Privacy Policy
SUMMARY
- This Privacy Policy explains how we, Bobbys Hair & Cosmetics AS, company registration number 979 122 713 at address Skippergata 23, 0154 Oslo, Norway, use your personal data when we (1) offer general and personal offers to you as a member of our Bobbys & Me loyalty program and (2) carry out transactions in accordance with our Terms & Conditions.
- As a member of Bobbys & Me you will receive access to membership offers, a system that entitles you to further benefits as well as personalized offers adapted to your exact buying patterns, interests, and preferences.
- Our loyalty program is available to anyone who is at least 18 years old. If you are under 18 years of age, you may only use the loyalty program’s services together with your parent or guardian/guardian.
- If you have any questions about how we handle your personal data, please contact us at kundeservice@bobbys.no
Last revised: 28.05.2024
FULL VERSION
1. INTRODUCTION
Bobbys Hair & Cosmetics AS, company registration no: 979 122 713, Skippergata 23, 0154 Oslo, e-mail: kundesenter@bobbys.no (“Bobbys”) offers the website bobbys.com, or domain that we designate, where you can purchase products in our online store in in accordance with our Purchase Terms, as well as that you can become a member of our loyalty program and make purchases, collectively known as the (“Services”).
Bobbys offers general member offers and personal member offers on selected products, as well as the opportunity to gain access to discounts, to those who have registered and become a member of Bobbys & Me.
This Integrity and Personal Data Policy for our member club Bobbys & Me (the “Policy”) explains Bobbys’ handling of our customers’ personal data when they make purchases on bobbys.com, and our Bobbys & Me members’ personal data when they use our loyalty program, as well as their rights regarding their personal data in accordance with the EU’s Personal Data Protection Regulation (GDPR). This Policy is therefore aimed at you who are members of Bobbys & Me, and you who, without necessarily being a member of Bobbys & Me, make purchases on bobbys.com.
We at Bobbys draw attention to and are aware that the handling of your integrity and your personal data is an ongoing responsibility, which means that this Policy will be updated when our handling of your personal data is updated. You will be informed of these changes via publication on this website, e-mail or SMS.
2. OUR PRINCIPLES
We will do our best to protect your integrity by using appropriate technical security solutions. This means that:
- We will ensure that we have suitable and sufficient security measures in place to protect your information, and
- We will ensure that each external partner we work with, who processes your personal data, has suitable and sufficient security measures in place.
- We will respect your integrity. You will only receive marketing (via e-mail, post, SMS or telephone) from us and from other organizations that we have selected with care.
- We will be clear about when you can choose which services and broadcasts you want to take part in; there are, for example, routes that you can click off when you no longer wish to receive marketing from us or our partners. In certain situations, we may still need to send you an email or SMS with information or questions regarding your membership.
- We will collect and use individual personal data only when we have your permission, or when we have legitimate reasons for the processing, such as to administer your membership.
- Will want to be clear about what information we collect about you and how we use it.
- We will use personal information only for the purposes for which it was collected, and we will ensure that the deletion of the information takes place in a safe manner.
If we at Bobbys, or any of our partners, transfer any information outside the EU and EEA, this will only happen with the application of relevant security measures.
3. PERSONAL INFORMATION WE COLLECT
Introduction
Bobbys collects personal data from you when you use the Services. This personal data can be divided into two categories; personal information you provide to us, and personal information that becomes available to us when you use the Services.
We do not resell your personal data to anyone and we only share it with our partners who help us offer the Services to you. With your consent, we share your personal data with third parties for marketing purposes when you shop in our online store. Read more about this below in section 5.
Personal information you provide to us
When you create a member account, we will ask you to provide your email address. In order to complete a purchase, you must also provide your name, postal address and telephone number. If you want to pay by invoice or pay in installments, you will also have to provide your social security number. This information is necessary for us to be able to deliver products to you, as well as provide you with information about your orders.
Personal information you make available to us when you use the Services
When you are logged into your member account at Bobbys.com, we at Bobbys will be able to take part in your preferences and your history at Bobbys & Me. We will be able to see which products and services you show interest in, what kind of products you buy, as well as which products you put in the shopping cart but then take out of the shopping cart again. We will store and use this information for the purposes outlined in section 4. When you make purchases as a visitor, without being a member, we will have access to your purchase pattern on our website. For more information about how we use cookies, please read our Cookie Policy.
