Privacy Policy

At OnePan, we value your privacy and always strive for a high level of data protection, in accordance with GDPR. This privacy policy explains how we collect and use your personal information when you visit www.onepan.se. It also describes your rights and the process for asserting them.

It is necessary that you read the privacy policy, understand what information we collect about you during your visit to our website, and feel confident in our handling of your personal data. You are always welcome to contact us if you have any questions.

This privacy policy applies to your visit to our website; www.onepan.se.

1. Introduction

 

1.1. What is personal data and what is processing of personal data?

 

Personal data is any information that can directly or indirectly be linked to a living individual. For example, images and audio recordings processed on a computer can be considered personal data, even if no names are explicitly mentioned. Encrypted data and various forms of electronic identifiers (such as IP numbers) are classified as personal data if they can be linked to a living individual. Any action performed with personal data constitutes processing, regardless of whether it is done automatically. Common processing activities include collection, recording, organization, structuring, storage, processing, transfer, and deletion.

 

1.2. Who is responsible for the personal data we collect?

 

OnePan AB, org. no. 559229-9761, with address Bögatan 1, 412 72 Gothenburg, is responsible for the company's processing of personal data.

 

 

2. What does OnePan use your personal data for?

 

The following sections explain what OnePan uses your personal data for and why.

 

2.1. Order management 

 

Including:

• Delivery (including notifications and communication related to delivery).

• Identification and age verification.

• Payment processing (including analysis of potential payment solutions, which may involve checks against payment history and obtaining credit information from credit institutions or payment service providers).

• Address comparison with SPAR.

• Handling of complaints and warranty cases.

 

For this purpose, we collect the following data;

• Your name

• Personal identification number

• Contact details (e.g., address, email, and phone number)

• Payment history

• Payment information

• Credit reports from credit reporting agencies

• Purchase information (e.g., the specific goods ordered or if the goods are to be delivered to a different address)

• User data My Product Registration (if you have registered)

 

Legal basis: Performance of the purchase contract. Processing of your personal data is necessary for us to fulfill our obligations under the purchase agreement. If the requested information is not provided, we will not be able to fulfill our obligations and consequently will have to refuse your purchase.

 

Storage period: Until the purchase has been completed (including delivery and payment), and for a duration of 36 months thereafter, to handle potential complaints and warranty matters.

 

2.2. Fulfilling the company’s legal obligations

 

Necessary guidance to fulfill the company’s legal obligations under statutory requirements, judgments, or authority decisions, as well as regulations on product liability and product safety. This may involve developing communication and providing information to the public and customers about product warnings and recalls in cases of defective or dangerous products.

 

For this purpose, we process the following data;

• Your name

• Personal identification number

• Contact details (e.g., address, email, and phone number)

• Payment history

• Payment information

• Correspondence related to your inquiries.

• Information about the time and place of purchase as well as any faults/complaints.

• User data for My Product Registration (if you have registered)

 

Legal basis: Legal obligation. Processing of your personal data is mandatory by law. Failure to provide this information will prevent us from fulfilling our legal obligations, and therefore we would have to refuse your purchase.

 

Storage period: Information is retained until the purchase is completed (including delivery and payment), and for a duration of 36 months thereafter. Data subject to processing under the Accounting Act may be preserved for up to 7 years.

 

2.3. Handling of customer service inquiries

 

This includes:

• Communication and responses to customer service inquiries conducted via phone calls or digital platforms, including social media. 

• Identification and resolution of user account-related matters.

• Review of complaints and support issues, including technical assistance.

• Address questions and provide guidance regarding purchases, products, returns, order changes, and comparable topics.

 

For this purpose, we process the following data;

• Your name

• Personal identification number

• Contact details (e.g., address, email, and phone number)

• Correspondence exchanged in connection with your inquiries.

• Purchase information (purchase time, place of purchase, any defects or complaints).

• User data from My Product Registration (if you have registered).

 

Legal basis: Legitimate interest, and in cases involving sensitive data, explicit consent. The collection of your personal data is essential to meet our and your legitimate interest in handling customer service inquiries.

 

Storage period: Data will be stored for 36 months after the respective customer service case has been closed.

