MonkeySports privacy policy

INTRODUCTION
MonkeySports protects your personal integrity and endeavours to apply a high level of data protection. This privacy policy explains how we collect and use your personal information, as well as describing your rights and how you can assert them. 
It is important for you to read and understand the privacy policy; you will feel secure in the way in which we handle your personal information. You are always welcome to contact and use dataprotection(at)monkeysports.se to put questions to our colleagues who handle questions about data protection.

We have made it easy for you to access. Below you can easily navigate to the sections that you would like to read.

1. What is personal information and what constitutes handling of personal information?

2. Who is responsible for the personal information that we collect?

3. Which personal information do we collect about you as a customer and why (purpose)?
3.1. To be able to handle an order or a purchase.
3.2. To be able to fulfil the company’s legal obligations.
3.3. To be able to handle cases through support/customer services.
3.4. To be able to market our products and services directly to you.

3.5. To be able to process and implement participation in competitions and/or events.
3.6. To be able to administrate your membership and to be able to create My pages.

3.7. To be able to evaluate, develop and improve our services, products and systems for the overall collection of customers and to offer you a personal and relevant experience in our range of products and services.

3.8. To be able to prevent misuse of a service or to prevent, forestall and investigate crime against the company.

4. From which sources do we collect your personal information?

5. With whom may we share your personal information?

6. Where do we process your personal information?

7. For how long do we keep your personal information?

8. What are your rights as a registered person?

9. How do we handle personal registration numbers?

10. What are cookies and how do use we them?

11. Can you control the use of cookies yourself?

12. How is your personal information protected?

13. What does it mean that the Swedish Data Protection Authority is the supervisory authority?

14. What is the easiest way for you to contact us if you have questions about data protection?


1. WHAT IS PERSONAL INFORMATION AND WHAT CONSTITUTES HANDLING OF PERSONAL INFORMATION?
Personal information constitutes all types of information which can directly or indirectly be attributed to a physical person who is alive. Pictures (photos) and sound recordings which are handled in a computer can be personal information, even if no names are mentioned. Encrypted details and different types of electronic identity (e.g. IP number) constitute personal information if they can be connected to physical persons. The handling of personal information is everything that takes place using said personal information. Every action performed using personal information constitutes handling, irrespective of whether or not it is done in an automated way. Examples of common means of handling include collection, registration, organisation, structuring, storage, processing, transfer and deletion.

 

2. WHO IS RESPONSIBLE FOR THE PERSONAL INFORMATION THAT WE COLLECT? 
MonkeySports Sweden AB, co. reg. no.556647-8896, address Uthamnsvägen 9, 151 38 Södertälje, Sweden, is the personal information manager for the company’s and the Group’s handling of personal information.

 

3. WHICH PERSONAL INFORMATION DO WE COLLECT ABOUT YOU AS A CUSTOMER AND WHY (PURPOSE)?

3.1.

Purpose

 To be able to handle an order or a purchase.

Actions performed

  Delivery (including notification and contacts concerning the delivery).
  Handling of payment (including analysis of possible payment solutions which may involve checking against the payment history and obtaining credit details from Klarna).
  Handling of any claims and warranty cases.

Categories of personal information

 • Name.
 • Contact details (e.g. address and email).
 • IP address.
 • Personal registration number (Klarna).
 • Purchase information (e.g. which good has been ordered or whether the good is to be delivered to another address).
 • User details for My pages (members only).

Legal basis: Fulfilment of the purchase agreement. This collection of your personal information is required for us to be able to fulfil our undertakings in accordance with the purchase agreement. If the details are not given our undertakings cannot be fulfilled and we are therefore forced to deny you the purchase.

Storage period: Until the purchase has taken place (including delivery and payment) and for a period of 36 months thereafter for the purpose of being able to handle any claims and warranty cases.

 

3.2.

Purpose

 To be able to fulfil the company’s legal obligations.

Actions performed

 • Necessary handling for the fulfilment of the company’s legal obligations in accordance with legal requirements, court decisions or an authority’s decision (e.g. the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require the production of communication and information to the public and customers on product alerts and product recalls in the event of something such as a defect or a product that is dangerous to the health).

Categories of personal information

 • Name.
 • Contact details (e.g. address and email).
 • IP address.
 • Personal registration number (Klarna).
 • Purchase information (e.g. which good has been ordered or whether the good is to be delivered to another  address).
 • User details for My pages (members only).

Legal basis: Legal obligation. This handling is required to fulfil applicable legal obligations.

Storage period: For the period that is necessary to fulfil the relevant legal obligation or in accordance with applicable legal requirements. For example, there are requirements in the Accounting Act stating that we must store specific information on your purchase for 7 years.

 

3.3.

Purpose

 To be able to handle cases through support/customer services.

