Privacy policy

Privacy Policy – G&S by Sami’s Jackets

Effective Date: April 20, 2025
Last Updated: April 20, 2025

1. Introduction

At G&S by Sami’s Jackets, operated by Samis Jackets AB, we are fully committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (2018:218).

This Privacy Policy governs the collection, use, and protection of your data across all our platforms and services, including:

  • Our websites: www.samisjackets.com and www.gsbysamisjackets.se

  • Our mobile applications

  • Our QR or scan-based registration systems

  • Any other digital or physical points where data is collected

By accessing or using our services, you confirm that you have read and understood this Privacy Policy.

2. Data Controller

Samis Jackets AB
📍 Kungsgatan 24, 63218 Eskilstuna, Sweden
📧 info@samisjackets.com

3. Personal Data We Collect

We may collect the following categories of personal data:

  • Full name

  • Email address

  • Phone number (optional)

  • IP address

  • Device/browser type and operating system

  • QR/scan registration details (consent checkboxes, timestamp, form version)

  • Location (based on IP)

  • Usage and interaction data from our websites or apps

We do not collect sensitive personal data unless explicitly required and legally justified.

4. Legal Grounds for Processing

We process personal data lawfully based on the following legal bases:

  • Consent (Article 6.1.a GDPR)

  • Contractual necessity (Article 6.1.b GDPR)

  • Legal obligation (Article 6.1.c GDPR)

  • Legitimate interest (Article 6.1.f GDPR)

You may withdraw your consent at any time by contacting us.

5. Purpose of Processing

We use your data to:

  • Provide access to our websites, apps, and QR systems

  • Facilitate registration, communication, and service delivery

  • Manage subscriptions and marketing (with consent)

  • Create and maintain consent audit logs

  • Fulfill legal obligations and improve user experience

6. QR Registration and Consent Logging

If you register using a QR code or scanning feature, we securely log:

  • The consent selections you made

  • The exact checkbox text shown

  • Date and time of submission

  • Your IP address

  • Form and Privacy Policy version accepted

These logs are encrypted and retained for compliance with GDPR audit standards.

7. Data Storage & Security

We maintain strict data protection measures:

  • End-to-end encryption (at rest and in transit)

  • GDPR-compliant cloud hosting within the EU

  • Role-based access control and activity logging

  • Regular security assessments and updates

8. Data Retention

We retain your personal data only as long as necessary:

  • QR/registration form data: 12 months

  • Consent logs: Minimum 24 months

  • Financial and legal records: 7 years (per Swedish law)

After the relevant retention period, data is securely deleted or anonymized.

9. Cookies and Analytics

We use cookies and similar tracking technologies to:

  • Enhance site functionality and user experience

  • Analyze traffic and usage trends

  • Remember preferences

Our analytics tools are GDPR-compliant, and IP addresses are anonymized. You may manage cookie preferences through your browser or our cookie banner.

10. Third-Party Processors

We may share your data with trusted third parties under strict data processing agreements:

  • Cloud storage providers

  • Email service platforms

  • Analytics and IT security services

All third parties are bound to GDPR compliance and may not use your data for their own purposes.

We do not sell your personal data.

11. International Transfers

All personal data is stored and processed in the European Union. If we ever need to process data outside the EU/EEA, we will rely on:

  • Adequacy decisions by the European Commission, or

  • Standard Contractual Clauses (SCCs) approved under GDPR

12. Your Rights Under GDPR

As a data subject, you have the right to:

  • Access your personal data

  • Rectify inaccurate or incomplete data

  • Delete your data (“right to be forgotten”)

  • Restrict or object to specific processing

  • Export your data (data portability)

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority

To exercise these rights, please email info@samisjackets.com. We will respond within 30 days.

13. Supervisory Authority – IMY

If you believe your data has been processed unlawfully or your rights under GDPR have been violated, you have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):

📍 Website: www.imy.se
📧 Email: imy@imy.se
📞 Phone: +46 (0)8 657 61 00

14. Children’s Privacy

We do not knowingly collect data from individuals under 16 without verified parental consent. If we become aware of such data collection, we will delete it immediately.

15. Changes to This Privacy Policy

We may update this policy as needed. When we do:

  • The “Last Updated” date will reflect the change

  • You will be notified where legally required

  • The newest version will always be available via our websites and QR systems

16. Contact Us

If you have any questions or concerns regarding this Privacy Policy or your data:

📧 Email: info@samisjackets.com
📍 Address: Samis Jackets AB, Kungsgatan 24, 63218 Eskilstuna, Sweden

By using our websites, mobile app, or QR services, you acknowledge and agree to this Privacy Policy.