Privacy policy for flixy.se
Last updated: September 12, 2025
This policy describes how Flixy Produktion och Försäljning AB ("Flixy", "we", "us") processes personal data when you visit flixy.se (the"Website") or shop in our webshop.
Contents
- Who is the data controller?
- What personal data do we collect?
- Why do we process data? (purpose, legal basis & storage)
- Cookies and similar technologies
- Recipients of personal data
- Transfers outside the EU/EEA
- Source of data
- Your rights
- Minors
- Security and safety
- How do you make a request?
- Amendments to this policy
1. Who is the data controller?
Company: Flixy Produktion och Försäljning AB
Org.nr: 559530-0384
Postal address: Danska Bröms 105, 373 78 Fågelmara, Sweden
E-mail (customer service & privacy): konsument@flixy.se
Phone: 0730-20 07 35
We currently do not have a designated Data Protection Officer (DPO). If you have any questions about privacy or your rights, please contact us using the details above.
2. What personal data do we collect?
We collect data that you provide yourself, that is created when you use the Website, and that we receive from necessary suppliers.
- Contact details: name, email, phone number, postal address.
- Order and delivery details (in case of purchase): goods ordered, delivery address, shipping choice, order number, payment status.
- Payment details: payment method (card/Swish/invoice), transaction ID. We do not store full card details.
- Technical details: IP address, device/OS, browser, cookie ID, event log.
- Communication details: content of emails and forms.
We do not process sensitive personal data (special categories) unless it is necessary, you provide it yourself and we specifically inform you.
3. Why do we process data? (purpose, legal basis & storage)
| Purpose | Examples of tasks | Legal basis | Storage time |
|---|---|---|---|
| Purchase & fulfillment of contracts (picking, delivery, customer service) | contact, order, delivery and payment data | Contract (GDPR Art. 6(1)(b)) | Normally 24 months after completion of order (records are kept longer) |
| Accounting & legal requirements | invoice data, transactions | Legal obligation (6.1 c) | 7 years according to the Accounting Act |
| Communication & support | email, forms, case history | Legitimate interest (6.1(f)) | Up to 12 months after case closure |
| Safety & abuse prevention | logs, IP, technical events | Legitimate interest (6.1(f)) | 12 months or until incident is investigated |
| Marketing (optional) | email newsletter (if you sign up) | Consent (6.1(a)) | Until consent is withdrawn |
We delete/anonymize when data is no longer needed. Some data may be kept longer to defend legal claims.
Failure to provide information: If the necessary information (e.g. name, address, payment details) is not provided, we cannot conclude the contract or deliver the order.
Balancing of interests: For processing operations based on legitimate interest, we have carried out a balancing of interests; summary provided on request.
4. Cookies and similar technologies
We use cookies for the functioning of the Website (e.g. shopping cart) and for basic operation/analysis. Marketing cookies are only used with your consent. CookieYes is used to display the cookie banner and save your choices. You can change or withdraw consent at any time via the "Cookie settings" link in the footer.
Small cookie table
| Cookie | Supplier | Purpose | Category | Storage |
|---|---|---|---|---|
| cookieyes-consent | CookieYes | Saves your consent choices (which categories are allowed) | Functional/Compliance | 12 months |
| cookieyesID | CookieYes | Unique ID for consent log | Functional/Compliance | 12 months |
| woocommerce_cart_hash | WooCommerce | Detects when the cart data changes | Necessary | Session |
| woocommerce_items_in_cart | WooCommerce | Keeps track of number/items in cart | Necessary | Session |
| wp_woocommerce_session_* | WooCommerce | Unique session ID to find shopping cart data | Necessary | 2 days |
Please note: The actual cookies set may vary depending on settings, extensions and checkout flows. The full and current list is shown in the CookieYes banner.
5. recipients of personal data
We only share personal data when it is necessary to deliver our services.
Independent data controllers (process according to their own policies):
- Stripe - card payments and fraud prevention (may process payment and technical data, e.g. IP/device data).
- Klarna - invoice/partial payment; may perform credit checks and profiling and collect data from external sources.
- Swish (Getswish AB) - payments via Swish; we only receive the necessary transaction information and payment status.
- PostNord - delivery (name, address, contact, package details).
Data processors (processing only according to our instructions):
- CookieYes - consent management for cookies.
- IT operations/hosting, CDN, email and support tools.
We have data processing agreements with all data processors in accordance with Article 28 GDPR.
6. Transfers outside the EU/EEA
If personal data is transferred outside the EU/EEA, this will only be done with appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs), adequacy decisions and, if necessary, additional measures. This may apply in particular to Stripe and CookieYes.
7. source of data
In addition to the information you provide, we may receive information from payment and logistics providers (e.g. payment status, tracking data) and - if you choose Klarna - from credit reference agencies according to Klarna's procedures.
8. your rights
You can request access, rectification, erasure, restriction, object to processing based on legitimate interest and obtain data portability. You can change or withdraw consent at any time via Cookie Settings in the footer or by contacting us at konsument@flixy.se.
You can lodge a complaint with the Data Protection Authority (IMY). We normally respond within 30 days. In case of complex or extensive requests, the deadline may be extended by up to 2 months, in which case you will be informed.
9. Minors
The website and our products are aimed at adults. We do not knowingly collect data from children. Parents or guardians who suspect that children have provided us with data can contact us for deletion/restriction.
10. Safety and security
We use appropriate technical and organizational measures: encryption in transit (HTTPS), access controls, role management, logging and secure update process. In the event of a personal data breach, a risk assessment and, where required, notification to IMY within 72 hours, as well as information to those concerned.
11. How do you make a request?
Please send your request to konsument@flixy.se and indicate which right you wish to exercise. We will get back to you without undue delay, normally within 30 days.
12. amendments to this policy
We may update this policy. The latest revision date is shown at the top. In case of significant changes, we will clearly inform you on the Website. Older versions are available on request.