Actions performed

 • Communication and responding to any questions to customer services (by telephone or through digital channels, including social media).
 • Identification.
 • Investigation into any complaints and support cases (including technical support).

Categories of personal information

 • Name.
 • Contact details (e.g. address and email).
 • IP address.
 • Payment history.
 • Payment information.
 Your correspondence.
 • Details of time of purchase, place of purchase, any fault/complaint.
 • Technical details about your equipment.
 • Health data (e.g. allergic reactions you tell us about).

Legal basis: Legitimate interest. The handling is necessary to provide for our and your legitimate interest in handling cases through support/customer services.

Storage period: 30 days after the case has been concluded.

 

3.4.

Purpose

 To be able to market our products and services directly to you.

Actions performed

 • Send direct marketing by email.
 • Carry out campaigns or send you offers and invitations to events.

Categories of personal information

 • Name.
 • Email.
 • Purchase history.

Legal basis: Legitimate interest. The handling is necessary to provide for our legitimate interest in being able to market our products and services and your legitimate interest in receiving offers and invitations.

Storage period: Until you tell us that you no longer wish to receive direct marketing from us, or if you as a member have been inactive for 36 months. you can deregister yourself from email directly in the message we sent you.

 

3.5.

Purpose

 To be able to handle and implement participation in competitions and/or events.

Actions performed

 • Communication before and after participation in a competition or an event (e.g. announcement or evaluation).
 • Identification and checking of age.
 • Choice of winner and the communication of any winnings.

Categories of personal information

 • Name.
 • Contact details (e.g. address and email).
 • Details submitted in competition entries and evaluation.

Legal basis: Legitimate interest. The handling is necessary to provide for our and your legitimate interest in handling your participation in competitions and/or events.

Storage period: 3 months after the end of the competition and/or event (including evaluation).

 

3.6.

Purpose

 To be able to administrate your membership and to be able to create My pages.

Actions performed

 • The creation of logging in function.
 • 
The maintenance of correct and up-to-date details.
 • 
The option for you to follow your purchase and payment history.
 • 
The option for you tot save favourites and similar facilitating measures.
 • 
Handling of your customer choice (e.g. your profile and your settings).

Categories of personal information

 • Name.
 • Contact details (e.g. address and email).
 • Purchase history.
 • 
Payment history.
 • 
Payment information.
 • 
User name and password.
 • 
Settings regarding your profile and your personal choices.

Legal basis: Legitimate interest. The handling is necessary to provide for our and your legitimate interest in being a member.

Storage period: Until the membership ends (may be manually or automatically due to inactivity of a period of 36 months).

 

3.7.

Purpose

 To be able to evaluate, develop and improve our services, products and systems for the overall collection of customers and to offer you a personal and relevant experience in our range of products and services.

Actions performed

 • Adaptation of services to become more user friendly (e.g. change the user interface to simplify the flow of information or to highlight functions that are often used by customers in our digital channels).
 • The production of bases for the purpose of improving the flows of products and logistics (e.g. by being able to forecast purchases, warehouses and deliveries).
 • The production of bases to develop and improve our range.
 • The production of bases for the purpose of planning new shops and warehouses and any closures thereof.
 • Give our customers the option of influencing and reviewing our range.
 • The production of bases to improve IT systems for the purpose of generally increasing security of the company and our customers/visitors.

Categories of personal information

 • Age.
 • Gender.
 • Home town.
 • Correspondence and feedback regarding our products and services.
 • Purchase and user-generated data (e.g. click and visit history). 
 • Technical data concerning units that are used and their settings (e.g. language setting, IP address, web browser settings, time zone, operating system, screen 
resolution and platform).
 • Information on the way in which you have interacted with us, i.e. how you have used the service, login method, where and for how long different pages have bee visited, response times, download errors, how you reach and leave the service, etc.

Legal basis: Legitimate interest. The handling is necessary to provide for our and our customers’ legitimate interest in evaluating, developing and improving our services, products and systems.

Storage period: From the time of collection and for a period of 36 months thereafter.

 

3.8.

Purpose

 To be able to prevent misuse of a service or to prevent, forestall and investigate crime against the company.

Actions performed

 • Prevention of and investigation into any instances of fraud or other infringements of the law (e.g. incident reporting in shops). 
 • Prevention of spam, phishing, harassment, attempts to unlawfully log into the user accounts or other actions which are forbidden in accordance with the law or our purchase terms.
 • Protection and improvement of our IT environment against any attacks and intrusions.

Categories of personal information

 • Personal registration number (Klarna).
 • Gender.
 • Purchase and user-generated data (e.g. click and visit history).
 • Technical data concerning units that are used and their settings (e.g. language setting, IP address, web browser settings, time zone, operating system, screen resolution and platform).
 • Details about how our digital services are used.

