KABOOKI privacy policy

1. General

At KABOOKI A/S (hereinafter KABOOKI), who owns this website www.legowear.com (hereinafter LEGOwear.com) data protection and confidentiality is a high priority. In the following, you can read KABOOKI's privacy policy. The privacy policy sets out clear guidelines for how KABOOKI collects and uses your personal data.

The privacy policy applies to the personal data you provide us or we collect through our website LEGOwear.com.

If you might have any questions concerning the below guidelines about KABOOKI’s privacy policy, you may contact us on below contact details in section 2.

2. Data controller and contact details

KABOOKI is the data controller of your personal data.

KABOOKI’s contact details are:

KABOOKI A/S

LEGO Wear by KABOOKI
Rønnevej 1
7400 Herning
Company no.: 38235311
E-mail: info@kabooki.com
Phone: + 45 97216466 (weekdays from 9am – 3 pm CET)

3. How is your personal data collected, for which purposes and what is the legal basis for our processing of your personal data?

Your personal data is collected in one or several of below cases, and even though you use your email address in more than one of the above cases, your personal data will only be collected and registered in one place. In this way your information is already stored when you shop at us, and you will not receive the same marketing material from KABOOKI more than once.

3.1 – Your use of LEGOwear.com

Information about you and your use of LEGOwear.com is automatically collected when you visit our website. This information may include: your type of browser, the keywords you search for on LEGOwear.com, your IP address, your network location and information about your computer. Also KABOOKI’s cookie policy applies when you use LEGOwear.com.

The purpose of this is to: make and keep statistics and analytics of the traffic on LEGOwear.com, to optimize the function and the user experience of the website, to make direct marketing and retargeting through for instance Facebook and Google. To improve LEGOwear.com and to show you relevant offers this is necessary.

The legal basis of this processing is the General Data Protection Regulation (hereinafter GDPR) Art. 6.1.f.

3.2 – Your purchase at LEGOwear.com

We collect the information you actively provide us when making your purchase or when communicating with us regarding our products. This information may include: your name, address, mail, phone number, payment method, the products you purchase or possible return, your requests, complaints, delivery requests and finally the IP address you used when making your purchase on LEGOwear.com.

The purposes of this are: to delivery your order and by that fulfil our agreement with you, to administer your return right and possible warranty and to contact you if we have relevant information about the product you purchased. Other purposes are: to comply with relevant laws regarding bookkeeping, accounting and possible recall of products. The IP address is collected to handle our interest in preventing credit card fraud.

The legal basis of this processing is the GDPR Art. 6.1.b, 6.1.c and 6.1.f.

3.3 – Your sign up to our newsletter

We collect the information you actively provide us when signing up for our newsletter, and this may include your name, mail and possibly your phone number.

The purpose hereof is to fulfil our legitimate interest in sending our newsletter to you.

The legal basis of this processing is your consent and the GDPR Art. 6.1.a.

3.4 – Your visit on our SoMe pages

When you visit one of LEGO Wear’s Facebook or Instagram pages your personal data are being processed after their privacy and cookie policies.

In contrary if you contact us through our Facebook or Instagram page, or if you participate in one of our competitions on Facebook or Instagram, then KABOOKI will process information about your post or name.

The purposes hereof are: to respond to your message, to let you participate in the competition and to contact you if you are the winner.

The legal basis of this processing is to fulfil our legitimate interest in the purposes and the GDPR Art. 6.1.f.

4. Who receives your personal data?

4.1 - Payment information

When you are making your purchase online at LEGOwear.com and complete payment transactions, this is done through KABOOKI’s PCI (Payment Card Industry – Data Security Standard) certified business partner QuickPay. Therefore, your information is stored in a secure PCI certified environment that meets international security standards. It is only KABOOKI’s PCI certified business partner QuickPay – and not KABOOKI – that has access to your payment card information.

4.2 - Shipping information

Information needed for delivery of your purchase at LEGOwear.com is transferred to the shipping company used by KABOOKI. Typically this is PostNord in Denmark or DPD in other countries. This information may include your name, address, phone number, mail, order number and possible delivery request.

4.3 - Information to public authorities or the police

Under specific circumstances and with reference to legislation, it might be necessary to transfer information to public authorities or the police. For example, information may be disclosed to the police in case of suspicion of credit card fraud.

4.4 - Information to KABOOKI’s external business partners

Your personal data may be disclosed to external business partners of KABOOKI who deliver services on behalf of KABOOKI. These business partners are data processors, and they only process information on behalf of KABOOKI and in accordance with KABOOKI’s instructions, and they are not allowed to use the information for other purposes than fulfilling the agreement with KABOOKI and they are subject to confidentiality in regards of the information. By that KABOOKI is still the data controller of your personal data, and KABOOKI has entered into written data processor agreements with all data processors that process personal data on behalf of us.

Among other things we use our external business partners to: technical operation of systems, improvements of LEGOwear.com, despatch of our newsletters, direct marketing and retargeting.

4.5 - Information to third countries

Some of our external business partners, who process data on our behalf, are located in the US. This includes Google Analytics (Google LLC) and ActiveCampaign. Therefore, in some cases your personal data will be transferred to the US. The Commission has decided that the level of protection is sufficient in USA, when companies have acceded to the EU-U.S. Privacy Shield Framework according to GDPR Art. 45. As both business partners have acceded to the EU-U.S. Privacy Shield Framework, the necessary guarantees regarding transferring information to the US are ensured.

