Privacy Policy

This policy determines how Hasta AB (with the brands Hasta, Lectus Sängar, and Descotex) processes your personal data.

What is personal data?
Personal data is all information that can be used, on its own or together with other information, to identify a person. That is, all types of information that can directly or indirectly be attributed to a living physical person. This could include, for example, name, email address, but also images and sound recordings processed on a computer, even if no names are included. Encrypted data and various types of electronic identifiers, such as IP numbers, are considered personal data if they can be linked to physical persons.

What does it mean to process personal data?
Any type of handling of personal data is considered processing, regardless of whether it is an automated action or not. This could include, for example, actions such as collecting, registering, storing, modifying, organizing, transferring, or deleting personal data.

Data Controller
Hasta AB, corporate identity number 556477-7828. Fabriksgatan 12, 731 50 Köping, Sweden.

Providing personal data is voluntary. If you wish to delete or limit the use of your personal data, please email info@hasta.se, call +46 (0)221-345 00, or write to Hasta AB, Fabriksgatan 14, 731 50 Köping, Sweden, and inform us. Please note that processing some of your personal data is required to shop with us and use our website.

1. What personal data is collected, for what purpose, and how long is it stored?

1.1 Purpose: Managing purchases/orders.

Personal data

  • Name
  • Contact information (e.g., address, email, phone number)
  • Payment history
  • Payment information
  • Credit checks from credit reporting agencies
  • Purchase information (e.g., ordered products, delivery address)
  • User data for those who have provided information in "My Account"

Processing activities

  • Delivery (including notification and contacts regarding delivery)
  • Identification and age verification
  • Payment processing via Klarna
  • Handling of complaints and warranty matters

Legal basis: Fulfillment of the purchase agreement.
We collect this personal data as it is required for us to fulfill our obligations under the purchase agreement. We may be forced to refuse your purchase if the data is not provided, based on the fact that we would then not be able to fulfill our obligations.

Storage period: We store the data until the purchase is completed, delivered, and paid for, and then for 36 months thereafter to fulfill our warranty obligations and handle any complaint cases.

1.2 Purpose: Fulfilling the company's legal obligations

Personal data

  • Name.
  • Contact information (e.g., address, email, and phone number)
  • Payment history
  • Payment information
  • Your correspondence
  • Date of purchase

Processing activities

  • Necessary handling for fulfilling the company's legal obligations under legal requirements, court rulings, or government decisions (e.g., the Accounting Act, the Money Laundering Act, or regulations on product liability and product safety, for example, to be able to contact customers about product recalls in case of defective or unsafe goods)

Legal basis: Legal obligation.
We collect this personal data as required by law. We may be forced to refuse your purchase if the data is not provided, based on the fact that we would then not be able to fulfill our legal obligation.

Storage period: We store the data until the purchase is completed, delivered, and paid for, and then for 36 months thereafter to fulfill our warranty obligations and handle any complaint cases.

1.3 Purpose: Handling service matters

Personal data

  • Name
  • Contact information (e.g., address, email, and phone number)
  • Your correspondence
  • Information about purchase date, place of purchase, possible fault/complaint
  • Technical data about your product
  • User data for those who have provided information in "My Account"

Processing activities

  • Identification
  • Communication and answering any questions to customer service, via phone as well as digital channels including social media
  • Investigation of service matters including technical support

Legal basis: Legitimate interest.
We collect and process this data as it is necessary to satisfy our and your legitimate interest in handling service matters.

Storage period: We store the data for 36 months from the end of the service matter.

1.4 Purpose: Evaluating, developing, and improving our services, products, and systems for our customers

Personal data

  • Age
  • Gender
  • Place of residence
  • Purchase and user-generated data (e.g., click and visit history)
  • Information about devices and settings, including IP address, browser settings, language settings, operating system, and screen resolution.
  • Information about your behavior on our website, e.g., how you found the website, how long you visited different pages, response times, and similar

Processing activities

  • Making our website more user-friendly and clearer for you as a customer
  • Preparation of documentation to develop and improve our product range and to give customers the opportunity to influence our product range
  • Preparation of documentation to develop and improve our resource efficiency from an environmental and sustainability perspective (e.g., by streamlining purchasing and delivery planning)
  • Preparation of documentation to improve IT security for the company and our customers

Legal basis: Legitimate interest.
We collect and process this data as it is necessary to satisfy our and your legitimate interest in a simple and clear purchase process and a user-friendly experience of our services, products, and systems.

Storage period: We store the data for 36 months from collection.

1.5 Purpose: Sending digital newsletters with offers and information to subscribers

Personal data

  • Email address
  • IP address
  • Time of registration
  • Browser and/or email client

Processing activities

  • Transfer to the MailChimp platform which provides the solution for sending newsletters
  • Creation of your personal offers and general member offers.
  • Creation of personalized and relevant email mailings via Mailchimp
  • Analysis of newsletter results to see who opened the email and who clicked on links

Legal basis: Legitimate interest.
The processing is necessary to satisfy our and our subscribers' legitimate interest in offers and information in email mailings, for which they have given consent to receive newsletters.

Storage period: Until consent is withdrawn by you manually unsubscribing from our newsletter.