Legal basis: Fulfilment of legal obligation (if such exists) or legitimate interest. If there is no legal obligation, the handling is necessary to provide for our legitimate interest in preventing the misuse of a service or to prevent, forestall and investigate crime against the company.

Storage period: From the time of collection and for a period of 36 months thereafter.


4. FROM WHICH SOURCES DO WE COLLECT YOUR PERSONAL INFORMATION? 
Over and above the details you give us yourself or that we collect from you based on your purchase and how you use our services.

 

5. WITH WHOM MAY WE SHARE YOUR PERSONAL INFORMATION? 
In cases where it is necessary for us to be able to offer our services, we share your personal information with companies that are personal information processors for us. A personal information processor is a company that handles information on our behalf and in accordance with our instructions.

We have personal information processors who help us with: 
1) Transporters (logistics companies and forwarding agents). 
2) Payment solutions (card redemption companies, banks and other payment service providers). 
3) Marketing (print and distribution, social media, media agencies or advertising agencies). 
4) IT services (companies which handle necessary operation, technical support and maintenance of our IT solutions). 

When we share your personal information with personal information processors, this is solely for purposes which are compatible with the purposes for which we have collected the information (e.g. to be able to fulfil our undertakings in accordance with the purchase agreement). We always check all personal information processors to ensure that they can provide adequate guarantees regarding the security and confidentiality of personal information.

We also share your personal information with certain companies which are independent personal information managers. The company being an independent personal information manager means that we are not the ones who control the way in which the information that is given to the company will be handled.
 
Independent personal information managers with whom we share your personal information are: 
1) Government authorities (the police, the Tax Agency or other authorities) if we are obliged to do so in accordance with the law or where crime is suspected. 
2) Companies that deal with the transportation of public goods (logistics companies and forwarding agents). 
3) Companies that offer payment solutions (card redemption companies, banks and other payment service providers).
When your personal information is shared with a companies that is an independent personal information manager, the company’s privacy policy and personal information handling apply.

 

6. WHERE DO WE HANDLE YOUR PERSONAL INFORMATION? 
We always strive to ensure that your personal information is handled within the EU/EEA and all of our own IT systems are within the EU/EEA. However, at the time of system support and maintenance, we may be forced to transfer the information to a country outside the EU/EEA, e.g. if we share your personal information with a personal information processor who, either itself or through a subcontractor, is established or stores information in a outside the EU/EEA. In these cases, the processor may only see the information that is relevant to the purpose (e.g. log files). Irrespective of which country your personal information is handled in, we take all reasonable legal, technical and organisational steps to ensure that the level of protection is the same as within the EU/EEA. In cases where personal information is handled outside the EU/EEA, the level of protection is guaranteed either through a decision from the EU Commission stating that the country in question ensures an adequate level of protection or through the use of suitable protection measures. Examples of suitable protection measures are approved code of conduct in the recipient country, standard agreement clauses, binding intra-company rules or Privacy Shield. If you would like a copy of the protection measures that have been taken or information on where these have been made available, you are welcome to contact us.

 

7. FOR HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We never retain your personal information for longer than is necessary for each purpose. See more above about the specific storage periods under each purpose.

 

8. WHAT ARE YOUR RIGHTS AS A REGISTERED PERSON? 
Right of access (register extract): 
We are always open and transparent with the way in which we handle your personal information and if you would like deeper insight into which personal information we handle about you, you can request access to the details (the information is given in the form of a register extract stating purpose, categories of personal information, categories of recipient, storage periods, information on where the information has been collected from and where automated decisions are made).
Remember that if we receive a request for access, we may ask for further details to ensure efficient handling of your request and that the information is given to the right person.

Right to correction:
You can request that your personal information be corrected if the details are incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal information.
Remember that you as a member of MonkeySports can change certain details directly through My pages.

Right to deletion:
You can request deletion of personal information that we handle about you if: 
*The details are no longer necessary for the purposes for which they have been collected or handled. 
*You object to a balancing of interests that we have carried out based on legitimate interest and your reasons for objection outweigh our legitimate interest. 
*You object to mot handling for direct marketing purposes. 
*The personal information is handled illegally. 
*The personal information must be deleted to fulfil a legal obligation by which we are covered. 
*Personal information has been collected about a child (below the age of 13) for whom you have parental responsibility and the time of collection was in connection with an offer of the information society’s services (e.g. social media).
Remember that we may have the right to deny you the request if there are legal obligations that prevent us from immediately deleting certain personal information. These obligations come from book-keeping and tax legislation, bank and money laundering legislation, but also from consumer rights legislation. The handling may also be necessary for us to be able to establish, invoke or defend legal claims. Should we be prevented from granting a request for deletion, we will instead block the personal information from being used for purposes other than the purpose preventing the requested deletion.

