Privacy policy
§1 Personal Data Administration
- The personal data administrator is MELISMEE STOCKHOLM AB, HAMMARBY ALLE 3A, 120 32 STOCKHOLM. The business is registered in the business activity register under the VAT number: SE559400938201.
- Contact with the person supervising the processing of personal data in the organization can be made electronically at the email address: info@melismee.com, in writing to the Administrator’s address, or by telephone at +46737443535.
- This Policy contains the rules regarding the processing of personal data by the Administrator on the Website, including the bases, purposes, and scope of personal data processing, and the rights of the individuals concerned.
- Personal data is processed by the Administrator in accordance with the applicable legal provisions, particularly in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official text of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
- The User’s rights are not absolute and do not apply to all personal data processing activities.
§2 Definitions
- Administrator – MELISMEE STOCKHOLM AB, HAMMARBY ALLE 3A, 120 32 STOCKHOLM. The business is registered in the business activity register under the VAT number: SE559400938201.
- Personal Data – information about an identified or identifiable natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural, or social identity, including IP of the device, internet identifier, and information collected through cookies and other similar technology.
- Policy – this Privacy Policy.
- GDPR / General Data Protection Regulation – Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- Service – the online service operated by the Administrator at melismee.com.
- User – any natural person visiting the Service or using one or more services or functionalities described in the Policy.
§3 Security
- The Administrator has implemented appropriate technical and organizational measures that ensure the security of personal data processing, particularly responsible for ensuring that the data collected by them are:
- processed lawfully;
- collected for specified, lawful purposes and not subjected to further processing in a manner that is incompatible with those purposes;
- substantively correct and adequate in relation to the purposes for which they are processed;
- stored in a form which permits identification of the data subjects for no longer than is necessary for the purposes of the processing;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
§4 Purposes and Legal Bases for Processing Data
- Under Article 6(1)(a) of the GDPR (consent), personal data will be processed for the purposes of:
- marketing products and services of the Administrator and the Administrator’s partners,
- sending newsletters,
- moderating content on the Service,
- storing data in cookies, as well as using cookies for the proper functioning of the Service,
- issuing opinions about a product or service,
- participating in a webinar or online training,
- contact via remote communication tools, especially: telephone, email, or applications.
- Based on Article 6(1)(b) of the GDPR (performance of a contract), personal data will be processed for the purposes of:
- performing a sales contract or service provision contract or taking actions at the request of the data subject before entering into the specified contract or after its conclusion, especially: the right to warranty, consideration of complaints, or withdrawal from a distance contract.
- Based on Article 6(1)(c) of the GDPR (legal obligation incumbent on the Administrator), personal data will be processed for the purposes of:
- issuing and storing invoices, bills, or fulfilling other obligations arising from tax and accounting regulations (archival obligation concerning accounting documents).
- creating registers and other documentation mandated by the GDPR regulations.
- Based on Article 6(1)(f) of the GDPR (legitimate interest of the Administrator), personal data will be processed for the purposes of:
- proper execution of the contract, processed for the duration of the contract and rights arising from it, e.g., the right to complaints. Provision of data is voluntary but necessary.
- ensuring the security of the Service, managing the Service, and its proper operation.
- conducting statistics and analyzing traffic on the Website. Direct marketing.
- determining claims raised by or against the Administrator. Contact with the User.
- operating the melismee.com Service.
- managing accounts on Instagram, Facebook, Pinterest, LinkedIn, and interacting with users of these platforms.
- Data may be transferred to the following recipients or categories of recipients of personal data, i.e., courier companies, postal operators, legal offices, accounting firms, IT service and maintenance providers.
§5 Profiling
- The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling as referred to in Art. 22(1) and (4) of the GDPR, and – at least in those cases – significant information about the principles of their making, as well as the significance and expected consequences of such processing for the data subject. Bearing this in mind, the Administrator provides information about possible profiling in this point of the privacy policy.
- The Administrator may use profiling on the Service for marketing purposes using the personal data provided by the User.
- The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
§6 Period of Personal Data Processing
- The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. Generally, data is processed for the duration of the service provision, until the withdrawal of the given consent or the filing of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.
- The period of data processing may be extended if processing is necessary for the establishment and pursuit of possible claims or defense against claims, and after this time only to the extent and for the duration required by law. After the processing period, the data is irreversibly deleted or anonymized.
§7 User Rights
- The User has the following rights in relation to their personal data:
- access to their personal data,
- rectification of personal data at any time,
- deletion of their personal data at any time,
- receipt of a copy of their data,
- restriction of processing of personal data,
- objection to the processing of personal data,
- portability of personal data,
- withdrawal of consent; withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal,
- objection to the processing of personal data based on the legitimate interest of the Administrator for marketing purposes, direct marketing, and for purposes other than marketing,
- to lodge a complaint with a supervisory authority.
§8 Recipients of Personal Data
- The Administrator, for the proper management of the Service, transfers the personal data of the User to other external entities, in particular: the hosting company CyberFolks, courier companies, payment operators, marketing automation systems.
- The Administrator reserves the right to disclose personal data when this arises from applicable legal provisions, including the obligation to provide information to the appropriate administrative authorities or law enforcement agencies.
§9 Transfer of Personal Data Outside the EEA
- The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary, in particular when using the services of an international entity. However, the Administrator always ensures an appropriate level of protection, primarily by:
- cooperating with entities processing Personal Data in countries for which the European Commission has issued an adequate decision regarding the provision of an appropriate level of protection of Personal Data; using binding corporate rules approved by international certification standards and the appropriate supervisory authority;
- applying standard contractual clauses issued by the European Commission under Art. 46 GDPR.
- Personal Data may also be transferred outside the EEA based on the User’s consent. The User is previously informed about this event.
§10 Security of Personal Data
- The Administrator continuously conducts a risk analysis to ensure that Personal Data is processed securely. Through its actions, it primarily ensures that access to data is only available to authorized persons and only to the extent necessary due to the tasks they perform.
- The Administrator is obligated to undertake all actions permitted by law to ensure that all operations on Personal Data are registered and performed only by an authorized entity.
- The Administrator is also required to ensure that other entities cooperating with the Administrator guarantee the application of appropriate security measures in every case when they process Personal Data on behalf of the Administrator.
§11 Changes to the Privacy Policy
- The Policy is continuously verified and updated.
- The current version of the Policy was adopted and has been effective since May 10, 2024.