Your communication with Bobbys
If you communicate with us via e-mail, post or another form of communication, we will possibly save this correspondence and associated information (such as name, e-mail address, contact information and all the personal information you provide in the message) and use it to respond to or handle your matter.
If you do not want to give us your personal data
The processing of your personal data for the purposes explained in this Policy is a prerequisite for you to be able to become a member of Bobbys & Me, and/or for you to be able to make a purchase with us. If you do not share this personal information, you will not be able to become a member of our customer club and receive offers and discounts, regardless of whether you accept the General Terms and Conditions or not. You also do not have the opportunity to make a purchase without entering certain information that we need to be able to complete the purchase.
4. HOW AND WHY WE USE YOUR PERSONAL INFORMATION
We use information that we collect about our customers and users for four main purposes:
- to run our business and offer (including improving and adapting) the services and products we offer,
- to provide personalized services tailored for individual users,
- to send communications, including promotions to our customers and users, as well as
- to market services and display advertising, in our own services and websites that are supported by advertising.
For these purposes, we combine data we collect to provide you with a smoother, more consistent and personalized experience. To improve the protection of your integrity, we have built in technical and organizational safeguards designed to prevent certain combinations of data. Below you will find a list of each purpose for the processing of your personal data, and the way in which these purposes are fulfilled.
Handling of your membership and delivery of your purchased products:
In order to be able to deliver your ordered products, we use your name and your postal address, and to be able to provide you with relevant information, as well as to be able to contact you about your orders, we use your telephone number and your e-mail address. Information about your orders may, for example, include information about when your delivery has been sent from our warehouse, when it is available to collect from the collection point or any technical problems or delays. We will also use your email address and telephone number to send you newsletters about the Services. Bobbys will also inform you when you are about to lose your membership level, or when offers are about to expire. You can deactivate such news and information mailings at any time by going to Settings in your member account on Bobbys.com.
Handling of payment and simplification of payment
You have the option, when you fill in your payment information for a purchase, to save this information. This means that you do not have to fill in your payment details every time you make a purchase, which will make your purchase experience with Bobbys easier and smoother. If you choose to save your payment details, these are stored in a secure database. You can also change or delete this information at any time, and it will then disappear from our systems.
If you choose to pay for your purchase later with an invoice, we will use and transfer your personal data to the selected third-party payment service provider. Our intention is to transfer our claim and for us to complete the purchase with you. Note that the terms and privacy policies of such third party payment service providers will apply to the use of your personal data to process your payment.
Management of membership levels for you as a Bobbys & Me member:
In order for you as a member to be able to access additional offers and discounts through different membership levels, we collect and store information about the purchases you have made as a Bobbys & Me member. The purchase history collected for this purpose includes which products you have purchased and how much you have shopped for.
Personalized services:
Our products and services contain customized features that automatically tailor your experience in our online store based on our data about your activities, purchase history, popular stores, interests, contents of the shopping basket, in combination with general information relevant to our product range and, where we have obtained your consent or have support in law or agreement, including your location. The information is analyzed and grouped with support from our analysis function for selection, prioritization and planning of contact with the customer/user in order to be able to provide you with personalized services and offers for products and events that you may be interested in and that are suitable for your geographical location. The information is linked to one or more markers about the type of adaptation of online services and marketing communication aimed at the user, so-called personalisation.
Legal basis: We carry out this processing to the extent necessary to fulfill our agreement with you, where we give you discounts and personal offers in our customer club in exchange for access to more information about you and your purchases in our physical stores and online stores (art. 6.1.(b) GDPR), as well as our legitimate interest in understanding our visitors and providing them with personalized and relevant content and offers (art. 6.1.(f) GDPR). Where relevant, we also ask for your consent to use cookies in accordance with the ePrivacy Directive ((Electronic Communications Act).
Personalized offers based on a combination of data:
We collect and process information about your detailed purchase history at item level and your purchase behavior 12 months back in time, with the specific purpose of designing and offering you personalized discounts and offers based on what we think you are interested in. Here we combine the information we have about you and your purchasing behaviour, as exemplified in the point above.
