Green Supply Privacy Policy

Your integrity is important to us. Our Personal Data Processing Policy describes, among other things, what data we collect, the purpose for which it is collected, how you can control your own data and how to contact us.

Personal data controller

H&N Beauty Institute & Products AB, Sundbyberg- Sweden, is the personal data controller for the processing of personal data at Green Supply. The personal data manager is responsible for ensuring that Green Supply processes the data according to current legislation.

What personal data is collected about you as a customer and why?

This section describes the purposes for which we process personal data, what categories of personal data are processed, and the legal basis upon which the processing is carried out for you as a customer at Green Supply.

1) In order to handle orders/purchases

Personal data is processed in order to:

  • Deliver ordered/purchased products or services (including notification of delivery or contact regarding delivery).
  • Be able to carry out identification and age verification.
  • Manage payments (including analysing which payment solutions should be offered).
  • Address verification against external sources, such as SPAR.
  • Manage return, complaint and warranty issues.

The categories of personal data processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Payment information (e.g. transaction reference, transaction date. More card number).
  • Personal ID number
  • Customer number
  • Payment history
  • Order information, e.g. what product has been ordered or if it is to be delivered to another address.

Legal basis: Fulfilment of purchase agreement 

Storage period:

Until the purchase has been completed and for a period of 36 months thereafter. When it comes to customers who shop without logging in, we will keep your personal information for 6 months after the last purchase.

2) In order to manage and administer your user account

Personal data is processed in order to:

  • Provide authorization for logging in
  • Be able to carry out identification and age verification.
  • Maintain correct and updated information
  • Enable following of purchase history
  • Manage your settings and information about payment history and payment options.
  • Facilitate the saving of shopping lists, make suggestions for shopping lists or similar measures that simplify things for you. Analyses are carried out in order to enable this.

The categories of personal data processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Username and password.
  • Purchase history
  • Technical information about your computer, mobile phone and other devices you use and their settings.
  • Payment history
  • Personal ID number
  • Customer number
  • Address information from external sources, such as SPAR.
  • Legal basis:

    For members of Green Supply: Fulfilment of the loyalty program membership agreement

    Registered customers - legitimate interest. The processing is necessary in order to satisfy your and our interest in managing and administering your user account.

    Storage period:

    As long as you have an active account or Green Supply membership. If you have not made any purchases in the last 36 months, the data will be removed.

3) To be able to market products and services

Personal data is processed in order to:

  • View relevant product recommendations, suggest shopping lists, remind about forgotten/abandoned digital shopping carts, or save shopping lists to simplify future purchases or similar measures.
  • Send direct marketing via email, text messages, social media and similar electronic channels for communication as well as mail.
  • The categories of personal data processed are:

    • Name
    • Contact information (e.g. address, email, phone number).
    • Age
    • Place of residence
    • Information on how the customer uses the company's web sites and other digital channels.
    • Information about completed purchases.
    • User generated data (e.g., clicking and visiting history).

    In order to understand what kind of marketing or direct marketing should be used, we analyse:

    • How web sites and other digital channels are used (for example, which web pages and sections of web pages have been visited and what searches have been made).
    • Purchase history
    • Age and place of residence.
    • Results from customer satisfaction or marketing studies.

    Legal basis:

    For members of Green Supply: Fulfilment of the loyalty program membership agreement Processing is necessary in order for us to meet our commitments in the loyalty program membership agreement.

    Registered and unregistered customers - legitimate interest

    Recipients of newsletters and website visitors - legitimate interest.

    The processing is necessary to satisfy your and our interest in being able to market products and services.

    Storage period:

    As long as we think you benefit from our communication and you have not chosen to actively withdraw your consent. 

4) To be able to manage customer service cases

Personal data is processed in order to:

  • Communicate with the customer and respond to inquiries submitted to customer service through phone or digital channels (including social media).
  • Enable identification.
  • Investigate complaints and support cases (including technical support).

The categories of personal data processed are:

  • Name
  • Contact information (e.g. address, email, phone number).
  • Your correspondence
  • Information about purchase date, place of purchase, or product defects/complaints.
  • User information for My Pages, for example, when having login problems.
  • Technical details for your equipment required for support cases.
  • Personal ID number
  • Legal basis: Legitimate interest. The processing is necessary to satisfy your and our interest in being able to manage customer service cases.

    Storage period:

    Correspondence in customer service cases is saved for 36 months. 

