Last updated: [2025-10-31]
Version: 1.0
1. Introduction
Welcome to https://pwincesslps.com, a webshop run by Hillbergs Investments Aktiebolag (“we”, “us”, “our”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit or make a purchase on our webshop hosted by Hostinger, using WooCommerce and WooCommerce PayPal Payments.
We process personal data in accordance with:
- The EU General Data Protection Regulation (EU) 2016/679 (GDPR)
- The Swedish Data Protection Act (Dataskyddslagen 2018:218)
- Other applicable EU and Swedish data protection and consumer laws.
2. Data Controller
Hillbergs Investments Aktiebolag
Organisation number: 559542-7211
Registered address: Möllersgatan 7, 54335 Tibro, Sweden
Email: contact@hillbergs.com
We are the data controller responsible for processing your personal data.
3. What Personal Data We Collect
| Category | Examples | Purpose | Legal Basis | Retention Period |
|---|---|---|---|---|
| Identity & Contact Data | Name, billing/shipping address, email, phone number | To fulfil orders, contact you, and manage customer accounts | Contract performance (Art 6 (1)(b) GDPR) | 7 years (legal accounting obligations) |
| Payment & Transaction Data | Order details, payment status, PayPal transaction ID (no card details stored) | To process payments, refunds, prevent fraud | Contract performance (Art 6 (1)(b)), Legal obligation (Art 6 (1)(c)) | 7 years (legal accounting obligations) |
| Technical & Usage Data | IP address, browser type, device info, pages visited, cookies | To operate, secure, and optimise our webshop | Legitimate interests (Art 6 (1)(f)) | 24 months (or shorter if anonymised) |
| Marketing & Communication Data | Newsletter preferences, feedback, reviews | To send marketing and improve services | Consent (Art 6 (1)(a)) or Legitimate interests (Art 6 (1)(f)) | Until consent withdrawn or opt-out |
| Customer Support Data | Messages, tickets, support communications | To resolve issues, handle returns, improve service | Contract performance (Art 6 (1)(b)) | 2 years after last contact |
We never collect more data than necessary for the stated purposes.
4. How We Collect Data
We collect personal data through:
- Orders and checkout forms on our WooCommerce store.
- Customer account registration and logins.
- Cookies and analytics tools (see Section 9).
- Email or chat correspondence with customer service.
- Third-party integrations such as PayPal Payments.
5. Why We Process Your Data
We process your personal data to:
- Fulfil and deliver your orders.
- Manage payments, refunds, and accounting.
- Provide customer service and technical support.
- Improve our website, products, and user experience.
- Send you marketing or promotional offers (only with your consent).
- Comply with Swedish and EU laws (e.g. tax, bookkeeping, consumer protection).
We will not use your data for purposes incompatible with these unless we notify you and obtain your consent.
6. Disclosure of Data to Third Parties
We share data only with trusted partners necessary to operate our webshop:
| Recipient | Purpose | Location / Safeguards |
|---|---|---|
| Hostinger International Ltd. | Web hosting, infrastructure | Servers located within the EU/EEA |
| Automattic Inc. (WooCommerce) | E-commerce platform provider | EU/EEA data centres or Standard Contractual Clauses |
| PayPal (Europe) S.à r.l. et Cie, S.C.A. | Payment processing, refunds, fraud prevention | Luxembourg (within EU/EEA) |
| Shipping & logistics partners | Order delivery | EU/EEA based |
| Accounting & legal advisors | Legal compliance and auditing | EU/EEA based |
| IT & analytics providers | Site analytics, error monitoring | EU/EEA based or with SCCs |
We require all third parties to respect your personal data and process it according to our instructions, with adequate security and confidentiality.
We do not sell, rent, or trade your personal data.
7. International Data Transfers
If we transfer data outside the EU/EEA (for example, when using service providers with servers in other regions), we ensure:
- Transfers are subject to adequacy decisions by the European Commission, or
- We use Standard Contractual Clauses (SCCs) and ensure equivalent protection under GDPR.
8. Data Retention
We retain your data only as long as necessary for each purpose, then securely delete or anonymise it.
- Orders & invoices: 7 years (required by Swedish bookkeeping law)
- Customer accounts: Until deleted or 24 months after inactivity
- Marketing data: Until consent withdrawn
- Technical data: 24 months or anonymised sooner
9. Cookies and Tracking Technologies
Our webshop uses cookies and similar technologies to:
- Enable essential site functionality (shopping cart, checkout)
- Analyse traffic and usage (Google Analytics or similar)
- Personalise content and offers (if consented)
When you first visit our webshop, a cookie banner will appear allowing you to accept or reject non-essential cookies. You can also manage preferences anytime in your browser settings.
For full details, please see our Cookie Policy (if applicable).
10. Security of Your Data
We implement industry-standard technical and organisational measures to safeguard your personal data, including:
- Encrypted communication (HTTPS/SSL)
- Secure hosting with firewall protection (Hostinger EU servers)
- Limited internal access to personal data
- Encrypted backups and secure deletion
- Regular monitoring for vulnerabilities
While we strive for full protection, no system is completely secure; we cannot guarantee absolute data security.
11. Your Data Protection Rights
Under the GDPR, you have the following rights:
- Right of access: Request copies of your personal data.
- Right to rectification: Correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): Request deletion in certain circumstances.
- Right to restriction: Limit processing in specific cases.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interest or direct marketing.
- Right to withdraw consent: Withdraw your consent anytime (does not affect previous lawful processing).
To exercise your rights, contact us at contact@hillbergs.com.
We will respond within one month of receiving your request.
If you believe your rights are violated, you have the right to lodge a complaint with:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
Website: www.imy.se
12. Data Concerning Children
Our webshop is not directed toward children under 16. We do not knowingly collect personal data from minors.
If you believe we have inadvertently collected such data, please contact us and we will delete it immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our operations, services, or legal requirements.
The latest version will always be available on this page, with the “Last updated” date shown above.
We encourage you to review this policy periodically.
14. Contact Us
For questions, concerns, or data requests, please contact:
Hillbergs Investments Aktiebolag
Email: contact@hillbergs.com
Address: Möllersgatan 7, 54335 Tibro, Sweden
Organisation number: 559542-7211