Latest update: 2022-05-25
2.1 Dustin AB, with corporate registration number 556237-8785 and postal address P.O. Box 1194, SE-131 27 Nacka, Sweden (referred to in this policy as “Dustin”), is the controller in relation to the processing of your personal data when Dustin offers and markets our goods and services, and in relation to your other contacts with Dustin, such as visits in our web shop or support matters via email or phone. As a controller, Dustin is responsible for making sure that your data is handled in a correct and secure way pursuant to applicable legislation.
2.2 Dustin has a shared IT infrastructure with some affiliated companies within the Dustin Group. All business transactions with our customers, as well as any personal data and databases related thereto, that is being processed in this infrastructure are managed and directly owned by Dustin. Dustin thus has the controlling influence over your personal data and ensures control and safe processing of your personal data through agreements with the affiliated group companies.
Dustin collects and processes the following categories of personal data about you as a customer and potential customers when you complete a purchase and use our services, and when we market and sell our goods and services.
4.1 Dustin collects your personal data directly from you when you place an order, visit Dustin's website, attend our events, click on links in our digital marketing that has been sent to you, communicate with our customer service or contact Dustin and in any other way and provide information about yourself. Personal data is collected on these occasions to enable you to enter into agreement with Dustin and enable Dustin to offer its goods and services to you.
4.2 If you have a Dustin account, Dustin also collects personal data about you when you register for the account and during the period when you are an account holder, e.g. your purchase history, your behavior on Dustin's website, your customer options to receive marketing communication and which special offers you have shown interest in by visiting our web shop and reading or clicking on links in our digital send-outs.
4.3 In addition to the information that Dustin collects directly from you, we may also collect personal data about you from someone else, i.e. third parties. We obtain information from public registers through third-party services for updating addresses, to make sure that Dustin have correct contact details to you. We obtain information about your creditworthiness from credit agencies, public records or banks. In addition, we obtain information for marketing purposes from social media.
Dustin collects and processes personal data about you for various purposes. These purposes set the limit for our use of your personal data. Below, we explain the purposes of our processing and provide examples of processing activities that may take place under each purpose. Kindly note that some of your personal data may be processed for multiple purposes.
a) To manage orders and purchases
Processing of personal data for this purpose includes activities to identify you, send order confirmations, assess which payment methods we can offer you (based on contact details, goods ordered, payment history and financial information) and manage payment transactions for ordered goods and services, deliver orders, send delivery notifications and handle complaints and warranty matters for purchased goods and services.
Our collection and processing of personal data to manage your orders and purchases is required to fulfill our obligations pursuant to Dustin's general terms of sale. If the necessary data is not provided, we cannot fulfill our obligations, so we may cancel your order or purchase.
b) To provide and manage Dustin accounts
We process personal data for this purpose to, for example, provide you access to log in to the account, verify your identity, create your personal pages, maintain correct contact details, manage your settings for marketing communication and personalized offers, facilitate your shopping in our web shop by means of pre-entered data and saved digital shopping baskets, facilitate your handling of cases and complaints, and allow you to monitor your order and payment history.
Read more about registering for a Dustin account in the Terms and Conditions for the Dustin Account. Our collection and processing of personal data to provide and manage your Dustin account is required to fulfill our obligations pursuant to the Terms and Conditions for the Dustin Account. If the necessary data is not provided, we cannot fulfill our obligations so we may decline your registration or terminate the Dustin account.
c) To provide personalized information and offers and a personal experience of our web shop to you with a Dustin account
We at Dustin want you to have the best possible experience when you visit our website and when we communicate with you. Therefore, we process personal data for this purpose in order to improve your user experience as to create, offer and provide you with personalized content in our communication and marketing via mail, email, social media, text message/MMS and phone with tailored offers, recommendations, invitations to events and other information that we believe is relevant to you, and to remind you of any abandoned digital shopping cart. To enable this, analyses are carried out on the data collected by Dustin, e.g. age, place of residence, order history and user-generated data.
