1.1 In this privacy notice, you can learn more about how Hobbii A/S ("Hobbii", "we", "us", "our") processes your personal data in various situations.
1.2 We provide you with this information as we are required to do so under the EU General Data Protection Regulation (the "GDPR").
2.1 Hobbii acts as a data controller for the processing of your personal data in the following situations:
2.2 Below, you can read more about the various purposes of our processing of your personal data in different situations. You can also see which data we process, what the legal basis for our processing is, for how long we store the personal data, and who we share it with.
2.3 Further, in the section Your rights, etc. you can read about your rights and how to contact us.
3.1 When you visit our website (cookies)
3.1.1 When you visit our website, we use cookies to collect data about your visits, including e.g. your navigation on the website, the type of browser you use, and your IP address. These data may contain personal data.
3.1.2 We collect the data in order to ensure a stable, secure, and user-friendly experience on our website, as well as to keep statistics about our website visitors. In some cases, data is processed in order to target marketing based on the web browser behaviour.
3.1.3 The legal bases for our processing are:
3.1.4 Personal data contained in cookies will be deleted in accordance with the lifetime/period for each specific cookie.
3.1.5 Further, we disclose information about your use of the website to any third-party service providers that you have allowed to place cookies when you use the website.
3.1.5 Further, we disclose information about your use of the website to any third-party service providers that you have allowed to place cookies when you use the website.
3.1.6 To read more about our cookies, including their lifetime and disclosure to third parties, please have a look at our Cookie Policy.
3.2 When you sign up for our newsletters
3.2.1 When you subscribe to our newsletter, we register your name and email address. Further, if you choose to provide us with information regarding your preferences and wishes etc., we may adjust our newsletters accordingly.
3.2.2 Moreover, we may – if you have accepted this – use information pertaining to cookies for adjusting our newsletters, including your geographical location and/or regarding products you may have looked at on our website. To read more about our use of cookies, please have a look at our Cookie Policy.
3.2.3 The purpose of the processing is to be able to send our newsletters to you and any relevant offers. The legal basis for our processing is the consent you have given in accordance with section 10 of the Danish Marketing Practices Act (markedsføringsloven) and article 6(1)(a) of the GDPR. Profiling for our newsletters that is carried out via the use of cookies is based on your consent to marketing cookies (see above under the section on cookies). With regard to profiling in connection to your membership, please see below under the section on the webshop and membership.
We stress that you at any time have the right to object to our processing of your personal data concerning marketing, including our profiling related to such direct marketing (if we have allowed us to do so). Further, you have the right to withdraw your consent at any time. See our contact information below under "Contact details".
3.2.4 Personal data pertaining to our distribution of electronic newsletters will be deleted 2 years after our last newsletter has been distributed unless you have withdrawn your consent (i.e., unsubscribed) before such time.
3.2.5 We make your personal data available to our processors who e.g. host, develop and support our IT systems.
3.2.6 Please see below regarding the transfer of your personal data to third countries.
3.3 When you use our webshop and/or become a member
3.3.1 When you buy products from our webshop, we process your personal data, including your name and contact details, such as your email, address, phone number, as well as information regarding payment details (including credit card information) and your purchase history. The purpose of the processing is to manage your order and deliver the products you have bought in our webshop. Further, your personal data will be used in order for us to provide you with support and/or services after your purchase, to manage your returns, etc.
3.3.2 If you register as a member on our website/customer platform, we may also process the information you provide us with, including e.g., your age, your interests, and your skill level, as well as any project pictures you upload. The purpose of the processing is to give you access and to use our customer platform and its functions.
3.3.3 The legal basis for our processing of your name and contact details, including your address, as well as your payment information, is article 6(1)(b) of the GDPR, as the processing is necessary in order for us to fulfill our end of the purchase agreement.
3.3.4 Further, we are obligated to store bookkeeping information, including information related to payments/transactions in accordance with the Danish bookkeeping legislation. Based on the GDPR, our legal basis in that regard is Article 6(1)(c).
3.3.5 The legal basis for our processing of your membership information, as well as information regarding your purchase history, and the profiling we carry out in this regard is Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in offering a simple and user-friendly overview of your purchase history as well as providing you our best services and membership benefits when using our customer platform.
3.3.6 As a starting point, personal data pertaining to your orders will be deleted 5 years after the end of the financial year where your last order or inquiry has been handled/concluded. In specific situations, we may defer from our general retention periods (in case of e.g., complaints, objections, or other specific situations).
3.3.7 Personal data only pertaining to your membership will be deleted 1 year after you cancelled your membership.
3.3.8 We disclose personal data included in our account records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping, etc. Further, we disclose your personal data to the service providers for online payments and to the shipping company that delivers your products. Finally, we make your personal data available to our processors who e.g. host, develop and support our IT systems.
3.3.9 Please see below regarding the transfer of your personal data to third countries
3.4 Communications with us
3.4.1 When you communicate with us (e.g., via email or the contact form on our website) your communication will contain personal data, e.g., your contact details (including name and email address) and other personal data you may provide us with.
3.4.2 We process these personal data for the purpose of managing and answering your inquiries. The legal basis for the processing is Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general inquiries.