    5) In order to fulfil legal obligations (e.g. In terms of the requirements of the Swedish Accounting Law, Product Liability and Product Safety and Personal Data Protection in IT Systems)

  • Personal data is processed in order to:

    • To fulfil legal obligations, as required by laws, judgements or administrative decisions. Such requirements may refer to product liability and product safety requirements such as providing communication and information to the public and customers regarding product alarms and product recalls, for example in case of a defect or health hazard, or if it is required by the Accounting Act or the Money Laundering Act and is attributable to a single individual.

    The categories of personal data that may be processed are:

    • Name
    • Contact information (e.g. address, email, phone number).
    • Your correspondence
    • Information about purchase date, place of purchase, defects/complaints for the product.
    • User information for My Pages.
    • Personal ID number
    • Payment information

    Legal basis: Legal obligations.

    Storage period:

    Personal data is stored for as long as required to fulfil the respective legal obligations.

    6) To evaluate, develop and improve our services, products and systems for the customer community as a whole

    Personal data is processed in order to:

    • Make services more user-friendly, such as changing the user interface to simplify the information flow or to highlight features commonly used in our digital channels.
    • Develop supporting documentation in order to improve product and logistical flows, e.g. by forecasting purchases, inventory and deliveries.
    • Develop supporting documentation in order to develop and improve our product range.
    • Develop supporting documentation in order to develop and improve our resource efficiency from an environmental and sustainability perspective, e.g. by streamlining purchasing and planning of deliveries.
    • Develop supporting documentation in order to plan new establishments of stores and warehouses.
    • Give you the opportunity to influence the range we provide.
    • Develop supporting documentation in order to improve our IT systems so as to increase the security of our visitors and customers in general.

    The categories of personal data processed are:

    • Purchasing and user generated data (e.g. clicking and visiting history).
    • Age
    • Place of residence
    • Your correspondence and feedback with regard to our service and products.
    • Technical data relating to devices used and settings, such as language settings, IP address, browser settings, time zone, operating system, screen resolution and platform.
    • Information about how you interact with the company, i.e. in what way services were used, the login method, where and how long different pages were visited, response times, download errors, how services can be reached and when the service was left, etc.

    For these purposes we perform general analyses in aggregated form, i.e. not at the individual level, regarding:

    • How our web sites and other digital channels are used (for example, what pages or parts of pages have been visited and what searches have been made).
    • Purchase history
    • Age
    • Geographic and/or demographic location.
    • Feedback regarding our services and products and results from customer satisfaction or marketing studies.
    • Data from customers' devices and technical settings.

    Legal basis: Legitimate interest. The processing is necessary to meet our and your legitimate interest in evaluating, developing and improving our services, products and systems.

    Storage period:

    From the collection and for a time of 36 months thereafter. 

    7) In order to prevent abuse of a service or to investigate and prevent crimes against the company

    Personal data is processed in order to:

    • Investigate or prevent fraud or other offences by e.g. incident reporting in stores.
    • Prevent spam, phishing, harassment, unauthorized logins to user accounts or other prohibited actions.
    • Protect and improve our IT environment against attacks and intrusions.

    The categories of personal data processed are:

    • Purchasing and user generated data (e.g. clicking and visiting history).
    • Personal ID number
    • Video recordings from surveillance cameras.
    • Data relating to devices used by the customer and settings, such as language settings, IP address, browser settings, time zone, operating system, screen resolution and platform.
    • Information about how our digital services are used.
    Legal basis: Legal obligations if such exist or, alternately, legitimate interest (if no legal obligations exist) if the processing is necessary to satisfy our legitimate interest in preventing abuse of a service or investigating and preventing crimes against the company.

Storage period:

As long as it is necessary to prevent and / or report fraud and other offenses. Video recordings are saved in accordance with local laws or max 30 days.

What personal data is collected about you as a member of Green Supply and why?

This section describes the purposes for which we process personal data for you as a member of Green Supply, what categories of personal data are processed and the legal grounds on which the processing is done. 

8) To be able to provide benefits and offers to you as a member of Green Supply

Personal data is processed in order to:

  • Offer benefits, discounts, general and personal offers, invitations to events or gifts or other direct marketing.
  • Carry out analyses of the data that the company collects for the same purpose, e.g. how the member uses the company's web pages and other digital channels (such as what web pages and sections of web pages the member visited and what searches the member made), purchasing history, age, place of residence, stated preferences (e.g. range) and other settings for the company's digital services as well as results from customer satisfaction or market research.

