Privacy policy

Seconds by Mai's Privacy Policy

Last updated: December 18, 2023

Why and for whom?

At Second Hand Helper AB reg. no. (559352-5628) ("Seconds by Mai," "we," "us," "our"), we care about personal privacy. This means that we respect and value your privacy and your right to control and transparency when processing your Personal Data.

This Privacy Policy ("Policy") applies to the processing for which Seconds by Mai is the Data Controller. The Policy provides an overview of the purposes for which we need your Personal Data, the legal basis we rely on, and the measures we take to protect personal information. We also inform you about how to exercise your rights related to our processing of your Personal Data.

The Policy informs about our handling of Personal Data when you communicate with us, use the Service, or visit our website secondsbymai.com (collectively, "Features").

This policy is addressed to:

  • Users of the Service
  • Potential customers

Definitions

  • "Processing" of Personal Data includes any action that can be taken with Personal Data, such as storage, modification, reading, transfer, etc.
  • "Applicable law" is the legislation applicable to the processing of Personal Data, including the General Data Protection Regulation (GDPR), supplementary national legislation, and the practices, guidelines, and recommendations issued by a national or European supervisory authority.
  • "Personal Data" refers to all types of information that can be linked to an identifiable, living person.
  • "Data Controller" is the company/organization that determines the purposes and means of processing Personal Data and is responsible for ensuring that Personal Data is processed in accordance with Applicable law.
  • "Data Processor" is the company/organization that processes Personal Data on behalf of the Data Controller and may only process Personal Data in accordance with the Data Controller's instructions and Applicable law.
  • "Data Subject" means the living, physical person whose Personal Data is processed.
  • "Service" means the website and associated features we provide for selling goods to individuals on the second-hand market.

Seconds by Mai's Data Controller Responsibility

The information in this Policy covers the Processing of Personal Data for which Seconds by Mai is the Data Controller, i.e., the Processing for which we determine the purpose (why a processing is done) and the means (how, what Personal Data, how long, etc.). The Policy does not describe how we process Personal Data as a Data Processor – that is, when we process Personal Data on behalf of our users.

We provide a service to sell goods to individuals, pick up the item when sold, and make payments, and we operate an e-commerce platform for the sale of second-hand clothes and collect necessary Personal Data to facilitate transactions and enhance user experience. The Personal Data we collect is necessary to pick up the item at the user's home address and pay the user when the item is sold.

Seconds by Mai's Processing of Personal Data

We have a responsibility to describe and show how we meet the requirements when processing your Personal Data. This section aims to give you an understanding of the types of Personal Data we process about you and for what purposes.

How long do we save your Personal Data?

We save your Personal Data for as long as necessary for the purpose for which they were collected. Depending on the legal basis we rely on, this may a) follow from a contract, b) depend on valid consent, c) be based on legislation, or d) follow from an internal assessment based on a balancing of interests.

We never save your Personal Data longer than necessary and regularly purge Personal Data. Seconds by Mai also takes reasonable measures to keep the processed Personal Data current and to delete outdated and otherwise incorrect or unnecessary Personal Data.

Processing

The main purpose of the processing of Personal Data we perform is to provide, perform, and improve our services to you. There are several reasons why we may need to collect, process, and store your information.

We mainly process the following Personal Data:

  • Contact and identification information to confirm your identity, verify your information, and communicate with you.
  • Address to ship the item.

 

How do we access your Personal Data?

We access your Personal Data when you provide it to us through the Service.

Legal grounds

For us to process your Personal Data, there must be a legal basis for each processing. In our business, we primarily process your Personal Data on the following grounds:

  • Contract - Processing is necessary for us to fulfill obligations in a contract between us or to prepare for entering into a contract with the Data Subject.

If you want additional information about which legal ground(s) we process your Personal Data, you always have the right to request a so-called register extract. Read more under "How to use your rights" below.

Your rights

You are the one who decides about your Personal Data. We always strive to ensure that you can exercise your rights as effectively and smoothly as possible.

  • Access - You have the right to receive information about the Personal Data Processing related to you in a so-called register extract. The register extract shows, among other things, which of your Personal Data we have stored and for what purposes and on what legal basis. We only provide information if we have been able to ensure that it is indeed you who is requesting the information.

