Wearephoenix ApS (hereafter us, we or our) is the data controller (responsible) for the processing of your personal data as described in this policy. If you have any questions about how we process data about you, don't hesitate to contact us at email@example.com or by other means, see contact details below.
This policy applies to all personal data collected through Wearephoenix.dk. All contact with us with regard to the processing of your personal data will be handled by Wearephoenix ApS. This naturally means that we use the same systems and customer service to help our customers.
We care about your privacy and want to be transparent in what way we process your personal data. Here you can read about the information we collect, how we process the information, and who has access to it.
We only process your personal data when we have a specific purpose of doing so and when that purpose is fulfilled, we will delete the data unless it is further processed for another reason as described below.
Our processing of your personal data is governed by the EU General Data Protection Regulation (GDPR) and national data protection legislation.
Information we collect about you and from where
- By ourselves when analyzing your behavior and engagement in communication we send or when you visit our websites (e.g. IP address, country, viewed pages, viewed categories, viewed brands, interaction/clicks and searches, open rate, click rate, and time spent reading the emails).
- From you when you supply information yourself to us, when setting up your profile or making a purchase (e.g. demographic data, name, email address, telephone number, payment information, items, order amount, discount level, brands, and frequency. Including sending transactional emails, order confirmation, shipping confirmation, returns, and refund confirmation).
Why we process your personal data
We process your personal data mainly for reasons connected to you being a customer and fulfilling our commitment to you. Besides the contractual requirements, we also process data for the following purposes. We are trying our best to describe the purposes as concise and clear as possible, but please ask us if you want any more information.
- Contractual obligations
- In order for us to administer and ship your goods and receive payment in return, some personal data about you is obviously needed.
- We have also an obligation to provide customer service (via email, chat, or phone) under our terms, and to administer your account.
- Legitimate interest
- When you browse around on our website, we will keep track of which products you have looked at in order for us to tailor inspiration to you as well as make it easy for you to find what you've previously shown an interest in.
- To keep both you and us safe, we process personal data to administrate, operate and maintain our websites and systems. We also comply with aggregated statistics about the site usage and purchases to improve our understanding of our customer's preferences and for developing new functions.
- To be able to establish, exercise, or defend legal claims in connection to fraud. As well as to prevent misuse of our services or to avoid, prevent and investigate crimes against us.
- Legal obligations
- We also need to process personal data about you in order to fulfill legal obligations, legislation concerning consumer rights, and product safety.
For how long we process your personal data
We will retain your personal information for the period necessary to fulfill the purpose of the processing. We have highlighted the most common and important processing activities performed and their retention period, below.
Show inspiration based on your website browsing and purchases
Processing for direct marketing purposes will no longer take place after an objection from you.
Marketing from Wearephoenix through email and text (SMS), based on your consent
We process information for this purpose about you as long as it is relevant and useful to produce offers and information that suits you particularly well, but only as long as we have your consent (that is until you withdraw your consent).
You give and easily withdraw your consent for direct marketing, on your profile in your account.
As long as provided for by the legal obligation in question (e.g. 7 years according to bookkeeping legislation).
Who do we share your personal data with?
When we use a subcontractor to process your personal data for purposes described in this policy and under our responsibility, we will first sign a Data Processing Agreement (DPA) with them. The DPA gives instructions on confidentiality and security and limits the processing to what is strictly needed. These companies are not allowed to process your data for any other purpose. We use the following types of processors.
- Webshop platform
- Storage, hosting, and other IT-services
In the event that personal data becomes available in an area outside of the EU / EEA, in a so-called “third country”, you can read about how we, through further agreements and measures, protect your personal data in the section with the same name, below.
After careful consideration, we may also use services from, or enter into cooperation with, companies where the processing of your personal data, after our collection, wholly or partly is controlled by this party and under their responsibility. This is applicable for the following situations:
- Transportation and distribution, that is, to ensure that the goods you ordered arrive at you safely and quickly
- Payment services
When your personal data is transferred to another controller, it is important to us that you are aware of when and to whom, so that you have the possibility to contact these companies and ask about how they process your data and to make sure you are able to exercise your rights under GDPR. We do this, for example, when you order delivery, by clearly referring to the respective shipping company, or when using a payment service by putting pressure on the payment solutions that are made available to provide information themselves about what information they need to secure payment and how you can ask questions about this.
All recipients who act as their own Data Controller are responsible to give you the necessary information about their processing.
Public authorities and transfers based on legal obligations
If we are obliged to share your personal data with tax authorities, the police, or anyone else due to a legal obligation, we will of course do so.
