Free shipping on orders above €50

Back

Last updated: May 21, 2026

INFORMATION ABOUT OUR PROCESSING OF PERSONAL DATA

It is important to us that you feel confident about how we handle your personal data. In summary, the following applies:

  • Craft of Scandinavia AB is responsible for processing your personal data.

  • We use and process your personal data when you interact with us – for example, when you make a purchase, visit our digital stores, or when we otherwise contact you, such as via customer service, when you make a return, or when we send marketing to you. We also process your personal data when we develop our products and services and to create a more personalized experience for you.

  • Personal data is any type of information that can be directly or indirectly linked to you. We process, for example, identity data, contact details, purchase information, payment information, messages, CCTV material, technical data, and your profile.

  • Your personal data is generally stored within your country or in a country within the EU/EEA, but it may also be transferred to and processed in a country outside this area.

  • Where necessary, your personal data may be shared with companies within the group, with suppliers, subcontractors, banks, authorities, advisors, and other independent third parties performing certain tasks on our behalf.

  • You have the right to access, rectification, erasure, and to be informed. In some cases, you also have the right to object to our use of your data or to the transfer of your data.

Below you can read detailed information about which personal data we process about you, why we do it, and what rights you have. If you have any questions about our processing of personal data, you can contact us using the contact details below.

1. WHO IS THE DATA CONTROLLER AND WHO SHOULD YOU CONTACT?

Craft of Scandinavia AB, reg. no. 556529-1845 (“we”, “us”, “our”) is the data controller for the processing of personal data described here. This means that we are responsible for ensuring that the processing is carried out in accordance with applicable data protection legislation.

Craft of Scandinavia AB

Evedalsgatan 5, 504 35 Borås, Sweden

customerservice@craftsportswear.com

+46 (0) 33 722 32 10

2. PERSONAL DATA WE PROCESS

2.1 Your personal data

We process information about you when you purchase our products, visit our website, contact us, or receive marketing from us. We only collect the personal data necessary for the specific purpose. The personal data we collect also depends on how you interact with us. Depending on the situation, we may collect the following information about you:

Identity data: such as information that enables us to identify you, including your name, personal identity number and/or date of birth, username (e.g., on social media), gender.

• Contact details: such as information that enables us to contact you, including your address, email address, and telephone number.

• Purchase information: such as details about a product you have purchased/ordered, including article number, price, size (where applicable), delivery address, etc.

• Payment information: such as payment method, transaction reference, transaction time, amount, bank and account details.

•Messages: such as information in your communication with us, including email content, information you provide when contacting our customer service, information you provide when returning products or exercising your right of withdrawal, product reviews, customer surveys, etc.

•Technical data: such as IP address, information about the device you use (e.g., computer or mobile phone), operating system and browser type, information about how you interact with our websites, marketing emails, and advertisements, including pages visited, clicks, browsing behavior, and engagement with marketing emails (such as open rates and timestamps), collected through cookies and similar technologies, as well as approximate location data derived from your IP address.

•Profile: Information relating to your purchase history, preferences, interests, interactions with our websites and marketing, customer segment affiliation, and inferences created based on the information we collect about you. Read more in section 2.2 below.

2.2 More about your Profile

We use the information we collect about you to personalize the content you see and tailor the marketing shown and sent to you based on your interests and interactions with us. This involves automated processing and analysis of your personal data to gain better knowledge and understanding of you and your personal preferences. To achieve this, we review your identity data, contact details, purchase information, messages, and technical data to create a consolidated profile about you.

The legal basis is your consent (Article 6.1(a) GDPR). Processing of technical data for this purpose, collected via cookies or similar tracking technologies, is based on your consent obtained via our cookie banner (Article 6.1(a) GDPR). You always have the right to withdraw your consent.

while you are an active customer with us and for up to 24 months after your latest purchase or interaction with us. For individuals who are not customers, we retain personal data collected for these purposes for up to 24 months from the time it was collected. We use your profile to:

(i) Personalize content on the website,

(ii) Send marketing via direct messages, and

(iii) Target advertising and sponsor posts on social media.