1.6 Purpose: Delivering a personalized experience of our services

Personal data

  • Name
  • Username
  • Age
  • Gender
  • Place of residence
  • Purchase history

Processing activities

  • Creation of personalized content on our website
  • Improvement of your user experience of our website, e.g., by saving your favorites and shopping cart to facilitate future purchases
  • Creation of relevant product recommendations/ads on Facebook
  • Creation of relevant search results on Google

Legal basis: Legitimate interest.
We collect and process this data as it is necessary to satisfy our and your legitimate interest in personal offers and relevant marketing.

Storage period: From the time you visited our website and for a period of 26 months.

2. Who has access to your personal data?

Personal data may be disclosed to Hasta's partners if necessary to offer our services. Personal data is disclosed to authorities only when required by law or official decision. We share your personal data with the following partners:

  • Logistics companies and freight forwarders to deliver your goods
  • Payment solutions such as Klarna (see section 2.1)
  • Marketing companies (such as advertising agencies, printing companies, social media)
  • IT services (companies that manage the operation and development of our website)
  • Google Analytics (see section 2.2)
  • Facebook (see section 2.3)
  • Mailchimp (see section 2.4)

2.1 Klarna

We share your personal data with Klarna via the WooCommerce Klarna Gateway plugin to handle payments. Klarna uses personal data, among other things, to assess your creditworthiness for invoice payments and partial payments.

2.2 Google
Your personal data is disclosed to Google because we use Google Analytics, which means your personal data may be forwarded to and stored on Google's servers. These are located around the world; read more about storage under section 5.

The data we share with Google is your IP address and your behavior on our website. This is used at an aggregated level for analysis to improve our service and user experience on our website via Google Analytics. It is also used to customize search results and marketing to make it more relevant to you. Your personal data may also be used by Google for evaluating their services. Read more under section 1.6.

2.3 Facebook
Your personal data may, by us sharing your data with Facebook, be stored on some of Facebook's servers outside Europe. Read more about storage under section 5.

We use Facebook's own plugin Facebook for Woocommerce which, via a pixel, collects your IP address and information about your behavior on our website (which pages you have visited, which products you have added to the cart, and which products you have purchased). This data is used at an aggregated level for analysis and at an individual level for personalized and relevant ads. Read more under section 1.6.

2.4 Mailchimp
We share your personal data with Mailchimp to send email newsletters to those who subscribe to our newsletter. Your personal data may therefore be forwarded to, and stored on, MailChimp's servers.

Newsletters sent with MailChimp contain so-called web beacons that allow us to collect information about when you opened the email, your IP address, your browser and/or email client, and other similar details. These help us measure campaign performance to see who has opened the newsletters and who has clicked on links in the content. MailChimp uses this information to create reports on newsletter performance and what actions our subscribers took. These reports are also available to MailChimp, which may collect and review this information. These reports are also available to MailChimp, which may collect and review this information.

3. Cookies

Hasta uses cookies to improve the website. Some cookies are necessary for the website to function properly, while others are used for us to improve the website and user experience or for marketing.

A cookie is a small amount of data that most websites you visit send to your browser and that is stored there. Cookies are typically used to improve the user experience by remembering what language you want to use, if you are logged in, which screen you are using, etc.

We use cookies for:
– To keep you logged in while on the site
– To improve your user experience by, for example, saving items you add to your shopping cart between sessions
– For marketing purposes

You can also control the use of cookies yourself via your browser or device. Our website and services may not function correctly, or at all, if you block or delete cookies.

4. Where do we process your personal data?

We strive to have your personal data processed within the EU/EEA. All our own processing of your personal data takes place within the EU/EEA. The data we share with, and which is handled by, MailChimp, Facebook, and Google may be transferred to and stored in countries outside the EU/EEA.

Mailchimp, Facebook, and Google operate in accordance with GDPR and ensure the same security for your personal data as within the EU/EEA.

5. How long do we store your personal data?

You can read how long we store personal data for each purpose for which we collect personal data under point 1. However, we never store personal data longer than necessary.

6. Your rights

Right of access: You have the right to request information about the personal data we hold about you at any time. You have the right to know what we collect, where it is stored, how it is used, and why we collect, process, and store your information.

Right to rectification: In case of incorrect or incomplete data, you have the right to request that it be corrected. As a member of Hastahome.se, you can change some information on My Pages.

We may still need to save some data if it is necessary for the purposes for which it was collected or processed. We also have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain data.

Right to restriction: You also have the right to restrict our processing of your personal data.

Right to data portability: You have the right to request that the personal data we hold about you be transferred to another data controller.

Right to erasure: You can withdraw your consent regarding the use of your personal data at any time, and you also have the right to have your personal data erased and to stop any future collection and use of data. If you wish to delete your personal data, you can either email info@hasta.se, call +46 (0)221-345 00, or write to Hasta AB, Fabriksgatan 14, 731 50 Köping, Sweden.

7. How is your personal data protected?

We want you to feel secure with our processing of your personal data and use IT systems to protect the confidentiality, integrity, and availability of this data. We have taken necessary security measures to protect your personal data against unlawful or unauthorized processing. We do not collect more data than necessary, and your personal data is not processed by, or accessible to, more people than necessary for us to fulfill our stated purposes.

Datainspektionen (Swedish Data Protection Authority)
The Swedish Data Protection Authority is responsible for overseeing the application of legislation. You can also contact them if you believe a company is handling personal data incorrectly.

8. Changes to policy

We reserve the right to change this policy and will notify you of such changes with reasonable notice. If you do not approve of the changes, you can refuse consent or withdraw any previously given consent.