3.4.3 Personal data pertaining to our general communication with you (such as email inquiries) will be deleted 5 years after the end of the financial year where your last inquiry has been handled/concluded. If your communication pertains to an order, personal data will generally also be deleted 5 years after the end of the financial year in which the order was placed. In specific situations, we may defer from our general retention periods (in case of e.g. complaints, objections, or other specific situations).
3.4.4 We disclose personal data included in our account records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping, etc. We also make your personal data available to our processors who e.g. host, develop and support our IT systems.
3.4.5 Please see below regarding the transfer of your personal data to third countries
3.5 When you participate in our events or competitions
3.5.1 If you participate in competitions or events, we process your contact information (including name and email address) and other personal data you may provide us with.
3.5.2 We process these personal data for the purpose of managing your registration or administration your participation in competitions etc. The legal basis for the processing is Article 6(1)(f) of the GDPR, as we are pursuing the above-mentioned legitimate interests.
3.5.3 Personal data pertaining to our managing your registration or administration your participation in competitions etc. will be deleted 5 years after the end of the financial year where your last participated in an event or competition.
3.5.4 We will make your personal data available to our processors who e.g. host, develop and support our IT systems.
3.5.5 Please see below regarding the transfer of your personal data to third countries.
3.6 When you are or represent a supplier, vendor, or other third parties
3.6.1 When you communicate with us (e.g., via email) as or on behalf of the supplier, vendor, or another third party, your communication may often contain personal data, e.g. your contact details (including name and email address), association with a certain company or other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer.
3.6.2 We process these personal data for the purpose of managing and answering your inquiries and orders and communicating with you/the company you represent.
3.6.3 The legal basis for the processing is Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general inquiries and fulfilling any agreement, we may have concluded with the company you represent.
3.6.4 Personal data pertaining to our communication with you will generally be deleted 5 years after the end of the financial year in which our last contact with the business you represent took place.
3.6.5 We disclose personal data included in our account records to the relevant public authorities, including in connection with our statutory bookkeeping etc. We may also disclose your personal data to our relevant business partners, including external advisors. Finally, we make your personal data available to our processors who e.g., host, develop and support our IT systems.
3.6.6 Please see below regarding the transfer of your personal data to third countries.
3.7 If you visit our social media platforms (Facebook, Instagram, Pinterest, YouTube, Ravelry)
3.7.1 If you visit our pages at Facebook, Instagram, Pinterest, YouTube, or Ravelry, we may process the personal data that you make available to us via the pages, including your reactions to content, likes and comments, and any sharing of our content etc.
3.7.2 We process these personal data for the purpose of managing our social media platforms and communicating with our followers through these platforms. The legal basis for the processing is Article 6(1)(f) of the GDPR, as we are pursuing the above-mentioned legitimate interests. Your personal data is deleted in accordance with applicable data protection policies in place to the relevant social media platforms (see the links below).
3.7.3 Please note that when using our social media platforms, the provider (such as e.g., Facebook) will also process your personal data for its own purposes, including for targeted marketing purposes. You may find further information on the processing activities in the relevant privacy notices:
4.1.1 We transfer your personal data to countries outside the EU and EEA when making data available to our processors, including to Australia, Brazil, India, UK, and the US.
4.1.2 The bases for such transfers are
for all third countries other than UK: the Commission Decision of 4 June 2021 on standard contractual clauses for the transfer of personal data of third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, and
for the UK: an EU Commission adequacy decision based on Article 45 of the GDPR.
4.1.3 If you want additional information about our transfer of personal data outside the EU and EEA, including a copy of the relevant security measures, etc., you make a request for such additional information by contacting us (see contact information below).
5.1 You have special rights to help you control your personal data, and we wish to make it easy for you to exercise those rights:
5.2 Right to withdraw consent
Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us, see below under "Contact".
If you wish to unsubscribe to our newsletters, you can also withdraw your consent by unsubscribing in the emails you receive from us.
If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
5.3 Right of access
You have the right to have confirmed whether we collect or process your personal data, and, if so, you have the right to request a copy of your personal data in a digital format.
5.4 Right of rectification
You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.
5.5 Right of erasure
In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.
5.6 Right to restrict processing
In certain circumstances, you have the right to request that we restrict the processing of your personal data, e.g., if you believe that the personal data is not accurate or lawfully processed.
5.7 Right to object to the processing
In certain circumstances, you have the right to request that we stop processing your personal data.
5.8 Right to data portability
In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine-readable format, and the right to have us transmit the data to another entity, where technically feasible.
5.9 Complaint to a supervisory authority
5.9.1 If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, File a complaint (datatilsynet.dk).
5.9.2 You may also contact your local regulator (outside Denmark) to receive guidance on how to file a complaint, see: Our Members | European Data Protection Board (europa.eu).
5.10 You can read more about your rights in the Danish Data Protection Agency's guidelines on data subjects' rights, which is available at www.datatilsynet.dk (in Danish). Please contact Hobbii if you wish to exercise your rights. The relevant contact details are stated below.
Hobbii A/S
CVR no. 36909587
Dortheavej 12A, st. tv.
2400 Copenhagen NV
Denmark
Email: support@hobbii.com