2. Data controller and contact details
KABOOKI is the data controller of your personal data.
KABOOKI’s contact details are:
LEGO Wear by KABOOKI
Company no.: 38235311
Phone: + 45 97216466 (weekdays from 9am – 3 pm CET)
3. How is your personal data collected, for which purposes and what is the legal basis for our processing of your personal data?
Your personal data is collected in one or several of below cases, and even though you use your email address in more than one of the above cases, your personal data will only be collected and registered in one place. In this way your information is already stored when you shop at us, and you will not receive the same marketing material from KABOOKI more than once.
3.1 – Your use of LEGOwear.com
The purpose of this is to: make and keep statistics and analytics of the traffic on LEGOwear.com, to optimize the function and the user experience of the website, to make direct marketing and retargeting through for instance Facebook and Google. To improve LEGOwear.com and to show you relevant offers this is necessary.
The legal basis of this processing is the General Data Protection Regulation (hereinafter GDPR) Art. 6.1.f.
3.2 – Your purchase at LEGOwear.com
We collect the information you actively provide us when making your purchase or when communicating with us regarding our products. This information may include: your name, address, mail, phone number, payment method, the products you purchase or possible return, your requests, complaints, delivery requests and finally the IP address you used when making your purchase on LEGOwear.com.
The purposes of this are: to delivery your order and by that fulfil our agreement with you, to administer your return right and possible warranty and to contact you if we have relevant information about the product you purchased. Other purposes are: to comply with relevant laws regarding bookkeeping, accounting and possible recall of products. The IP address is collected to handle our interest in preventing credit card fraud.
The legal basis of this processing is the GDPR Art. 6.1.b, 6.1.c and 6.1.f.
3.3 – Your sign up to our newsletter
We collect the information you actively provide us when signing up for our newsletter, and this may include your name, mail and possibly your phone number.
The purpose hereof is to fulfil our legitimate interest in sending our newsletter to you.
The legal basis of this processing is your consent and the GDPR Art. 6.1.a.
3.4 – Your visit on our SoMe pages
When you visit one of LEGO Wear’s Facebook or Instagram pages your personal data are being processed after their privacy and cookie policies.
In contrary if you contact us through our Facebook or Instagram page, or if you participate in one of our competitions on Facebook or Instagram, then KABOOKI will process information about your post or name.
The purposes hereof are: to respond to your message, to let you participate in the competition and to contact you if you are the winner.
The legal basis of this processing is to fulfil our legitimate interest in the purposes and the GDPR Art. 6.1.f.
4. Who receives your personal data?
4.1 - Payment information
When you are making your purchase online at LEGOwear.com and complete payment transactions, this is done through KABOOKI’s PCI (Payment Card Industry – Data Security Standard) certified business partner QuickPay. Therefore, your information is stored in a secure PCI certified environment that meets international security standards. It is only KABOOKI’s PCI certified business partner QuickPay – and not KABOOKI – that has access to your payment card information.
4.2 - Shipping information
Information needed for delivery of your purchase at LEGOwear.com is transferred to the shipping company used by KABOOKI. Typically this is PostNord in Denmark or DPD in other countries. This information may include your name, address, phone number, mail, order number and possible delivery request.
4.3 - Information to public authorities or the police
Under specific circumstances and with reference to legislation, it might be necessary to transfer information to public authorities or the police. For example, information may be disclosed to the police in case of suspicion of credit card fraud.
4.4 - Information to KABOOKI’s external business partners
Your personal data may be disclosed to external business partners of KABOOKI who deliver services on behalf of KABOOKI. These business partners are data processors, and they only process information on behalf of KABOOKI and in accordance with KABOOKI’s instructions, and they are not allowed to use the information for other purposes than fulfilling the agreement with KABOOKI and they are subject to confidentiality in regards of the information. By that KABOOKI is still the data controller of your personal data, and KABOOKI has entered into written data processor agreements with all data processors that process personal data on behalf of us.
Among other things we use our external business partners to: technical operation of systems, improvements of LEGOwear.com, despatch of our newsletters, direct marketing and retargeting.
4.5 - Information to third countries
Some of our external business partners, who process data on our behalf, are located in the US. This includes Google Analytics (Google LLC) and ActiveCampaign. Therefore, in some cases your personal data will be transferred to the US. The Commission has decided that the level of protection is sufficient in USA, when companies have acceded to the EU-U.S. Privacy Shield Framework according to GDPR Art. 45. As both business partners have acceded to the EU-U.S. Privacy Shield Framework, the necessary guarantees regarding transferring information to the US are ensured.
