Personal data is all kinds of information that can be directly or indirectly associated to a physical living person. For example, images and sound recordings by or from individuals that are processed by automated means can be personal data even if no names are mentioned. Encrypted data and different types of electronic identities (such as IP numbers) are personal data if they can be linked to physical people.
Processing of personal data is everything that occurs in terms of handling personal data. Any action performed with personal data counts as a form of processing, regardless of whether it is automated or not. Examples of common processing are collection, registration, organising, structuring, storing, revising, transfer and deletion.
PriceRunner Sweden AB, Swedish corporate ID number: 556586-1415, address: Kungsbron 21, 111 22 Stockholm, Sweden, is responsible for personal data and the company's processing of personal data.
Purpose: In order to process service issues.
Processing performed: Communication and answering any questions via phone or via digital channels, including social media. Identification. Investigating any complaints and support cases (including technical support).
Categories of personal data: Name. Contact details (e.g. address, e-mail or phone number). Your correspondence. Data about event occurrence, retailer involved, any errors/complaints. Technical data about your equipment. User data for members.
Legal basis: Legitimate interest. The processing is necessary to meet our legitimate interest in processing service matters.
Storage period: Until the service case has been completed. Valid personal data for representatives of retailers - so the data will be saved as long as the company is a customer of PriceRunner.
Purpose: In order to implement and manage participation in competitions and/or events.
Processing performed: Communication before and after participation in a contest or event (e.g. confirmation of notifications, questions or evaluations). Identification and age check. The choice of winner and award of any prize(s) (e.g. payouts or travel vouchers).
Categories of personal data: Name. Age. Contact details (e.g. address, e-mail or phone number). Potential personal data submitted in contest submission. Potential personal data provided in evaluations of events.
Legal basis: Legitimate interest. The processing is necessary to meet our legitimate interest in processing your participation in competitions and/or events.
Storage period: For the duration of the contest/event (including any evaluation).
Purpose: In order to evaluate, develop and improve our services, products and systems for customers and users.
Processing performed: Adaptation of services to be more user-friendly (e.g. change the user interface to simplify the flow of information or to highlight features commonly used by customers in our digital channels). Analyses of data in order to improve features and tools. Analyses of data to develop, broaden and change product categories and product data to make the service more relevant to users and customers. Analyses of data in order to develop and improve our resource efficiency from an environmental and sustainability perspective (e.g. by informing about efficient resource utilisation per category, environmentally-friendly products and more efficient deliveries). Analyses of data in order to prioritise and plan the choice of retailers on the site. Analyses of data to enable our users and customers to influence the appearance and contents of our services. Analyses of data to improve IT systems in order to improve performance or enhance security for PriceRunner, its users and customers. Based on the data we collect (e.g. clicks to retailers, age and gender) you can be sorted into a user group, upon which analyses are then performed on an aggregate level using non-identifiable or pseudonymised data without any link to you as an individual. The insights from the analyses form the basis for which products, product categories, and the design of tools for which users and customers have access to.
Categories of personal data: Age. Gender. City. Correspondence and feedback regarding our services and products. Purchase and user-generated data (e.g. clicks and visit history). Technical data pertaining to devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform). Information about how you interacted with us, in other words how you used the service, login method, where and how long different pages were visited, response times, download errors, how you access and leave the service, etc.
Legal basis: Legitimate interest. The processing is necessary to meet PriceRunner's, the users' and our customers' legitimate interest in evaluating, developing and improving our services and systems.
Storage period: From the time of collection and for a period of 36 months thereafter.
Purpose: In order to prevent abuse of a service or to prevent, avoid and investigate crimes against the company.
Processing performed: Prevention and investigation of possible fraud or other crimes (e.g. clicks to retailer manipulation). Prevention of spam, phishing, unauthorised retrieval of price or product data from our services, harassment, unauthorised login to user accounts, or other actions prohibited by law or by our membership, service or customer agreement. Protecting and improving our IT environment against attacks and intrusions.
Categories of personal data: Purchase and user-generated data (e.g., clicks and visit history). Technical data pertaining to devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform). Data about how our digital services are used.
Legal basis: Compliance with legal obligation (if any) or legitimate interest. If no legal obligation exists, processing is necessary to meet our legitimate interest in preventing abuse of a service or preventing, avoiding and investigating crimes against PriceRunner.
Storage period: From the time of collection and for a period of 36 months thereafter.
Purpose: To administer the customer or supplier relationship.
Processing performed: Storage of contact details.
Categories of personal data: Name. Email. Phone number. Social security number if you have a sole proprietorship.
Legal basis: Our legitimate interest in maintaining contact with the customer or supplier and administer the contractual relationship.
Storage period: Until the customer or supplier relationship or until you notify us that you no longer represent the customer or supplier.
In addition to the data you provide us, or which we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else (a so-called third party).
