Processing of personal data
At Önling we have a need for collecting personal data about our customers, to be able to handle orders and customer communication properly. In this Online Data Policy, you can read more about what data we collect, for what purpose and how the data is utilized as we as the individual rights of our customers.
Data protection officer
If you have questions to our processing of personal data, or wish to make use of your individual rights, please contact Lotte Ronan, CEO and Data Responsible Officer at firstname.lastname@example.org.
Which personal data do we collect?
When you as a customer make use of our website oenling.com or oenling.dk we collect and store the personal data you enter voluntarily, i.e. name, e-mail, address and phone number, as well as information about which language version of our site you have visited. Furthermore, we collect data about which products you add to your basket, which products you purchase, when you purchase the goods and at what price. These data are stored as a customer profile of your history with Önling. If you choose to create a password protected account with us or sign up for our newsletter, these data will similarly be stored as a customer profile, or be added to the existing profile.
Purpose of the data collection
We collect and store personal data such as name and contact information for our customers in order to process orders and deliver the purchased goods to the delivery address, as well as be able to communicate with our customers, in case there are questions or issues with an order.
We collect and store information about which language customers have chosen to view our website in, in order to send e-mails such as order confirmation and delivery information in a language the customer understands.
We collect and store information about which products each customer has purchased, when and at what price to provide a smooth shopping experience for our customers and live up to regulations about the consumers rights to withdraw from an order or return products. We furthermore store this information in order to be able to contact customers, if there is a need for after sales communication e.g. a need to provide further information about a product, information about changes to an upcoming event, production issues with a product, or corrections for a knitting pattern, as well as to ask our customers for feedback on our products and services.
If you actively ask to receive our newsletter, we furthermore use contact information to send newsletters, and we utilize information about previous purchases to target content and provide relevant marketing. E-mail marketing requires separate and active consent, so we only send newsletters to customers who have actively signed up for our newsletter. This consent can be withdrawn at any time via the customer account page at our website, or via the unsubscribe link at the bottom of every newsletter.
Time frame for data processing
The abovementioned personal data collected through our website, is stored as a customer profile indefinitely, or until the customer asks us to erase it. It is relevant for Önling to store personal data indefinitely, as we offer services that run indefinitely, and that we therefore need this data to provide. When a customer purchases a knitting pattern from Önling, this pattern will be available via the customer account page indefinitely, so the customer does not run the risk of losing their knitting pattern. Similarly, customers can contact us, and ask us to send a copy of the knitting pattern they have previously purchased. Furthermore, we send corrections and updates to our customers, in case we face a need to make changes to a knitting pattern.
If a customer should no longer wish to have personal data stored, we will of course accommodate the customer’s request to have their personal data erased, read more in the section about individual rights below.
According to the EU General Data Protection Regulation (GDPR) with effect from 25th of May 2018, the type of data we collect at Önling is of the non-sensitive kind, and can as such lawfully be processed, when the data subject has given consent to this. At our website, it is therefore only possible to access the checkout page and enter personal information, after consent to this data policy and the data processing has actively been given. This consent ensures that we comply with the GDPR and process data on a lawful basis.
Storing of personal data and consent forms
The personal data and consent we collect, is stored and processed through our online IT system, which is used to manage our website and back-end data. This IT system is developed and managed by Shopify. Shopify therefore processes this data for us, through their data processing center in Ireland in full compliance with the European legislation on data protection. For this purpose, we have a data processor agreement with Shopify, detailing how Shopify must treat this data in order to comply with European legislation on data protection.
Only employees at Önling who need access to personal data to handle orders or administer the website, have access to our customers’ personal data.
Transfers to third parties
We only share personal data with third parties in cases where this is necessary to process the customer’s order or provide customer service.
As mentioned in the previous section, we share personal data with Shopify, as the personal data is collected and stored in the back-end of our website, which is administered by Shopify.
In addition to that, we share data with the following developers of applications for our Shopify web shop. This is a necessity as Shopify is essentially a platform, to which any merchant purchases applications in other to be able to perform specific functions, that are necessary in order to process orders effectively.
