Security policy

About CDON and the Website

CDON AB, org.no. 556406-1702, Box 385, Södergatan 22 (visiting address), 201 23 Malmö, (“CDON”, “we” or “us”) is the data controller for the processing of your personal data. CDON is a company within the group Qliro Group AB (publ) (“Qliro Group”).

CDON cares about your personal privacy and works to always protect your personal data in the best way possible. It is CDON’s goal to comply with all prevailing laws and rules for protection of privacy. This privacy policy explains the type of information CDON collects and why and how CDON processes your personal data. The privacy policy describes how we collect, use, retain, disclose and protect your personal data and explains your rights in relation to CDON regarding the processing of your personal data.

The privacy policy complies with all applicable laws and rules that exist to protect individual privacy, the Swedish Electronic Communications Act (lagen om elektronisk kommunikation) (2003:389) and the EU General Data Protection Regulation[1], as well as any changes, additions or adjustments that replace such laws, ordinances, regulations and rules.

When you use the Company’s services, CDON collects your personal data and processes it in accordance with this privacy policy. Therefore, it is important that you read and understand the privacy policy before you use the Company’s services as defined below.

The Website may contain links to other websites outside CDON’s control and such websites may link to the Website. This privacy policy only applies to the Website. When you click a link to another website, you should read the privacy policy that applies to that website. Note that CDON does not take responsibility for other websites’ processing of your personal data.

Definitions

This privacy policy uses the following definitions.

Partners” are companies that are approved by CDON and have concluded agreements with us to sell and provide their products and services via the Website.

The “Website” includes the website CDON.COM and pages belonging thereto.

Processing of personal data

Processing of customers’ personal data

This privacy policy describes how we collect, use, retain, disclose and protect your personal data. As mentioned above, CDON is the data controller for the processing and complies with all applicable laws and rules that exist to protect individual privacy.

For collection, processing and storage of information obtained via cookies, refer to the “Cookies” section below. 

Which personal data do we collect and from where?

On the Website, you can shop for products and services directly from CDON and/or from CDON’s Partners who have chosen to sell their products and services via the Website. When you purchase something on the Website, you conclude an agreement with CDON or with one of CDON’s Partners. For us to be able to administer your purchase and fulfil our commitments to you as a customer, it is necessary for us to process the personal data you submit or disclose to us.

Depending on the context, the personal data that CDON collects and processes may include:

  • national ID number,
  • name and contact information, including address, mobile number and email address,
  • delivery and invoicing information, payment and credit card information or other information that you submit in connection with purchase or delivery of products or services, 
  • gender,
  • username and password for our services,
  • purchase, payment and order history,
  • other information that is relevant for customer surveys, announcements or offers,
  • other user-generated information that you actively choose to share via our Website or via other contact with us, and/or
  • IP address.

In addition to the information you yourself submit to us in connection with a purchase or when you contact us via email, collection of your personal data may also occur from the following sources:

  • companies within Qliro Group,
  • our Partners,
  • through agreement or other business contact if you are a contact person for any of our agreement partners,
  • through cookies (see also under the “Cookies” section below).

Why do we process your personal data?

If you have ordered a product on our Website, you have concluded an agreement with CDON and we therefore process your personal data for the purpose of administering your purchase or your order and to be able to deliver the product that you have ordered.

In addition to processing your personal data to fulfil the purchase of products and services, CDON may use the personal data for other purposes as specified below. If any processing requires your consent, we will always explicitly ask you for it.

  • Fulfilment of agreements: To deliver products, implement orders and give you access to the Website and the services CDON provides there (including customer service and subscription to newsletters). Your personal data will also be processed in connection with the purchase of assignment of (or due to requirements from) payment and credit card companies that need it for credit information purposes.
  • Fulfilling legal obligations: We retain invoice data in accordance with applicable accounting rules.
  • Legitimate interest:

­   In order for CDON to be able to provide, implement and improve its services for all customers, it is necessary for us to process personal data, including in certain cases e.g. through analysing purchase history, sorting customers into segments to perform analyses at an aggregate level and for statistical purposes.