  • Correction - If you find that the Personal Data we process about you is incorrect, please contact us, and we will fix it!

  • Deletion - Do you want us to forget you completely? You have the right to request the deletion of your Personal Data when they are no longer necessary for the purpose for which they were collected. If we are obligated to keep your information according to the law or an agreement we have entered into with you, we will ensure that they are only processed for the specific purpose stated by the law or agreement. After that, we make sure the information is deleted as soon as possible.

  • Objection - Do you disagree that our interest in processing your Personal Data outweighs your interest in protecting personal privacy? No worries – in that case, we review our balancing of interests and ensure that it still holds. We, of course, take your objection into account when making a new assessment to evaluate if we can still justify our Processing of your Personal Data. If you object to direct marketing, we will remove your Personal Data immediately without reviewing our assessment.

  • Restriction - You can also ask us to limit our Processing of your information:

    • During the time we handle a request from you for any of your other rights.
    • If you, instead of requesting deletion, want us to mark that the information should not be processed for a certain purpose. For example, if you do not want us to send you advertising in the future, we still need to save your name to know not to contact you.
    • In cases where we no longer need the information for the purpose for which it was collected, provided that you have no interest in us keeping the information to assert a legal claim.

  • Data Portability - We can provide you with the data you have given us or that we have received from you when we entered into an agreement with you. You get your data in a commonly used and machine-readable format that you can then take to another Data Controller.

  • Withdraw Consent - If you have consented to one or more specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to stop the Processing immediately. Note that you can only withdraw your consent for future Processing(s) of Personal Data and not for any Processing that has already occurred.

How to use your rights

Contact us at info@maiapp.se, and we will assist you.

Transfer of Personal Data To conduct our business, we may need the assistance of others who process Personal Data on our behalf, known as Data Processors.

In cases where our Data Processors transfer Personal Data to a country outside the EU/EEA, we have ensured that the processing is legal according to Applicable Law by meeting one of the following requirements:

There is a decision from the EU Commission stating that the country ensures an adequate level of protection; Application of the EU Commission's standard contractual clauses for third-country transfers; or Other appropriate safeguards that comply with Applicable Law. We have entered into data processing agreements (DPA) with all our Data Processors. The DPA regulates how the Data Processor may process Personal Data and what security measures are required for the processing of Personal Data.

We may also need to disclose your Personal Data to certain designated authorities to fulfill obligations under the law or official decisions.

Our Data Processors Seconds by Mai does not sell your personal information to anyone, and we certainly do not disclose your personal information to just anyone. However, in some cases, we may share your Personal Data with selected third parties. If this happens, we ensure that the transfer is done securely while preserving your privacy. Below are categories of recipients with whom we may share your data.

Logistics providers to deliver your goods. To carry out our assignments and services, we store your information in our business systems. Payment providers for payments. To carry out our assignments and services, we store your information in our business systems. Security Seconds by Mai has taken technical and organizational measures to ensure that your personal information is processed securely and protected from loss, misuse, and unauthorized or unlawful access.

Our security measures

Organizational security measures are measures implemented in work methods and routines within the organization. Our organizational security measures include:

  • Internal governance documents (policies/instructions)
  • Information Security Policy
Technical security measures are measures implemented through technical solutions. Our technical security measures include:
  • Encryption Access log
  • Firewall Backup
  • Regular control of security levels
  • Two-factor authentication
  • VPN
Cookies
Mai uses cookies to, among other things, analyze how features are used so that we can provide you with the best possible user experience.

 

If we don't keep our promises

If you feel that we are processing your Personal Data incorrectly, even after you have brought it to our attention, you always have the right to submit your complaint to the Swedish Data Protection Authority.

For more information about our obligations and your rights, visit the Swedish Data Protection Authority's website (https://www.imy.se/). You can also contact the authority at imy@imy.se.

Changes to this policy

We reserve the right to make changes to this Policy. In cases where the change affects our obligations or your rights, we will inform you of the changes in advance so that you have the opportunity to consider the updated policy.

Contact

Get in touch with us if you have questions about your rights or if you have any other questions about how we process your personal information:

info@maiapp.se