PERSONAL DATA POLICY
At KFI Spa Management AB we process your personal information with care. We therefore welcome the new General Data Protection Regulation (GDPR) which comes into force in Sweden and the rest of the EU on May 25, 2018.
The regulation deals with every individual’s right to his or her personal data, integrity and how this is to be protected. In order to meet our legal obligations, we have drawn up a privacy policy and procedures for this purpose. These procedures make it possible for those who communicate with us, our employees, and our partners, to exercise their rights.
Company scope
In all communication with customers, suppliers, other stakeholders and co-workers we want to be clear and specific regarding how their personal data (PD) is used. Therefore we:
• inform about use and purpose
• respect and protect the PD we received
• inform about the individual's right to:
- give and withdraw consent
- request registry extracts
- object to the use of PD
- request corrections and deletions of PD
- request transfer of PD to another controller
• only saves save PD to meet legal requirements and as long as required in time,
• only use PD for other purposes with the consent of the concerned person
• may transfer PD for to third parties in order to fulfill our commitments
• supervise our processing of PD
It is a commitment for management and all personnel to process personal data in accordance with our policies and current regulation.
Terms and conditions for retailers
This privacy policy is directed to you as a retailer to KFI Spa Management AB and Kerstin Florian’s products and concept. Our processing of personal data complies with the EU data regulation (GDPR) which comes into force on May 25, 2018.
Personal data means any information relating to an identified or identifiable individual where an identifiable individual is one who can be identified, directly or indirectly, with an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. See the applicable legislation for more definitions.
The information is collected in specific registers. It may concern names, personal identity numbers, postal addresses, telephone numbers, electronic addresses, delivery, payment and purchase information, address-based profiling and data based on use of digital services.
The information is used by us for marketing, delivery of products, as a basis for statistics, product development, invoicing and advertisements and offers to your company.
Personal data may (in order to fulfill our commitments to you as a client) be shared with partners with whom we have a personal data assistant agreement and with authorities if requested pursuant to law or to an official decision.
Personal data are deleted after a business relationship has ended. The registered individual may also request rectification / erasure of inaccurate personal data or may ask to receive information about any personal data we have stored about him or her. Such requests are to be made in writing according to practice.
To protect the data, we take appropriate physical, technical and organisational security measures for the processing and transfer of personal data, including appropriate security measures to protect such information from accidental or unlawful destruction, accidental loss, incorrect use, amendment, unauthorised dissemination or access and all other unlawful forms of processing.
For further information and requests for information about our processing of personal data please contact our GDPR representative Helena Carlsson, helena.carlsson@kerstinflorian.se.
For orders via our online store
What kind of information do we collect and why?
In connection with your registration and order, you give your consent to us storing and using your data in our activities in order to facilitate the processing and delivery of your order.
When you complete your order, you provide information about yourself such as
- name
- personal identity number
- address
- e-mail address
- telephone number
We need this data in order to be able to deliver the products you have ordered to the requested address, to contact you regarding your order and to access your purchase history, all so as to make your purchase experience as good as possible.
For payments through our online store, we use Klarna Checkout, which means that Klarna Bank AB receives some of the personal data you provide when you pay at check-out. You can read more about how they process your personal data in their privacy policy.
Storage of data
The data you provide us with are normally stored for a maximum period of three years after an order has been completed. In accordance with the Swedish Bookkeeping Act (1999:1078), we store the data required for processing of invoices for up to 7 years after an order has been completed.
Your rights
You have the right, free of charge and once a year, following a written request to us, to receive the information we have registered about you. If it is inaccurate or irrelevant, you can request that the data are rectified or erased. To do so, you should contact us by e-mail at info@kerstinflorian.se
How do we process the data?
The data are processed by KFI Spa Management AB in Sweden. The data is also transferred to third parties in order to fulfill promised obligations of delivery and order handling, such as warehouse and shipping companies.
If you consider that our processing of personal data has been mismanaged, you can contact the Swedish Data Protection Authority. However, if you have any questions about our processing of personal data you are very welcome to contact us directly first. You can reach us at gdpr@kerstinflorian.se, +46 8 534 88 500.
