Privacy Policy

Your privacy is important to us at Indigofera Prima Jeans because also by that we can provide better service for you. That’s why we’ve created this privacy policy to explain Indigofera Prima Jeans’s information collection and use practices in connection with the site. You’re bound to the Privacy Policy, too: it’s part of the Agreement, and by using our service you agree that you have read it, that you understand it, and that you will comply with it.

About GDPR in General

GDPR stands for General Data Protection Regulation and is a new data protection regulation from the EU that will become law in all EU Member States on 25 May 2018. The GDPR will replace the current Personal Data Act (PDA). The Act is intended to protect individuals’ privacy and to modernise, harmonise and reinforce protection within the EU.

Each EU Member State has a supervisory authority that will monitor this. In Sweden this authority is the Privacy Protection Authority, formerly the Data Protection Authority. On their website there is more information and help that you can read to find out what you need to do.

Analytics

For tracking website visits, we use Google Analytics and Jetpack Analytics tool. Google Analytics tracking data is stored for 26 months. Read more about how Google Analytics analyze your data and see their privacy policies here and here.

Cookies

Analysis cookies collect anonymous information on how our services are used, e.g. which pages are popular, if you receive an error message anywhere or which kind of device is used. For example, third party cookies for Google Analytics.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

How you can control our use of Cookies

Go to your browser or device settings to learn more about how to adjust the settings for cookies. For example, you can choose to block all cookies, accept only first party cookies or delete cookies when you close your web browser.

Note that some of our services may not work if you block or delete cookies.

Who we are

Indigofera Prima Jeans is a clothing brand owned by The Denim Grocery, Stockholm AB. 

Personal Data Controller

The Personal Data Controller (PDC) is the party that under the law has the ultimate responsibility for data processing and decides the purpose and the means of this. The Personal Data Controller must ensure compliance with the law, must inform those persons whose personal data is being processed and must ensure regulatory compliance by the Personal Data Processor. We are the Personal Data Controller for all processing of personal data about you as a customer or user when you use Indigofera Prima Jeans’s services or, for example, contact us. What we do, or do not do, with your personal data is described here in our Privacy Policy.

What Personal Data We Collect And Why We Collect It

We don’t collect any Personal Data from Visitors or Users when they use this site, unless they provide such information voluntarily, for example, by e-mailing directly to us.

Access to Personal Data

Only those at Indigofera Prima Jeans who need access to the Personal Data to perform their work tasks are processing the Personal Data. Those people have entered into confidentiality agreements.

Subscriptions To E-mail List

When you have subscribed to our e-mail list you have agreed to receive information from us about our shop updates, such as product offers and more. At any time, you can remove yourself  from the e-mail list and your e-mail information will be removed from our servers.

Marketing Permissions

Indigofera Prima Jeans will use the information you provide by joining our e-mail list in the e-mail subscription form to be in touch with you and to provide updates and marketing.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email list mail you receive from us, or by contacting us at Indigofera Prima Jeans. We will treat your information with respect. By joining our e-mail list, you agree that we may process your information in accordance with these terms.

Mailchimp GDPR

We use MailChimp as our marketing automation platform. By joining our e-mail list, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

Personal Data Processor

In certain cases personal data will be processed by external parties acting as the Personal Data Processor for Indigofera Prima Jeans. The Personal Data Processor (PDP) will process personal data on behalf of Indigofera Prima Jeans and will be responsible for the technical and organisational security measures.

How Long We Retain Your Data

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We retain that data indefinitely.

What Rights You Have Over Your Data

  • Right to access your data
    You can request to receive an extract containing the data that we have about you. The extract will be sent free of charge in one copy on one occasion per year.
  • Right of rectification.
    You have the right to have rectified any wrong or incomplete information about yourself.
  • Right to be forgotten
    You have the right to request the removal of your personal data when the purpose of the processing is no longer current. The removal cannot be revoked/recreated and once the removal is complete, no person can be associated with the user account any longer. However, there may be legal obligations for Indigofera Prima Jeans and The Denim Grocery AB which prevent the immediate deletion of your personal data or parts of it. These obligations stem from accounting and tax legislation, but also from consumer rights legislation. In such a case, only the personal data that we are required to save in order to fulfil such legal obligations will be saved.

