Privacy Notice

Last updated: 2024-09-30

Kustom AB (”Kustom”, “us”, “we” or “our”) is committed to protect the personal data and safeguard the privacy of our service users. For more information on how to reach us, see Section 6. This privacy notice (“Privacy Notice”) describes how Kustom, in its capacity as a data controller, processes your personal data as a user of our service (the “Service”) in accordance with the General Data Protection Regulation (EU Regulation 2016/679) (hereinafter referred to as the “GDPR”) and other applicable legislation.

1. Collection and categories of personal data, processing purposes and legal bases

We generally collect personal data directly from you but can also collect the data from other third parties. Not providing your personal data may result in disadvantages for you, e.g., we may not be able to provide you with the Service. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.

1.1. To provide customer support

We process your personal data, including contact, identification, and health information, as well as data about your use of our Service. This data is sourced from you and/or from Kustom. The purpose of processing this data is to provide special assistance and support when you contact our customer service. The legal basis for this processing is our legitimate interest or, where applicable, your consent, in line with GDPR Articles 6(1)(a) and 9(2)(a) (where special categories of personal data, for instance health information, is concerned).

1.2. To perform assessments regarding fraud prevention etc.

To perform risk analysis, prevent fraud, and manage risks, we process your personal data to confirm your identity and verify the accuracy of the data you provide, as well as to counter criminal activities. 

We collect contact and identification data, payment information, information about goods/services from stores, usage data of our Service, technical information generated through your use of our Service, your contacts with stores, device information, and sensitive personal data.

This processing is necessary for us to execute and perform our contract with you (Article 6(1)(b) GDPR) or to fulfil ours or third parties’ legitimate interests relating to the foregoing purposes.

1.3. To improve our Service

To anonymize your personal data for improving our Service and products and analysing customer behaviour, we collect contact and identification data, payment information, information about goods/services from stores, usage data of our Service, technical information generated through your use of our Service, your contacts with stores, device information, and service-specific personal data.

This processing is based on a balancing of interests (Article 6(1)(f) GDPR). We have determined that we have a legitimate interest in anonymizing your personal data for product development and customer behaviour analysis to enhance our services and customer experience. We ensure that this processing is necessary to achieve these purposes and that our interest outweighs your right not to have your data processed for this purpose. By anonymizing your information, we also ensure minimal use of personal data.

1.4. To operate our Service

To calculate payment commissions to suppliers, we first anonymize the data whenever possible, ensuring no personal data processing occurs thereafter. We collect information about goods/services, your use of our Service, and technical information generated through your use of our Service.

This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Kustom has determined that we have a legitimate interest in calculating potential commissions. We ensure that this processing is necessary to achieve its purpose and that our interest outweighs your right not to have your data processed for this purpose.

1.5. To produce statistics and analysis

To produce statistics and reports for economic analysis or to analyze payment trends or volumes in specific regions or industries, we anonymize the data whenever possible, ensuring no personal data processing occurs thereafter. We collect contact and identification data, payment information, information about goods/services from stores, usage data of our Service, your contacts with stores, and service-specific personal data.

This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Kustom has determined that we have a legitimate interest in obtaining statistical data and reports for these purposes. We ensure that this processing is necessary to achieve its purpose and that our interest outweighs your right not to have your data processed for this purpose.

1.6. To protect legal rights and defend against claims

To protect Kustom from legal claims and safeguard our legal rights, we process your personal data based on a balancing of interests (Article 6(1)(f) GDPR). Kustom has determined that we have a legitimate interest in protecting ourselves from legal claims. We ensure that this processing is necessary to achieve its purpose and that our interest outweighs your right not to have your data processed for this purpose.

This processing occurs for the entire period during which we must retain the information in our systems, such as to perform the contract executed with you or to comply with applicable law.

1.7. To share personal data with third parties

We may engage external service providers, who act as our data processors, to provide certain services to us, such as website service providers or IT support service providers. A data processor is a Kustom that processes personal data on our behalf and according to our instructions.

In addition to the above, we may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, legal counsels, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to applicable third parties involved in the merger or acquisition, including potential buyers, investors and professional advisors. We may also share your personal data with other third parties with your consent.

This processing is based on a balancing of interests (Article 6(1)(f) GDPR). We have determined that we have a legitimate interest in sharing your personal data for these purposes, and we ensure that this processing necessary to achieve its purposes and that our interest outweighs your right not to have your personal data processed for these purposes.

1.8. To comply with accounting laws

To perform bookkeeping and accounting in accordance with accounting laws and preserve records in compliance with applicable law, we process contact and identification data, payment information, information about goods/services from stores, your use of our Service, your contacts with our customer service, and your contacts with stores you shop at or visit. This processing is necessary to comply with the law (Article 6(1)(c) GDPR) and the Swedish Accounting Act (1999:1078).

1.9. To maintain our customer service

To handle all matters that come to our customer service, we retain various forms of written conversations to document customer issues, ensure security, and counter fraud. We collect information about your contacts with our customer service from you and other sources. This processing is necessary for the performance of contracts (Article 6(1)(b) GDPR).