­   We also process personal data to improve CDON’s payment solutions and payment processes. The personal data may be aggregated with information from other registries, e.g. credit information registries. You can read more about this under the section “Transferring personal data”.

­   CDON analyses customers’ purchasing habits to be able to provide them with relevant information and marketing.

  • Data processor: We have agreements with data processors who perform services on our behalf. These services include printing and distribution, delivery of products, analysis of information and provision of search results and links, service and warranty commitments, insurance cases, processing and storage of data. They get access to your personal data to the extent necessary for them to fulfil their assignment, but they may not use or disclose the information for other purposes. CDON uses Google’s advertising services. You can read more about Google’s collection, disclosure and use of personal data here.
  • Consent for processing: Consent may be needed for certain direct marketing (by post, email and SMS), customer surveys etc. that are submitted through you changing your preferences on My Pages or choosing options for a new registration.

­   Profiling: based on consent submitted in connection with newsletters, we aggregate this information about the purchasing habits and interests that we collect in order to profile the customers in various segments to offer relevant and customised information and marketing for CDON. CDON looks at the products you have purchased and the choices you make when you browse with us to customise the store’s appearance and content in the marketing communication CDON sends to you to create a personalised shopping experience.

If any processing requires your consent, we will always explicitly ask you to submit your consent for such processing and for us to process your personal data in such cases. For example, we ask for your consent if you want to become a member of CDON’s customer club and you always have the option of withdrawing consent, e.g. through the cookie tool.

In connection with submitting your consent, you will confirm that you have read this privacy policy and that you consent to your data being processed in the way described therein.

Processing of Customer Club members’ personal data

As a member of CDON’s customer club, you get personal offers, select general member offers, a customised purchase experience, etc. We will also send customised newsletters, offers for campaigns and events, and product recommendations to you. We usually communicate with our members via email, SMS and on the Website, but we may also communicate with members through letters. Therefore, it is important that you as a member keep your personal data entered on My Pages updated. You can always log in to My Pages and update your contact information.

Why do we process your personal data?

In addition to processing your personal data for administration and to communicate with you about your membership, CDON will process your personal data in the following ways:

  • Fulfilment of agreements and membership:

­   We must process your personal data to set up your member account and your user information, ensure that you are an individual who is over 18 years old, to allow you to see your order and purchase history and to handle your settings and options. We also need to process your personal data for you to be able to save products in the shopping cart and in your wish list.

­   In order to be able to send you customised offers and information about relevant campaigns, we need to process your personal data. For this purpose, we analyse your personal data primarily at an aggregate level, but also at an individual level. This is so that you can get personal offers tailored just for you by being a member of our Customer Club.

­   Personal products: CDON provides offers for “Personalised products” in their email publications that correspond to what the Website shows under “You might also like”. To be able to offer our members relevant products, we analyse members’ purchase and click history, what they saved in their shopping cart, age, gender, member level, place of residence and other choices made on the Website. The analysis is primarily done at an aggregated level but can also be done at a customer level to be able to provide even better and more personalised offers.

  • Legitimate interest: We have an interest in being able to evaluate, develop and improve our services and the Website to be able to offer our members the best possible experience and be able to offer service on the Website. Therefore, we will compile our members’ personal data at an aggregate level to be able to develop the customer club and the Website.
  • Consent: By becoming a member of our customer club, you consent to us analysing your personal data and conducting profiling for direct marketing (by post, email and SMS) and customer surveys.

­   Profiling: based on consent submitted in connection with newsletters and applications for membership on our customer club, we aggregate information about customers’ purchasing habits and interests that we collect to profile the customers in various segments to be able to offer relevant and customised information and marketing for CDON. We analyse your habits and compare them with other customers with similar habits to be able to offer you products based on an overall picture of relevant data customised to a person with similar habits to yours. This is to create a personalised shopping experience and make it easier for you as a customer to quickly find something just for you.