Read more about these purposes in the respective tables in sections 3.1–3.2 below.

3. HOW WE USE YOUR PERSONAL DATA

3.1 Online Sales

Manage Purchases

Why?

  • To receive and process your order and send confirmation of your purchase.

  • To contact you if necessary regarding your order.

  • To deliver your order (including notifying you about the delivery).

  • To handle payment, etc.

Personal Data

  • Identity data

  • Contact details

  • Purchase information

  • Payment information

Retention Period
Until the purchase is fully completed in all steps, including delivery and payment.

Legal Basis
Performance of the contract with you (GDPR, Article 6.1(b)).

Personalize Website Content

Why?

• To tailor the content on the website/webshop according to your choices and preferences.
• Save your selected delivery options and display product recommendations based on products you have viewed, similar products, and/or products that other similar customers have purchased/viewed.

This purpose involves certain profiling; read more in section 2.2.

Personal Data
Profile

Retention Period
For up to 24 months after your latest interaction with us or until you withdraw your consent.

Legal Basis
Your consent (Article 6.1(a) GDPR)

Reminder of an Incomplete Order

Why?
To remind you via email about an order that has been started but not completed.

Personal Data

  • Identity data

  • Contact details

  • Purchase information

Retention Period
14 days

Legal Basis

  • If you are a customer, we rely on our legitimate interest (GDPR, Article 6.1(f)) to remind you of an incomplete order. Contact us if you want to know more about how we have balanced your interests against ours.

  • If you are not an existing customer, we send such messages based on your consent (GDPR, Article 6.1(a)).

3.2 Marketing

Marketing via Direct Messages

Why?

  • To market our business, products, and services via direct messages (such as email and SMS), e.g., through newsletters.

  • To share your personal data with our group companies so that they can market their business, products, and services via direct messages (such as email and SMS).

This purpose involves certain profiling; read more in section 2.2.

Personal Data

  • Identity data

  • Profile

Retention Period
As long as you are our customer or as long as we have your consent.

Legal Basis

  • To send general messages about our business and our products and services, as well as to send personalized messages, we rely on your consent (GDPR, Article 6.1(a)).

  • To share information with our group companies, we rely on your consent (GDPR, Article 6.1(a)). For these mailings, we are joint controllers with the respective group company.

Marketing on Social Media

Why?
To market our business and our products and services through targeted advertising and sponsored posts on social media.

Personal Data

  • Identity data

  • Contact details

  • Profile

This purpose involves certain profiling; read more in section 2.2.

Retention Period
As long as you are our customer or for three months from the time the data was collected.

Legal Basis
Our legitimate interest (GDPR, Article 6.1(f)) in marketing ourselves and our products. Contact us if you want to know more about how we have balanced your interests against ours.

3.3 Customer Service, Competitions, and Events

Customer Service Matters

Why?

  • To provide customer service via phone, email, chat, contact forms, and social media

  • To manage and follow up on customer service matters, including identifying you, communicating with you, answering your questions, resolving the matter, and delivering the services and information you have requested.

Personal Data

  • Identity data

  • Contact details

  • Purchase information

  • Payment information

  • Messages

Retention Period
For up to 24 months after the customer service matter has been closed.

Legal Basis
Our legitimate interest (GDPR, Article 6.1(f)) in handling customer service matters. Contact us if you want to know more about how we have balanced your interests against ours.

Returns and Right of Withdrawal

Why?

  • To handle returns

  • Preventing return abuse

Personal Data

  • Identity data

  • Contact details

  • Purchase information

  • Payment information

  • Messages

Retention Period
Until your return is fully processed.

Legal Basis

  • Right of withdrawal: Our legal obligation to provide a right of withdrawal for online sales (GDPR, Article 6.1(c) and the Swedish Distance and Off-Premises Contracts Act (2005:59)).

  • Other returns: Our legitimate interest in offering an open purchase period (GDPR, Article 6.1(f)).