Read our Terms & Conditions here »
Registering with our pool of therapists
When you register with our pool of therapists, KFI Spa Management AB stores and processes the following personal data:
- address
- email address
- phone number
- diplomas for completed training
- CV and covering letter
This data is required in order to provide spas and salons which are looking to employ staff with easy access to your work experience and contact information. Data is retained in our register until you ask us to delete it.
The information is collected by KFI Spa Management AB as data controller. We share your personal data only with those spas and salons which are currently retailers of Kerstin Florian products in the Nordic region. These may then be granted access to your CV, covering letter, name, phone number and address for as long as you are registered with our therapists pool.
You have the right to revoke your consent at any time. This is done by sending an email to terapeutpool@kerstinflorian.se. Please note, however, that revocation of your consent does not affect the lawfulness of the processing prior to consent being revoked.
You also have the right to request information about the personal data we process and to request rectification, transfer, erasure or restriction of your personal data. To request any of the above, please contact us at GDPR@kerstinflorian.se. If you believe that your personal data is being processed inappropriately, you have the right to lodge a complaint with the supervisory authority, the Swedish Data Protection Authority.
By registering in our therapist pool, you consent to:
- KFI reserves the right to remove therapists from the therapist pool
- KFI is not responsible for the availability of work
- KFI has nothing to do with employment terms; they are negotiated between the individual therapist & the spa/salon.
- I consent to provide KFI Spa Management with my data.
- I consent to KFI posting my data on KFI's support pages. This consists of the information about myself that I entered on my application. The retailers must log in with their username and password to see this information.
- KFI Spa Management will save my data and add any completed and approved training courses to the data on my page
- If I am hired at a salon/spa and am no longer available for assignments, I will inform KFI so they can remove me from the pool.
- If any of my contact information changes (e.g. address or phone number) I will inform KFI by e-mail (terapeutpool@kerstinflorian.se)
Retailers consent to:
- Kerstin Florian is not responsible for the therapists, but only provides therapists with KF training and certified Massage Therapists.
- KFI has nothing to do with employment terms; they are negotiated between the individual therapist & the spa/salon.
Subscribing to our newsletter
In choosing to subscribe to our newsletter you submit personal details including:
- your name
- email address
This information is necessary in order to communicate with you more effectively when emailing you promotional material, providing you with relevant information about our company and products and sending you offers, tips and news.
How do we use the information?
We use your data only in order to email you information, review statistics relating to the reading of these emails and respond to you when you contact us.
Storage
We use Postman, a tool provided by Paloma In Sweden AB og Rule, to store data, create email newsletters and send information via email. This is the only place where your data is stored.
Your rights
You may unsubscribe from our newsletter at any time. This may be done by clicking on the unsubscribe link at the bottom of the newsletter or by sending an email to info@kerstinflorian.se. Your personal data will be deleted within three days of your subscription being terminated.
You have the right, upon written request and at no cost, to receive information about which of your personal data we hold. You also have the right to have your data either corrected or deleted from our email newsletter register.
Handling
Data is handled by KFI Spa Management AB only.
Participating in training and courses
When you sign up for any of our courses, KFI Spa Management AB stores and processes the following personal data:
- name
- personal identity number
- address
- email address
- phone number
This data is required in order to:
- ascertain whether you have the experience and training required to participate in the course;
- send you information about the course;
- contact you in the event of the course being cancelled;
- prepare course material;
- draw up certificates or diplomas upon completion of the course;
- debit course fees; and
- respond to you when you contact us.
Photos may be taken during some courses for use on our social media channels. On such occasions you may always choose not to participate. Your consent will be requested in the classroom before any photos are taken.
Handling
Information is collected and handled exclusively by KFI Spa Management AB as data controller. Data is not shared with third parties.
Storage
Data is stored for up to a year after course completion. This means that we can neither provide proof of your participation in a course nor replace lost certificates or diplomas for more than a year after course completion.
Your rights
You have the right to request information about the personal data we process and to request rectification, transfer, erasure or restriction of your personal data. To request any of the above, please contact us at GDPR@kerstinflorian.se. If you believe that your personal data is being processed inappropriately, you have the right to lodge a complaint with the supervisory authority, the Swedish Data Protection Authority.
KFI Spa Management AB
Org. Nr: 556648-9471
Artillerigatan 42, 114 45 Stockholm
+46 8 534 88 500
GDPR@kerstinflorian.se
Last updated: 20180524