Privacy Policy for Stokke AS
Powered by SIGNATU  
Published: a few seconds ago (September 13, 2018)

Stokke AS

Parkgata 6 6001 Ålesund
NORWAY
Org. ID970 983 325
Email dpo@stokke.com
Phone + 47 800 693 57
Who is responsible for processing your personal data?

Responsibility and role

We decide why and how your personal data are processed.
We are responsible for processing your personal data.

  • Data protection officer

    We have a data protection officer.

    Contact

    The contact details are:
    dpo@stokke.com

  • Enterprise

    We are an enterprise.

Archived Privacy Policy versions
Prior Privacy Policy versions are available at:
www.stokke.com
What is new in our Privacy Policy?

Changes

There are no important changes in this Privacy Policy version.

When is our Privacy Policy published and effective?

When

Our privacy policy is:

  • effective as of:
    25.05.2018
  • published:
    25.05.2018
What does our Privacy Policy cover?

Where and what

Our Privacy Policy applies to:

In which situations do we process your personal data?

Categories of individuals

We collect personal data:

  • of customers and/or clients.

Situation

We process your personal data in a situation that concerns:

  • the offering of goods or services.
  • an online activity.
  • a contract or that concerns an entry into a contract.
  • your personal data that we receive from you as our customer or client.
How do we collect your personal data?

How we collect

We collect your personal data in the following ways:

  • manually:
    eventos de marketing
  • electronically with the use of a web form:
    www.stokke.com y a través de la aplicación de pago DSS en tiendas Stokke
  • electronic tracking technologies:
    cookies
From which source do we collect your personal data?

Source

We collect your personal data from the following sources:

  • directly from you:
    Nombre, correo electrónico, domicilio, número de teléfono, fecha de nacimiento, título (Sr./Srta./Sra./Dr.), género, direcciones IP, fecha de parto, edad de los niños, nombres de los niños, actividad web

Whether you must provide personal data

These are the personal data you:

  • have permission to give us, and of your own free will give us (voluntary data):
    todos los datos personales
What are our legal grounds for processing your personal data?

Regular and/or "sensitive" personal data

We process your:

  • regular personal data.
  • "sensitive" personal data.

Our legal ground for processing your regular personal data is:

  • a contract to which you are a party.

    Personal data we process based on this legal ground is:
    Nombre, correo electrónico, domicilio, número de teléfono, fecha de nacimiento, título (Sr./Srta./Sra./Dr.), género

The legal ground for our processing of your “sensitive” personal data is:

  • your explicit consent to the processing of personal data for the purposes that we specify.

    Personal data we process based on this legal ground is:
    Fecha de parto

Do we perform automated decision-making and automated profiling?

Automatic profiling

We use your personal data to automatically evaluate aspects of your personality.

This automatic profiling:

  • can include analysis of your characteristics.
  • can include predictions of your behaviour.
  • are made by a computer solely.
  • are without a human influence.

No automatic decision-making

We do not use your personal data to make automatic decisions about you.

How long do we keep your personal data?
  • Storage limitation

    We limit the duration we store your personal data to what is necessary for our processing purposes.

Do we share your personal data?

Disclosure to recipients

We disclose your personal data to the following recipients:
nuestros procesadores de datos Salesforce, M3, Defacto, Fluido, BEExcellence, Norse, Bluecom, Satmetrix, Epiphany, Altapay, Amobee

Our legal grounds for disclosing your personal data to the recipients are:

  • your consent.
    nuestros procesadores de datos Salesforce, M3, Defacto, Fluido, BEExcellence, Norse, Bluecom, Satmetrix, Epiphany, Altapay, Amobee
Do we transfer your personal data outside the EU or EEA?

Transfers to countries outside the EU and EEA

We transfer your personal data to:

  • countries outside the EU and EEA, or
  • an international organization.

The personal data are transferred to:
Estados Unidos

Our legal ground for transferring your personal data is:

  • an adequacy decision adopted by the Commission.

    We specify the name of the adequacy decision and which personal data we process based on this legal ground:
    EU white list
    EU US Privacy Shield

Are your personal data secure?

Security

We secure your personal data:

  • with appropriate technical measures,
  • with appropriate organisational measures,
  • with an appropriate level of security,
  • against unauthorised processing,
  • against unlawful processing,
  • against accidental or unlawful loss,
  • against accidental or unlawful destruction, and
  • against accidental or unlawful damage.
    Nuestra política de seguridad de datos está disponible en www.stokke.com

Measures to discover, document, contain security breaches

We have measures to:

  • discover security breaches.
  • document the cause of the security breaches.
  • document which personal data that are affected by the security breach.
  • document actions (and reasons for actions) to remedy the security breach.
  • contain the security breach.
  • recover personal data.
  • return to a normal state of processing personal data.