Right to limitation:
You have the right to request limitation of our handling of your personal information. If you contest that the personal information that we handle is correct, you can request limited handling for the period we need to check whether the personal information is correct. If we no longer need the personal information for the established purposes but on the contrary you need it to be able to establish, invoke or defend legal claims, you can request limited handling of the details by us. This means that you can request that we do not delete your details.

If you have objected to a balancing of legitimate interests that we have carried out as a legal basis for a purpose, you can request limited handling for the period we need to check whether our legitimate interests outweigh your interests in having the details deleted.
If the handling has been limited in accordance with one of the situations above, we may only, in addition to the actual storage, handle the details to establish, invoke or defend legal claims, to protect another party’s rights or if you have given your consent.

Right to make objections to a specific type of handling:
You always have the right to avoid direct marketing and to object to all handling of personal information that is based on a balancing of interests.
Legitimate interest. In cases where we use a balancing of interests as a legal basis for a purpose, you have the option of objecting to the handling. To be able to continue handling your personal information after such an objection, we need to be able to show an imperative legitimate reason for the relevant  handling which outweighs your interests, rights or freedoms. In other cases, we must only handle the details to establish, exercise or defend legal claims.

Direct marketing (including analyses carried out for direct marketing purposes):
You have the option of objecting to your personal information being handled for direct marketing. The objection also covers the analyses of personal information (profiling) which are carried out for direct marketing purposes. Direct marketing means all types of outreach marketing measures (e.g. by post and email). Marketing measures where you as a customer have actively chosen to use one of our services or have otherwise looked us up to find out more about our services are not counted as direct marketing (e.g. product recommendations or other functions and offers on My pages).
If you object to direct marketing, we will stop handling your personal information for that purpose and stop all types of direct marketing measures.

Right to data portability:
If our right to handle your personal information is based on either your consent or fulfilment of an agreement with you, you have the right to request to have the details concerning you and which you have given us transferred to another personal information manager (known as data portability). One condition for data portability is that the transfer is technically possible and can take place in an automated way.

 

9. HOW DO WE HANDLE PERSONAL REGISTRATION NUMBERS?
We will only handle your personal registration number when it is clearly justified with regard to the purpose, necessary for secure identification or if there is another noteworthy reason. We always minimise the use of your personal registration number as far as possible by, in cases where it is possible, instead using your date of birth.

 

10. WHAT ARE COOKIES AND HOW DO USE WE THEM? 
A cookie is a small text file consisting of letters and numbers which are sent from our web server and saved on your web browser or unit. At MonkeySports, we use the following cookies: 
1) Session cookies (a temporary cookie which ceases when you close your web browser or unit). 
2) Permanent cookies (cookies that remain on your computer until you remove them or they expire). 
3) First-party cookies (cookies which are set by the website you are visiting). 
4) Third-party cookies (cookies which are set by a third party website. For our part, these are used mainly for analyses, e.g. Google Analytics.). 
5) Similar techniques (techniques which store information in your web browser or in your unit in a manner similar to cookies). 
The cookies that we use normally improve the services we offer. Some of our services require cookies to function correctly while others improve the services for you. We use cookies for comprehensive analytical information regarding your use of our services and to save functional settings such as language and other details. We also use cookies to be able to direct relevant marketing to you.

 

11. CAN YOU CONTROL THE USE OF COOKIES YOURSELF?
Yes, you can! Your web browser or unit gives you the option of changing the settings for the use and scope of cookies. Go to the settings for your web browser or unit to learn more about how to adjust the settings for cookies. Examples of things that you can adjust include blocking of all cookies, to only accept first-party cookies or to delete cookies when you close your web browser. Bear in mind that some of our services may not function if you block or delete cookies. You can read more general information about cookies on the Post and Telecoms Agency’s website, pts.se.

 

12. HOW IS YOUR PERSONAL INFORMATION PROTECTED? 
We use IT systems to protect confidentiality, integrity and access to personal information. We have taken special security measures to protect your personal information against unlawful or unnecessary handling (such as unlawful access, loss, destruction or damage). Only those people who actually need to handle your personal information so that we can fulfil our stated purposes have access to it.

 

13. WHAT DOES IT MEAN THAT THE SWEDISH DATA PROTECTION AUTHORITY IS THE SUPERVISORY AUTHORITY? 
The Data Protection Authority is responsible for monitoring the application of the legislation, and a party who thinks that a company is handling personal information incorrectly can submit a complaint to the Data Protection Authority.

 

14. WHAT IS THE EASIEST WAY FOR YOU TO CONTACT US IF YOU HAVE QUESTIONS ABOUT DATA PROTECTION? 
Since we take data protection very seriously, we have special colleagues who handle these particular cases, and you can always reach them at dataprotection(at)monkeysports.se.

 

We may make changes to our privacy policy. The latest version of the privacy policy is always here on the website.

Last updated on 23/05/2018.

Forget my data

Export my data