Based on analyses, our members can be divided into different customer groups in order to provide different groups (segments) different offers, benefits and discounts based on purchasing history, specified preferences, age, place of residence, market research. The analysis is carried out on an individual level in order to be able to provide personal offers, benefits and communication.

The categories of personal data processed are:

  • Name
  • Username
  • Customer number
  • Contact information (e.g. address, email, phone number).
  • Place of residence
  • Purchase history
  • User generated data (e.g., clicking and visiting history).
  • Stated customer choices with regard to products and services.
  • Technical information about your computer, mobile phone and other devices that you use and their settings, e.g. language settings.
  • Location information from mobile devices, e.g. mobile phones or tablets.

Legal basis: Fulfilment of the loyalty program membership agreement Processing is necessary in order for us to meet our commitments in the loyalty program membership agreement.

Storage period:

Until the membership ends. Your membership is considered inactive if you have not registered a purchase in the last 36 months, and your membership will end and your information will be deleted. You are entitled to terminate your membership at any time and your information will be deleted. 

9) To be able to provide a personally adapted experience of our services

Personal data is processed in order to:

  • Provide personally adapted content, e.g. by showing relevant product recommendations, give suggestions for shopping lists, or other similar measures that aim to simplify things for you.
  • Simplify your use of the company services, e.g. by saving shopping lists or chosen methods of payment in order to facilitate future purchases or remind you of forgotten or abandoned digital shopping carts.
  • Carry out analyses of the information that we collect so as to be able to divide our members into different customer groups in order to provide different offers, benefits and discounts to different groups based on purchasing history, specified preferences, age, place of residence, market research. The analysis is carried out on an individual level in order to be able to provide personal offers, benefits and communication.

The categories of personal data processed are:

  • Name
  • Age
  • Place of residence
  • Purchase history.
  • User generated data (e.g., clicking and visiting history).
  • Stated customer choices with regard to products and services.
  • Technical information about the computer, mobile phone and other devices that the member uses and their settings, e.g. language settings.
  • Location information from the member's mobile devices, e.g. mobile phones or tablets.

In order to fulfil its commitments, the company carries out certain analyses pertaining to e.g.

  • How web sites and other digital channels are used (for example, which sites and sections of sites have been visited and what searches have been made).
  • Purchase history
  • Age
  • Place of residence
  • Stated preferences (e.g. regarding products and services, interests and behaviours).
  • Language and other settings in digital services.
  • Results from customer satisfaction or marketing studies.

Legal basis: Fulfilment of the loyalty program membership agreement. Processing is necessary in order for us to meet our commitments in the loyalty program membership agreement.

Storage period:

Until the membership ends. Your membership is considered inactive if you have not registered a purchase in the last 36 months, and your membership will end and your information will be deleted. You are entitled to terminate your membership at any time and your information will be deleted. 

Sharing and transferring personal data

Personal data may also be transferred for necessary processing to other companies that the Green Supply collaborates with, for example in case of marketing (print and distribution, media agencies, etc.), distribution and transportation, payment solutions and IT services. When your personal data are shared with Green Supply's partners, the data shall be processed according to Green Supply's instructions and for Green Supply's account, and only for purposes compatible with the purposes for which Green Supply has collected the data.

In addition, Green Supply may be legally obliged to provide information to government authorities (e.g. the police and tax authorities). Green Supply may also provide personal data to companies that provide payment solutions (e.g. payment service providers and banks) and enterprises that provide general goods transportation (e.g., logistics companies and freight forwarders). In such cases, the partners shall process the data as independent personal data managers in accordance with their own privacy policies and management instructions.

Green Supply strives to process personal data within the EU/EEA and collaborate with partners and suppliers who process personal data within the EU/EEA. Regardless of the country in which personal data is processed, Green Supply takes reasonable technical, legal and organisational measures to ensure that the level of protection is the same as in the EU/EEA. You will have access to the standard contractual clauses and more information about these by clicking here.

Storing personal data

The processing complies with legal requirements, which means that personal details are not retained for longer than essential for the purpose of the processing. In practical terms, this means that information is removed when it is no longer relevant or necessary for analyses or direct marketing or the purposes for which it was collected. For marketing purposes, we do not use information about purchase transactions which is more than 3 years old. All handling of personal data will however be subject to a high level of security and secrecy.

