Privacy policy

Privacy Policy – SayOh.com

This Privacy Policy describes how SayOh.com (“we”, “us”, or “our”) collects, processes, and uses your personal data. We always process personal data in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).

1. Data Controller

The legal entity responsible for the processing of your personal data is:

SayOh.com

2. Legal Basis and Purpose of Processing

SayOh.com collects and processes personal data when you:

• Visit our website
• Make a purchase via our webshop
• Sign up for our newsletter
• Contact us with questions or feedback
• Register for events
• Apply for a job

Your personal data is stored only for as long as required by law and/or for as long as it is relevant to the purpose for which it was collected.

3. Purchases and Orders

To deliver products purchased via SayOh.com, we collect your name and delivery address. We also collect your email address and phone number to send order confirmations and delivery updates.

When you make a payment, we process your name, payment details, and IP address. Payment information is used solely for completing the transaction and is not stored by us beyond what is necessary for accounting and legal obligations.

If you do not wish to provide the personal data required to complete a purchase, it will unfortunately not be possible to shop on SayOh.com.

Order-related personal data is stored for 5 years in accordance with accounting legislation, except for email addresses used for marketing purposes, where separate consent applies.

4. Newsletter

You may voluntarily sign up for our newsletter and unsubscribe at any time.

The purpose of the newsletter is to send information about news, content, offers, and marketing related to SayOh.com.

We only send newsletters to users who have provided active consent. This includes entering your email address and confirming your subscription via a confirmation email (double opt-in).

The legal basis for processing your email address for newsletter purposes is GDPR Article 6(1)(a).

Your personal data is processed for as long as you remain subscribed. You may withdraw your consent at any time via the unsubscribe link included in every newsletter.

Upon unsubscription, documentation of your consent may be stored for up to 2 years in accordance with applicable consumer protection and marketing regulations.

5. Customers

We process customer information to ensure correct delivery of products and fulfillment of agreements. This may include processing personal data such as name, address, order details, payment information, and any special agreements.

The legal basis for this processing is GDPR Article 6(1)(b).

Once the service has been delivered and any outstanding matters have been resolved, personal data will be deleted in accordance with legal retention requirements.

6. Communication with Potential Customers

If you contact us with questions or inquiries via:

• Contact form
• Email
• Phone

we process the personal data you provide in order to respond and communicate with you.

This typically includes name, email address, and phone number.

The legal basis for this processing is GDPR Article 6(1)(f) (legitimate interest).

Personal data related to inquiries is deleted once it is clear whether you wish to use our services, unless continued storage is necessary in specific cases.

7. Job Applications

We do not accept job applications if there are no designated links for a job opening, however, when we do have job posts we collect data for the purpose of evaluating potential employment.

If you submit a job application, the legal basis for processing your personal data is GDPR Article 6(1)(f).

Unsolicited applications are deleted promptly.

Applications submitted for an advertised position are deleted once the recruitment process has concluded and a candidate has been selected.

If you proceed to employment, you will receive separate information about how your personal data is processed in that context.

8. Disclosure of Personal Data

We do not sell or disclose your personal data to third parties for marketing purposes, nor do we transfer personal data to third countries outside the EU/EEA without appropriate safeguards.

9. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the content or data protection practices of such websites. We encourage you to review the privacy policies of any external websites you visit.

10. Data Processors and Third Parties

We use external partners and service providers to operate our business. Some of these partners act as data processors on our behalf.

Examples include providers of IT systems, hosting, payment processing, marketing tools, and logistics services.

When placing an order, your name, delivery address, phone number, and email address may be shared with the selected shipping provider for delivery purposes.

Our webshop platform is hosted by [insert webshop provider, e.g. Shopify], and personal data submitted on the website is stored in their data centers. Payment processing is handled by Woocommerce and Stripe.

We ensure that all data processors comply with GDPR and have entered into appropriate data processing agreements.

11. Data Security

We protect personal data through appropriate technical and organizational security measures.

We conduct risk assessments of our data processing activities and continuously implement measures to maintain a high level of security, including employee training and internal GDPR procedures.

12. Your Rights

Under the GDPR, you have several rights regarding our processing of your personal data:

• Right of access – to request insight into the data we process about you
• Right to rectification – to have incorrect data corrected
• Right to erasure – to have data deleted in certain circumstances
• Right to restriction of processing – to limit how your data is processed
• Right to object – to object to lawful processing, including direct marketing
• Right to data portability – to receive your data in a structured, machine-readable format

You can read more about your rights on the website of the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk

13. Withdrawal of Consent

Where processing of your personal data is based on consent, you may withdraw your consent at any time.

14. Contact and Changes

If you wish to access, update, correct, or delete your personal data, or if you have questions regarding this Privacy Policy, please contact us at:

[insert customer service email]

15. Complaints

If you are dissatisfied with how we process your personal data, you have the right to file a complaint with the Danish Data Protection Agency (Datatilsynet).

You may contact Datatilsynet via their website:
www.datatilsynet.dk