Privacy Policy for Värmarcenter

1. General

We care about your privacy. This policy explains how we process your personal data when you visit our websites, register an account, purchase products/services, or otherwise contact us. It also describes your rights under the General Data Protection Regulation (GDPR).

We may update this policy to reflect changes in our business, websites, services, or applicable law. The latest version is always available on our website.

Questions: info@varmarcenter.se or 08-800 449.

2. What is personal data and what is processing?

Personal data means any information that directly or indirectly can be linked to a natural person, e.g. name, national ID number, IP address, or purchase history. Processing means any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).

3. Data controller

Engstrands Bil & Motor AB, Ulvsundavägen 154, 168 67 Bromma, is the data controller for processing carried out within the company and is responsible for ensuring such processing complies with applicable law.

4. How do we collect personal data?

When you visit our websites, make purchases, use “My account”, or contact us, we may collect your name, address, email, phone number, national ID number, payment details, purchase/order and usage history, IP address, and information you provide to customer service.

We may also update address and credit information via external sources (e.g., SPAR, payment providers, banks/credit institutions).

5. What personal data we collect — and why

a) Managing orders and purchases

Purpose: delivery, notifications, identification/age verification, payment handling (including checks of possible payment solutions and any credit checks), address validation, claims/warranty handling.

Data: name, national ID number, contact details, payment information, credit information, order information, any “My account” details, your correspondence.

Legal basis: performance of contract (purchase agreement).

Retention: until the purchase is completed (including delivery/payment) and 36 months thereafter for claims/warranty purposes.

b) Administering membership and “My account”

Purpose: login, identity/age verification, keeping data up to date, showing purchase/payment history, saving favourites, managing profile/settings.

Data: name, national ID number, contact details, username/password, order history, payment information, profile settings.

Legal basis: performance of contract (membership terms).

Retention: until you close the account. If inactive for 36 months, the account is deleted provided there are no outstanding debts.

c) Customer service

Purpose: communication by phone/email/digital channels, identification, investigating complaints/support (including technical support).

Data: name, national ID number, contact details, “My account” data, correspondence, information about purchase/fault/complaint, technical data about your device.

Legal basis: legitimate interest (yours and ours in handling service matters).

Retention: until the case is closed and 12 months thereafter.

d) Legal obligations

Purpose: to comply with legal requirements, court orders, or governmental decisions (e.g., bookkeeping, product liability/safety, anti-money laundering).

Data: name, national ID number, contact details, correspondence, purchase/fault information, “My account” data, payment history.

Legal basis: legal obligation.

Retention: for as long as required by law.

e) Preventing misuse and crime

Purpose: prevent/investigate fraud, spam/phishing, unauthorised logins, intrusions; improve IT security.

Data: purchase and user-generated data (click/visit history), national ID number, any CCTV footage, device/settings data (IP, language, browser, time zone, OS, screen resolution), usage of digital services.

Legal basis: legal obligation (where applicable) or legitimate interest.

Retention: from collection and for 36 months thereafter.

f) Service bookings

Purpose: receiving bookings, re-/cancellations, confirmations, and related communication.

Data: name, contact details (email/phone), any notes you choose to provide.

Legal basis: performance of contract (service).

Retention: from collection and for 36 months thereafter.

g) Competitions and events

Purpose: communication before/during/after events, age verification, selecting winners and distributing prizes.

Data: name, national ID number/age, contact details, data provided in entries/evaluations.

Legal basis: legitimate interest.

Retention: from collection and for 36 months thereafter.

h) Marketing

Purpose: relevant recommendations, abandoned-cart reminders, saving lists, direct marketing (email, SMS, social media, post), campaigns/offers/invitations.

Data: name, contact details, age, place of residence, data on completed purchases, user-generated data (clicks/visits).

Legal basis: performance of contract (for “My account”) and legitimate interest (newsletters/visitors).

Retention: Contract: until the account is closed. Legitimate interest: from collection and 36 months thereafter.

6. How long do we retain data?

Only as long as necessary for the purposes or as required by law. See the specific retention periods in section 5.

7. Sharing of personal data

We share data when required by law or when permitted. We engage processors (e.g., marketing, logistics, payments). With each processor we have a data processing agreement ensuring appropriate security measures. Data is used only for the purposes for which it was collected.

Transfers outside the EU/EEA are minimised. If they occur (e.g., system support), they are subject to appropriate safeguards and agreements.

Some recipients are independent controllers (e.g., authorities, payment providers, carriers) and process data under their own privacy policies.

8. Children

Our services are not directed to individuals under the age of majority. We do not knowingly collect data about children. Contact info@varmarcenter.se if you believe we have unintentionally collected such data.

9. Security

We apply legal, technical, and organisational measures to protect personal data against unauthorised access, loss, or damage. Our routines are continuously updated.

10. Social media

You can follow us on platforms such as Facebook and Instagram. We are responsible only for personal data that we publish ourselves or can influence.

11. Cookies

Information about cookies is available on our cookie page. Learn more about cookies from the Swedish Post and Telecom Authority (PTS).

12. Your rights

• Access (data subject access request): requests must be in writing and signed. A form is available on our website. We respond without undue delay and within one month at the latest.
• Rectification: update via “My account” or contact customer service.
• Erasure: request deletion when we no longer have a legal basis/obligation to retain data.
• Restriction/Objection: object to processing based on legitimate interest and to direct marketing (we will stop such processing).
• Data portability: request that data you have provided be transferred to another controller where the right to portability applies.

13. Contact for data protection matters

Email: info@varmarcenter.se  |  Phone: 08-800 449

14. Complaints to the supervisory authority

You may lodge a complaint with the Swedish Authority for Privacy Protection (IMY), formerly the Data Protection Authority, which supervises compliance with data protection legislation.