International (English)

We use essential cookies to make our site work, for security and to combat fraud. With your consent, we may use additional cookies to enable all features on this website, including our free knitting video tutorials embedded from YouTube. By continuing, you agree to our Privacy Policy and Cookie Policy. You can change your consent settings at any time under “Preferences.”.

Loading...
Country
International (English)
Language
Currency
Unit of measurement
All settings
Open cart Continue shopping
About
Legal
About
Legal

Privacy Policy

Aktiebolaget Grivette, a Swedish Aktiebolag (org. no. 559529-4397), is the data controller for the processing of your personal data.

We are committed to protecting your privacy and handling your data in a transparent and secure manner in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This privacy policy explains how we collect, use, disclose, and store your personal data when you visit our website, use our webshop, or interact with our services.

Aktiebolaget Grivette (org. no. 559529-4397)

Box 13107-83

131 54 Nacka

Country: Sweden

Email: info@grivettedesign.com

For data protection inquiries or to exercise your rights, please contact us via the email address above.

We may collect and process the following categories of personal data:

  • Contact and Identity Data: Name, email address, phone number, shipping address, billing address, and IP address.
  • Financial and Transactional Data: Payment card details (handled securely by our payment processor), purchase history, and order information.
  • Technical and Usage Data: Information about how you use our website, browser type, device information, and interaction data (e.g., pages visited, time spent).
  • Communication Data: Information you provide when contacting us via forms, email, or chat.

We collect data through:

  • Direct Interactions: When you for example place an order, create an account, subscribe to a newsletter, or contact support.
  • Automated Technologies: Via cookies and similar technologies when you visit our website (for essential functions and security).
  • Third Parties: We receive information from our service providers, such as payment confirmations from our payment processor.
  • Social Login Providers (e.g., Google, Facebook): If you choose to use third-party social login features (like Google Sign-In), you authorize us to collect authentication information from that provider. The provider may also set cookies to manage your login session. The data we receive include your name, email address, and profile picture URL. This information is used solely for the purpose of account registration and authentication. Please also see the privacy policy of the respective third-party, e.g. the Google Privacy Policy.

We process your personal data based on the following legal grounds and for the specified purposes:

Purpose of Processing
Legal Basis (GDPR Article 6)
Categories of Data
To provide webshop services and process orders
Performance of a contract
Contact, Identity, Financial, Transactional
To manage customer accounts and support
Performance of a contract or Legitimate interest
Contact, Identity, Communication
To secure our website and prevent fraud
Legitimate interest (security, fraud detection)
Technical, Usage, Identity (IP address)
To comply with legal obligations
Legal obligation (e.g., accounting laws)
Transactional, Financial
For website analytics and improvement
Legitimate interest (improving user experience) or Consent (if non-essential cookies used)
Technical, Usage

We may share your personal data with third-party service providers who perform services on our behalf (data processors). We ensure these parties adhere to strict data protection and security standards and have Data Processing Agreements (DPAs) in place.

Categories of recipients and service providers:

  • Payment Processing: We use Stripe for payment processing. When you make a purchase, your payment information is provided directly to Stripe. Stripe acts as a data controller for its own purposes (e.g., fraud prevention) and processes data according to their privacy policy.
  • Security Services: We use Cloudflare Turnstile for spam and bot protection on interactive forms. Cloudflare processes certain signals (e.g., IP address, user-agent) to distinguish humans from bots, operating under their own privacy commitments.
  • Hosting and Infrastructure: Our website backend and database are hosted on servers within the EU. We do not name specific providers publicly for security reasons, but we maintain a record of processing activities and ensure all data remains within the European Economic Area (EEA) unless explicitly stated otherwise with appropriate safeguards.
  • Video Hosting: We embed YouTube videos using the "no cookie" URL (youtube-nocookie.com), which means YouTube does not, without your interaction, store cookies that track viewing behavior for personalized advertising.
  • Web Analytics: With your consent, we may use Cloudflare Web Anlaytics to discover issues, understand how visitors use the site, and improve our website. Cloudflare Web Analytics is a privacy-first alternative that does not use cookies.

We do not sell or share your personal data with third parties for marketing purposes without your explicit consent.

We primarily store and process data within the EU/EEA.

In cases where data may be transferred to a country outside the EU/EEA (a "third country"), we ensure appropriate safeguards are in place, such as the use of the European Commission's Standard Contractual Clauses (SCCs) and conducting necessary transfer impact assessments.

Our service providers (like Stripe and Cloudflare, which are US-based companies) participate in the EU-U.S. Data Privacy Framework or use SCCs to ensure an adequate level of data protection.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. The retention periods vary depending on the type of data and purpose:

  • Order Data: Kept for a minimum of 7 years to comply with Swedish accounting laws.
  • Account Data: Kept as long as your account is active or until you request deletion.
  • Support Communications: Retained for up to 12 months after the case is closed for quality assurance.
  • Security Data: Retained for up to 2 years or longer if required by law.

Depending on your location (e.g., EU, UK, California), you may have specific rights regarding your personal data, including the right to access, correct, delete, or object to the processing of your information.

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct incomplete or inaccurate data we hold about you.
  • Right to Erasure: You can ask us to delete or remove your personal data where there is no good reason for us to continue processing it.
  • Right to Object: You can object to the processing of your data where we are relying on a legitimate interest as our legal basis.
  • Right to Restrict Processing: You can ask us to suspend the processing of your personal data in certain scenarios.
  • Right to Data Portability: You can request the transfer of your data to another organization.
  • Right to Complain: You have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, or IMY).

To exercise any of these rights, please contact us at support@grivettedesign.com. We will respond to your request within one month.

We may update this policy from time to time to reflect changes in our practices or relevant laws. We will notify you of any significant changes by posting the new policy on this page with an updated "Last Updated" date.

Last Updated: 2026-01-07

Compassionate Couture

Transforming the fashion industry one knit at the time.

About Grivette