Privacy Policy

1. Introduction

This Privacy Policy explains how Smokify AB (company registration number 559445-1386) ("Smokify", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use our website and services.

We are committed to protecting your privacy and processing your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

By using our website, you acknowledge and agree to the processing of your personal data as described in this Privacy Policy.

2. Data Controller

Smokify AB is the data controller responsible for the processing of your personal data.

If you have any questions regarding this Privacy Policy or our processing of your personal data, please contact us using the contact details provided at the end of this policy.

3. Personal Data We Collect

We may collect the following categories of personal data:

Information You Provide
Full name
Personal identity number (for BankID verification where applicable)
Postal address
Email address
Phone number
Payment information (processed by payment providers)
Information Related to Orders
Order history
Delivery information
Payment status
Customer Service Information
Name
Email address
Information provided in correspondence, support requests, or contact forms
Technical Information
IP address
Device and browser information
Cookies and similar technologies
4. Why We Process Your Personal Data

We process personal data for the following purposes:

Order Processing and Fulfillment

To process and deliver orders, manage subscriptions, communicate with you regarding purchases, and handle returns, complaints, and customer service requests.

Without the required information, we may be unable to fulfill your order.

Age Verification and Identity Verification

To ensure compliance with applicable laws governing the sale of nicotine products, we may verify your age and identity.

Verification may occur:

During checkout or account creation using a digital identification service such as BankID
Upon delivery through presentation of valid identification
Through digital verification methods where supported by the delivery provider

If age verification cannot be completed, we may be unable to process or deliver your order.

Payment Processing

To process payments, prevent fraud, verify transactions, issue refunds, and comply with legal obligations related to financial transactions.

Payments are processed through trusted third-party providers such as Stripe and Klarna. We do not store complete payment card details.

Customer Support

To provide assistance regarding orders, products, returns, complaints, technical issues, and other customer inquiries.

This may include communication via email, telephone, or contact forms.

Website Functionality and Improvement

To ensure our website functions correctly, remains secure, and provides a reliable user experience.

This may include:

Troubleshooting technical issues
Improving website performance
Maintaining security and preventing unauthorized access
Understanding how visitors interact with the website
Fraud Prevention and Legal Compliance

To detect, prevent, and investigate fraud, abuse, unauthorized transactions, and other unlawful activities.

We may also process personal data when necessary to comply with legal obligations or respond to legal claims and disputes.

5. Legal Bases for Processing

We process your personal data based on one or more of the following legal grounds:

Performance of a Contract

Where processing is necessary to fulfill our contractual obligations, such as processing orders, delivering products, and managing subscriptions.

Legal Obligation

Where processing is required by applicable laws and regulations, including accounting requirements and age-verification obligations.

Consent

Where you have provided consent, such as subscribing to marketing communications or newsletters.

You may withdraw your consent at any time.

Legitimate Interests

Where processing is necessary for our legitimate business interests, including customer support, fraud prevention, website security, and service improvement, provided that such interests are not overridden by your rights and freedoms.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Examples include:

Order and accounting records: up to 7 years where required by law
Customer account information: for as long as the account remains active
Subscription information: during the subscription period and for a reasonable period thereafter
Marketing consent data: until consent is withdrawn

When personal data is no longer required, it will be securely deleted or anonymized.

7. Sharing of Personal Data

We may share personal data with:

Payment service providers (e.g., Stripe and Klarna)
Shipping and logistics providers
IT and hosting service providers
Government authorities where required by law

We never sell personal data to third parties.

8. Cookies

We use only strictly necessary cookies required for the proper operation of our website.

These cookies may be used for:

Shopping cart functionality
Login and session management
Security purposes
Payment processing

Because these cookies are essential for the website to function, no consent is required under applicable law.

You may disable cookies through your browser settings, although doing so may affect website functionality.

For more information, please see our Cookie Policy.

9. Your Rights

Under applicable data protection laws, you may have the following rights:

Right of Access

You may request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You may request correction of inaccurate or incomplete personal data.

Right to Erasure

In certain circumstances, you may request the deletion of your personal data.

Right to Restriction of Processing

You may request that we limit the processing of your personal data in specific situations.

Right to Object

You may object to processing based on our legitimate interests.

Right to Data Portability

You may request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe that we process your personal data unlawfully.

If you wish to exercise any of your rights, please contact us using the contact details provided below.

10. International Data Transfers

We strive to process and store personal data within the European Union (EU) and European Economic Area (EEA).

However, some of our service providers may process personal data outside the EU/EEA, including in countries such as the United States.

For example, payment processing is provided by Stripe, which may process personal data internationally as part of fraud prevention, technical support, security, and infrastructure operations.

When personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:

European Commission Standard Contractual Clauses (SCCs)
Other legally approved transfer mechanisms under GDPR

11. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Despite our efforts, no method of transmission or storage can be guaranteed to be completely secure. We continuously review and improve our security measures to protect your information.

12. Contact Information

If you have any questions regarding this Privacy Policy or our processing of personal data, please contact us:

Smokify AB
Company Registration Number: 559445-1386
Email: [email protected]
Website: www.smokify.se