Privacy Notice
Last updated: 2024-09-26
Larkan XII AB (”Larkan”, “us”, “we” or “our”) is committed to protect the personal data and safeguard the privacy of our service users. For more information on how to reach us, see Section 6. This privacy notice (“Privacy Notice”) describes how Larkan, in its capacity as a data controller, processes your personal data as a user of our service (the “Service”) in accordance with the General Data Protection Regulation (EU Regulation 2016/679) (hereinafter referred to as the “GDPR”) and other applicable legislation.
1. Collection and categories of personal data, processing purposes and legal bases
We generally collect personal data directly from you but can also collect the data from other third parties. Not providing your personal data may result in disadvantages for you, e.g., we may not be able to provide you with the Service. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
1.1. To provide customer support
We process your personal data, including contact, identification, and health information, as well as data about your use of our Service. This data is sourced from you and/or from Larkan. The purpose of processing this data is to provide special assistance and support when you contact our customer service. The legal basis for this processing is our legitimate interest or, where applicable, your consent, in line with GDPR Articles 6(1)(a) and 9(2)(a) (where special categories of personal data, for instance health information, is concerned).
1.2. To perform assessments regarding fraud prevention etc.
To perform risk analysis, prevent fraud, and manage risks, we process your personal data to confirm your identity and verify the accuracy of the data you provide, as well as to counter criminal activities. We collect contact and identification data, payment information, information about goods/services from stores, usage data of our Service, technical information generated through your use of our Service, your contacts with stores, device information, and sensitive personal data. This processing is necessary for us to execute and perform our contract with you (Article 6(1)(b) GDPR) or to fulfil ours or third parties’ legitimate interests relating to the foregoing purposes.
1.3. To improve our Service
To anonymize your personal data for improving our Service and products and analysing customer behaviour, we collect contact and identification data, payment information, information about goods/services from stores, usage data of our Service, technical information generated through your use of our Service, your contacts with stores, device information, and service-specific personal data. This processing is based on a balancing of interests (Article 6(1)(f) GDPR). We have determined that we have a legitimate interest in anonymizing your personal data for product development and customer behaviour analysis to enhance our services and customer experience. We ensure that this processing is necessary to achieve these purposes and that our interest outweighs your right not to have your data processed for this purpose. By anonymizing your information, we also ensure minimal use of personal data.
1.4. To operate our Service
To calculate payment commissions to suppliers, we first anonymize the data whenever possible, ensuring no personal data processing occurs thereafter. We collect information about goods/services, your use of our Service, and technical information generated through your use of our Service. This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Larkan has determined that we have a legitimate interest in calculating potential commissions. We ensure that this processing is necessary to achieve its purpose and that our interest outweighs your right not to have your data processed for this purpose.
1.5. To produce statistics and analysis
To produce statistics and reports for economic analysis or to analyze payment trends or volumes in specific regions or industries, we anonymize the data whenever possible, ensuring no personal data processing occurs thereafter. We collect contact and identification data, payment information, information about goods/services from stores, usage data of our Service, your contacts with stores, and service-specific personal data. This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Larkan has determined that we have a legitimate interest in obtaining statistical data and reports for these purposes. We ensure that this processing is necessary to achieve its purpose and that our interest outweighs your right not to have your data processed for this purpose.
1.6. To protect legal rights and defend against claims
To protect Larkan from legal claims and safeguard our legal rights, we process your personal data based on a balancing of interests (Article 6(1)(f) GDPR). Larkan has determined that we have a legitimate interest in protecting ourselves from legal claims. We ensure that this processing is necessary to achieve its purpose and that our interest outweighs your right not to have your data processed for this purpose. This processing occurs for the entire period during which we must retain the information in our systems, such as to perform the contract executed with you or to comply with applicable law.
1.7. To share personal data with third parties
We may engage external service providers, who act as our data processors, to provide certain services to us, such as website service providers or IT support service providers. A data processor is a Larkan that processes personal data on our behalf and according to our instructions. In addition to the above, we may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, legal counsels, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to applicable third parties involved in the merger or acquisition, including potential buyers, investors and professional advisors. We may also share your personal data with other third parties with your consent. This processing is based on a balancing of interests (Article 6(1)(f) GDPR). We have determined that we have a legitimate interest in sharing your personal data for these purposes, and we ensure that this processing necessary to achieve its purposes and that our interest outweighs your right not to have your personal data processed for these purposes.