On My Pages, you can log in at any time and change the settings for the communications you want to receive from us. There, you can also choose which types of offers and newsletters you want to get from CDON.

You also have the right to withdraw your consent for processing of personal data at any time. Such withdrawal may be limited to only the part of the processing e.g. that concerns direct marketing. Your personal data will not be processed for purposes concerning direct marketing if you withdraw consent for such processing.

When you submit reviews and rating on the Website, our Policy for ratings and reviews applies

If you are a member of our customer club, the cookies placed in your web browser will save information about how you use our Website. Even if you go in to our Website before you have actually logged in to your account, after you have logged in we will be able to connect your behaviour from before you logged in to your user account. We do this to improve your experience of the Website and to be able to show relevant products and offers just for you. Read more about cookies in the “Cookies” section below.

Storage of personal data

CDON takes all reasonable measures to ensure that your personal data is processed and stored securely. Your personal data is always saved longer than what is allowed in accordance with applicable law or to achieve the purposes specified above. Your personal data is processed by us during the following periods of time. The personal data is then deleted.

  • Member: If you registered as member of CDON’s customer club, your personal data is retained until you deregister, but no longer than three years after the last activity if CDON does not need information for another reason as listed below.
  • Customer: If you purchased a product on our Website, your personal data is saved for two years after the purchase was completed and/or any service or warranty obligations from our side have expired. This does not apply if we need to retain your personal data longer for any of the reasons in the points below.
  • Communication: If you have contact with CDON, e.g. via email with customer service, your personal data is retained as long as it is necessary to complete the contact.
  • Fulfilment of agreements: Personal data (name, ID number, address, phone number, email and payment and delivery information) that is submitted in connection with ordering products and services is saved as long as it is required for CDON’s Partners or our Partners to be able to fulfil the agreement with you. This includes processing to fulfil delivery or service commitments.
  • Legal obligation: CDON saves any documentation that constitutes accounting information in accordance with applicable accounting rules.
  • Consent:In cases where we process your personal data with the support of your consent, we only save your personal data as long as we have your consent for it.
  • Direct marketing: We may process your personal data for direct marketing for up to two years after concluding customer relations, provided that you do not withdraw consent for such direct marketing.

When CDON no longer has reason to process your personal data or if you withdraw your consent, your personal data will be deleted.

Transfer of personal data

Information about our customers is an important part of CDON’s operations and we do not sell information to anyone else. We only transfer information in accordance with what is described below and to other intragroup companies within Qliro Group. CDON always takes the utmost care when transferring your personal data.

  • Partners outside Qliro Group: The Partners we work closely with get access to your personal data to the extent necessary from them to fulfil their commitments to you according to the purchase. It is clearly specified when a Partner is involved in your purchase.
  • Legal obligations: We will disclose the user account and personal data when we deem it to be necessary for CDON to act in accordance with applicable legislation, to implement our user terms and conditions or to protect rights, property, CDON, our users or others. This includes exchange of information with other companies and organisations for fraud prevention and credit risk reduction. Under no circumstances does this include CDON selling, leasing or disclosing personal data from customers for commercial purposes in conflict with this privacy policy.
  • Company transactions: If all or part of CDON’s operations are sold or integrated with another company, your personal data may be disclosed to our consultants, any purchasers and their consultants and may also be disclosed to the company’s new owners.

Such transfers as specified above can only be done to companies within the EU or EEA (i.e. all of the EU’s member states as well as Iceland, Norway and Lichtenstein).

Withdrawal of consent

In cases where we process your personal data on the grounds that you have provided your consent for this, e.g. with regard to direct marketing, you can withdraw your consent at any time by contacting customer service.Such withdrawal can occur in whole or in part. If you do not want to receive marketing and advertising offers from us, you can withdraw your consent by contacting customer service or, for direct advertising, via email through a link in the publication itself. With regard to the latter method, you will have the option via the link of clicking further and managing all your subscription to newsletters and other information and marketing that you receive via email from or via CDON.Customer club members and customers with registered accounts can log in to “My Pages” and manage their consent and subscription services.