Third country transfers
GDPR is perfectly aligned with our own values and the companies we share information with. However, in some cases, the best suppliers as well as some of our partners, are found outside of the EU. To not deprive us, or you, of these possibilities, we will occasionally use a sub-contractor outside of the EU/EEA. This puts extra demands on us to ensure that the processing of personal data is given protection which is equivalent to what you could expect if it took place in the EU, through contracts and technical measures. With that said, we would like to draw your attention to the fact that even in countries such as the USA, national legislation does not meet the requirements that are now set within the EU. This means that no matter how careful we are when choosing companies to collaborate with or engage for basic functions such as storage and communication, and despite the fact that we are constantly working to secure the processing that takes place outside the EU through agreements, there is a chance that a foreign security service is listening in. Both legislators and the companies we work with are currently searching for the best ways to make these transfers and processing overseas safer. The EU has developed so-called “standard contractual clauses”, abbreviated SCC, based on the EU commission's proposal, which is often part of – but not the whole - solution. We use subcontractors and have partners outside EU/EEA within the following functions:
- Webshop platform, CANADA
- CRM system, USA
- Personalized marketing, USA
- Analytics, USA
- Storage, USA
We will continue to monitor the situation, to keep you informed and further update our protection when possible.
We promise to keep this policy updated and you are most welcome to ask questions about this at any time. If you want to receive a copy of the documentation regarding these safety measures, you are welcome to contact us.
Where granted by local law, you may have the right to request access to the personal data that we have collected about you for the purposes of reviewing, modifying, or requesting deletion of the data. You may also have the right to request a copy of the personal data that we have collected about you and to have any inaccuracies in that data corrected. In certain circumstances, you may also request that we cease processing your personal data.
If you would like to make a request to access, review, or correct the personal data we have collected about you, or to discuss how we process your personal data, please contact us at firstname.lastname@example.org. To help protect your privacy and security, we will take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Different laws may prevent us from providing access to your personal data or otherwise fully complying with your request depending upon the circumstances and the request, such as for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or deny your requests where they may be manifestly unfounded, and/or excessive, or otherwise objectionable or unwarranted under applicable law.
In addition, and where granted by local law, you have the legal right to lodge a complaint with a competent data protection authority.
Kronprinsensgade 9, Stuen og 1. sal
DK-1114 Copenhagen K
What is a cookie?
When you visit Wearephoenix.dk cookies are stored on your computer. The information in your cookies is sent between your browser and a web server and includes information on user settings, login, and how the website is being used.
What cookies do we use?
We collect information about all visits to our website. We use this information to improve your user experience, evaluate the use of the individual elements of Wearephoenix.dk, and support our marketing.
We use various analytical tools such as Google Analytics, which assist us in collecting statistics on the use of our websites to create a better experience for you.
You can opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We also work together with companies to enhance our online advertisement to ensure that you are only exposed to relevant ads. In this context, we use e.g., the following suppliers: Facebook, Instagram, and Google. If you want to be excluded from these types of advertisements, you can remove your cookie here.
Our website contains third-party components such as "Facebook Recommend", "Facebook Like" or "Google+". These third-party components have the effect that the owner of the third-party component, such as Facebook or Google, receives technical data about your browser, IP address, and the pages you visit on our websites and similar. The treatment that the owner of the third-party component performs is beyond our control and is solely between you and the owner of the third-party component.
We use these components to link directly to our social media sites and thereby ensure easy navigation for you as a customer.
At our websites, a number of technical cookies are in place that are necessary for handling the functionality in several areas. These are the cookies that are stored when you log into your account and cookies stored to keep track of the contents of your shopping cart, favorites, etc.
How do I avoid cookies?
If you do not want to receive cookies, you can either block all cookies, delete existing cookies from your computer or receive a warning before saving cookies.
A change to cookie settings may cause a degraded user experience when visiting our and other websites.
You should be aware that if you do not accept cookies, there may be functions on our websites that will not work.
To delete cookies, go to Tools -> Options -> Privacy -> and remove individual cookies or clear your history.
To block cookies, go to Tools -> Options -> Privacy -> in the drop-down menu under History select "Use custom settings for history" -> tick "Always use private browsing mode" and uncheck "Accept cookies from pages ".
To delete cookies, go to Tools -> Internet Options -> General tab -> Click Delete -> Cookies-> Delete.
To block cookies, go to Tools -> Internet Options -> Privacy -> Move slider to the top. This is how you block all cookies. -> Click OK.
To delete cookies, click on the Tools button -> Tools -> Clear browsing data -> Delete cookies and other site data -> Clear browsing data.
To block cookies, click on the Tools button -> Settings -> Show Advanced Options -> Content Settings -> Click "Block all sites from storing data" and tick the "Block third-party cookies and site data" -> Ok
To delete cookies, click on the Tools button -> Settings -> Security -> Click on "Show Cookies". Here you can either delete cookies from a single domain or remove all cookies.
To block cookies, click on the toolbar button -> Settings -> Security -> Under "Accept Cookies" select "never".
Version 1 – April 2021