Blueair EU and UK Privacy Notice
Last Updated Date: 2023
Unless otherwise defined in this Privacy Notice (this “Notice”), all terms defined in the Privacy Policy and all other terms defined in the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the GDPR as incorporated into United Kingdom (“UK”) law by virtue of section 3 of the UK’s European Union (Withdrawal) Act 2018 (“UK GDPR”) and the Data Protection Act 2018, each as may be amended from time to time, retain the same meaning when used in this Notice.
SCOPE
This Notice supplements the information contained in our Privacy Policy and applies solely to individual residents of the European Union (“EU”) and the UK (“consumers” or “you”), including:
· Users of our services and products
· Our account holders
· Our website users
· Our app users
· Applicants for vacancies at Blueair
This Notice describes how Blueair (“Blueair”, “we”, “us” or “our”) collects, uses, discloses and otherwise processes your personal data, either online or offline, within the scope of the GDPR or UK GDPR, as applicable.
We are the controller of the personal data collected. This means we determine how and why to process your personal data.
When we use the term “personal data” in this Notice, we mean data that directly or indirectly identifies a specific individual.
For the purposes of this Notice, personal data does not include information that has been anonymized.
Recipients of Personal Data and Types of Personal Data we collect
As described further in the “How We Share Your Personal Information” section of the Privacy Policy, we share personal data internally among the Unilever Group of companies and brands and with our service providers and contractors that help us operate our Platform and business. We may also share personal information with a variety of third parties, including for marketing purposes; if we are subject to certain corporate transactions or reorganizations; with third parties to comply with law or to protect our rights or the rights and safety of others; or for purposes for which you have consented.
Third Party Disclosures
For purposes of this Notice, when we use the term “third party” we mean entities that are not service providers or contractors providing services on behalf of Unilever and that are not entities with whom you interact with directly.
We may share your personal data with the following third parties. This is to enable us to perform the contract entered into between you and us, where you are purchasing our Products or Services, or for the purposes of our legitimate business interests, as specified below.
· Third party service providers that provide services for us that involve data processing, in order to fulfil our legitimate business interests, including:
o to enable us to respond to an enquiry or other request you make, including processing returns and complaints or communicating via the automated chat bot on the website in order to answer general customer questions.
o for accounting management and finance.
o to maintain the endpoints for our internal web tools.
o to improve the design and implementation of our Services.
o to calculate sales tax and tax exemptions for business to consumer sales.
o to power the reviews function on our website.
o for legal compliance.
We will only provide your personal data to third party service providers for marketing purposes where you have expressly given your consent. You may withdraw this consent at any time.
· Payment providers. We share your personal data with payment providers, such as PayPal and Klarna, to fulfil your orders for our Products or Services.
Processing Legal Bases
The table below supplements the section of Privacy Policy “Types of Personal Information We Collect” by informing you of the legal bases that we reply upon when processing your personal data. We may also process your personal data as necessary for us to comply with our legal obligations, quality control, product safety, analysis for risk management, audits, investigations, and reporting, to maintain records and audit interactions and taxation.
Sources of Personal Data
As described in the “How We Collect Your Personal Information” section of the Privacy Policy, we collect personal information directly from you when you provide it to us, automatically using cookies and other tracking technologies, from the categories of third parties listed in that section and by combining personal data we may otherwise obtain.
Purposes for Collecting Personal Data
We collect, process, share or disclose personal information about you for the business and commercial purposes further described in the “How We Use Your Personal Information” section of the Privacy Policy.
Retention of Personal Data
The period for which we retain your personal information varies, depending on the type of personal data and the purpose for which it was collected. The duration is limited to time necessary to fulfill the purposes for which the information was collected, in light of any restrictions or deletions you might request, as well as our need to address our legal and regulatory obligations or rights. If we collect your personal data for marketing purposes, we will retain this until you unsubscribe to receiving such marketing communications.
We will actively review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business, or consumer need for it to be retained. For example, for personal data processed by one of our payment providers, Adyen, the transaction data (including amount paid and payment method) is retained for seven years and is then automatically deleted. We will dispose of your personal data in a secure manner upon your request.
International Data Transfers
Your personal data will be stored on servers located in the EU. Your personal data may be transferred to countries outside of the UK and EU, including Japan, India and the US, for the purposes described in this Policy, for example in order to provide support services. Where we do transfer personal data internationally, we have implemented appropriate safeguards to protect your personal data when it is transferred, for example the standard contractual clauses of the European Commission (EU) and Information Commissioner’s Office (UK). Please contact us using the details below if you would like more information about these safeguards.
