Data Protection Policy
1. For our companies and websites:
Photo&Video Sverige AB, 559320-6427, videokopiering.se
Photofun Drottninggatan AB, 559002-0409, photofun.se
Photofun Götgatan AB, 559308-1911, photofun.se
Photofun Nordstan AB, 559326-6041, photofun.se
Please also read our terms and conditions.
Privacy and protection of personal data are important to us in all parts of our business, and here we explain what personal data is collected by visiting our websites and when using our services.
2. Laws and regulations
We of course follow applicable laws and regulations. Read more on the Swedish Data Protection Authority's website about data protection: https://www.imy.se/verksamhet/dataskydd/ and the Act on distance contracts and contracts outside business premises: https://www.konsumentverket.se/for-foretag/konsumentratt-for-foretagare/lagen-om-distansavtal-och-avtal-utanfor-affarslokaler/
If a “personal data incident” occurs, this must be reported to the Swedish Data Protection Authority within 72 hours. Such an incident could, for example, be a USB stick with personal data that has been lost, a data breach on one of the company's servers, or an employee having unauthorized access to personal data. A person whose personal data has been collected by us has the option of filing a complaint with the supervisory authority (which in Sweden is the Swedish Data Protection Authority) if they believe that their personal data has been handled incorrectly.
3. Collection
We do not process and store more personal data than we need to perform our services, and no longer than necessary. We process the personal data we receive from our customers via email, telephone, our websites, letters and packages sent to us, and in our stores. All our employees and partners who process this personal data are informed of our data protection policy, and are of course bound by confidentiality – which is also documented.
In order to perform our services, we collect data in these ways:
- – Cookies are saved on the visitor's computer when they visit our websites, in order to collect statistical data about the use of our website, and when filling out forms on our websites, payment services and web shop.
- – Personal data such as name, email and telephone number to be able to keep track of our customer orders. When paying online, social security number and address are also collected.
- – Personal data in the form of images, films and digital files that our customers submit for digitization, development, copying or any of our other photo services.
4. Storage
We do our utmost to store personal data securely. In order to be able to carry out our company's daily operations and to fulfill the agreements we have with our employees and customers, we use third-party services and providers such as (but not limited to) web hosting, email server, file storage and transfer services, web shop services, payment, customer register, accounting, invoicing and debt collection, credit information, image and film production and newsletters. These services can be obtained from companies both within and outside the EU. In using some of these services, we process personal data in order to be able to perform the services we offer, but to the extent possible. Personal data may be transferred between our companies if necessary to perform the services we offer.
5. Secure storage/backup
For digital delivery to our customers, of our customers' images and films, we use an external service at GNS. (Their Data Protection Policy can be read here: https://www.gns.se/support/general-data-protection-regulation-gdpr/).
Their storage takes place on Swedish servers, located in Swedish data centers and surrounded by several layers of security (Read more here: https://www.telenor.se/foretag/natverk/colocation/).
6. CEWE
Several of our imaging and development services are provided in collaboration with CEWE, which has its production in various European countries. When ordering these products and services, their General Terms and Conditions and Privacy Policy also apply:
7. Deletion
We regularly delete personal data that is no longer needed for our business. Individual personal data or registers and passwords for access to these may only be downloaded, copied and permanently saved on computers, mobile phones, etc. if this is required for the person's work within the company. Passwords must be chosen with care, and handled in a responsible and secure manner. The company may create password-protected backups of registers with personal data as protection against data loss. We reserve the right to store personal data as a backup for up to 13 months, but at the same time provide no guarantee that we have backups of delivered customer orders.
8. Request deletion
You can at any time request disclosure or deletion of all personal data we store about you, except for those we are legally required to save for, for example, accounting reasons.
9. Other
A separate list is kept of:
- What personal data is stored, where and when
- Who has access to this personal data
- How the data is used
This policy does not cover third-party websites that we link to, or that link to us.