PERSONAL DATA PROTECTION POLICY
In this Personal Data Protection Policy (hereinafter referred to as “Policy” or “this Policy”) we explain how we, the Husse Franchise Network (as defined in the Husse Franchise Network Personal Data Sharing Agreement (hereinafter referred to as “Data Sharing Agreement”); hereinafter referred to as “Husse Network”), collect and process your Personal Data, the legal basis and purpose of processing, with whom we share your Personal Data, how we protect it, and the choices you can make about, and the rights you can exercise in relation to, your Personal Data.
This policy only applies to the processing of Personal Data when the processing activities are carried out under the conditions set out in the Data Sharing Agreement, i.e. when your Personal Data is being shared and processed between Husse Network Members as part of a unified database.
In addition to this Policy, the processing of your Personal Data may be governed (and/or explained) by the Husse Network members’ own policies or other legal documents, which shall be made available to you on Husse Network members’ websites and/or in other forms.
In addition to this Policy, all Husse Network members obliged themselves to be compliant with their national data protection laws, at all times.
The words in capitalized letters in this Policy shall have the meaning ascribed to them in this Policy or in the Data Sharing Agreement.
1. THE HUSSE NETWORK MEMBERS RESPONSIBLE FOR THE PROCESING OF YOUR PERSONAL DATA AND THEIR CONTACT DETAILS
1. Trademark Service LE AB 556621-8102
114 56 Stockholm, Sweden
(hereinafter referred to as “Husse”)
2. Your Master Franchisee
3. You can receive information and contact details of other Husse Network members (not listed under 1. and 2. above) having access to your Personal Data by entering your ZIP code into the web form available here.
Both Husse and other Husse Network members having access to your Personal Data shall act as controllers of your Personal Data.
2. THE CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)
Husse has designated a Data Protection Officer (hereinafter referred to as “DPO”) to act on behalf of all Husse Network members, when those members process and deal with Personal Data under the Data Sharing Agreement. You may contact the DPO if your Personal Data is being processed by any Husse Network member in accordance with the terms stipulated in the Data Sharing Agreement.
The contact details of the DPO:
Name: JK Group d.o.o.
Address: Stegne 27, 1000 Ljubljana, Slovenia
Telephone number: +386 590 91 794 (available between 9.00 and 17.00, CET)
The DPO can be addressed in English language.
You can receive information and contact details of other Husse Network members’ DPOs (provided such DPO has been designated) by entering your ZIP code into the web form available here.
3. WHICH TYPES OF PERSONAL DATA IS BEING COLLECTED AND PROCESSED BY HUSSE NETWORK MEMBERS
The following Personal Data shall be shared and jointly controlled by the Husse Network Members:
A. Basic information and contact data:
- Full Name
- Street Address
- Postal Code
- History of past orders and list of ordered items, together with:
- Customer Order comment
- Payment information, depending on the payment processor
- Shipping information
- Shipping full name
- Shipping address
- Your activity on the Husse websites (website, wishlist, product comparison, shopping cart).
B. In some cases, if you have provided the data, the following Personal Data shall also be processed by Husse Network members:
- Owner of Pet Dog/Cat/Horse (not mandatory)
- Date of Birth
- Product Reviews
- Product Tags.
In addition to the Personal Data listed in the first two Paragraphs of this Article 3, Husse enables the Husse Network members to store and process in the database additional (personal) data. The provisions of this Policy shall also apply to such data. However, Husse only provides the storage and software to access and process such data and has no own interest in such data. Husse assumes no liability for the Husse Network Members’ collection, processing and storing of such data. Husse Network Members’ processing of such data must at all times be compliant with personal data protection laws in the Husse Network Member's respective Territory.
You can get additional information on the processing described in the previous Paragraph of this Article 3, by contacting the DPO or Husse Network Member in your Territory (you can receive information and contact details of by entering your ZIP code into the web form available here).
4. LEGAL GROUNDS FOR PROCESSING OF PERSONAL DATA
Your Personal Data to which this Policy applies shall only be processed as far as:
- the processing is necessary for the performance of a contract between you and Husse Network or in order to take steps at your request prior to entering into a contract; this applies to Personal Data listed under point A of the first Paragraph of Article 3, unless stated otherwise hereunder;
- the processing is required by law; this applies to Personal Data listed under point A of the first Paragraph of Article 3, unless stated otherwise hereunder
- with such processing, Husse Network pursue a legitimate interest that is not outbalanced by your privacy rights; this applies to Personal Data under the “Your activity” line of point A of the first Paragraph of Article 3;
- you have given us your consent for the processing; this applies to Personal Data listed under point B of the first Paragraph of Article 3. For the avoidance of doubt, you will always have the right to withdraw your consent at any time.
In any case, each Husse Network member is obliged to processes your Personal Data fairly and lawfully, in accordance with the Data Sharing Agreement.
5. THE PURPOSES OF PROCESSING OF PERSONAL DATA
The purpose of processing the Personal Data listed under point A of the first Paragraph of Article 3 (except the Personal listed under the “Your activity” line of point A of the first Paragraph of Article 3) shall be:
- the execution of an order you have placed with Husse Network;
- the issuing of invoices for goods you have purchased;
- delivery of purchased goods to the stated address;
- communication with you relating to placed orders, delivery, returns and payments;
- handling of warranty and/or product liability claims and requests, including before courts or other bodies;
The purpose of processing the Personal Data listed under the “Your activity” line of point A of the first Paragraph of Article 3) and under the line of point B of the first Paragraph of Article 3 shall be:
- statistical analysis of your use of Husse Network Members’ websites
- helping Husse Network better understand your needs and expectations related to Husse Network Members’ websites and to the goods Husse Network offers;
- measuring of your satisfaction, questioning and polling
6. WHO SHALL HAVE ACCESS TO YOUR PERSONAL DATA AND UNDER WHAT CONDITIONS
Husse shall at all times have access to, and be able to process any Personal Data to which this Policy applies.
