Terms of service

PRIVACY POLICY

Effective Date: April 25, 2026

====================================
WHO WE ARE
====================================

Company: GGMR AB (Cuppino)
Address: Irisgatan 14, 21565 Malmö, Sweden
Organization Number: 559479-3795
VAT Number: SE559479379501
Email: info@cuppino.se
Websites: cuppino.se, cuppino.it

We are the data controller for your personal data and are responsible for ensuring your privacy rights under the EU General Data Protection Regulation (GDPR).

====================================
WHAT PERSONAL DATA WE COLLECT
====================================

WHEN YOU PLACE AN ORDER:
- Name, email address, phone number
- Billing address
- Shipping address
- Payment information (processed securely by our payment provider — we do not store full card details)

WHEN YOU VISIT OUR WEBSITE:
- IP address
- Browser type and version
- Pages you visit
- Time and date of visit

WHEN YOU CONTACT US:
- Email correspondence
- Support messages

====================================
WHY WE COLLECT YOUR DATA
====================================

We collect and process your personal data to:

- FULFILL YOUR ORDERS — process payments, pack, and ship products

- PROVIDE CUSTOMER SERVICE — answer questions, resolve issues, handle returns

- SEND ORDER UPDATES — confirmation emails, shipping notifications

- COMPLY WITH LEGAL OBLIGATIONS — tax reporting, accounting (7-year retention required by Swedish law), food safety reporting to Livsmedelsverket

- PREVENT FRAUD — detect and prevent fraudulent transactions

LEGAL BASIS:
- Contract performance (GDPR Article 6(1)(b)) — to fulfill your order
- Legal obligation (GDPR Article 6(1)(c)) — tax, accounting, food safety compliance
- Legitimate interests (GDPR Article 6(1)(f)) — fraud prevention, customer service

====================================
WHO WE SHARE YOUR DATA WITH
====================================

We share your personal data with trusted service providers who help us run our business:

SHOPIFY (Canada/USA) — our e-commerce platform that hosts the website, processes orders, and stores customer data

PAYMENT PROCESSORS — Klarna, Stripe, or other payment providers you choose at checkout (they process payment securely; we do not see full card details)

SHIPPING CARRIERS — PostNord, Bring, or other carriers to deliver your order

EMAIL SERVICE — Shopify Email to send order confirmations and shipping updates

DATA TRANSFER SAFEGUARDS: Some service providers are outside the EU. We use Standard Contractual Clauses (SCCs) approved by the EU to protect your data.

WE DO NOT SELL YOUR PERSONAL DATA TO ANYONE.

====================================
HOW LONG WE KEEP YOUR DATA
====================================

- Order information: 7 YEARS (Swedish tax law requirement)
- Customer account: Until you request deletion or 3 YEARS after last activity
- Customer service messages: 3 YEARS after last contact
- Website logs: 12 MONTHS

After these periods, we securely delete or anonymize your data.

====================================
YOUR GDPR RIGHTS
====================================

You have the right to:

ACCESS — Request a copy of the personal data we hold about you

RECTIFICATION — Correct inaccurate or incomplete data

ERASURE — Request deletion of your data (subject to legal retention requirements like tax records)

RESTRICTION — Limit how we use your data in certain situations

DATA PORTABILITY — Receive your data in a common electronic format

OBJECT — Opt out of processing based on legitimate interests

WITHDRAW CONSENT — If processing is based on consent, you can withdraw it anytime

TO EXERCISE YOUR RIGHTS, email info@cuppino.se. We will respond within 30 days.

====================================
COMPLAIN TO THE REGULATOR
====================================

If you believe we have violated your privacy rights, you can lodge a complaint with the Swedish Data Protection Authority:

Integritetsskyddsmyndigheten (IMY)
Email: imy@imy.se
Website: www.imy.se
Address: Box 8114, 104 20 Stockholm, Sweden

====================================
DATA SECURITY
====================================

We protect your personal data using:
- SSL/TLS encryption for data transmission
- Secure Shopify cloud hosting
- PCI-DSS compliant payment processing (we do not store card details)
- Limited employee access to personal data

No system is 100% secure, but we will notify you promptly if a data breach occurs as required by law.

====================================
COOKIES
====================================

We use essential cookies only:
- SESSION COOKIES — to keep items in your shopping cart
- LOGIN COOKIES — to remember you when you log in to your account

These cookies are necessary for the website to function and do not require consent under EU law.

WE DO NOT USE TRACKING, ANALYTICS, OR MARKETING COOKIES.

====================================
CHILDREN
====================================

Our website is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at info@cuppino.se.

====================================
CHANGES TO THIS POLICY
====================================

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new "Effective Date."

====================================
CONTACT US
====================================

Questions about your personal data?

Email: info@cuppino.se
Address: GGMR AB, Irisgatan 14, 21565 Malmö, Sweden

Company Information:
GGMR AB
Organization Number: 559479-3795
VAT Number: SE559479379501