Read more about how we personalize our offers and communication to your personal aspects and how you can decline personalized offers in the Terms and Conditions for the Dustin Account.Our collection of personal data for this purpose is required to fulfill our obligations pursuant to these terms and conditions. If the necessary data is not provided, we cannot fulfill our obligations, so we will restrict discounts and other benefits associated with your account.
d) To provide personalized information and offers and a personal experience when we communicate with you who do not have a Dustin account but have signed up for an event, competition and/or other marketing activities
At Dustin, we want you to have the best possible experience when you visit our website and when we communicate with you. Therefore, we process personal data for this purpose in order to improve your user experience as to create, offer and provide you with personalized content in our communication and marketing via mail, email, social media, text message/MMS and phone with tailored offers, recommendations, invitations to events and other information that we believe is relevant to you. To enable this, analyses are carried out on the data collected by Dustin, e.g. age, place of residence, order history and user-generated data.
Read more about how we personalize our offers and communication to your personal aspects and how you can decline personalized offers here. Our collection of personal data for this purpose is based on your consent. The consent can be withdrawn at any time by contacting us at [email protected].
e) To market and provide other information about goods and services
We process personal data for this purpose to market and inform you about goods, services and offers from the Dustin Group via mail, email, social media, text message/MMS and phone, as well as to present recommended goods and services, remind you about abandoned digital shopping cart and to invite you to events, competitions and market/customer satisfaction surveys.
If you have a Dustin account, you can find out more about our marketing communication in the Terms and Conditions for the Dustin Account.
f) To coordinate and administrate participation in events, competitions and other marketing activities
Processing of personal data for this purpose includes measures to, for example, identify attendants, communicate with competition participants as well as elect winners and deliver prizes, verify participants' age, and communicate with attendants before and after an event (e.g. confirmation of registration, reminders and evaluations). Note that information about your participation in any event is included in the category of usergenerated data, which is processed for other purposes.
g) To manage matters for Dustin's customer service or other support functions
Processing of personal data for this purpose includes Dustin's activities to, for example, communicate, verify customer's identity, investigate complaints and other support matters, reply to questions received by customer service or other support functions via email, phone or digital channels, rectify incorrect data, provide technical support and attend to the customer relationship.
h) To fulfill legal obligations required of the Dustin Group
Personal data is processed for this purpose in order for the Dustin Group to fulfill legal obligations pursuant to laws and regulations, court judgements, and governmental decisions. Examples of such obligations include product liability and product safety, such as communication and information about product alerts and product recalls (e.g. in the event of defects or products that are harmful to your health) and archiving requirements under applicable Accounting Act. If the necessary data that Dustin collects for this purpose is not provided, we cannot fulfill our legal obligations, so we may cancel your order, purchase or other activity that gives rise to our legal obligations.
i) To counter misuse of Dustin's accounts and to prevent and investigate suspicion of theft and fraud as well as to establish, exercise or defend legal claims.
Personal data is processed for this purpose to, for example, avoid improper use of Dustin accounts and prevent and investigate suspicions of theft and fraud. So, we have video surveillance in our physical stores. We also perform fraud screenings when you place an order on the invoice where we analyze the ordered goods, delivery address, value of the goods, etc. Typical fraud behavior is flagged and followed up by manual assessment to investigate and evaluate any risk of attempted fraud. Suspicion of crime and attempted crime may be reported to the police.
j) To evaluate, develop and improve Dustin Group's services, goods and systems for our customers in general.
Processing of personal data for this purpose includes activities to, for example, make our web shop and other services more user-friendly, develop or highlight digital functions, improve our customer offering (e.g. development of goods and services), produce data to improve the flows of goods and logistics (e.g. to forecast purchases, stock and deliveries), develop and improve the company's product range and resource efficiency, improve our IT systems, generate statistics for market and customer analyses, business follow-up and business and method development related to orders and purchases, automatic archiving of behavior that may need to be examined for security reasons, and provide customers with the opportunity to influence Dustin's product range. To fulfill this purpose, Dustin also performs general analyses in aggregated form, i.e. not at individual level, relating to, for example, click and visit behavior, device information, order history, geographical location and feedback from individual customers.