1.8. To comply with accounting laws
To perform bookkeeping and accounting in accordance with accounting laws and preserve records in compliance with applicable law, we process contact and identification data, payment information, information about goods/services from stores, your use of our Service, your contacts with our customer service, and your contacts with stores you shop at or visit. This processing is necessary to comply with the law (Article 6(1)(c) GDPR) and the Swedish Accounting Act (1999:1078).
1.9. To maintain our customer service
To handle all matters that come to our customer service, we retain various forms of written conversations to document customer issues, ensure security, and counter fraud. We collect information about your contacts with our customer service from you and other sources. This processing is necessary for the performance of contracts (Article 6(1)(b) GDPR).
1.10. To develop our customer service
To ensure satisfactory customer service and improve quality, we may record telephone conversations and screen sharing sessions between you and our employees. This helps us deliver better products and services. We collect information about your contacts with our customer service from you and other sources. This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Larkan has determined that we have a legitimate interest in improving our services, internal training, and quality control. We ensure that this processing is necessary to achieve these purposes and that our interest outweighs your right not to have your data processed for this purpose. As a customer, you also benefit from improved quality in your interactions with us.
1.11. To document customer service interactions
To document what has been agreed or discussed during interactions with our customer service, we record telephone conversations and use manual and automated notations. This ensures we have a clear record of communications. We collect information about your contacts with our customer service from you and other sources. This processing is based on a balancing of interests (Article 6(1)(f) GDPR). Larkan has determined that we have a legitimate interest in documenting communications with our customer service. We ensure that this processing is necessary to achieve this purpose and that our interest outweighs your right not to have your data processed for this purpose. As a customer, you also benefit from having an impartial record of what has been discussed.
2. Retention period
Your personal data will be retained as long as necessary to provide you with services or communication. In addition to retention for the above purposes, we may also retain your personal data in order to comply with applicable laws, such as bookkeeping laws, or if we need your personal data to establish, exercise or defend legal claims. Where the data is only stored, it will be archived with highly limited access rights.
3. Who do we share your personal data with?
Larkan may engage external service providers, who act as data processors of Larkan, to provide certain services to Larkan, such as website service providers or IT support service providers. A data processor is a company that processes the information on our behalf and according to our instructions. In addition to the above, Larkan may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, legal counsels, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition, including potential buyers, investors and professional advisers. Furthermore, Larkan may share your personal data with other third parties with your consent.
4. International transfers of personal data
Personal Data may be transferred to and processed by data processors which are located outside the European Economic Area (“EEA”). Where a transfer to a third country takes place, Larkan will ensure that appropriate safeguards have been taken to ensure that transfers out of the EU/EEA are adequately protected as required by applicable data protection law and to provide you with relevant information. Such appropriate safeguards may be, that the data exporter and data importer have entered into the European Commission’s Standard Contractual clauses for international transfers and implemented supplementary measures. You can ask for a copy of such appropriate safeguards by contacting us as set out below in Section 6.
5. Data subjects’ rights
You have a number of rights in connection with the processing of your personal data, subject to certain conditions set out in the GDPR and applicable local data protection laws, including the right to:
i. Request access to your personal data (“data subject access request”). This includes to be informed as to whether personal data is being processed or not, and if yes, access to the personal data and certain information of the processing.
ii. Request rectification of the personal data that we process about you. This enables you to have incomplete or inaccurate data we hold about you corrected.
iii. Request deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no overriding reason for us to retain it.
iv. Right to object – you have the right to object to the processing of certain personal data where we are relying on a legitimate interest or when personal data are processed for direct marketing purposes, including profiling related to direct marketing.
v. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
vi. Request data portability – you have the right to request access to personal data that you have provided about yourself if the personal data is being processed automatically and if the processing is based on the legal basis consent or a contract.
vii. You may withdraw your consent at any time – If you have given your consent for processing of your personal data you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based before its withdrawal, by contacting us as stated in the Contact information section below.
viii. Right to lodge a complaint – In case of complaints you may contact us as set out in Section 6 and you also have the right to lodge a complaint with the competent data protection supervisory authority in particular in the EU Member State of your habitual residence, place of work or of an alleged breach of the GDPR. In Sweden, this is the Swedish Authority for Privacy Protection (www.imy.se).
If you have any questions or concerns about how Larkan process your personal data or want to exercise your rights, please contact us as stated below in Section 6.
6. Contact information
Larkan XII AB, registration number 556737-0431, Sveavägen 46, 111 34 Stockholm, Sweden, is the data controller of the personal data.
If you want to exercise your rights under the GDPR, or if you have any questions or concerns regarding this Privacy Notice, please contact us by e-mail on [email protected].