Your rights and options

Right to access:

We want to be open and transparent about how we process your information, and if you want to find out more about the personal data that are being processed, you have the right to request access to your data, which we will provide to you in the form of a so-called "registry" (purpose, categories of personal data, categories of recipients of personal data, storage periods or criteria for determining storage periods, information about where information was collected). If we receive a request for access, we may ask for additional information to ascertain what information you wish to access and that we disclose it to the right person.

Right to rectification:

You always have the right to demand that your personal data are corrected if they are incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data. You who are a member of Green Supply, or have created an account at green-supply.se may, if you want, also update your information at My Pages or My Profile.

Right to erasure:

You have the right to demand that personal data that we are processing are deleted if:

  • The data are no longer necessary in relation to the purpose for which it was collected or processed.
  • You have withdrawn the consent on which the processing is based and there are no other legal grounds for the processing.
  • You object to a balancing of interests that we have done and there is no legitimate interest for Green Supply that outweighs your interest.
  • You object to processing for purposes of direct marketing.
  • The personal data are processed in an illegal fashion.
  • The personal data must be deleted in order to comply with a legal obligation that pertains to us
  • The personal data have been collected from a child (under 13 years) for which you have parental responsibility in connection with IT-services, e.g. social media.

There may be reasons for us not to grant your request for erasure if there are legal obligations that prevent us from doing so. This may be the case if the processing is necessary in order to exercise our right to freedom of expression and information, to fulfil a legal obligation to which we are subject or to determine, enforce or defend legal claims.

Right to restriction:

You have the right to demand that our processing of your personal data is limited.

Right to object against certain kinds of processing:

Legitimate interest: You have the right to object to processing that is based on a legitimate interest of ours if you have personal reasons that relate to the situation. We may however continue to process your information, despite your objection to the processing, if we have compelling legitimate reasons for the processing that outweigh your privacy interest.

Direct marketing (including analyses carried out for purposes of direct marketing):

You have the possibility to object against the processing of your personal data for direct marketing. The objection also encompasses the analyses of personal data (so-called profiling) which are carried out for purposes of direct marketing.  If you object to direct marketing, we will cease processing your personal data for that purpose as well as all types of direct marketing actions.

You naturally have the option to solely decline mailings and personal offers in certain channels. You may for example choose to only receive offers from us via email, but not text messaging. In that case you should not object to the processing of personal data, since it will then be difficult for us to determine which kind of marketing is relevant for you. If you choose to decline our processing of your personal data for purposes of direct marketing, you will not be able to partake of personal offers from Green Supply or information from us. You may still remain a member of Green Supply, and you may partake of points and bonuses from Green Supply, but you will not receive any personal offers, discounts or other benefits.

You may at any time change your settings at My Pages at green-supply.se. You may also change your choices directly through email and text messaging. You are always welcome to contact our customer service to get help adjusting your choices.

If you no longer wish to be a member of Green Supply, please contact info@green-supply.se to terminate your membership.

Right to data portability:

If our right to process your personal data is based on your consent or on the fulfilment of commitments in an agreement with you, you have the right to request to have the data that relate to you and which you have provided to us transferred to another personal data manager (e.g. data port).

Regarding cookies

Personal data may be collected when you use green-supply.se, and then the information about your use and the pages that you visited is stored. This may relate to technical information about your device and Internet connection such as operating system, browser version, IP address, cookies and unique identifiers. When you visit green-supply.se where our services are provided, various technologies can be used to recognize you in order to learn more about our users. This may occur directly or through use of third party technology. It may be the use of e.g. cookies.

What is a cookie?

There are two types of cookies. One type saves a text file over an extended period, but has an expiry date. The purpose of this cookie is, for example, to tell you what is new since your last visit. The other type of cookie is a so-called session cookie, which lacks an expiry date. The text file is temporarily saved for as long as you are surfing on a page, and helps with remembering which language you want to use, for example. As soon as the browser is closed, the text file is deleted.

Why do we use cookies?

At green-supply.se we use cookies to keep track of the items you've added to your shopping cart. We also use cookies to obtain web statistics. We need these statistics in order to develop green-supply.se. The information is not accessible to parties other than H&N Institute & Beauty Supply AB.

In order to fully use green-supply.se you must accept cookies. You can do this via your browser settings. If you do not want to accept cookies you can turn off cookies through your browser's security settings. This will however mean that green-supply.se will not function as intended.