On My pages / in your profile, you can choose to deactivate the receipt of e-mails with such offers for you. On our website you will still receive offers based on your purchasing behaviour. If you do not want us to connect your purchasing behavior with offers, you must log out before using our services and using them through our website.
Legal basis: We carry out this processing to the extent necessary to fulfill our agreement (art. 6.1.(b) GDPR) to understand our visitors and provide them with personalized and relevant content and offers. Where relevant, we also ask for your consent to use cookies in accordance with the ePrivacy Directive (Electronic Communications Act).
Marketing and advertising
We use data you provide to our company when registering a member account, data we collect when you make purchases and use our services and websites to provide you with relevant marketing and display advertising that you may be interested in when you visit our websites and subscribe to our newsletters. We also use your personal data to provide you with additional offers from companies in other industries when you shop in our online store, if you have given specific consent to this. What you do when you are logged into your membership account in Bobbys & Me gives us at Bobbys a picture of your preferences, and we will be able to show you exactly the products and services we think you would be interested in. Because of this, we store and process information about which products you put in the checkout but then take out again. We may also send you advertising based on where you live, if we e.g. choose to open a new store in your area. We will, based on this different information, send advertising to your e-mail address, your postal address, or via SMS, and/or show you relevant advertising when you are on Bobbys.com. If you do not want to receive direct marketing via e-mail or SMS, you can always go to Settings and opt out.
If you choose to refrain from receiving interest-based advertising, it does not mean that you will no longer see advertising on our websites, but that the advertising that is shown will not be adapted to you and therefore perceived as less relevant.
Transfer of personal data to other parties / partners
When you make a purchase at Bobbys we do not share your personal data with other companies.
Statistics and updating of the Services:
Your purchase pattern and purchase history also help us to improve the service. The information from your purchases helps us see which products are popular, what kind of offers are most liked and used by our members, etc. We will use this information to improve and develop our existing products.
Communication with you as a member with a combination of data:
By providing your contact details, we can contact you if there are any problems with the Services or with your membership. In order for customer service to provide good service, they will ask you to identify yourself, and if you visit our website in logged-in mode, we will associate information about you with your account details.
We can also send information and newsletters to your email address and via SMS. You will also be notified when offers are about to expire. You can deactivate news and information broadcasts at any time by going to Settings in your account on Bobbys.com or in your profile in the app.
Legal basis: In order to provide good customer service, we process your information to the extent necessary to communicate with you. Our legal basis (art. 6.1(f) GDPR) is our legitimate interest in being able to answer your questions about our products and services.
In order to respond to your requests for information and help you exercise your rights, we will ask for your information so that we can identify you. Our legal basis is the fulfillment of the legal obligation (art. 6.1.(c) GDPR) that we are required to do in accordance with the GDPR.
Product improvement
We use data to improve our existing products and services, including by updating functions. For example, we use error reports to improve security features, user patterns, search terms and clicks on our pages to improve relevance for search results, content on the pages and placement of relevant content for you on our pages.
Safety:
We use information to protect the security of our products, services and customers, to detect and prevent fraud, to verify the validity of software licenses, and to resolve disputes and enforce our agreements. We can also block the delivery of a message or remove the content if it violates our terms.
Other purposes:
If we plan to use personal data in a way that does not comply with this Policy, you will be informed of this use before, or at the time, the personal data is collected. Alternatively, we will ask for your permission after the collection but before such new use.
5. WHEN AND HOW WE SHARE INFORMATION WITH OTHERS
Sometimes it may be necessary for us to share your information with other companies that perform services on our behalf (such as hosting our servers or performing support services) so that we can offer you our services.
In cases where we share information about you with others, we have ensured that these companies follow our requirements for data security and they are not permitted to use personal data they receive for any other purpose.
In order to be able to offer you the Services, we may share your personal information with our partners (i.e. companies we have hired for customer support, transport services of your goods, or help to protect and secure our systems) who have received task of us to process your information on our behalf and in accordance with our instructions, this Policy and other appropriate measures for integrity and security. When a purchase is made in the online store, and with your consent, we also share personal data with our partners for marketing purposes in order to be able to offer our customers interesting offers within other segments. We may also disclose personal information as part of a joint agreement, such as a merger or sale of access.