For more information about the Privacy Shield Framework, see the official website here.
See a copy of ActiveCampaign’s certification here.
See a copy of Google LLC’s certification here.
If we use other data processors who are located outside the EU, your data will only be transferred under compliance of the necessary transferring guarantees.
4.6 - Information in case of reorganization.
In case of reorganization or full or partial sale of the company, any disclosure in such connection will be in accordance with current legislation for the processing of personal data.
5. Your rights
As the data controller we here below inform you about your rights, as we wish to ensure fairness and openness in regards to our processing of your personal data.
5.1 – Your right to access
At any time you can request us to get access to, among other things: which of your personal data we have registered, for which purposes, which categories of receivers who will receive your personal data and information about from where we got your personal data. Furthermore, you have the right to get a copy of the personal data we process about you. If you wish to get a copy, please contact us. You can see our contact details in section 2. In such a case we will ask you to prove that you are the person you state to be. The right to access applies apart from specific statutory exceptions.
5.2 – Your right to rectification
If the personal data we have collected about you have proved inadequate, you have the right to make us rectifying them. If you find our information about you inadequate please contact us so we can make rectification. In such a case we will ask you to prove that you are the person you state to be.
5.3 – Your right to deletion
In some cases you have the right to make us deleting, either all or specific, personal data about you. For example we will delete your personal data if you withdraw your consent and we afterwards can not continue the processing on a legal basis. If it according to the law is necessary to keep processing your personal data it will not be deleted. If you wish to withdraw your consent, please contact us. In such a case we will ask you to prove that you are the person you state to be. At any time you can unsubscribe from our newsletter by using the link below in the newsletter.
5.4 – Your right to restrict our processing to storage
In some cases you have the right to restrict our processing to storage only. For example if you do not think our information about you is correct.
5.5 – Your right to data portability
In some cases you have the right to get the personal data you have provided us transferred to another data controller than us. In such a case you may get a copy in a structured, common used and machine-readable format.
5.6 – Your right to object
5.7 – Your right to withdraw your consent
At any time you may withdraw the consent you actively have provided us. For example, it could be your consent to receive our newsletters. If you wish to withdraw your consent, please contact us. In such a case we will ask you to prove that you are the person you state to be. At any time you can unsubscribe from our newsletter by using the link below in the newsletter.
5.8 – Your right to complain
At any time you have the right to complain against our processing of your personal data. To lodge a complaint please contact us by email, telephone or letter as indicated in 2 above. You may also contact the Data Protection Agency directly via email firstname.lastname@example.org or via phone +4533193200.
6. When do we delete personal data?
As a general rule we will delete your personal data when we no longer need to process it in relation to one or more of the purposes set out above in section 3.
Information collected about your use of LEGOwear.com according to section 3.1 will be deleted at the latest 1 year after you last time visited LEGOwear.com.
As a general rule information collected about you in connection with your purchase at LEGOwear.com according to section 3.2 will be deleted at the latest 3 years after the end of the calendar year you made your purchase in. In information can though be stored for longer if our legitimate needs entitle storage for longer. For example, if storage for longer time would be necessary for us to fulfil legal requirements or to decide on, to apply or to defend a legal claim.
Information about you as regarding your returns will be deleted after 5 years according to legislation regarding finance and bookkeeping.
Information you actively have provided us when signing up for our newsletter according to section 3.3 will be deleted when you withdraw your consent according to section 5.3 and 5.7, if we can not justify saving the information for longer.
Information stored in the historic of the Facebook page of LEGO Wear you are able to delete by yourself whenever you want.
Information KABOOKI processes about you after your participation in a competition on KABOOKI’s SoMe pages will be copied into KABOOKI’s own system, and this information will be deleted when the winner is drawn.
7. Your safety
We have implemented necessary security measures to ensure that your personal data will not be subject to any unauthorized use or knowledge, and to ensure that it is not changed, forfeited, destroyed or weakened.
Furthermore, your personal data is only being processed by employees who it is essential for to do their work. These employees are instructed in how to process your information in a responsible way.
8. Links to other websites etc.
Our website contains links to other websites or to integrated sites. We are not responsible for the content of other companies’ websites or for their practices regarding the collection of personal data. When you visit other websites, you should read the owners' policies on the protection of personal data and other relevant policies.