Privacy Policy

This Privacy Policy was last updated on 27 February 2025

This Privacy Policy describes how Gisym (the "Website", "we", "us", or "our") collects, uses, and discloses your personal data when you visit, use our services, create a customer account, or make a purchase from gisym.com (the "Website") or otherwise communicate with us (collectively, the "Services").

For purposes of this Privacy Policy, "you" and ”your" means you as the user of the Services, whether you are a customer, Website visitor, or another individual whose information we have collected pursuant to this Privacy Policy. Please read this Privacy Policy.

 

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons.

You will always find the current updated Privacy Policy at our Website here. Or read more about Shopify's Privacy Policy here

 

What is personal data

Personal data is any kind of data that can be directly or indirectly connected to you. Examples include name, address, IP address and personal number.

 

Who is responsible for processing your personal data

Gisym, org. nr 19870718-8945, is the data controller for all the personal data processed by Gisym and is therefore responsible for processing your personal data.

 

How we collect personal data

We collect personal data about you when you order products from us, visit our Website, start an order but abandon your checkout, register as a customer on our Website, contact us, or subscribe to our newsletter.

 

What personal data we collect

The types of personal data we obtain about you depend on how you interact with our Website and use our Services. When we use the term “personal data”, we are referring to information that identifies, relates to, describes, or can be associated with you. The following sections describe the categories and specific types of personal data we collect.

 

When we are allowed to process your personal data

We will only collect, process, use or store your personal data if we have valid and lawful grounds to do so. Your personal data may be processed by us based on the following factors:

  • Consent: when you give us your consent, we process personal data for the specific purpose you have agreed to. You can at any given time withdraw your consent thereafter. For example, this applies when you ask us to send you one of our newsletters.
  • Contract: when we make products and services available to you, we process your personal data as necessary to fulfill a contract with you and to meet any obligations arising from the contract. For example, to fulfill the terms of a purchase contract.
  • Legitimate interest: we may process your personal data when required for our legitimate interest, provided that these interests do not outweigh your own rights and interests. This includes processing personal data for purposes such as providing customer service and security-related purposes such as fraud prevention.
  • Legal obligation: when processing your personal data is necessary to comply with legal obligations in the country where we operate.


For each specific purpose of processing your personal data, we will inform you of which of the legal grounds above applies.

 

How we process your personal data and why

Online purchase
The purpose of processing
We process your personal data to ensure that we can fulfill your orders or service requests, manage payment transactions securely and efficiently. As well as handle deliveries, complaints warranty issues, returns and refund effectively.

 

Personal data

  • Contact details such as full name, delivery address, phone number, and email address
  • IP address
  • Geolocation
  • Payment information
  • Customer account
  • Device Identification, such as a desktop or smartphone
  • Browser and network activity

 

Legal ground
When providing products and services to you, we process the personal data necessary to fulfill a contract with you. This includes meeting any obligations arising from that contract, whether related to orders, payments, returns, or the use of other services provided by us or by third parties.

 

Retention period
We do not store or process your personal data longer than necessary to fulfill our contractual and consumer obligations.

 

Customer service
The purpose of processing
We process your personal data to address your inquiries, handle any complaints, and to manage warranty claims. As well as provide technical support and improve the overall customer experience. 

We will contact you via email to respond to your questions about orders, deliveries, or returns.

 

Personal data

  • Contract details such as name, email address, and phone number
  • User-generated content such as email
  • To resolve your case, we may need access and use transaction details, such as order, payment, and delivery information

 

Legal ground
The processing of your personal data to provide you with the best possible customer service is based on our legitimate interest as a company.

 

Retention period
We retain your data as long as necessary to assist you with your inquiry and to handle any potential legal claims you may have as a customer. We may continue to store and use your data if we have remaining obligations towards you.

 

Customer account
The purpose of processing
To provide you with services and offers that is included in our customer program. This includes notifying you about offers, services and recommendations.

 

Personal data

  • Contract details such as name, address and email address
  • Order history


Legal ground

The processing of your personal data to create and manage your customer account and to provide personalized customer services is necessary to fulfil the membership agreement.

The processing of your personal data to send you offers, style updates, bonus discounts, birthday deals, and special invitations to sales and events is based on your consent to receive marketing communications from us.

 

Retention period

We retain and continue to process your personal data for as long as necessary to fulfill the customer agreement. We may retain your personal data for a longer period if required by law or during an ongoing dispute. If your customer account on our Website has no activity for more than one year, we will delete all of your data. However, please note that your account cannot be deleted in the following cases:

  • If you have pending redaction because of a GDPR erasure request.
  • If you are associated with one or more orders.

