1.1 OUR PRIVACY GUARANTEE
1.1 Here at LAZYROLLING AB (LAZYROLLING) we are always committed to protecting our clients and visitors on our website’ privacy as they are the backbone of what we do and who we are. LAZYROLLING is the data controller for all personal data collected by us. If you have any questions about how we protect your data, please get in touch at firstname.lastname@example.org.
1.2 We use your personal information in multiple ways to give you the best experience possible and get your purchases to your front door.
2.2 WHAT WE DO WITH YOUR DATA
This section provides you with information about what personal data we hold and process, where we obtained that information if not from you, the reasons for processing your personal data and the legal grounds on which we may process your data.
2.2.1 CONTACT DATA
(a) We may process contact details that you provide to us (contact data). This contact data may include your name, telephone number, and email address, and may be provided through our website when you express an interest in purchasing one of your products.
(b) We process this data so we can get your LAZYROLLING products to you and sort out any returns or queries you may have. The legal basis for this processing is our legitimate interest in introducing you to our products. We’ll send you emails relating to your order such as receipts and tracking numbers. This is all you will ever receive unless you opt-in to receive our marketing rmsild and product updates.
(c) We like to know what we’re selling and where, so we can improve our products!
2.2.2 TRANSACTION DATA
(a) If you decide to purchase one of our products, we will ask you for further information in order to complete the transaction (transaction data). This might include your address, financial and credit card information and sometimes personal identification details.
(b) We may use this data to contact you with a summary of your order, request and process payment, and administer necessary identification checks.
(c) We aim not to store your payment details apart from the amount you have spent and the status of your payment (“Approved”, “Awaiting Transfer”, etc.). The rest of your transaction data is held by third-party providers like PayPal. We may disclose your data to service providers, including banks and professional advisors. Where we share your personal data with any third party, we will ensure appropriate safeguards are in place, including a suitable data processing agreement with that third party.
(d) The legal basis for such processing is consent.
2.2.3 WEBSITE DATA
(a) LAZYROLLING keeps track of the websites and pages our customers visit within LAZYROLLING, in order to determine what LAZYROLLING services are the most popular. This data is used to deliver customized content and advertising within LAZYROLLING to suitable customers. This data may include your IP address, geographical location, browser type and version, time zone setting, browser plug-in types, operating system, referral source, length of visit, page views and website navigation paths.
(b) The legal basis for such processing is our legitimate interests, namely monitoring and improving our website and services.
2.2.4 NOTIFICATION DATA
(a) We may process information that you provide to us for the purposes of sending you newsletters.
(b) The legal basis for this processing is consent.
2.2.5 ENQUIRY DATA
(a) If you email us to ask for help, we keep these so if and when one of our teams chats to you they know as much as possible. We may also process information contained in such enquiries for the purposes of marketing relevant products and services to you.
(b) The legal basis for this processing is consent.
2.3 DATA SHARING
2.3.1 We will never sell your data to any third-party. The only time we ever share your data is when it is required to deliver our service to you.
2.3.2 LAZYROLLING websites will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on LAZYROLLING or the site; (b) protect the rights or property of LAZYROLLING; and, (c) act under exigent circumstances to protect the personal safety of users of LAZYROLLING, or the public.
2.4 TRANSFERS OF YOUR PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA
2.4.1 Your personal data will be transferred and stored outside of the EEA. It will also be processed by or staff, or those of our suppliers, operating outside of the EEA.
2.4.2 Where your personal data is transferred outside of the EEA, we will ensure that either (a) The European Commission has made an "adequacy decision" with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the protection of your data. In all cases, transfers outside of the EEA will be protected by appropriate safeguards.
2.5 SECURITY OF YOUR PERSONAL INFORMATION
LAZYROLLING secures your personal information from unauthorized access, use or disclosure. LAZYROLLING secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
2.6 RETAINING AND DELETING PERSONAL DATA
2.6.1 Personal data that we process for any purpose shall not be kept for longer than is necessary.
2.6.2 Unless we obtain your consent for us to retain your personal data for a longer period, we will retain and delete your personal data as follows:
(a) Contact data will be retained for 3 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
(b) Investment data will be retained for 2 years following the date that our contract with you terminates, at the end of which period it will be deleted from our systems.