When you enter your card information to pay for a purchase, we will share this card information with banks and other companies that process such transactions or provide financial services, as well as for fraud protection and security purposes.
Finally, we may need to release or store your information when we consider it necessary to:
- comply with the law, legal process, authority decision or court order and release information to the police and other appropriate authorities;
- be able to apply our General Terms and/or other agreements;
- protect our customers, for example to prevent spam or fraud attempts, or to help prevent death or serious injury;
- manage and maintain the security of our products, including preventing or stopping an attack on our systems or networks; or
- protect rights or property belonging to Bobbys, including implementing the terms that govern your use of the services, but if we receive information that someone is using our services to trade in stolen intangible or physical property belonging to Bobbys, we will not investigate a customer’s private content, but will then leave this to a police authority.
6. YOUR RIGHTS
Bobbys follows the current data protection legislation in the EU, which includes the following rights:
- You have the right to request a register extract (as defined in the legislation) free of charge as well as access to a copy of your personal data as well as request correction and, under certain circumstances, deletion of your personal data.
- You have the right to request restriction and object to the processing of your personal data that occurs due to our legitimate interests.
- You have the right to complain to a data protection authority. The Norwegian Data Protection Authority is the authority in Norway that supervises how we as a company comply with the legislation.
- If the processing of personal data is based on your consent, you have the right to withdraw your consent for future processing of your personal data at any time.
- You have the right to request that we release your personal data to another organization that is responsible for processing your personal data (data controller) in those cases where our right to process your personal data is based either on your consent or on completing an agreement with you.
You will get reasonable access to your personal data at no extra cost if you request this via kundeservice@bobbys.no. If we cannot give you access within a reasonable time frame, Bobbys will give you a date for when information can be provided. If such access is denied, we at Bobbys will explain to you why.
When we process your personal data, we do so together with our group companies with the intention of being able to offer you the products and services that you use and have ordered, run our business, fulfill our contractual and legal requirements, protect our systems and customers or fulfill the legitimate interests that are described in detail in the section “How and why we use your personal data” and “Reasons for why we share your personal data” above. When we transfer personal data from the EU, we do so based on a number of legal mechanisms, as described in the section “Preservation of personal data”.
Information about your right to object in accordance with Article 21 of the GDPR (profiling, direct marketing):
- Processing of your personal data that occurs due to our legitimate interests
You have the right to object at any time, for reasons related to your particular situation, to our processing of personal data about you based on Article 6.1 (f) GDPR (processing for the purpose of protecting our legitimate interests), which includes profiling based on these provisions in the sense stated in Article 4.4 GDPR. If you raise an objection, we will no longer process your personal data if we cannot show compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if our processing takes place for judgment, exercise or defense of legal requests.
- Right to object to the processing of information for marketing
In certain circumstances, we process your personal data for direct marketing and telemarketing. You have the right to object at any time to the processing of personal data about you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
If you choose to oppose processing that includes profiling of your personal interests and behavior, or refrain from receiving interest-based advertising, this does not mean that you will no longer see advertising on our websites and services, but that the advertising that is shown will not will be customized for you and will therefore be perceived as less relevant.
There are no formal requirements for making objections, where possible please use our web form or contact us at kundeservice@bobbys.no.
Please note that if you request that we not contact you by email, we will keep a copy of that email address on our mailing block list to ensure that you do not receive unwanted emails.
7. SECURITY MEASURES REGARDING YOUR INFORMATION
To protect your integrity and the personal information you provide to us through your use of the Services, we maintain physical, technical and administrative security measures. We update and test our security continuously.
We limit access to your personal data to those employees who need to know the information in order to provide you with services and offers. In addition, our employees are trained in the importance of confidentiality and maintaining integrity and security.
We will take appropriate disciplinary action to ensure that our employees maintain their requirements regarding your personal data.
8. PRESERVATION OF PERSONAL INFORMATION
Personal data handled by Bobbys may be stored and processed in the region you live in, in Norway, or in other countries where Bobbys, its business partners, group companies or suppliers are active. We take steps to ensure that information we collect in accordance with this privacy policy is processed according to the provisions of this policy and according to the appropriate legislation where the information is.
If we were to transfer your personal data to a third country, i.e. countries outside the EU/EEA, we will enter into an agreement and take other measures in accordance with appropriate legal requirements.