For Dustin to lawfully collect and process your data, we must have a legal basis for each purpose for which the data is processed. The legal bases for our processing purposes are described in this section. Kindly note that several legal bases may be applicable to the same processing activity.
a) Legal obligation
This basis signifies that our processing is necessary for compliance with a legal obligation that is required of Dustin, for example to record payment details in order to fulfill the legal obligations under applicable Accounting Act.
b) Contractual obligations
This basis represents that our processing is necessary for either the performance of a contract to which you as a customer is party or to take steps prior to entering into a contract at a later stage. If you have a Dustin account, you have entered into a contract with Dustin by accepting the Terms and Conditions for the Dustin Account, with sets the limits for our processing of your personal data to provide, manage and administrate our services associated with the Dustin account, e.g. analysis of your personal aspects to provide personalized offers. When placing an order or making a purchase, we process your data to fulfill obligations in accordance with Dustin's general terms and conditions of sale. It may then be necessary for Dustin to, for example, register your contact details so that we can fulfill our obligation to deliver the goods or services, and request a credit valuation report if you choose invoice as a payment method so we can confirm your creditworthiness.
c) Legitimate interests
This basis express that our processing is based on a so-called balancing of legitimate interests, meaning that the processing is necessary based on our assessment that Dustin has a legitimate interest in processing your personal data which is not overridden by your interest not to have your personal data processed. On this basis, we process your personal data to, for example, avoid improper use of any Dustin account and to avoid, prevent and investigate crime in our business operations. If we believe that a crime or an attempted crime has been committed and we submit a report to the police, Dustin will also continue to process your personal data to establish, exercise or defend legal claims.
This legal ground means that we process your personal data when you have given us your consent to our processing. For example Dustin obtains your explicit consent prior to processing personal data regarding allergies when ordering food to an event. You have the right to withdrawal of your consent. A withdrawal of consent does not interfere with the lawfulness of processing your personal data with your consent prior to the withdrawal.
7.1 Dustin will store your personal data for as long as necessary to fulfill the purposes for which the data is being processed. So, the retention period depends on the purpose for which the data is being processed. Dustin may also store data for a longer period if it is necessary to establish, exercise or defend a legal claim, e.g. if there is an on-going dispute or a crime has been reported to the police. We perform regular disposals and erase personal data that is no longer necessary to process.
7.2 Dustin stores personal data related with your Dustin account for as long as you are active by interacting with Dustin in various ways. If you have been inactive for a certain period, the Dustin account will be automatically terminated and the personal data we have collected and processed to provide the Dustin account and the services associated with the account will be erased. Read out more about this and how we define inactive customers in the Terms and Conditions for the Dustin Account.
8.1 Dustin may share your data with other companies to provide you with our offers, goods and services. The recipients of your personal data may be either processors to Dustin, i.e. companies that process your data on our behalf and in accordance with our instructions, or independent controllers, i.e. companies that are independently responsible for the processing of your data as they have a direct relation with you as a customer, for example Klarna.
8.2 Dustin may also share your data with governmental authorities if necessary to comply with laws, regulations or governmental decision, or for Dustin to establish, exercise or defend legal claims.
8.3 Depending on how you have interacted with Dustin, e.g. whether you are a Dustin account holder or if you receive marketing communication, Dustin may share your personal data to the following recipients:
8.4 If you place an order with or make a purchase from Dustin, we may also share your personal data to the following recipients to manage your order and purchase based on our contractual obligations towards you as the legal basis:
Dustin will primarily process your data within the EU/EEA. But we may also transfer your personal data to a country outside the EU/EEA if we need to share your data with Dustin's suppliers or business partners that are outside or store personal data in a country outside the EU/EEA. If your personal data is transferred to a country outside the EU/EEA, Dustin will take the necessary measures in order to transfer the personal data legally by ensure that your personal data is processed securely and with an adequate level of protection that is comparable with the protection offered within the EU/EEA, for example by creating an agreement with the recipient that includes the EU Commission's standard contract clauses.
10.1 Dustin is responsible for ensuring that your personal data is processed in accordance with current legislation. This section describes your rights associated with our processing of your personal data. At your request or on our own initiative we will rectify, anonymize, erase or supplement data that is discovered to be incorrect, incomplete or misleading. If you have any questions about this or wish to exercise a right, please contact us via the contact details at the end of this policy.
a) Right to access your personal data
At Dustin, we hope to be open about how we process your personal data. If you would like an insight into our processing of data about you, you have the right to request information about the processing activity, including a copy of your personal data being processed, what is referred to as a register extract. This includes information about purpose, categories of personal data, categories of recipients of personal data, storage period or criteria for how the storage period is defined, information about where data has been collected from and the existence of automated decision-making, including information about the logic behind and the significance of the processing activity. Please note that when there is a request for access, we may ask for additional data about you to ensure that we are disclosing the data to the correct person and to clarify which data you wish to access. The register extract is free of charge, although in the event of repeated requests Dustin has the right to charge an administrative fee of SEK 100.