Examples of data we collect from third parties may be address data from public records (to ensure our retailers deliver to the correct address) or information from signing in with Facebook or another social network to facilitate your experience as a user. Such retrieval never happens without explicit consent from you as a user.
In cases where it is necessary so that we can provide our services, we share your personal data with companies that are so-called data processors for us. A data processor is a company that processes the personal data on our behalf and according to our instructions. We have data processors who help us with:
When your personal data is shared with personal data counsels, it is for purposes that are compatible with the purposes for which we have collected the data (e.g. to meet our obligations according to purchase or membership terms). We check all personal data counsels to ensure that they can provide sufficient safeguards regarding the security and confidentiality of personal data.
We have written agreements with all personal data counsels through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding the international transfer of personal data.
We also share your personal data with certain companies that are independently responsible for personal data. The fact that the company is independently responsible for personal data means that we are not the party controlling how the personal data submitted to the company will be processed. Companies and other parties who are independently responsible for personal data and with whom we share your personal data with are:
We never storage your personal data longer than is necessary for each purpose. See more about the special storage periods for each purpose.
We are always open and transparent about how we process your personal data and if you want to gain a deeper insight into the personal data we are processing, you may request access to the data (the data is provided in the form of a register extract indicating purpose, categories of personal data, categories of recipients, storage periods, information about where the information has been collected and the existence of any automated decision-making).
Please note that if we receive a request for access, we may ask for additional information to ensure the effective handling of your request and that the information is provided to the correct person.
You may request that your personal information be corrected if the information is incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data.
Keep in mind that you as a member of PriceRunner can edit a great deal of submitted data when logged in on PriceRunner's website.
You may request the deletion of personal data we process about you if:
Keep in mind that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations derive from accounting and tax legislation, banking and money laundering legislation, yet also from consumer law.
It may also be possible that processing is necessary for us to determine, enforce or defend legal claims. Should we be prevented from granting a request for deletion, we will instead block personal data from being used for purposes other than the purpose that prevents the requested deletion.
If you have any questions or require further assistance with this matter, don’t hesitate to contact us at email@example.com.
You have the right to request that our processing of your personal data be limited. If you disagree that the personal data we process is correct, you may request limited processing during the time which we need to check if your personal data is correct or not. If we no longer need your personal data for the stated purposes, but you need the data to determine, enforce or defend legal claims, you may request limited processing of the data by us. This means that you can request that we do not delete your data.
If you have objected to a weighing of interest of legitimate interest that we have performed as a legal basis for a purpose, you may request limited processing during the time which we need in order to check if our legitimate interest outweighs your interest in having the data deleted.
If the processing has been limited in accordance with any of the above situations, we may, in addition to the actual storage, process the data to determine, enforce or defend legal claims, to protect someone else's rights or if you have given your consent.
You always have the right to avoid direct marketing and to object to all processing of personal data based on a weighing of interest.
In cases where we use a weighing of interest as a legal basis for a purpose, you have the possibility to object to the processing. In order to continue processing your personal data after such objection, we need to demonstrate a compelling legitimate reason for the current processing that weighs heavier than your interests, rights or freedoms. Otherwise, we may only process the data to determine, exercise or defend legal claims.
You may object to your personal data being processed for direct marketing. The objection also includes the analyses of personal data (so-called profiling) performed for direct marketing purposes. Direct marketing refers to all types of targeted marketing actions (e.g. e-mail and text messaging).
Marketing actions - where you as a customer have actively chosen to use one of our services or otherwise initiated contact with us to know more about our services - do not count as direct marketing (such as product recommendations or other features and offers on PriceRunner's website).
If you oppose direct marketing, we will discontinue the processing of your personal data for that purpose and terminate any direct marketing actions.
Keep in mind that you are always able to influence which channels we will use for communicating personal offers. E.g. you can choose to receive only e-mails from us, but not text messages. In this case, you should not object to personal data processing as such but limit our communication channels (by changing the settings on ‘My pages’or by contacting customer service).
If our right to process your personal data is based either on your consent or implementation of an agreement with you, you are entitled to request that the data relating to you and which you have provided to us is transferred to another party which will be responsible for the personal data (so-called data portability). A prerequisite for data portability is that the transfer is technically possible and can occur in an automated manner.
PriceRunner only processes social security number for customers that have a sole proprietorship and where the customers corporate ID number is the same as the individual’s social security number. PriceRunner does not process social security number in any other situation.
We use IT systems to protect the privacy, integrity and access to personal data. We have adopted security measures to protect your personal data against unauthorised or illegal processing (such as unauthorised access, loss, destruction or damage). Only those persons who actually need to process your personal data to meet our stated purposes have access to them.
The Data Protection Authority is responsible for monitoring the application of the law, and a person who deems that a company processes personal data in an incorrect manner is able to file a complaint through the Data Protection Authority.
Since we take data protection very seriously, we have designated employees who handle these issues, and you can always reach them via firstname.lastname@example.org.
When we provide information about updates, we will also explain what the updates involve and how they affect you.