- BoldCommer.com – www.boldcommerce.com
- Helium – www.heliumdev.com
- Cleverific, inc. – www.editorder.net
- IEX Aps – www.iex.dk
- Pakkelabels.dk – www.pakkelabels.dk
- Salesreps.io – www.salesreps.io
- SkyPilot – www.skypilotapp.com
- Springbot – www.springbot.com
This sharing of data in compliance with the EU regulation for data protection, and all collaborators have in written committed themselves to only process data in accordance with the agreed purpose, as specified in this Data Policy, as well as ensure that date is processed securely and confidentially.
As a customer you have a set of individual rights, that enable you to control the personal data we process. These are rights in addition to the right to be informed that is fulfilled through the information provided in this Online Data Policy.
- Right of access: You have the right to request access to the data Önling has collected and stores about you. You furthermore have the right to receive this information in a commonly understandable and portable format. Should you wish to exert this right, please contact data protection officer Lotte Ronan at email@example.com.
- Right to rectification: If your access to the personal data shows that the data about you is not correct, you have the right to have your personal data updated and thereby rectified. Should you wish to exert this right, please contact data protection officer Lotte Ronan at firstname.lastname@example.org.
- Right to erasure: You have the right to have personal data erased, when the data is no longer necessary for the purpose for which it was collected. When your order has been completed and the warranty has expired, you can therefore contact us and ask us to erase your personal data. Should you wish to exert this right, please contact data protection officer Lotte Ronan at email@example.com.
- Right to object: You have the right to object against processing of your personal data, even if this processing follows the legislation. An objection must contain significant arguments for why Önling should stop the data processing. Should you wish to exert this right, please contact data protection officer Lotte Ronan at firstname.lastname@example.org.
- Right to restrict processing: You have the right to demand that your personal data is only processed in accordance with the legislation, and that processing is suspended until the accuracy of data has been confirmed. Should you wish to exert this right, please contact data protection officer Lotte Ronan at email@example.com.
- Right to withdraw consent: You have the right to withdraw consent at any time, if you have given consent to one or more categories of data processing. Should you wish to exert this right, please contact data protection officer Lotte Ronan at firstname.lastname@example.org.
In Denmark the supervisory authority for data protection legislation is the Danish Data Protection Agency (Datatilsynet). If you wish to complain about Önling’s processing of your personal data, you therefore have the right to lodge a complaint with the Danish Data Protection Agency. Please note that a requirement from the Agency for processing your complaint, is that you have first contacted the organization you are raising a complaint against to hear their explanation of the case. If you wish to lodge a complaint about Önling, you should therefore first contact data protection officer Lotte Ronan at email@example.com.
Önling does not utilize personal data for profiling or any form of automated decision making.
Click here for general instructions on how to avoid receiving cookies and deleting the cookies stored on your hard drive.
What is a cookie?
A cookie is a small text file that is stored in your browser and recognized by the site on subsequent visits allowing the site to send personalized information to your browser. A cookie can contain text, numbers or, for example a date, but no personal information is stored in a cookie. It is not a program and it can not contain viruses.
For how long do we store cookies?
The cookies sent to you from this website will be stored for a maximum of 24 months from the last time you visited the site. Every time you visit our website, the period is extended. The cookies in question are therefore kept for a maximum of 24 months from your last visit to our website.
How are cookies used on our websites?
What Cookies do we use any why?
Our Önling website is build on the Shopify platform, which uses a series of Cookies:
Cookies Necessary for the Functioning of the Store:
|_ab||Used in connection with access to admin.|
|_orig_referrer||Used in connection with shopping cart.|
|_secure_session_id||Used in connection with navigation through a storefront.|
|Cart||Used in connection with shopping cart.|
|cart_sig||Used in connection with checkout.|
|cart_ts||Used in connection with checkout.|
|checkout_token||Used in connection with checkout.|
|Secret||Used in connection with checkout.|
|Secure_customer_sig||Used in connection with customer login.|
|storefront_digest||Used in connection with customer login.|
Reporting and Analytics
|_landing_page||Track landing pages.|
|_orig_referrer||Track landing pages.|
|_shopify_sa_p||Shopify analytics relating to marketing & referrals.|
|_shopify_sa_t||Shopify analytics relating to marketing & referrals.|
|tracked_start_checkout||Shopify analytics relating to checkout.|