Only Master Franchisees in your respective Territory shall have access to, and be able to process, your Personal Data.
Only Franchisees, Distributors, VDIs and Affiliates in your respective Territory shall have access to, and be able to process, your Personal Data
Each of the entities listed in previous Paragraphs of this Article 6 shall only be able to process your Personal Data on a strict need-to-know basis.
In any case, Husse shall have no access to Master Franchisees’ own software applications and databases (not provided by Husse), such as, but not limited to, CRM or sales applications, and the Personal Data processed therein. The processing of such data shall fall outside of the scope of this Policy.
7. HOW LONG SHALL YOUR PERSONAL DATA BE STORED AND WHAT HAPPENS AFTERWARDS
Your Personal Data shall be stored only for as long as necessary to carry out the purpose of processing.
The Personal Data listed under point A of the first Paragraph of Article 3 (except the Personal listed under the “Your activity” line of point A of the first Paragraph of Article 3) shall be stored according to Husse Network members’ respective requirements concerning the statute of limitations periods in their respective Territories. As a rule, the Personal Data shall be stored until the expiry of such statute of limitations periods. Some Personal Data may be stored for a period required by the law (e.g. the Personal Data printed on issued invoices).
Any member losing its Husse Network member status shall be obliged to stop processing and storing, and to return to Husse Network, all Personal Data without undue delay, and to permanently and efficiently delete or destroy any copies thereof, and make sure the same is done by such member’s personal data processors, and such member shall be automatically blocked access to the unified database.
Notwithstanding the provisions of the previous Paragraph, the Husse Network member losing their status may retain Personal Data in accordance with any statutory retention periods applicable in their respective territory or for the purpose of contacting you or communicating with you concerning their legal or contractual obligations (e.g. warranty or product liability).
8. PERSONAL DATA TRANSFERS BETWEEN MEMBERS; PROCESSORS
Upon losing the Husse Network Member status, your Personal Data previously processed by such member shall be transferred to a new Husse Network Member in your respective Territory.
You shall be notified of the transfer of your Personal Data from the first Paragraph, which shall be done through the Husse Website and/or on first contact between the new Husse Network member and you, and/or in digital format (e.g. email, notification on new Husse Network Member’s website), and/or in paper on the occasion of door-to-door delivery. You shall be given a fair and real opportunity to opt out of such transfer of your Personal Data to the new Husse Network member.
Husse employs the following Personal Data processors who shall have access to the Personal Data:
- a company maintaining and supporting the unified database;
- a company providing for web (server) hosting;
Other Husse Network members may employ their own Personal Data processors. Such transfers fall out of the scope of this Policy. Please consult Husse Network member in your Territory.
Transfers or disclosures of Personal Data between the Husse Network members shall only be made by using appropriate technical methods and procedures aimed at protecting the Personal Data from loss, unwanted alteration or unauthorised disclosure or processing.
9. YOUR RIGHTS CONCERNING THE PROCESSING OF YOUR PERSONAL DATA
You can address any questions or requests concerning the processing of Personal Data under the Data Sharing Agreement:
- to Husse or to Husse Network DPO; or
- to any other Husse Network member.
You shall have the following rights:
- The right to ask at any time for:
- confirmation of whether any of your Personal Data is being processed;
- access to the Personal Data and the following information: the purpose of the processing; the type of personal data; the users or categories of users to whom personal information has been or will be disclosed, in particular users in third countries or in international organizations; the predicted period of storing of personal data, or if this cannot be determined, the criteria for determining this period; the existence of automated decision-making, including the modeling of profiles and reasons for it, as well as the reason and predicted consequences of such processing for you;
- one free copy of the Personal Data in a form to be determined by you (if the request is provided by electronic means of communication and you do not request otherwise, the copy shall be provided in an electronic form); for any additional copies requested by you, you may be charged a reasonable commission, considering the costs;
- correction of inaccurate personal data;
- restriction of processing, when:
- you dispute the accuracy of Personal Data, for a period necessary to verify the accuracy of Personal Data;
- the processing is illegal and you oppose the erasure of Personal Data and, instead, you request a restriction on their use;
- Personal Data is no longer needed for processing purposes, but is needed by you for the enforcement, implementation or defense of legal claims;
- the erasure of all Personal Data (the right to be forgotten), provided that the conditions set out in Article 17 of the General Data Protection Regulation are fulfilled and, in particular, when you revoke consent for the use of Personal Data;
- to receive a copy of Personal Data in a commonly used and machine-readable format, with the right to transmit those Personal Data to another controller;
- the termination of the use of Personal Data for the purposes of direct marketing, including the creation of profiles;
- that you are not subject to a decision based solely on automated processing, including the creation of profiles with legal consequences for you, or if it affects you in a similar way, if the conditions laid down in Article 22 of the General Data Protection Regulation are fulfilled;
Any Personal Data stored in the unified database can and shall, if necessary, only be anonymised, not deleted.