 

2.4. Evaluation, development, and improvement of services

 

This involves:

• Track advertisements, both online and on our website, to measure the ads and products you have encountered. This allows us to tailor the website to your interests and present relevant ads in the future.

• Customize services for increased user-friendliness, such as changing the user interface to streamline information flow or highlight frequently used features in our digital channels.

• Customize marketing services like Google Search, Google Ads, Display, Video, and Facebook to fit our communication strategy. This may include excluding existing customers from Facebook or Google's marketing.

• Data preparation to optimize goods and logistics management, such as forecasting purchases, inventory, and deliveries.

• Data collection to improve our product range.

• Data collection for improved environmental and sustainability efficiency, for example by optimizing purchasing and delivery planning.

• Data collection for planning potential new warehouses or phasing out existing ones.

• Enable customers to influence and assess our product range.

• Establish a basis for IT system improvements aimed at enhancing overall company and visitor/customer security.

• Analysis of collected data for the above purposes. This involves categorizing you into a customer group (a "customer segment") based on data such as purchase history, age, and gender. This analysis, performed with anonymized or pseudonymized data, provides insights into purchasing patterns. It enables us to automatically offer tailored information, including articles, offers, and advertisements on our website that are relevant to you, according to our analysis of your interests and usage behavior (called "profiling").

 

For this purpose, we process the following data;

• Name

• Age

• Gender

• Email address

• Place of residence

• Payment information

• Correspondence and feedback regarding our services and products

• Purchase and user-generated data (e.g., click and visit history)

• Customer satisfaction surveys and questionnaires

• Technical data related to devices used and their settings (e.g., language setting, IP address, browser settings, time zone, operating system, screen resolution, and platform).

• Information about your browsing habits and how you have interacted with us, including among other things your geographic location, previously visited external pages, pages visited on our site, how you have used the service, login method, response times, download errors, your interests, and how you access and terminate the service, etc.

• Information about how you use our websites through "cookies." You can learn more about what cookies are and how we use them here.

 

Legal basis: Legitimate interest. The data is necessary to meet our and our customers' legitimate interest in evaluating, developing, and improving our services, products, and systems.

 

Storage period: From the time of collection and for a period of 36 months thereafter.

 

2.5. Abuse prevention and crime investigation

 

This involves:

Prevent and investigate potential fraud or other legal violations. This includes counteracting activities such as spam, phishing, harassment, illegal attempts to access user accounts, or other actions prohibited by law or our terms of purchase, membership, or services. Additionally, we protect and enhance our IT environment against attacks and unauthorized access.

For this purpose, we process the following data;

• Personal information

• Purchase and user-generated data (e.g., click and visit history)

• Technical data related to devices used and their configurations (such as language settings, IP address, browser settings, time zone, operating system, screen resolution, and platform).

• Data about the use of our digital services.

 

Legal basis: Compliance with legal obligations (if applicable) or legitimate interest. If there is no legal obligation, the data is necessary to fulfill our legitimate interest in preventing service abuse and investigating offenses against the company.

 

Storage period: Data is retained from the point of collection and for a duration of 36 months thereafter.

 

2.6. Opt-in management

 

If you choose to participate on onepan.se (My Product Registration) or at other times when you provide personal information, the information you provide may be used to generate and deliver direct marketing materials to you.

 

Direct marketing includes various forms of advertising, including our routine email distribution, SMS notifications, and physical mailings. These messages may include campaigns, exclusive discounts, new product introductions, upcoming updates, product suggestions, and other relevant information ("Opt-In Communications").

 

 

3. From which sources does OnePan collect your personal data?

 

In addition to the information you provide to us or that we collect from your purchases and use of our services, we may also obtain personal data from other sources (called third parties). The types of data we collect from third parties include:

 

Address information obtained from public records to ensure the accuracy of your address details. Credit rating information obtained from credit rating agencies, banks, or credit reporting companies.

