Privacy Policy

This document details how and why we store information and our lawful grounds for doing so. We care about both your experience as a customer and your privacy. To provide you with a great shopping experience, we analyse the usage of our website. If you make a purchase, we process your personal information in a number of software systems, both in the European Union and in the United States.

In essence

We are committed to only store what is necessary as part of pursuing our legitimate interest to maintain and develop our businesses. We are also committed to not storing data longer than necessary.

Data protection

We are dedicated to protect all collected data as if it was our own. We strive to be more than just compliant with laws; namely to keep the highest security standards. We will never sell, lease or grant access to your data to anyone else but partners working for our business and on our behalf.

Your rights

You have a right to inquire of what personal data we hold on you. You have a right to update incomplete, incorrect or outdated personal data, as to request the deletion of it.

Information transparency

We strive to be communicate transparently and clearly indicate how, for what purpose and with whom your data is shared.

In full

Triple Alpha AB (also referred to as “we”, “us” and “Triple Alpha”) in this document are deeply committed to protect and care for the data of our users and customers. We are committed to only store what is necessary as part of pursuing our legitimate interest to maintain and develop our businesses. We follow all applicable laws and restrictions.

Using our website, service and/or buying our products constitutes your acceptance of our Privacy Policy. Should you not agree with this, do not use any of our products or service.

This policy applies to all data that Triple Alpha processes during the provision of our services.

Website Analytics

When using this website we collect information regarding the usage of our services with the purpose of creating a good over all user experience and providing relevant information in marketing. The information is stored in an anonymised state, meaning that it is not tied to any personal information.

This sort of information is collected:

your browser make and configuration (e.g. how wide your screen is), and type of device,
a rough geo-location; where you are using our services from, e.g. what city
how you interact with our services, what content you see, and when, and
and information about your internet service provider.

Purpose of automatic data collection

To provide us with usage statistics to improve content, security and the overall experience as an existing or potential customer to us.

Cookies

Like most websites on the web we utilise cookies. A cookie is a small text file stored by your web browser. The information stored in those files is used to be able to provide a good repeat customer experience; for example by not showing you “welcome”-messages the second visit, save your choices of language and currency, or for remembering the products in your cart.

You can stop accepting cookies by disabling it in your browser, but it will stop this website from working.

Data processors

We may disclose data to third parties for the purpose of pursuing our legitimate interest to maintain and develop our business. These third parties are listed as follows with links to their privacy policies.

Gelato Sverige AB
Malmskillnadsgatan 32
111 51 Stockholm, Sweden

Gelato provides Triple Alpha with fulfilment and production services.

Klarna Bank AB (publ)
Sveavägen 46
11134 Stockholm

If you pay via Klarna, it collects personal information in connection with your payment.

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449
Luxemburg

If you pay via PayPal, it collects personal information in connection with your payment.

Google Cloud EMEA Ltd
70 Sir John Rogerson's Quay
D02 R296 Dublin 2, Dublin
Ireland

When contacting customer support and interacting with our services and product, your data may interact with services hosted on Google Cloud.

Causiq AB
Klarabergsviadukten 63
111 64 Stockholm
Sweden

Causiq is used for website-, marketing-analytics and customer-data management purposes.

Intergrid AB
Box 1414
116 74 Stockholm, Sweden

Intergrid is used for providing secure e-mail services. During transit and minutes-to-hours afterwards, e-mails are stored in cleartext on Intergrid’s servers and then encrypted such that Intergrid loses access to their plaintext contents. If you send PGP-encrypted e-mail to us, Intergrid can never read them. Also, when you use encrypted e-mail, be aware that e-mail headers (metadata) and subjects are always sent in plain text.

Vercel Inc.
340 S Lemon Ave #4133
Walnut, CA 91789
privacy@vercel.com

Vercel is used to provide hosting services and analytics for https://art.haf.se. Vercel provides aggregated website performance analytics. No category of personal data is kept, but your computer may interact with CloudFlare’s services over the internet.

Cloudflare, Inc.
101 Townsend St.
San Francisco, CA 94107
Attention: Data Protection Officer
privacyquestions@cloudflare.com

CloudFlare is used to provide DNS, serverless services and infrastructural services. No personal data is kept, but your computer may interact with CloudFlare’s services over the internet.

Stripe Inc.
185 Berry Street
Suite 550
San Francisco, CA 94107
United States

If you pay by card via Stripe, it collects personal information in connection with your payment. Needless to say, your bank and your card company are also parties in such a transaction.

Klaviyo Inc.
225 Franklin Street Boston,
MA 02110
United States

Klaviyo provides a platform to communicate through e-mail and text messages. We use it to communicate with existing, and potential, customers and partners. The content depends on recipient and occasion and may include, but not limited to, information regarding our service, information regarding a customer order, relevant marketing information and offers.

Slack Technologies Limited
Level 1, Block A
Nova Atria North
Sandyford Business District
Dublin 18
Ireland

Slack is used internally to communicate about customer order fulfilment, order processing and supporting customers with their orders. Our aim is to keep customer personal data out of Slack, but name, address and e-mail may be sent in written form as part of solving support inquiries.

Swell Commerce Corp
San Fransisco
United States

Swell.is is our headless e-commerce provider, and is the primary location we store records of purchases, e-mails and customer addresses.

Your country-specific delivery organisation

Since your purchase is manufactured as close as possible to you, your name and address will be processed by the local delivery company and there their sub-processors, depending on what sort of shipment you select.

Personal data provided by Customer

When you create an account, make a purchase, request information, or otherwise interact with us, we may ask for information to be able to fulfil your request. Triple Alpha processes personal data to perform our contractual obligations and to comply with legal obligations. Furthermore, we process personal data to pursue our legitimate interest to maintain and develop our businesses.

Example of data we may ask for:

Your name
Your e-mail address
Your postal address and phone number
In specific cases, usernames, passwords (in hashed form), feedback, age, gender and language preferences

Lawful grounds for personal data processing

Providing products and services — We may use your personal data to provide you with our Services and to ship and deliver products you have requested or ordered, to process your requests or as otherwise may be necessary to perform the contract between you and us, to ensure the functionality and security of our services and correct delivery, to identify you as well as to prevent and investigate fraud and other misuses.
Communication — We may use your personal data to communicate with you, for example to inform you that our Services have changed or to send you critical alerts and other such notices relating to our Services and Products and to contact you for any sales related purposes.
Marketing — advertising and product recommendations: with your consent and by accepting this Privacy Policy and our Terms and Conditions, or when otherwise allowed, we may contact you to inform you of new Products, Services or promotions we may offer and to conduct market research. We may also use your personal data to personalise our offering and to provide you with more relevant Services and to display customised content and advertising in our Services. This may also include displaying third party content.
Payments — A essential part of the services provided by us is being able to purchase our goods and services. We do this using partners that we have rigorously evaluated in terms of security and compliance. Triple Alpha does never store nor process information such as, but not limited to, credit card numbers or bank accounts. Any such information entered on our website or as a part of our services is only processed by the payment gateway.

General technical and organisational security measures

We encrypt data in transit and data in rest. For data in rest, the encryption key may be held by the third party data processor.

All accounts utilised by us are MFA-enabled if this option is available in the software platform. We maintain a strong security posture for our tech infrastructure and accounts with third party data processors.

As a general principle, we try to store each personal datum only in a single system and use a unique pseudo-anonymous identifier, associated with this record, in other systems.