If you withdraw your consent for use or disclosure of your personal data for purposes other than as specified in this privacy policy, this may mean that we cannot continue to give you access to our websites or provide services and customer service offered to our users and/or members that are enabled by this privacy policy.

If you want to withdraw your consent to the use of cookies, read more about how to do this in our cookie policy [here].

Your rights

You have the right to request free information about the personal data we have registered about you and how it is used. If you want to have such information, you can contact us according to the contact information below. To protect your privacy and your personal data, we may require that you identify yourself in connection with our assistance.

CDON will ensure that your personal data is correct and updated. Therefore, you may at any time change your personal data on My Pages if you are a member of our customer club or have a registered account, otherwise you are welcome to contact our customer service.

At any time, you may request that we remove personal data concerning you or that we remove your user account on the Website. CDON will then remove the personal data in question if it is no longer necessary for the purposes for which it was collected or otherwise processed. CDON will also do this if you withdraw your consent to the processing.

You also have the right to demand that CDON restrict its processing of personal data in certain cases and you have the right to object to certain processing of your personal data. You also have the right to request that CDON transfer your personal data to another data controller in electronic format.

You have the right to withdraw your consent for processing of personal data at any time. Such withdrawal may be limited to only the part of the processing e.g. that concerns direct marketing. Withdrawal of consent does not affect the legality of CDON’s processing of personal data up until the time you withdrew the consent.

You can submit a complaint to the Swedish Data Protection Authority if you believe CDON’s processing of your personal data was not done in accordance with applicable law.

Security

We are very concerned with processing your personal data securely. To prevent unauthorised use or exposure of your personal data, we use appropriate and reasonable physical, technical and organisational security measures in relation to the quantity and sensitivity of the personal data to ensure an appropriate level of security.

CDON also uses, amongst other things, Secure Socket Layer (SSL), which is a protocol for secure transfer of data via the Internet (or other network). You as a customer need to check that SLL is not disabled in the settings of your web browser. For the purpose of preventing unauthorised access in the processing of your payment or credit card number, one-way encryption is also used.

CDON may use a data processor that is established outside the EU/EEA area. In these cases, CDON is responsible for ensuring that the data processor can guarantee an adequate level of protection in relation to the personal data being processed, either through the data processor being connected to the “Privacy Shield” agreement or maintaining an adequate security level in another way. The EU commission has made a decision on the adequate protection level for the recipients of personal data in the U.S. that are covered by Privacy Shield. Additional information can be obtained through our customer service or our personal data representative via the contact information below.

We also have some scenarios that we have within companies for other purposes, such as developing IT systems, which means that they can view data. This means, in Tieto’s case for example, that we have a scenario where the Developers are in India.

Cookies

To be able to deliver our services at the highest possible quality, the Website uses cookies and similar technology. Cookies are small text files that are stored on the visitor’s computer and that can be used to track what the visitor does on the Website. Here you can also read CDON’s policy for cookies, which provides detailed information about CDON’s use of cookies.

Changes to the privacy policy

CDON reserve the right to make changes to this privacy policy at any time to the extent the changes are necessary to measure disruptions or to fulfil new laws or technical requirements. All changes to this privacy policy will be published on the Website. Therefore, you should read through this policy at regular intervals to ensure that you are satisfied with the changes. However, if there are changes of a material nature, we will notify you that changes have occurred if you have given us your email address. 

If the changes are in regard to the data processing we perform with the support of your consent, we will give you the opportunity to again provide your consent.

Contact information

If you have any questions regarding this privacy policy, if you suspect that there may have been a breach of the same or if you want to contact us regarding our processing of your personal data, please contact CDON’s data protection officer or our customer service by sending a letter or email message to the addresses specified below.

CDON AB

kundservice@cdon.com

Data Protection Officer

Helena Silling 

dpo@cdon.com



[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).