Sekretesspolicy

When using this website, personal data may be processed. 

Data protection law obliges website operators to inform users about this. 

 

1.Data protection controller  

The Hook,Fredsgatan 12 2:a våningen på Entré, 212 12 Malmö, info@thehook.se, 040 26 60 70

 

2.Type of data processed 

The personal data that is processed depends on how our website and our services are used: On the one hand, this is personal information that you provide, such as name, telephone number, e-mail address when using a contact form or payment information when placing orders. On the other hand, information  will be collected automatically when you visit the website or through the use of cookies or related technologies, such as device and usage information (e.g. IP, browser information, previously visited URL). As a rule, the identity of a person cannot be directly deduced from this information. 

 

  • We process the following types of data: 
  • Inventory/master data (e.g. names, addresses). 
  • Content data (e.g. text inputs, photographs). 
  • Contact details (e.g. e-mail, telephone numbers). 
  • Meta/communication data (e.g. device information, IP addresses). 
  • Usage data (e.g. websites visited, interest in content, access times). 
  • Location data (information about the geographical location of a computer or person). 
  • Contract data (e.g. subject matter of the contract, term, customer category). 
  • Payment data (e.g. bank details, invoices, payment history). 
  • (Payment)Card data (card number, card type, expiration date). 

In order to use this website, we do not need to process special categories of data in accordance with Art. 9 para. 1 GDPR. 

 

3.Purposes of processing 

  • Among other things, we process data for the following purposes: 
  • Provision and optimisation of the online offer, its content and functions 
  • Provision of contractual services, services and customer care 
  • Responding to contact requests and communicating with users 
  • Marketing and advertising 
  • Safety measures 

Fulfilment of legal obligations, e.g. fulfilment of retention obligations under commercial and tax law 

 

4.Relevant legal bases 

  • In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing: 
  • Insofar as we obtain consent for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis for the processing of the data. 
  • In the case of the processing of personal data that is necessary for the performance of a contract, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. 
  • Insofar as the processing of personal data is necessary to comply with a legal obligation, Art. 6 (1) (c) GDPR serves as the legal basis. 
  • In the event that the vital interests of you or another natural person necessitate the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. We don’t yet know how this could be the case in our business area, but we have included it for the sake of completeness. 
  • If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms do not outweigh the first interest(s), Art. 6 (1) (f) GDPR serves as the legal basis for the processing. 

 

5.Data transfer  

If we disclose, transfer or otherwise provide access to personal data to other persons and companies (such as processors such as technical service providers for the provision of our website, affiliated companies or other third parties), this will only take place if it is permitted by law (e.g. transfers to a payment service provider for the performance of contracts), if you have consented or if we are legally obliged to do so (e.g. authorities in the context of investigative proceedings) or on the basis of our legitimate interests (e.g. when deploying agents, etc.). If we commission third parties to process data on the basis of a so-called ”order processing agreement”, this will be done in accordance with Art. 28 GDPR. 

 

The data is stored within the EU. Some data recipients are located outside your country or process your personal data there. The level of data protection in other countries may not be the same as that of your country. However, we only transfer your personal data to countries or (US) companies for which the EU Commission has decided that they have an adequate level of data protection (e.g. US companies certified according to the EU-US Privacy Framework), or we take steps to ensure that recipients commit to an adequate level of data protection. To this end, we conclude, for example, standard contractual clauses (SCC 2021) for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 or ensure that they are concluded by our service providers. 

 

6.Description of processing activities  

a.Provision of the website, logging of accesses 

Purpose: The website should be able to be used and operated securely, quickly and stably. Web hosting is done via cloud-based servers in the EU. 

Legal basis: legitimate interest (Article 6 (1) (f) GDPR), technical necessity  

Data types: Usage data (e.g. websites visited, access times, entries), communication data (e.g. IP address, browser type, operating system) 

Categories of recipients: web hosting providers, SSL certificate providers 

Transfer to third countries: Not planned. 

Storage period: max. 30 days 

 

b.Processing of enquiries  

Purpose: Users should be able to ask questions or book appointments via forms. 

Legal basis: legitimate interest in responding (Article 6 (1) (f) GDPR) 

Data types: Contact details (e.g. name, e-mail, telephone), contents of free text fields 

Categories of recipients: Cloud and. Email Service Providers, Booking Tool Providers 

Transfer to third countries: Not planned. 

 

c.Management of contacts 

Purpose: The contact details of our users and their interactions should be centrally and clearly viewable and administrable. If users are contacted for advertising purposes, the permission should be verifiable. 

Legal basis: legitimate interest (Article 6 (1) (f) GDPR), legal obligation to store consent 

Types of data: contact details (e.g. name, e-mail, telephone), contents of free text fields or messages, consent status 

Transfer to third countries: Not planned. 

 

d.Our online presence on social media  

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to be able to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data protection information of the respective social networks apply. We process the data of users when they communicate with us within the social networks and platforms, e.g. write posts on our profile or send us messages. Requests for information and the assertion of data subject rights can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. 

 

e.Cookies and Similar Tracking Technologies 

We may use cookies and similar tracking technologies (such as web beacons and pixels) to collect information about how people interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, troubleshoot errors, remember your preferences, and support basic website functions.  

Based on our users’ consent, we also allow third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including managing and displaying ads, tailoring ads to your interests, or sending abandoned cart reminders. The third parties and service providers use their technologies to provide advertisements for products and services that are tailored to your interests and may appear either on our Services or on other websites. 

For specific information about how we use such technologies and how you can opt out of certain cookies, please see our Cookie Notice. 

 

7.Storage period 

We will only retain your personal data for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g. for tax, accounting or other legal reasons). 

If we have no further legitimate business need to process your personal data, we will either delete or anonymise that data or, if this is not possible (for example, because your personal data has been stored in backup archives), we will keep your personal data secure and isolate it from any further processing until deletion is possible. 

 

8.Rights related to the protection of personal data  

  • Subject to the conditions of applicable law, you have the following rights: 
  • Right of access (Article 15 GDPR) 
  • Right to rectification (Article 16 GDPR) 
  • Right to erasure (”right to be forgotten”) (Article 17 GDPR) 
  • Right to restriction of processing (Article 18 GDPR) 
  • Right to data portability (Article 20 GDPR) 
  • Right to object (Article 21 GDPR) 
  • Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR) 
  • Right to lodge a complaint with the competent supervisory authority 

 

Last updated on 15.05.2025