We store your personal data for as long as it is necessary to offer the Services, or as long as it is required to fulfill our legal obligations. We will keep your information for as long as you are a member of Bobbys & Me, as well as up to 24 months after you made your last purchase, alternatively 24 months after you became inactive, or chose to end your membership of Bobbys & Me.
Criteria that determine how long we store data can be, for example:
How long is the personal data needed to offer the Services? This includes, among other things, preserving and improving the technical performance of the Services, protecting our systems and managing necessary business and accounting information. This is the general rule that underlies the calculation of most retention periods.
Is the personal information of an extra sensitive nature? In this case, a shorter retention period is usually used.
As a registered user, have you approved the use of a longer retention period? In that case, we store the information in accordance with your permission.
Is Bobbys legally, contractually or otherwise bound to store the information? An example could be mandatory information retention legislation in certain countries, such as accounting reasons, government orders to retain information relevant to investigations, or information that needs to be retained to resolve a dispute.
For more information about what and how long your personal data is stored, please contact us at Bobbys via mail at kundeservice@bobbys.no.
9. EXCLUDED
Aggregate data:
Aggregate data is collected and processed to follow and evaluate user trends with regard to the Services. This means that information about your use of the Services is collected and anonymised so that we can no longer connect the information to you. We use this anonymous information about how our members use the Services for statistics, service improvement and product development of the Services. This information will be completely anonymous and does not constitute personal data. Such information can therefore be stored longer than your personal data.
Anonymization means that data that was once personal information is removed from what can connect it to an individual, as well as separated from what in the future can make it possible to connect this data to an individual. This processing of data is a step further than the pseudonymisation process, which means that certain information is kept separate to make it more difficult to identify a person to whom the data is linked. Bobbys will anonymize your personal data after 24 months of inactivity.
Third party:
This Policy does not apply to personal information that you provide to another user via the Services or if you otherwise use third-party services such as messaging services or payment services.
Children:
Bobbys does not knowingly collect personal data from minors under the age of 18. If you are under 18 years of age, do not submit personal information through the Services. We encourage parents and guardians to monitor their children’s Internet use and to help enforce our Privacy Policy by instructing their child never to provide personal information through the Services without their permission. If you have reason to believe that a minor under the age of 18 has disclosed personal information to us through the Services, please email us at kundeservice@bobbys.no and we will endeavor to remove that information from our databases.
10. CHANGES AND UPDATES TO THIS POLICY
We will update our privacy policy when necessary to reflect customer feedback and changes to our Services. When a policy is updated, the date of the latest update at the top of the policy changes and the changes are described on the Change history page. If there are major changes to the policy or to how Bobbys uses your personal data, you will be notified via a message on the website or e-mail before the changes take effect to the extent required by law. Feel free to read through this personal data policy now and then so that you stay informed about how Bobbys protects your personal data and your integrity.
11. QUESTIONS OR COMPLAINTS
If you want to ask questions or have comments about our Policy and our security methods, please contact us at:
Bobbys Hair & Cosmetics AS
Skippergata 23
0154 Oslo
Norway
kundeservice@bobbys.no
+47 22 42 22 47
12. OTHER SERVICES
Youtube
On the website, we use Youtube’s API to display relevant videos. We then embed these videos with YouTube’s embedding tool. Click on the links to read YouTube’s Terms of Service and Google’s Privacy Policy.
Payment service provider
We offer you an additional payment solution through a third-party payment service. You can use this payment method when you buy products online. We collect your personal data for the purpose of transferring our payment collection to the third party payment service provider. We collect your personal data such as name, e-mail, telephone number, address, social security number and information about your order. Our legal basis for collecting your personal data is necessary to fulfill an agreement.
Through a third-party payment service provider, you can pay later with an invoice. The third-party payment service provider offers you to pay within a certain number of days, or to split your payment.
Klarna AB is a payment service provider that you can choose as a payment method when you make a purchase with us. If you choose Klarna as a payment method, we will transfer personal data that is necessary to fulfill your order, such as name, e-mail, telephone number, address, social security number and information about your order. Our legal basis for collecting your personal data is necessary to fulfill an agreement. For full terms and conditions, visit their website klarna.com Klarna Privacy policy.