b) Right to rectification of your personal data
It is very important to Dustin to collect accurate and updated personal data. If we have collected incorrect personal data from you, you have the right to request that it be rectified. You also have the right to supplement any incomplete personal data, e.g. if we have the correct street address but do not have the house number. At your request, we will rectify the incorrect or incomplete data we are processing about you as quickly as possible.
c) Right to erase your personal data
We respect that the personal data we are processing has been borrowed from you. You therefore have the right to request that Dustin erase your personal data if the data has been processed in an illegal way, must be erased to fulfill a legal obligation to which Dustin is subject, is no longer necessary for the purposes for which it has been processed or when you object to a balancing of legitimate interest performed by Dustin and there is no legitimate interest for Dustin or a third party that carries great weight (see section f) below for information about the right to object). We are, however, not always able to approve your request as there may be reasons that give us the right to process data, e.g. if the personal data is being processed to fulfill a legal obligation as the legal basis, such as a requirement of the applicable Accounting Act, or if the data is necessary to establish, exercise or defend legal claims.
d) Right to data portability
You have the right to a copy of your personal data in a structured format and in certain cases to have the data transferred to another controller. This right, however, only relates to data that you yourself submitted to Dustin and that we are processing with the support of your consent or a contractual obligation towards you as legal basis.
e) Right to restriction of processing
You have the right to request that our processing of your personal data be restricted in certain situations, which means that the data may only be processed for certain purposes. You can, for example, request a restriction of incorrect data when you have requested rectification. During the period when Dustin is investigating the correctness of the data, the processing of it will be restricted. In case of restriction of processing, personal data should only be processed, except for storage, when the following applies:
f) Right to object to a certain kind of processing
When Dustin processes your personal data based on a balancing of legitimate interest as legal basis or for direct marketing, you have the right to object to our processing activity. An objection to Dustin's balancing of interest can be submitted when you have personal reasons that relate to the situation. In the event of such an objection, Dustin assesses whether our legitimate reasons for processing that carry more weight than your interest in protecting your privacy. If this is the case, Dustin may continue to process your personal data even though you have objected to the processing activity.
You can submit an objection to direct marketing and analyses performed for direct marketing purposes without having to state a reason. You control this yourself through the settings on My Pages within your Dustin Account, where you select whether you want to receive marketing communication and personalized offers. You are also given the opportunity to decline marketing in every single digital mailing. If you object to direct marketing, we will cease with the processing of your personal data for that purpose as well as all kinds of direct marketing measures such as sending newsletters and special offers. If you only decline personalized offers, marketing communication to you will be general, as we find it difficult to assess which kind of marketing is relevant for you if we are unable to analyze your personal characteristics. Find out more about how we adapt our special offers and communication according to your personal characteristics and how you can object to such processing under the Terms and Conditions for the Dustin Account.
If you believe that we are processing your personal data in an incorrect way, you are welcome to contact us. Our contact details can be found at the end of this policy. You also have the right to submit any complaints regarding the processing of your personal data to Tietosuojavaltuutetun Toimisto, which is the supervisory authority responsible for the processing of personal data in Finland.
You should always feel safe when you provide us with your personal data. Therefore, Dustin has taken appropriate technical and organizational security measures in order to protect your personal data against unlawful or accidental disclosure, use, access, destruction, alteration or harm to your personal data. For example, all customer data is stored in a database protected by firewall and access control so only employees within the Dustin Group who need access to your personal data to perform specific tasks have such access.
Below is a table of our personal data processing activities in order to provide you with a clear overview of which personal data categories we process for our various purposes, the legal basis on which our processing is based and how long we retain the data. That way, you can easily see which processing activities we carry out and why we do so.
