Privacy Policy

Scandinavian House Limited (Company, we, us, or our) is committed to protecting your privacy. This Privacy Policy (the Policy) has been prepared by us to meet the requirements of applicable UK data protection legislation including the Data Protection Act 1998 and the General Data Protection Regulation EU 2016/679 (the Legislation) and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

For the purposes of the Legislation, we will act as data controller and hold a registration with the Information Commissioner’s Office, registration number: ZB418870.  

The data we collect about you and your employees

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you and your employees which we have grouped together as follows:Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or supplied to us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and systems.
  • Profile Data includes your username and password, purchases or orders made by you or with you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of our website. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you or your employees, we will treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you or your employees (this includes details about your/their race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your/their health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.  

How we use your personal data and that of your employees

We will only use your personal data and that of your employees when the law allows us to. Most commonly, we will use your/their personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your/their interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your/their personal data other than in relation to sending direct marketing communications to you/them via email or text message. You/they have the right to withdraw consent to marketing at any time by contacting us.  

Data security

We have put in place appropriate security measures to prevent your personal data and that of your employees from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data and that of your employees to those employees, agents, contractors and other third parties who have a business need to know. They will only process such personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.