If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Also, if you want to request us to collect your personal data in an exported file more than in one copy per year, we will apply an extra fee minimum of 100€ per data collection request.

Right to Access Personal Data

You have the right to obtain from Indigofera Prima Jeans confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data.

You have the right to obtain from Indigofera Prima Jeans the erasure of Personal Data concerning you and Indigofera Prima Jeans has the obligation to erase Personal Data when the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed or you have withdrawn consent on which the processing is based.

Restriction of Processing

You have the right to obtain from Indigofera Prima Jeans restriction of processing if you have a particular reason for wanting the restriction. This may be if you have issues with the content of the information we hold or how we have processed your personal data. It can also be the case when Indigofera Prima Jeans no longer needs the Personal Data.

Who We Collaborate With To Be Able To Provide Our Services For You

We use MailChimp as our marketing automation platform to send e-mails. By joining our e-mail list, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and TermsMailchimp GDPR.

Our site webhotel is provided by Fsdata (https://fsdata.se/).

Our site has been built by Juxtalab Creative Solutions (juxtalab.com), and they have admin privileges of this site in order to provide scheduled maintenance updates to keep this site running smoothly. They have agreed into confidentiality agreements and only approved staff have access to the platform.

About our site

Our site is build on top of WordPress, read more about their privacy policy here. WordPress does not share any personal data with anyone. 

Below you can read more about the tools we have in use on our site.

Jetpack Plugin Personal Data Information

Jetpack is a plugin built by Automattic.

Activity Log

This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type.

Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.

Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).

Data Synced (?): Successful and failed login attempts, which will include the actor’s IP address and user agent.

Notifications

This feature is only accessible to registered users of the site who are logged in to WordPress.com.

Data Used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.

Activity Tracked: Sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.

Protect

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

WordPress.com Secure Sign On

This feature is only accessible to registered users of the site with WordPress.com accounts.

Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.

Data Synced (?): The user ID and role of any user who successfully signed in via this feature.

WordPress.com Stats

Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honored.

WordPress.com Toolbar

This feature is only accessible to registered users of the site who are also logged in to WordPress.com.

Data Used: Gravatar image URL of the logged-in user in order to display it in the toolbar and the WordPress.com user ID of the logged-in user. Additionally, for activity tracking (detailed below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: Click actions within the toolbar.

Additional information

How we protect your data

We make sure to protect your data the best we can and your data is stored only in highly protected places. We have many different data protection procedures in place, such as:

  • Only approved staff have access to the platform
  • Backups are done at predetermined intervals.
  • Ensuring about the latest updates, for example, for the cms, the store platform and plugins
  • Protecting personal data by employing techniques such as access restrictions, encryption, pseudonymization, backups, data minimization, and regular testing of all these techniques.

In which countries will processing of your personal data occur?

Your personal data will be processed within the EU/EEA.

What data breach procedures we have in place

We have multiple data breach procedures in place, such as:

  • Notifying the appropriate supervisory authority no more than 72 hours after of becoming aware of a breach of users’ personal data, including the number of users whose data was exposed, the nature of the breach, and what actions are being taken to mitigate its effects.
  • Communicating this information to the impacted users, especially if the data breach exposed any of their unencrypted personal data.
  • Considering the needs of any law enforcement investigations before publicly announcing the breach.

Additional Notes and Contact

If you have any extra questions, please contact us at:

Indigofera Prima Jeans
Ekhagsvägen 4
114 18 Stockholm
Tel/Fax +46 (0) 8 678 01 05

or our site designer, Juxtalab at: gdpr@juxtalab.com