|Purpose||Legal basis||Categories of personal data||Retention time|
|To manage your orders and purchases||Contractual obligations pursuant to Dustin's general terms of sale||Up to five years after your order has been paid for and delivered, or as long as a defective product reclamation has not been solved. If the warranty for purchased goods or services is longer, after that period has expired or as long as a warranty claim is present|
|To provide and manage your Dustin account||Contractual obligations pursuant to the Terms and Conditions of the Dustin Account||For as long as you have a Dustin account or, as long as a legal claim is present|
|To provide personalized information and offers and a personal experience of our web shop if you have a Dustin account||Contractual obligations pursuant to the Terms and Conditions of the Dustin Account||For as long as you have a Dustin account or, as long as a legal claim is present|
|To provide personalized information and offers and a personal experience when we communicate with you who do not have a Dustin account but have signed up for an event, competition and/or other marketing activities||Consent||Up to two years after you last interacted with us|
|To market and provide other information about goods and services||Legitimate interest||Two years after you last clicked on a link in our communication or, as long as a legal claim is present|
|To coordinate and administrate participation in events, competitions and other marketing activities||Legitimate interest |
Consent (regarding food allergies)
|One year after the end of the event or the competition or, as long as a legal claim is present.|
|To manage matters for customer service and other support functions||Contractual obligations pursuant to the Terms and Conditions of the Dustin Account if you are an account holder |
Legitimate interest if you are not a Dustin account holder
|Up to five years after the last contact in the matter or as long as a defective product reclamation has not been solved. If the warranty period for the purchased goods or services to which the matter relates is longer than five years, after the warranty period has expired or, as long as a warranty claim is present.|
Recordings of phone calls to customer service and other support functions are deleted after 20 days
|To fulfill legal obligations such as requirements related to accounting, product liability and the protection of your personal data in our systems||Legal obligation||For as long as we are obliged to save the data in accordance with applicable law or governmental decision or, as long as a legal claim is present.|
|To counter misuse of Dustin's accounts and to prevent and investigate suspicion of theft and fraud as well as to establish, exercise or defend legal claims||Legitimate interest||For the period during which necessary checks are carried out. If processing results in a report to the police, the data will be saved for as long as is necessary to pursue the report and to confirm, defend or submit a legal claim.|
Video surveillance recordings from our stores are deleted after 8 weeks
|To evaluate, develop and improve Dustin Group's goods, services and systems for our customers in general||Legitimate interest||For as long as you have a Dustin account, if you are an account holder.|
Five years after you last interacted with Dustin, if you are not a Dustin account holder, e.g. visited our website, logged in to a previous Dustin account or clicked on a link in our communication to you, or as long as a legal claim is present
To provide personalized information and offers and a personal experience when we communicate with you who do not have a Dustin account but have signed up for an event, competition and/or other marketing activities.
We at Dustin want you to have the best possible experience when you visit our website and when we communicate with you. Therefore, we process personal data for this purpose in order to improve your user experience as to create, offer and provide you with personalized content in our communication and marketing via mail, email, text message/MMS and phone with tailored offers, recommendations, invitations to events and other information that we believe is relevant to you. To enable this, analyses are carried out on the data collected by Dustin, e.g. age, place of residence, order history and usergenerated data.
When you consent to the above processing you provide us with your postal address, email address and telephone number. These contact details are used by Dustin to provide you with offers and other marketing about similar products and services. We usually provide our offers via e-mail, letters, SMS/MMS and telephone. Sometimes we also communicate through digital advertising on external websites.
When you have given your consent to this processing you get individual customized communication with personalized offers, news, product recommendations, invitations to events and benefits linked to you. By customizing our offers and other communication to you in accordance with your information and how you use our website, we ensure that you receive relevant information that is interesting to you. In addition, we provide you with a personalized experience of our website.
Dustin is entitled to give different benefits and offers to different people. This means that Dustin is not obligated to give the same benefits and offers to everyone. Different offers can, for example, be given to people who live within a certain geographical area.
In order to be able to customize our benefits, offers and communication to you, it is necessary for Dustin to perform analyses at segment, individual or aggregated level based on information we collect about you, for instance, place of residence, how you use our web, which of our products, services and offers you have been interested in by visiting various web pages and parts of pages, how you interacted with our marketing communication by opening e-mails and clicking on links, which events you signed up for and participated in, as well as results from customer satisfaction surveys or market research. Our insights from the analyzes is the basis for our communication with you and the information and offers presented to you on our website. Through such analyses we also avoid sending you information that you could perceive as unnecessary or uninteresting. Insights from our analyzes may also be used for business development purposes such as decisions about which products to purchase or adjustments to improve our websites.
You can at any time contact us at [email protected] to decline personalized offers and communication customized to your information, preferences and behaviors. In addition, you can object to our marketing services at each individual mailing.