- 1. Categories of personal data and processing purposes
You may use our website or app without providing any personal data about you. In this case, Essity will collect only the following metadata that result from your usage:
Referral page, data and time of access, data volume transmitted, status of transmission, type of web browser, IP-address, operating system and interface, language and version of browser software.
Your IP-address will be used to enable your access to our website or app. Once the IP-address is no longer necessary for this purpose, we will shorten your IP-address by removing the last octet of your IP-address. The metadata, including the shortened IP-address will be used to improve the quality and services of our website or app by analyzing the usage behavior of our users.
If you create an account on/in our website or app, you may be asked to provide personal data about you, for example: Name, postal address, email address, selected password, telephone number, bank account details, credit card details, invoicing and delivery address, interests in certain products/services (voluntary), request to receive marketing emails (voluntary). Essity processes such personal data for purposes of providing our services to you, to provide you with marketing materials to the extent permitted by applicable law, and to analyze your interests for marketing purposes.
If you order a product via our website or app, Essity collects and processes the following personal data about you: Your account data, type and amount of product, purchase price, order date, order status, product returns, customer care requests. Essity processes such personal data for purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing and exercising legal claims, and tailored marketing.
If you participate in a sweepstake, Essity collects and processes the following personal data about you: Name, postal address, email address, date of entry, selection as winner, prize, answer to quiz. Essity processes such personal data for purposes of carrying out the sweepstake, informing the winner, delivering the price to the winner, carrying out the event, and marketing.
Health Data: If you order some products, Essity may collect and process also information about your health conditions as implied by product order. Health data are sensitive data within the meaning of the GDPR and Essity is taking all necessary steps to protect such sensitive data as legally required. Subject to your consent, Essity collects and processes your health data solely for the purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing and exercising legal claims, and tailored marketing.
- 2. Third Parties
- Transfer to service providers
Essity may engage external service providers, who act as a data processor of Essity, to provide certain services to Essity, such as website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data.
We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.
- Other recipients
Essity may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties being involve in the merger or acquisition.
- International transfers of Personal Data
The Personal Data that we collect or receive about you may be transferred to and processed by recipients which are located inside or outside the European Economic Area ("EEA"). The countries include those listed at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm which provide an adequate level of data protection from a European data protection law perspective. Other recipients might be located in other countries which do not adduce an adequate level of protection from a European data protection law perspective. Essity will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of the such appropriate safeguards by contacting us as set out in Sec. 7 (Contact us) below.
- Legal basis for the processing
We may carry out the processing of your personal data on the following legal basis:
- You have given your consent to the processing of your data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract;
- The processing is necessary for compliance with a legal obligation to which we are subject to;
- The processing is necessary to protect your vital interests of you or of another natural person;
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data, in particular if you are a child;
- Other applicable legal basis for data processing, especially provisions set out by member state law;
We may carry out the processing of your sensitive personal data on the following legal basis:
- You have given your explicit consent to the processing of your sensitive personal data for one or more specific purposes;
- The processing is necessary for the purposes of carrying out the obligations and exercising specific rights of Essity or of the data subject in the field of employment and social security and social protection law;
- The processing relates to personal data which are manifestly made public by the data subject;
- The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
The provision of your personal data is required by a statutory or contractual obligation, or necessary to enter into a contract with us or to receive our services/products as requested by you, or simply voluntary for you.
Not providing your personal data may result in disadvantages for you, e.g. you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
- 4. What rights do you have and how can you assert your rights?
If you have declared your consent regarding certain collecting, processing and use of your personal data, you can revoke this consent at any time with future effect. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.
Pursuant to the applicable data protection law you have the right (i) to request access to your personal data, (ii) to request rectification of your personal data, (iii) to request erasure of your personal data, (iv) to request restriction of processing of your personal data, (v) to request data portability, (vi) to object to the processing of your personal Data (including objection to profiling), and (vii) to object to automated decision making (including profiling).
To exercise your rights please contact us as stated under Sec. 7 (Contact us) below.
In case of complaints you also have the right to lodge a complaint with the competent data protection supervisory authority.
- 5. Cookies and other tracking technologies
|Cookie||Purpose||Type||Life Span||First or third party|
|.ASPXANONYMOUS||This cookie is used by sites using the .NET technology platform from Microsoft. It enables the site to maintain an anonymous user-id to track unique users within a session without them logging in or otherwise identifying themselves||Necessary||2 months||First party|
|ApplicationGatewayAffinity||The cookie-based session affinity feature is useful when you want to keep a user session on the same server. By using gateway-managed cookies, the Application Gateway can direct subsequent traffic from a user session to the same server for processing||Necessary||Session cookie||First party|
|ASP.NET_SessionId||General purpose platform session cookie, used by sites written with Miscrosoft .NET based technologies. Usually used to maintain an anonymised user session by the server.||Necessary||Session cookie||First party|
|_ga||This cookie name is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.||Necessary||2 years||Third Party|
|_gid||This cookie name is asssociated with Google Universal Analytics. It appears to store and update a unique value for each page visited.||Necessary||24 hours||Third Party|
|_gcl_au||Used by Google AdSense for experimenting with advertisement efficiency across websites using their services||Necessary||3 months||Third Party|
|_gat_UA-1251424-6||This is a pattern type cookie set by Google Analytics, where the pattern of the name contains the unique identity number of the account or website that it applies to. It appears to be a variation of _gat cookie used to limit the amount of data recorded by Google on high traffic websites.
The main purpose of this cookie is performance.
|Necessary||1 min||Third Party|
|_gat_UA-1251424-41||This is a pattern type cookie set by Google Analytics, where the pattern of the name contains the unique identity number of the account or website that it applies to. It appears to be a variation of _gat cookie used to limit the amount of data recorded by Google on high traffic websites.
The main purpose of this cookie is performance.
|Necessary||1 min||Third Party|
Used to store user's criteria related to forum or Product selection
|Functional||10 years||First party|
- How long do we keep your Personal Data?
Your personal data will be retained as long as necessary to provide you with the services and products requested. Once our relationship has come to an end, we will either delete your personal data or anonymize your personal data, unless statutory retention requirements apply (such as for taxation purposes). We may retain your contact details and interests in our products or services for a long period of time if Essity is allowed to send you marketing materials. Also, we may be required by applicable law to retain certain of your personal data for a period of 10 years after the relevant taxation year. We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
- 7. Contact us
Essity Hygiene and Health AB
431 31 Mölndal
The contact details of our data protection officer are as follows: E-mail: email@example.com.