 

 

4. Who has access to/processes your personal data?

 

4.1. Who can we share your personal data with?

 

Data processors. When it is necessary for us to provide our services, we may share your personal data with companies acting as data processors on our behalf. A data processor is a company that processes information on our behalf and according to our instructions. We have data processors who assist us with:

1) Transport (logistics companies and freight forwarders)

2) Payment solutions (card management companies, banks, and other payment service providers)

3) Marketing (print, social media, media agencies, or advertising agencies)

4) IT services (companies managing necessary operation, technical support, and maintenance of our IT solutions)

 

When your personal data is shared with data processors, it is only for purposes consistent with the reasons for which we collected the information (such as fulfilling our obligations under the purchase agreement). We assess all data processors to ensure they can provide adequate guarantees regarding the security and confidentiality of personal data. We have written agreements with all data processors, through which they ensure the security of the processed personal data and commit to complying with our security requirements, as well as restrictions and requirements regarding international transfer of personal data.

 

Companies that are independent data controllers. We also share your personal data with certain companies that are independent data controllers. Being an independent data controller means that we do not dictate how the information provided to the company should be processed. Independent data controllers with whom we share your personal data include:

1) Government authorities (police, tax authorities, HMRC, or other agencies) if required by law or in cases of suspected criminal activity.

2) Companies handling general goods transportation (logistics companies and freight forwarders).

3) Companies providing payment solutions (card management companies, banks, and other payment service providers).

 

When your personal data is shared with an independent data controller company, their privacy policy and data handling practices apply.

 

Other service providers. Other companies and individuals may perform functions on our behalf in accordance with our privacy policy. Examples include customer support specialists, web hosting companies, data analytics firms, and email providers. Such third parties may have access to the personal information necessary to perform their functions but are not permitted to use it for any other purpose.

 

Corporate transfers. As we continue to develop our business, we may sell certain assets. In such transactions, user information, including personal data, is usually one of the transferred business assets. By providing your personal data on onepan.se, you consent to the transfer of your data to such parties under these circumstances.

 

4.2. We do not share personal information with third parties without your consent

 

We will never share your personal information with any third party for them to market their products or services to you without your consent.

 

4.3. Where do we process your personal data?

 

We always strive to process your personal data within the EU/EEA, and all our own IT systems are located within the EU/EEA. However, in cases of system support and maintenance, we may need to transfer the information to a country outside the EU/EEA. This can occur, for example, if we share your personal data with a data processor who either directly or through a subcontractor is located or stores information outside the EU/EEA. In such cases, the processor will only access information relevant to the purpose, such as log files.

 

Regardless of the country in which your personal data is processed, we take all reasonable legal, technical, and organizational measures to ensure that the level of protection is equivalent to that within the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is ensured either through a decision by the EU Commission stating that the respective country ensures an adequate level of protection, or through the use of appropriate safeguards. Examples of appropriate safeguards include an approved code of conduct in the recipient country, standard contractual clauses, binding corporate rules, or Privacy Shield. If you want to obtain a copy of the security measures that have been implemented or information about where these are available, you are welcome to contact us.

 

4.4. How long do we retain your personal data?

We never retain your personal data for longer than necessary for the respective purpose. For specific storage periods, see the relevant purposes described above.

 

 

5. Your rights and consent 

 

What rights do you have as a registered individual?

 

Right of access (Known as a request for access to the registered). We are always open and transparent about how we process your personal data. If you want to gain a deeper understanding of the specific personal data we process about you, you have the right to request access to this information. This information will be provided in the form of a request for access to the registered, including information about the purposes, categories of personal data, categories of recipients, storage periods, sources of data collection, and the existence of automated decision-making.

 

Please note that if we receive a request for access, we may ask for additional information to ensure effective handling of your request and that the information is provided to the correct person. 

 

Right to rectification. You have the right to request correction of your personal data if the information is incorrect. Within the specified purpose, you also have the right to supplement any incomplete personal data.

 

You have the right to withdraw your consent given to us at any time. For example, consent to receive newsletters.

 

Right to erasure. You have the right to request deletion of personal data we process about you if:

• The data is no longer necessary for the purposes for which it was collected or processed.

• You object to a balancing of interests we have made based on legitimate interest, and your reasons for objection outweigh our legitimate interest.

• You object to processing for direct marketing purposes.

• The personal data is being processed unlawfully.

• The personal data must be deleted to comply with a legal obligation to which we are subject.