 

Marketing and offers
The purpose of processing
We process your personal data to create and distribute marketing materials, such as newsletters and marketing surveys through email.

We automatically collect certain information about your interaction with the Services (“Usage Data”). To do this, we use Cookies, and similar technologies (“Cookies”) (See section about Cookies).

 

Personal data

  • Contact details such as email address, phone number, and full name
  • Order history
  • IP address
  • Behavioural data collected via Cookies

 

Legal ground

When we send you direct marketing materials, we rely on your consent to receive personalized newsletters and text messages.

Additionally, the use of Cookies or similar tracking technologies in your browser/on your device is based on your consent, which is obtained through a cookie banner.

You can at any time withdraw you given consent by contacting us at info@gisym.com

 

Retention period

We retain and continue to process your personal data for as long as your customer account is active or you are subscribed to us. If your customer account on our Website has no activity more than one year, we will delete all of your data. All of your data will also be delete when you unsubscribe from us.

 

Security
The purpose of processing
To protect our customers, users, visitors we process your personal data to safeguard against fraud, misuse or other harmful activities.

Personal data

  • Payment history
  • Order history
  • Purchase patterns


Legal ground
It is our legitimate interest to keep our website secure for you and other customers.

 

Retention period

We retain and continue to process your personal data for as long as your customer account is active. We may retain your personal data for a longer period if required by law or during an ongoing dispute. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately at info@gisym.com

 

Third-party websites and links

Our Website may provide links to websites or other online platforms operated by third parties. If you follow links to sites not aliated or controlled by us, you should review their privacy and security policies and other terms and conditions. If you choose to connect your social network account to our Website via a third-party online service, we will receive your personal data based on your privacy settings for that service.

 

Cookies

Like many websites, we use Cookies on our Website. For specific information about the Cookies that we use related to powering our store with Shopify, see https:// www.shopify.com/legal/cookies. We use Cookies to power and improve our Website and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Website to better tailor the services, products and advertising on our Website and other websites.

Only Cookies that are needed for the function of the Website are automatically accepted, any other Cookies you can manage preferences yourself anytime by clicking on Cookies symbol on your device's screen. If you have any question, please contact us at info@gisym.com

 

Security and retention of your personal data

We use technical and organizational measures to protect the confidentiality, integrity, and availability of personal data. Specific security measures have been implemented to safeguard your personal data from unlawful or unauthorized processing (such as unauthorized access, loss, destruction, or damage). Only individuals who genuinely need to process your personal data to fulfill our purposes have access to it.

We continuously evaluate our systems, procedures, and policies to ensure they remain secure and protected. If you would like to know more, feel free to reach out using the contact information provided at the beginning of the Privacy Policy.

 

Where and who we share your personal data with

Please note that we may transfer, store and process your personal data outside the country you live in. Your personal information is also processed by sta and third-party service providers and partners in these countries.

If we transfer your personal information out of the EU/EES, we will rely on recognized transfer mechanisms like the European Commission’s Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

We share only the necessary personal data of our customers with Shopify and other third parties just to fulfill our Service to you. We do not sell any personal data. 

Here is a list of our third-party services we share your personal data read here

 

Your rights

Depending on where you live, you may have some or all of the rights listed below in relation to your personal data. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

  • Right to access: You may have a right to request access to personal data that we hold about you, including details relating to the ways in which we use and share your information.
  • Right to erasure: You may have a right to request that we delete personal data that we process about you.
  • Right to rectification: You have a right to request that we correct inaccurate personal information we process about you.
  • Right of data portability: You may have a right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Restriction of processing: You have the right to object to the processing of your personal data on the basis of a balancing of interests. You also may object to our processing of your personal data for marketing purposes. We will then cease to process your personal data.
  • Right to withdraw consent: You may at any time withdraw your consent you have given us, either as a whole or partly, with effect from the day of the withdrawal.
  • Right to object: If you have any complaints regarding our processing of your personal data, you have the right to send a complaint to the Swedish Authority for Privacy Protections (IMY).

You may exercise any of these rights were indicated on our Website or by contacting us using the contact details provided below and we will get back to you as soon as possible always within 30 days.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.

You can control how Shopify uses your personal data here.

 

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below.

If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with Integritetsskyddsmyndigheten (IMY) or your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.

 

Contact

Should you have any questions regarding our processing of your personal data, or if you wish to exercise any of your rights relating to our processing of your personal data, please contact us at info@gisym.com