(c) Website data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
(d) Enquiry data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
(e) Notification data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
(f) Correspondence data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
2.6.3 We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.7.1 We may update this policy from time to time by publishing a new version on our website.
2.7.2 We may notify you of changes to this policy by email.
2.8 YOUR RIGHTS
2.8.1 You may instruct us to provide you with any personal information we hold about you; this will be subject to:
2.8.2 Your request not being unfounded or excessive, in which case a charge may apply; and
2.8.3 The supply of appropriate evidence of your identity (We will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
2.8.4 We may withhold personal information that you request to the extent permitted by law.
2.8.5 You may instruct us at any time not to process your personal information for marketing purposes.
2.8.6 You will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
2.8.7 The rights you have under data protection law are:
• The right to access;
• The right to rectification;
• The right to erasure;
• The right to restrict processing;
• The right to object to processing;
• The right to data portability;
• The right to complain to a supervisory authority; and
• The right to withdraw consent.
2.8.8 Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data and to have access to this and any additional information. This includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
2.8.9 Your right to rectification. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.
2.8.10 Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.
2.8.11 Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that to be verified We may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
2.8.12 Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
2.8.13 Your right to object to direct marketing. If you object to us processing your personal data for direct marketing purposes, we will stop.
2.8.14 Your right to object for statistical purposes. You can object to us processing your personal data for statistical purposes on grounds relating to your particular situation, unless it is necessary for performing a task carried out for reasons of public interest.
2.8.15 Automated data processing. If the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
2.8.16 Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
2.8.17 Right to withdraw consent. If the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
2.8.18 Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.
2.9.1 A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued it.
2.9.2 One of the primary purposes of cookies is to provide a convenience feature to save you time. It tells the web server that you have returned to a specific page. For example, if you personalize the website pages, or register with the website or services, a cookie helps the website to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on.
2.9.3 You may accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the websites you visit.
2.9.4 Our website uses the following essential cookies, including one other cookie used to store your shopping cart etc. This cookie usually has a long, non-descript name, which changes regularly for your security.
2.9.5 There are five main types of cookie – here’s how and why we use them:
(a) Site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Checkout”.
(b) Google analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience. This data is anonymised and cannot be personally attributed to a specific user.
(c) Customer preference cookies – when you are browsing or shopping on LAZYROLLING, these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you.
(d) Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
(e) Facebook pixel is a third party cookie that allows us to monitor traffic, interactions and sales that result from clicks on our Facebook content. We also use this data for marketing purposes. This data is encrypted and stored securely by Facebook, no data is personally identifiable.
2.9.6 When you first access the site you will receive a pop-up allowing you to opt out for any cookies placed on our site. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm. Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site, and the complete LAZYROLLING user experience that we pride ourselves on providing our customers.
2.10 EMAIL TRACKING.
2.10.1 Some emails that we send you have no tracking in at all e.g. service emails with invoices attached. Other emails we send may contain tracking so that we can tell how much traffic those emails send to our site.
2.10.2 Some emails we can track, at an individual level, such as whether the user has opened and clicked on the email. We rarely use the information at a personal level, rather we use it to understand open and click rates on our emails to try and improve them. If you want to be sure that none of your email activity is tracked then you should opt out of our emails which you can do via the unsubscribe link at the bottom of each email.
2.10.3 For the purposes of emailing you updates and offers, we store your name, email address, and country to give you the best personalised content. These details are stored securely within our email provider, which at the time of writing, is MailChimp.
2.11 SOCIAL BUTTONS.
2.11.1 On many of the pages of the site you will see 'social buttons'. These enable users to share or bookmark the web pages. For example there are buttons for: Twitter, Instagram and Facebook. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website.
2.11.2 You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this site. In some cases these sites will be registering the fact that you are visiting our website, and the specific pages you are on, even if you don't click on the button if you are logged into their services, like Google and Facebook.
2.11.3 You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
2.12 Social Plugins.
On some pages within the site we use 'social plugins'. These enable you to utilize your existing social media (for example, Facebook) account to login to the site or post comments. They are there to enhance your experience and make interacting with the site easier. In order to implement these plugins, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website.