Actions when security breach is discovered

If we have a reasonable degree of certainty of a breach of the security of the processing of your personal data, then we will:

  • report the security breach to the management.
  • assign a person with responsibility to

    • assess whether the security breach can have unfavourable effects for you,
    • inform relevant persons in our organisation,
    • determine whether it is necessary to notify the Supervisory Authority of the security breach, and
    • determine whether it is necessary to communicate information about the security breach to you.
  • investigate the security breach.
  • seek to prevent that a breach of security leads to:

    • accidental or unlawful destruction of the personal data,
    • accidental or unlawful loss of control of the personal data,
    • accidental or unlawful loss of access to the personal data,
    • accidental or unlawful alteration of the personal data,
    • unauthorised disclosure of the personal data, or
    • unauthorised access to the personal data.
  • mitigate the immediate risk of a damage.
  • notify the Supervisory Authority about the security breach, if the personal data breach is likely to lead to a risk for your rights and freedoms.
  • notify you of the security breach

    • if the breach is likely to lead to a high risk for your rights and freedoms,
    • as soon as possible,
    • via appropriate contact channels, e.g. via email, SMS, prominent banners on our website, postal communications, prominent advertisements in media etc.

    We are not obliged to notify you directly if

    • we have taken measures that render your personal data unintelligible to any person who is not authorised to access them,
    • we immediately after the security breach took steps to ensure that the high risk to your rights and freedom no longer is likely to happen, or
    • it would involve disproportionate effort. In such a case, we will inform you via public channels.
What are your rights?

Promise to fulfil rights

We fulfil your rights that concern the protection of your personal data.

You have the right to withdraw your consent to the processing of your personal data.

You can exercise this right at the time of your choice.

The withdrawal of your consent does not affect the lawfulness of the processing that we based on the consent that you gave before you withdrew your consent.

Right to confirmation

You have the right to demand that we confirm whether we process your personal data.

Conditions

Read Article 15 of the General Data Protection Regulation, for all details.

Limitations

Your right to obtain confirmation from us that we process (or do not process) your personal data:

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

Right to access

You have the right to demand that we give you access to your personal data (in cases when we process your personal data).

Conditions

Read Article 15 of the General Data Protection Regulation, for all details.

Right to copy

You have the right to demand that we send you a copy of your personal data (in cases when we process your personal data).

If you ask further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs.

Conditions

Read Article 15 of the General Data Protection Regulation, for all details.

Right to information about safeguards

You have the right to demand that we inform you about our safeguards for the transfer of your personal data to a country that is outside the EU and the EEA (in cases when we transfer your personal data to a country that is outside the EU and the EEA).

Conditions

Read Article 15 of the General Data Protection Regulation, for all details.

Right to rectification

You have the right to demand that we rectify your personal data that are inaccurate or incomplete, including by means that you provide us with supplementary information.

Conditions

Read Article 16 of the General Data Protection Regulation, for all details.

Limitations

Your right to obtain rectification of personal data that are inaccurate:

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

Right to erasure

You have the right to demand that we erase your personal data, if certain conditions are met.

Examples

Such conditions may for example be:

  • we process your personal data based on your consent, and you withdraw your consent, and another legal ground does not exist for our processing, or
  • we process your personal data based on our legitimate interests, and you object to our processing, and our legitimate ground does not override your objection, or
  • you object to our direct marketing to you, or
  • we collect your personal data via our website or app.

Conditions

Read Article 17 of the General Data Protection Regulation, for all details.

Right to restriction

You have the right to demand that we restrict our processing of your personal data, if certain conditions are met.

Examples

Such conditions may for example be:

  • you contest the accuracy of your personal data, or
  • we process your personal data based on our legitimate interests, and you wait to verify that our processing of your personal data have a legitimate ground that does not override your objection.

Conditions

Read Article 18 of the General Data Protection Regulation, for all details.

Limitations

Your right to require restriction of our processing of your personal data:

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

Right to object to direct marketing

If we process your personal data for direct marketing purposes, including profiling, you have the right to object to such processing, if certain conditions are met.

Conditions

Read Article 21(2) of the General Data Protection Regulation, for all details.

