Privacy Policy

Last updated: November 14, 2025

1. Introduction

CEILAN ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This policy complies with the General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (Dataskyddslagen).

Data Controller: CEILAN
Address: Benvägen 7, 72352 Västerås, Sweden
Email: hello@ceilan.se
Phone: +46 707 407 368

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us:

  • Account Information: Name, email address, password (encrypted)
  • Order Information: Shipping address, billing address, phone number
  • Payment Information: Processed securely through Stripe (we do not store credit card details)
  • Newsletter Subscription: Email address
  • Communication: Any messages or inquiries you send us

2.2 Automatically Collected Information

  • Usage Data: Pages visited, time spent, browsing patterns
  • Device Information: IP address, browser type, operating system
  • Cookies: See our Cookie Policy section below

3. How We Use Your Information

We use your personal data for the following purposes:

  • Order Processing: To fulfill and manage your orders (Legal basis: Contract performance)
  • Customer Service: To respond to your inquiries and provide support (Legal basis: Legitimate interest)
  • Marketing: To send newsletters and promotional materials with your consent (Legal basis: Consent)
  • Fraud Prevention: To detect and prevent fraudulent transactions (Legal basis: Legitimate interest)
  • Legal Compliance: To comply with legal obligations such as accounting and tax requirements (Legal basis: Legal obligation)
  • Website Improvement: To analyze usage and improve our services (Legal basis: Legitimate interest)

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Payment processors (Stripe), shipping companies, email services (Resend)
  • Legal Requirements: When required by Swedish or EU law, or to protect our rights
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

All third-party service providers are required to maintain appropriate security measures and process data in accordance with GDPR.

5. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Until you delete your account, plus 3 months
  • Order Data: 7 years (required by Swedish accounting law - Bokföringslagen)
  • Marketing Data: Until you unsubscribe, plus 3 months
  • Cookie Data: As specified in our Cookie Policy

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us at hello@ceilan.se or call +46 707 407 368.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for data transmission
  • Encrypted password storage
  • Regular security assessments
  • Access controls and authentication
  • Secure hosting with reputable providers

8. Cookies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for website functionality (authentication, cart)
  • Analytics Cookies: Help us understand how visitors use our site
  • Marketing Cookies: Used with your consent for targeted advertising

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

9. International Data Transfers

Some of our service providers may be located outside the EU/EEA. When we transfer data internationally, we ensure:

  • The country has been deemed adequate by the European Commission, or
  • We use Standard Contractual Clauses approved by the EU, or
  • The provider is certified under appropriate frameworks

10. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY):

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm
Phone: +46 8 657 61 00
Email: imy@imy.se
Website: www.imy.se

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

CEILANBenvägen 7
72352 Västerås
Sweden

Email: hello@ceilan.se
Phone: +46 707 407 368