Amager Strandvej 122A, 4th floor, 2300 Copenhagen S.
Tel. +45 24 62 08 85
Protection of your personal data
We take the protection of your personal data seriously and therefore want to create openness and transparency about how we collect, store and process your personal data. Therefore, we have developed this Personal Data Policy on how your personal data is processed and protected.
Purpose of treatment
Our purpose in collecting personal data is to be able to dispatch and invoice orders correctly and to communicate with our customers during the sales, process and follow-up.
Information we collect
We collect the following information:
Name, address, e-mail address, phone number, payment method.
The company's data controller is responsible for ensuring that your personal data is processed in accordance with applicable personal data legislation. Our data controller is:
How do we collect your personal data?
We collect your personal data when you buy a product in our webshop or contact us by phone, email or forms. There is a contact form on the website, in which we also ask you to provide your personal data so that we can contact you as requested or process any returns. We ensure that you always give your explicit consent for us to process your personal data.
In order to offer you Klarna's payment methods, we may disclose your personal data in the form of contact and order details to Klarna at checkout, in order for Klarna to assess whether you qualify for their payment methods and to tailor these payment methods to you. Your personal data transferred will be processed in accordance with Klarna's own privacy statement: www.klarna.com/international/privacy-policy
How do we store your personal data?
Your personal data is stored on the website and on e-mail, both of which are encrypted via a security certificate. When making purchases and using the contact form on the website, your information is stored on the encrypted website or email.
Your data is stored within the EEA (European Economic Area), but can also be transferred and used in a country outside the EEA. All transfers of your personal data are carried out in accordance with applicable law. Transfers to countries outside the EEA are always carried out with the necessary transfer safeguards. This will be the case in relation to Google (including Gmail) and Microsoft (including OneDrive), which are located in the United States.
Who has access to your personal data?
Your personal data will be shared with Mitomito employees who need to see your data in order to perform their duties. Your personal data will not be shared with more employees than necessary to properly deliver an ordered product to the customer.
Mitomito never provides your personal data to third parties for marketing purposes outside our own company. If your personal data is disclosed to third parties, it is only for the purpose of, for example, delivery, where we use Pakkelabels and GLS.
Your personal data may be transferred to external partners who process your data on our behalf. We use external partners for, among other things, technical operations. These partners are our data processors and act only on our instructions, so they may not use the information for any purpose other than to process the information on our behalf. They are subject to data confidentiality and we enter into written data processing agreements with all of them.
We use data processors established in the United States, including for example Google. The necessary safeguards for the transfer of data to the United States are ensured through the data processor's certification under the EU-U.S. Privacy Shield, in accordance with Article 45 of the GDPR. If we use data processors established outside the EU other than those mentioned, this will always be done in compliance with valid transfer safeguards.
Your rights as a registered user
As a data subject, i.e. a person about whom we have recorded personal data, you have a number of rights.
Right of access
You have the right to request access to the personal data we process about you, as well as information about the processing operation(s) we carry out.
Right of rectification
You have the right to request that inaccurate information about you be corrected, as well as the right to have incomplete personal data completed (updating).
Right to erasure
You have the right to have your personal data deleted at any time, except in a number of specified situations:
- If the processing is necessary for the exercise of our right to freedom of expression and information
- If our continued processing is necessary to comply with a legal obligation
- If our continued processing is necessary for archival purposes in the public interest or for scientific or historical research or statistical purposes
- If our continued processing is necessary for the establishment, exercise or defence of a legal claim
Right to restriction of processing
You have the right to request restriction of the processing of your personal data in the following cases:
- You dispute the accuracy of the personal data
- If we process the data unlawfully and you object to the erasure of the data
- If we no longer need the personal data for processing but it is necessary for the establishment, exercise or defence of a legal claim
- You have objected to the processing
Right to data portability
You have the right to be sent a copy of the personal data you have provided to us in a structured and commonly used way and in a machine-readable format to either you or another data controller, if our processing of your data is carried out automatically and is based on consent or is necessary for the performance of a contract.
Right to object
You have the right to object at any time to the otherwise lawful processing of your personal data if we process personal data on any of the following grounds:
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
- The processing is necessary for us to pursue legitimate interests
Right not to be subject to a decision based solely on automated processing, including profiling
You have the right not to be subject to a decision based solely on automated processing which produces legal effects or significantly affects you in a similar way.
How do you exercise your rights?
You may request the exercise of one or more of the above rights by using this form. We will process your request without undue delay and within one month of receipt.
Valid legal basis for the processing
Our processing of your personal data is based on Article 6(a) of the GDPR concerning consent and Article 6(b) concerning contract. This means that we always obtain valid consent for us to collect, store and process your personal data, or that we process it on the basis of a contract between us and the customer.
Deleting your data
We delete your personal data when we no longer need it and no later than 5 years after you last shopped with us. Data may be stored for longer if we have a legitimate need for it, for example if it is necessary for us to comply with a legal requirement.
If you believe that we are processing your personal data in an incorrect or unlawful manner, you can contact our data controller. We will always do our best to ensure that you feel comfortable entrusting us with your personal data. You also have the possibility to complain to the Data Protection Authority.
We ensure that appropriate technical and organisational security measures are implemented on an ongoing basis to prevent the accidental or unlawful destruction, loss, alteration or unauthorised disclosure or misuse of your personal data.
Cookies are small text files that can be used by websites to make the user experience more efficient.
By law, we store cookies on your device if they are strictly necessary to ensure the delivery of the service you have explicitly requested to use. If we want to use other cookies, we need your consent.
Mitomito uses mostly necessary cookies, however we also use Google Analytics to collect statistics from users on our website. It can be turned off here.
We do not pass on your information to third parties.
You can delete cookies at any time. See how here.