Limitations

Your right to object to our processing of your personal data for direct marketing purposes:

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.

Right to information about direct marketing

If we process your personal data for direct marketing purposes, including for profiling, then you have a right to demand that we inform you about your right to object:

  • at the latest at the time of the first communication with you,
  • explicitly, clearly and separately from any other information.

Conditions

Read Article 21(2) of the General Data Protection Regulation, for all details.

Right to receive personal data (“data portability”)

You have the right to demand that we provide you with the personal data that you have provided to us, if certain conditions are met.

Conditions

Read Article 20 of the General Data Protection Regulation, for all details.

Limitations

Your right to receive your personal data:

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.
  • includes your personal data that you have provided to us.
  • does not include your personal data that we have received from other sources than you.
  • includes any of your personal data that you actively and knowingly have provided to us.
  • includes your personal data that we observe from your activities.
  • does not include your personal data created by us (by using the personal data you have provided to us or by using the personal data that we observe) such as the outcome of an assessment of you.

Right to transfer personal data (“data portability”)

You have the right to transfer your personal data (that you have provided to us) from us to another organization, if certain conditions are met.

Conditions

Read Article 20 of the General Data Protection Regulation, for all details.

Limitations

Your right to receive your personal data:

  • does not include data that is anonymous.
  • includes only the personal data that concern you.
  • includes pseudonymous data that can be clearly linked to you.
  • includes your personal data that you have provided to us.
  • does not include your personal data that we have received from other sources than you.
  • includes any of your personal data that you actively and knowingly have provided to us.
  • includes your personal data that we observe from your activities.
  • does not include your personal data created by us (by using the personal data you have provided to us or by using the personal data that we observe) such as the outcome of an assessment of you.

Right to format (“data portability”)

You have the right to receive your personal data in a structured, commonly used and machine-readable format, provided such transmission is technically feasible, and if certain conditions are met.

Conditions

Read Article 20 of the General Data Protection Regulation, for all details.

How can you exercise your rights?

Communication about rights available

We invite you to communicate with us about the exercise of your rights concerning the protection of your personal data.

Written requests

We only accept written requests since we cannot deal with verbal requests immediately without first:

  • analysing the content of the request, and
  • identifying you.

Describe right to exercise

Your request should contain a detailed, accurate description of which right you want to exercise.

Identification document

You must provide us with a copy of an identification document to confirm your identity, for example:

  • an ID card or
  • a passport.

The document should contain:

  • an identification number,
  • country of issue,
  • period of validity,
  • your name,
  • your address, and
  • your date of birth.

Any other data contained in the copy of the identification document such as a photo or any personal characteristics, may be masked out.

We will not accept other means of assuring your identity.

If you wish to propose alternatives, we will assess them on a case-by-case basis.

Our use of the information on your identification document:

  • is limited to verify your identity, and
  • will not be stored for longer than needed for this purpose.

Where send request

You can send your request that concerns the protection of your personal data to:

Answer to request

You receive our answer to your request that concerns the protection of your personal data at:

  • your postal address.
  • your email address.

Time to respond to request

We inform you of our handling of your request that we exercise your rights (regarding the protection of your personal) within:

  • a month of the reception of your request.
Do you have a right to complain?

Complain to a supervisory authority

You can lodge a complaint to a supervisory authority:

  • where you usually live in the EU and the EEA.
  • at the place of your work in the EU and the EEA.
  • at the place of the alleged infringement in the EU and the EEA.

The Supervisory Authority should within a reasonable period inform you of:

  • the progress of the complaint, and
  • the outcome of the complaint.

Mandate an organization to complain

You can mandate that an organization lodges a complaint on your behalf with a Supervisory Authority.

The Supervisory Authority should within a reasonable period inform you of:

  • the progress of the complaint, and
  • the outcome of the complaint.

Judicial remedy

You can seek a judicial remedy in the EU and the EEA against:

  • a controller,
  • a processor, and
  • a Supervisory Authority.

Mandate an organization to exercise your right

You can mandate that an organization exercises your right:

  • to a judicial remedy on your behalf.
  • to a compensation for a damage as a result of a breach of the law on the protection of the personal data on your behalf.
Can you choose your privacy settings?

Privacy settings

You can choose why and how we process your personal data in your privacy settings:
Los clientes de la cuenta Stokke tienen opciones de configuración en su cuenta

Are we certified and do we follow a code of conduct?
  • Self-assessment of correctness of this policy

    We self-assess that the:

    • attestations in this policy are true, and
    • assertions in this policy are true.