• Personal data has been collected about a child (under 13 years) for whom you have parental responsibility, and the collection has taken place in connection with the provision of information society services (e.g., social media).

 

Please note that we may have the right to refuse your request if there are legal obligations preventing us from immediately deleting certain personal data. These obligations arise from accounting and tax legislation, banking and anti-money laundering legislation, as well as consumer rights legislation. It may also be that the processing is necessary for us to establish, assert, or defend legal claims. If we are prevented from fulfilling a deletion request, we will instead block the personal data from being used for purposes other than those preventing the requested deletion.

 

Right to restriction. You have the right to request that our processing of your personal data be restricted. If you dispute the accuracy of the personal data we process, you can request restricted processing while we verify the accuracy of the data. If we no longer need the personal data for the specified purposes, but you need them to establish, assert, or defend legal claims, you can request restricted processing of the data from us. This means you can request that we do not delete your data. If you object to a balancing of legitimate interests that we have made as a legal basis for a purpose, you can request restricted processing while we assess whether our legitimate interests outweigh your interests in having the data deleted.

 

If processing has been restricted based on any of the situations mentioned above, we may only process the data for the purpose of establishing, asserting, or defending legal claims, protecting someone else's rights, or if you have given your consent, other than just storage.

 

Right to object to certain types of processing. You always have the right to opt out of direct marketing and object to all processing of personal data based on a balancing of interests.

 

Legitimate interest: In cases where we use a balancing of interests as the legal basis for a purpose, you have the right to object to the processing. To continue processing your personal data after such an objection, we must demonstrate compelling legitimate grounds for the specific processing that override your interests, rights, or freedoms. Otherwise, we may only process the data for the purpose of establishing, exercising, or defending legal claims.

 

Direct marketing (including profiling for direct marketing purposes). You have the option to object to the processing of your personal data for direct marketing. This objection also includes analysis of personal data (known as profiling) carried out for direct marketing purposes. Direct marketing includes all forms of outreach marketing activities (such as mail, email, and SMS). Marketing activities where you as a customer have actively chosen to use any of our services or otherwise contacted us to learn more about our services are not considered direct marketing (for example, product recommendations or other features and offers in My Product Registration).

 

If you object to direct marketing, we will cease processing your personal data for that purpose and stop all forms of direct marketing activities. You can change this by using the unsubscribe link in marketing communications or by contacting customer service.

 

Right to data portability. If our right to process your personal data is based on your consent or the performance of a contract with you, you have the right to request that the data concerning you and that you have provided to us be transferred to another data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically feasible and can be automated.

 

 

 6. How does OnePan handle personal identification numbers?

 

We will only process your personal identification number when it is clearly justified in relation to the purpose, necessary for secure identification, or if there is another significant reason. We always strive to minimize the use of your personal identification number as much as possible by, when sufficient, instead using your date of birth.

 

 

7. How are your personal data protected?

 

We use IT systems to protect the confidentiality, integrity, and availability of personal data. We have implemented specific security measures to protect your personal data against unauthorized or unlawful processing, such as unauthorized access, loss, destruction, or damage. Access to your personal data is granted only to individuals who genuinely require it to fulfill our specified purposes.

We are committed to ensuring the best possible protection for your personal data and have taken measures to ensure that appropriate security measures are in place. Your privacy and the security of your data are our highest priorities. If you have any concerns or questions about our data protection practices or security measures, you are welcome to contact us.

 

 

8. Cookies

 

8.1. What are cookies and how do we use them?

 

Cookies are a small text file consisting of letters and numbers sent from our web server and stored in your browser or device. We use cookies to recognize you as a returning user and customize your experience and use of onepan.se. We use the following types of cookies:

1) Session cookies (temporary cookies that expire when you close your browser or device)

2) Persistent cookies (cookies that remain on your computer until you delete them or they expire)

3) First-party cookies (cookies set by the website you visit)

4) Third-party cookies (cookies set by a third-party website. We mainly use these for analytics, such as Google Analytics)

5) Similar technologies (technologies that store information in your browser or device in a way similar to cookies)

 

The cookies we use generally improve the services we offer. Some of our services require cookies to function properly, while others enhance the services for you. We use cookies for overall analytical information about your use of our services and to save functional settings such as language and other details. We also use cookies to deliver relevant marketing to you.

