features and offers in My Product Registration).
If you object to direct marketing, we will cease processing your personal data for that purpose, as well as halt all forms of direct marketing actions. You can change this by using the unsubscribe link in marketing communications, or contacting customer service.
Right to Data Portability. If our right to process your personal data is based on your consent or the fulfillment of a contract with you, you have the right to request that the data concerning you and which you have provided to us be transferred to another data controller (known as data portability). A prerequisite for data portability is that the transfer is technically feasible and can be automated.
6. How does OnePan handle personal identification numbers?
We will only process your personal identification number when it is clearly justified in relation to the purpose, necessary for secure identification, or if there is another significant reason. We always strive to minimize the use of your personal identification number to the greatest extent possible by, when sufficient, using your date of birth instead.
7. How are your personal data protected?
We use IT systems to safeguard the confidentiality, integrity, and accessibility of personal data. We have implemented specific security measures to protect your personal data against unauthorized or unlawful processing, such as unauthorized access, loss, destruction, or damage. Access to your personal data is granted only to those individuals who genuinely require it to fulfill our specified purposes.
We are committed to ensuring the utmost protection of your personal data and have taken steps to ensure that appropriate security measures are in place. Your privacy and the security of your data are our top priorities. If you have any concerns or inquiries about our data protection practices or security measures, please feel free to contact us.
8. Cookies
8.1. What are cookies and how do we use them?
Cookies are a small text file consisting of letters and numbers that are sent from our web server and stored on your browser or device. We use cookies to recognize you as a returning user and customize your experience and usage of onepan.se. We use the following types of cookies:
1) Session cookies (temporary cookies that expire when you close your browser or device)
2) Persistent cookies (cookies that remain on your computer until you remove them or they expire)
3) First-party cookies (cookies set by the website you are visiting)
4) Third-party cookies (cookies set by a third-party website. We primarily use these for analytics, such as Google Analytics)
5) Similar technologies (technologies that store information in your browser or device in a way similar to cookies)
The cookies we use generally enhance the services we offer. Some of our services require cookies to function properly, while others improve the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings such as language and other details. We also use cookies to deliver relevant marketing to you.
8.2. Can you control the use of cookies yourself?
Yes! Your browser or device allows you to adjust the settings for the use and extent of cookies. Go to the settings of your browser or device to learn more about how to adjust cookie settings. Examples of adjustments you can make include blocking all cookies, accepting only first-party cookies, or deleting cookies when you close your browser. Keep in mind that some of our services may not function properly if you block or delete cookies. You can learn more about cookies in general on the Swedish Post and Telecom Authority's website, pts.se.
8.3. Additional tracking measures
We may also use IP addresses to analyze trends, administer the website, track traffic patterns, and collect demographic information for aggregated use. We may also use this information in combination with your personal information to protect against and reduce the risk of credit fraud.
When you visit this website or read one of our email messages, we may use pixel tags (also called "clear" gifs), tracking links, and/or similar technology to track some of the pages you visit on onepan.se and personalize your experience. We may also use pixel tags to determine the type of email your browser supports. We may use the information collected through pixel tags, tracking links, and similar technology in combination with your personal information.
9. Sharing the joy of food on the internet
We at OnePan are delighted when you share your passion for cooking and showcase your amazing results – and we absolutely love seeing our products in home settings! In fact, we might even ask if we can use your photos across our various channels, such as Instagram, newsletters, blogs, and on onepan.se.
If you receive a request from us to share a photo (and you're inclined to do so), you can easily respond to our request. By doing so, you'll be granting us permission to use your photo, subject to the following terms:
You certify and guarantee that you own or control the rights to the material you have submitted and that you have obtained permission from all individuals featured in the images. Additionally, you certify that you are an individual (i.e., not a company), that you are at least 18 years old or have parental consent, and that OnePan's use of your images will not infringe upon any third-party rights or violate any laws.
By this, you release OnePan from any obligation to compensate you for the use of your images and for the intellectual property rights associated with them in connection with the aforementioned uses. You hereby indemnify and agree to hold OnePan and all individuals acting on behalf of OnePan harmless from any claims, demands, and liabilities of any nature arising from the use of the images as described above. Swedish law governs these terms, with the competent courts in Stockholm having exclusive jurisdiction over any disputes that may arise from these terms.
Nordic & Other Countries: You grant ONEPan AB (a Swedish company with registration number 559229-9761) a non-exclusive, royalty-free, worldwide license to use your images at OnePan's discretion and without any obligations to you, for use in its marketing and/or advertising, including, among other things, the right to reproduce, distribute, modify, and edit your images. Additionally, you give OnePan your consent to use photos where you can be identified for marketing and/or advertising purposes, in accordance with Swedish law: the Act on Names and Images in Advertising (1978:800).
If you wish to withdraw your consent to share your images with OnePan, you must contact us by sending an email to - info@onepan.se
10. Links
This website may contain links to or from other websites. Please note that we are not responsible for the privacy practices of other websites. This privacy policy applies only to the information we collect on our website. Therefore, we encourage you to read the privacy policy of the websites you are linked to from our website or otherwise visit.
11. Correct updating of your information
We will take reasonable measures to maintain an accurate record of all personal information you have provided through this website. However, we do not assume responsibility for verifying that your personal information is current and up to date. You are responsible for keeping your information with us updated.
12. The Swedish Data Protection Authority (datainspektionen)
What does it mean that the swedish data protection authority is a supervisory authority?
The Swedish Data Protection Authority is responsible for monitoring the application of legislation, and anyone who believes that a company is handling personal data incorrectly can file a complaint with the Swedish Data Protection Authority.
13. Questions about data protection?
How to easily contact us for data protection queries?
You can always address your questions to our customer relations team at info@onepan.se.
We may make changes to our privacy policy. The latest version of the privacy policy will always be available on this website. In cases of significant updates affecting our processing of personal data (such as changes to stated purposes or categories of personal data) or updates that, while not crucial to the processing, could have a significant impact on you, you will be informed on onepan.se and via email (if you have provided an email address) well in advance before the updates take effect. When we provide information about updates, we will also explain the meaning of the updates and how they may affect you.