1.10. To develop our customer service

To ensure satisfactory customer service and improve quality, we may record telephone conversations and screen sharing sessions between you and our employees. This helps us deliver better products and services. We collect information about your contacts with our customer service from you and other sources.

This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Kustom has determined that we have a legitimate interest in improving our services, internal training, and quality control. We ensure that this processing is necessary to achieve these purposes and that our interest outweighs your right not to have your data processed for this purpose. As a customer, you also benefit from improved quality in your interactions with us.

1.11. To document customer service interactions

To document what has been agreed or discussed during interactions with our customer service, we record telephone conversations and use manual and automated notations. This ensures we have a clear record of communications. We collect information about your contacts with our customer service from you and other sources.

This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Kustom has determined that we have a legitimate interest in documenting communications with our customer service. We ensure that this processing is necessary to achieve this purpose and that our interest outweighs your right not to have your data processed for this purpose. As a customer, you also benefit from having an impartial record of what has been discussed.

1.12. Autofill during checkout at a store or checkout provider

In order for you to have a smooth and friction free shopping experience we will remember some information about you and use that information to autofill different forms with your information during your shopping. When we are able to identify you, we may autofill some information about you in the purchase flow, such as name, address, telephone number, email, date of birth and card details. This processing is necessary for the performance of contracts (Article 6(1)(b) GDPR) or third parties’ legitimate interests relating to the foregoing purposes.

An additional method we can use to autofill your information is by placing a cookie on your device (computer, tablet, mobile phone, etc.). You may choose to store your information such as name, address, telephone number, email, date of birth, or personal identification number. If you do so, we use the cookie to fetch that information from us or our partners, and the cookie will help us to autofill your information.

If you don’t want to use the autofill functionalities you can contact us and we will disable them. You can also disable them by adjusting your autofill settings during the purchase process. You can at any given time delete all cookies on your device, which deletes our cookie as well.

2. Retention period

Your personal data will be retained as long as necessary to provide you with services or communication. In addition to retention for the above purposes, we may also retain your personal data in order to comply with applicable laws, such as bookkeeping laws, or if we need your personal data to establish, exercise or defend legal claims. Where the data is only stored, it will be archived with highly limited access rights.

3. Who do we share your personal data with?

Kustom may engage external service providers, who act as data processors of Kustom, to provide certain services to Kustom, such as website service providers or IT support service providers. A data processor is a company that processes the information on our behalf and according to our instructions.

In addition to the above, Kustom may transfer – in compliance with applicable data protection law personal data to law enforcement agencies, governmental authorities, legal counsels, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition, including potential buyers, investors and professional advisers. Furthermore, Kustom may share your personal data with other third parties with your consent.

4. International transfers of personal data

Personal Data may be transferred to and processed by data processors which are located outside the European Economic Area (“EEA”). Where a transfer to a third country takes place, Kustom will ensure that appropriate safeguards have been taken to ensure that transfers out of the EU/EEA are adequately protected as required by applicable data protection law and to provide you with relevant information. Such appropriate safeguards may be, that the data exporter and data importer have entered into the European Commission’s Standard Contractual clauses for international transfers and implemented supplementary measures.

You can ask for a copy of such appropriate safeguards by contacting us as set out below in Section 6.

5. Data subjects’ rights

You have a number of rights in connection with the processing of your personal data, subject to certain conditions set out in the GDPR and applicable local data protection laws, including the right to:

i. Request access to your personal data (“data subject access request”). This includes to be informed as to whether personal data is being processed or not, and if yes, access to the personal data and certain information of the processing.

ii. Request rectification of the personal data that we process about you. This enables you to have incomplete or inaccurate data we hold about you corrected.

iii. Request deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no overriding reason for us to retain it.

iv. Right to object – you have the right to object to the processing of certain personal data where we are relying on a legitimate interest or when personal data are processed for direct marketing purposes, including profiling related to direct marketing.

v. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

vi. Request data portability – you have the right to request access to personal data that you have provided about yourself if the personal data is being processed automatically and if the processing is based on the legal basis consent or a contract.

vii. You may withdraw your consent at any time – If you have given your consent for processing of your personal data you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based before its withdrawal, by contacting us as stated in the Contact information section below.

viii. Right to lodge a complaint – In case of complaints you may contact us as set out in Section 6 and you also have the right to lodge a complaint with the competent data protection supervisory authority in particular in the EU Member State of your habitual residence, place of work or of an alleged breach of the GDPR. In Sweden, this is the Swedish Authority for Privacy Protection (www.imy.se).

If you have any questions or concerns about how Larkan process your personal data or want to exercise your rights, please contact us as stated below in Section 6.

6. Contact information

Kustom AB, registration number 559463-5038, Torstenssonsgatan 4, 114 56 Stockholm, Sweden, is the data controller of the personal data.  

If you want to exercise your rights under the GDPR, or if you have any questions or concerns regarding this Privacy Notice, please contact us by e-mail on [email protected].