For more information about the Privacy Shield Framework, see the official website here.

See a copy of ActiveCampaign’s certification here.

See a copy of Google LLC’s certification here.

If we use other data processors who are located outside the EU, your data will only be transferred under compliance of the necessary transferring guarantees.

4.6 - Information in case of reorganization.

In case of reorganization or full or partial sale of the company, any disclosure in such connection will be in accordance with current legislation for the processing of personal data.

5. Your rights

As the data controller we here below inform you about your rights, as we wish to ensure fairness and openness in regards to our processing of your personal data.

5.1 – Your right to access

At any time you can request us to get access to, among other things: which of your personal data we have registered, for which purposes, which categories of receivers who will receive your personal data and information about from where we got your personal data. Furthermore, you have the right to get a copy of the personal data we process about you. If you wish to get a copy, please contact us. You can see our contact details in section 2. In such a case we will ask you to prove that you are the person you state to be. The right to access applies apart from specific statutory exceptions. 

5.2 – Your right to rectification

If the personal data we have collected about you have proved inadequate, you have the right to make us rectifying them. If you find our information about you inadequate please contact us so we can make rectification. In such a case we will ask you to prove that you are the person you state to be.

5.3 – Your right to deletion

In some cases you have the right to make us deleting, either all or specific, personal data about you. For example we will delete your personal data if you withdraw your consent and we afterwards can not continue the processing on a legal basis. If it according to the law is necessary to keep processing your personal data it will not be deleted. If you wish to withdraw your consent, please contact us. In such a case we will ask you to prove that you are the person you state to be. At any time you can unsubscribe from our newsletter by using the link below in the newsletter.

5.4 – Your right to restrict our processing to storage

In some cases you have the right to restrict our processing to storage only. For example if you do not think our information about you is correct.

5.5 – Your right to data portability

In some cases you have the right to get the personal data you have provided us transferred to another data controller than us. In such a case you may get a copy in a structured, common used and machine-readable format.

5.6 – Your right to object

At any time you have the right to object to our processing of your personal data in regards to direct marketing and the profiling we make with legal basis in our legitimate interest according to section 3.1 and 3.2 above. If you do not want us to use your personal data to direct marketing and profiling please delete your cookies. (Please see KABOOKI’s cookie policy if you do not know how to delete your cookies.)

5.7 – Your right to withdraw your consent

At any time you may withdraw the consent you actively have provided us. For example, it could be your consent to receive our newsletters. If you wish to withdraw your consent, please contact us. In such a case we will ask you to prove that you are the person you state to be. At any time you can unsubscribe from our newsletter by using the link below in the newsletter.

5.8 – Your right to complain

At any time you have the right to complain against our processing of your personal data. To lodge a complaint please contact us by email, telephone or letter as indicated in 2 above. You may also contact the Data Protection Agency directly via email dt@datatilsynet.dk or via phone +4533193200.

6. When do we delete personal data?

As a general rule we will delete your personal data when we no longer need to process it in relation to one or more of the purposes set out above in section 3.

Information collected about your use of LEGOwear.com according to section 3.1 will be deleted at the latest 1 year after you last time visited LEGOwear.com.

As a general rule information collected about you in connection with your purchase at LEGOwear.com according to section 3.2 will be deleted at the latest 3 years after the end of the calendar year you made your purchase in. In information can though be stored for longer if our legitimate needs entitle storage for longer. For example, if storage for longer time would be necessary for us to fulfil legal requirements or to decide on, to apply or to defend a legal claim.

Information about you as regarding your returns will be deleted after 5 years according to legislation regarding finance and bookkeeping.

Information you actively have provided us when signing up for our newsletter according to section 3.3 will be deleted when you withdraw your consent according to section 5.3 and 5.7, if we can not justify saving the information for longer.

Information stored in the historic of the Facebook page of LEGO Wear you are able to delete by yourself whenever you want.

Information KABOOKI processes about you after your participation in a competition on KABOOKI’s SoMe pages will be copied into KABOOKI’s own system, and this information will be deleted when the winner is drawn.

7. Your safety

We have implemented necessary security measures to ensure that your personal data will not be subject to any unauthorized use or knowledge, and to ensure that it is not changed, forfeited, destroyed or weakened.

Furthermore, your personal data is only being processed by employees who it is essential for to do their work. These employees are instructed in how to process your information in a responsible way.

8. Links to other websites etc.

Our website contains links to other websites or to integrated sites. We are not responsible for the content of other companies’ websites or for their practices regarding the collection of personal data. When you visit other websites, you should read the owners' policies on the protection of personal data and other relevant policies.

Our website also contains links to social media like Facebook, Instagram and AddThis, where our products etc. can be shared or sent to others. By clicking on these links, the sites collect your IP-address and register when you visited which site. To work correctly these sites probably also use cookies. The functions regarding social media are hosted either by third parties or directly on our website. When you use functions hosted by a third party your personal data is used by this third party along with the their privacy policy and their other policies.

9. Changes to KABOOKI’s privacy policy

Our privacy policy is continuously updated. At any time the existing and applying version will be the one at LEGOwear.com.

10. Versions

This is version 1.0 of KABOOKI’s privacy policy of November 20th 2019.

keyboard_arrow_up