Security Measures
Blueair takes the security of your personal data very seriously. We take every effort to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure.
Our measures include implementing appropriate access controls, investing in the latest information security capabilities to protect the IT environments we leverage, and ensuring we encrypt, pseudonymise and anonymise personal data wherever possible.
Access to your personal data is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third-parties.
YOUR PRIVACY RIGHTS
Where we process your personal data, you may be able to exercise the following rights in relation to the personal data about you that we have collected (subject to certain limitations at law):
HOW TO EXERCISE YOUR PRIVACY RIGHTS
To exercise any of your rights in connection with your personal data, please submit a request by filling out our EU privacy rights request form. We request that you provide us with additional information so that we can to verify your identity. We will only use the personal information provided in connection with a Privacy Rights Request to review and comply with the request. If you do not provide this information, we may not be able to verify or complete your request in all circumstances
In certain circumstances, we may decline a request to exercise the rights described above, in accordance with applicable law.
To Exercise Your Right to Object to Using Personal Data for Marketing Purposes
Where you have expressly consented, we may provide you with marketing-related information (such as newsletters). We may also use your personal data to send you marketing-related information where it is linked to the service we are providing to you or the service or product that you have made enquiries about.
You may unsubscribe from receiving such information at any time by clicking on the “unsubscribe” link at the bottom of each marketing communication, or by contacting us using the contact details below.
In addition, as is common practice among companies that operate online, we permit third party advertising networks, social media companies and other third party businesses to collect personal information directly from your browser or device through cookies or similar online tracking technologies when you visit or interact with our websites, use our apps or otherwise engage with us. For example, they may collect Internet/Network information, such as a cookie or device ID, browsing history and website usage, Geolocation Data, Commercial Information, and Inferences generated from your browsing history and interactions with our service as well as other sites and services. These third parties use this information for the purposes of serving ads that are more relevant, for ad campaign measurement and analytics, and for fraud detection and reporting. For more information on how these third parties collect and process your personal data, please refer to the relevant third party’s Privacy Notice. Please see the section entitled “Online Advertising and Third Party Tracking” in our Privacy Policy to learn how you may exercise your choice over this data collection for advertising purposes.
To find out further information on how to change your cookie settings please refer to our Cookie Notice. This information is only collected where you have consented to the use of cookies for advertising purposes.
Personal Data of Children Under Age 18
We understand the need to provide particular protection where we are collecting and processing the personal data of consumers we know to be less than 18 years of age.
Where we rely on consent as the legal basis for processing the personal data, only children aged 13 or over in the UK, or 16 or over in the EU, are able to provide their own consent. For children under 16, we will not process the personal data unless we receive the consent of the child’s parent or guardian. The parent or guardian can withdraw this consent at any time by contacting us using the contact details below.
We put age appropriate safeguards in place where required, for example we may verify your age in order to determine your eligibility for some of our products, services and promotions.
FINANCIAL INCENTIVES
From time to time, we may offer you certain financial incentives permitted by law (such as coupons, samples, and loyalty programs) in exchange for the collection, retention, or use of certain personal information about you. Each financial incentive related to the collection and use of personal information is based upon our reasonable, good-faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized by rewarding brand loyalty and repeat purchases. When you opt into a financial incentive, we will provide information about the specific terms of the financial incentive, such as the categories of personal information required to be disclosed, retained or shared, in exchange for the benefit you may receive. You can opt out of a financial incentive at any time by contacting us at blueair.com. When necessary, we will provide information about the specific terms of the financial incentive, such as the type of personal information required to be disclosed, retained or sold in exchange for the benefit you may receive, and instructions on how to opt in or opt out, on the webpage or form where the financial incentive is made available.
HOW TO CONTACT US
If you have any questions, comments or concerns with respect to our privacy practices or this Notice, or wish to update your information, please feel free to contact us at privacy@blueair.se. You may also write to us at the following address:
Blueair
Attn: Blueair Data Privacy and Compliance
Karlavägen 108
115 26 Stockholm
Sweden
Re: Blueair Privacy Policy
CHANGES IN NOTICE
From time to time, we may change our Notice. We will notify you of any material changes to our Notice as required by law. We will also post an updated copy of this Notice on our Platform. Please check our Platform periodically for updates. Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Notice without prior notice to reflect technological advancements, legal and regulatory changes and good business practices to the extent that it does not change the privacy practices as set out in this Privacy Notice. If you do not agree to the changes to this Privacy Notice, please contact us using the contact details above.