 

8.2. Can you control the use of cookies yourself?

 

Yes! Your browser or device allows you to adjust the settings for the use and scope of cookies. Go to the settings of your browser or device to learn more about how to adjust cookie settings. Examples of adjustments you can make include blocking all cookies, accepting only first-party cookies, or deleting cookies when you close your browser. Keep in mind that some of our services may not function properly if you block or delete cookies. You can learn more about cookies in general on the Swedish Post and Telecom Authority's website, pts.se. 

 

8.3. Additional tracking measures

 

We may also use IP addresses to analyze trends, administer the website, track traffic patterns, and collect demographic information for aggregated use. We may also use this information in combination with your personal information to protect against and reduce the risk of credit fraud.

 

When you visit this website or read one of our emails, we may use pixel tags (also called "clear" gifs), tracking links, and/or similar technology to track some of the pages you visit on onepan.se and customize your experience. We may also use pixel tags to determine what type of email your browser supports. We may use the information collected through pixel tags, tracking links, and similar technology in combination with your personal information.

 

 

9. Share the joy of food on the internet

 

At OnePan, we are happy when you share your passion for cooking and showcase your amazing results – and we truly love seeing our products in home settings! In fact, we might even ask if we can use your images on our various channels, such as Instagram, newsletters, TikTok, and on onepan.se.

 

If you receive a request from us to share a photo (and you are inclined to do so), you can easily respond to our request. By doing so, you grant us permission to use your photo, subject to the following conditions:

 

You certify and warrant that you own or control the rights to the material you have submitted and that you have obtained permission from all persons shown in the images. Furthermore, you certify that you are an individual (i.e., not a company), that you are at least 18 years old or have parental consent, and that OnePan's use of your images will not infringe on third-party rights or violate any laws.

 

By doing this, you release OnePan from any obligation to compensate you for the use of your images and the intellectual property rights associated with them in connection with the aforementioned uses. You hereby indemnify and agree to hold OnePan and all individuals acting on behalf of OnePan harmless from any claims, demands, and liabilities of any kind arising from the use of the images as described above. Swedish law governs these terms, with the competent courts in Stockholm having exclusive jurisdiction over any disputes that may arise from these terms.

 

Nordic and other countries: You grant OnePan AB (a Swedish company with registration number 559229-9761) a non-exclusive, royalty-free, worldwide license to use your images at OnePan's discretion and without any obligations to you, for use in its marketing and/or advertising, including among other things the right to reproduce, distribute, modify, and edit your images. Additionally, you give OnePan your consent to use images where you can be identified for marketing and/or advertising purposes, in accordance with Swedish law: the Act on Names and Images in Advertising (1978:800).

 

If you want to withdraw your consent to share your images with OnePan, you must contact us by sending an email to - info@onepan.se

 

 

10. Links

 

This website may contain links to or from other websites. Please note that we are not responsible for the privacy practices of other websites. This privacy policy applies only to the information we collect on our website. Therefore, we encourage you to read the privacy policies of the websites you are linked to from our website or otherwise visit.

11. Correct updating of your information 

 

We will take reasonable measures to maintain an accurate record of all personal information you have provided through this website. However, we do not take responsibility for verifying that your personal information is current and updated. You are responsible for keeping your information with us up to date.

12. The Swedish Data Protection Authority (datainspektionen)

 

What does it mean that the Swedish Data Protection Authority is a supervisory authority? 

 

The Data Inspection Board is responsible for monitoring the application of the legislation, and anyone who believes that a company is handling personal data incorrectly can file a complaint with the Data Inspection Board.

 

 

13. Questions about data protection?

 

How to easily contact us for data protection questions?

 

You can always direct your questions to our customer relations team at info@onepan.se.

 

We may make changes to our privacy policy. The latest version of the privacy policy will always be available on this website. In the case of significant updates affecting our processing of personal data (such as changes to specified purposes or categories of personal data) or updates that, even if not crucial to the processing, may have a significant impact on you, you will be informed on onepan.se and via email (if you have provided an email address) well in advance before the updates take effect. When we provide information about updates, we will also explain the meaning of the updates and how they may affect you.