  • Preventing return abuse: Our legitimate interest in identifying and preventing unsustainable purchasing behavior (GDPR, Article 6.1(f)).

Contact us if you want to know more about how we have balanced your interests against ours.

Complaints, Warranty Claims, and Product Recalls

Why?

  • To handle complaints

  • To handle warranty issues

  • To carry out product recalls (where applicable)

Personal Data

  • Identity data

  • Contact details

  • Purchase information

  • Payment information

  • Messages

Retention Period

  • Complaints: Three years from the date you received the product.

  • Warranty claims: Until the warranty expires.

  • Recalls: Up to ten years after we processed your complaint.

Legal Basis

  • Complaints: Legal obligation (GDPR, Article 6.1(c) and the Swedish Consumer Sales Act (1990:932)).

  • Warranty claims: Performance of the contract with you (GDPR, Article 6.1(b)).

  • Recalls: Legal obligation (GDPR, Article 6.1(c) and, among others, the Swedish Product Safety Act (2004:451)).

Competitions

Why?

  • To organize and administer our competitions, including communicating with you during the competition.

  • To invite you to events and administer and follow up on our events, for example, by confirming participation, contacting you with relevant information about the event, and granting you access to the venue.

Personal Data

  • Identity data

  • Contact details

  • Messages

Retention Period
During the competition or event and for up to 12 months thereafter.

Legal Basis
Performance of a contract with you (GDPR, Article 6.1(b)), based on the terms and conditions applicable to the competition or event.

3.4 Development of Our Business, Products, and Services


Development of Our Business, Products, and Services

Why?
Analyze your customer experience, such as reasons for product returns, feedback on our products and services in customer surveys, customer service matters, etc.

Personal Data
Identity data, purchase information, messages, technical data, and aggregated statistics relating to customer behavior, returns, customer service matters, and feedback.

Retention Period
Personal data used for these purposes is retained in accordance with the retention periods applicable to the underlying data categories.

Legal Basis
Our legitimate interest (GDPR, Article 6(1)(f)) in improving our products and services serves as the basis for aggregating data. Contact us if you want to know more about how we have balanced your interests against ours.

Training and Quality Purposes

Why?

  • To ensure high quality and service in our customer service.

  • To train our staff.

Personal Data
Identity data, contact details, messages, customer service interactions, and aggregated statistics relating to customer service quality and training.

Retention Period
Personal data used for these purposes is retained in accordance with the retention periods applicable to the underlying customer service data.

Legal Basis
Our legitimate interest (GDPR, Article 6(1)(f)) in improving our products and services serves as the basis for aggregating data. Contact us if you want to know more about how we have balanced your interests against ours.

Improve the Website

  • To evaluate, develop, and improve our website.

  • To make the website more user-friendly, for example, by modifying the user interface or highlighting features that our customers use frequently.

Personal Data
Technical data, usage data, and aggregated statistics relating to how visitors interact with our website, including browsing behavior, clicks, navigation patterns, and engagement with website features.

Retention Period
Personal data used for these purposes is retained in accordance with the retention periods applicable to the underlying technical and analytics data.

Legal Basis

  • Our legitimate interest (GDPR, Article 6(1)(f)) in tailoring and enhancing our website based on customer online behavior serves as the basis for data aggregation. Contact us if you want to know more about how we have balanced your interests against ours.

  • The processing of Technical Data collected through cookies or similar tracking technologies is based on your consent, which is obtained via our cookie banner (GDPR, Article 6(1)(a)).

Improve Our Marketing

Why?
Analyze our customers’ purchasing and web behavior, and measure engagement with our marketing.

Personal Data
Identity data, purchase information, technical data, profile data, marketing engagement data, and aggregated statistics relating to purchasing behavior, website interactions, marketing engagement, and customer preferences.

Retention Period
Personal data used for these purposes is retained in accordance with the retention periods applicable to the underlying marketing, profiling, and technical data.

Legal Basis

  • Our legitimate interest (GDPR, Article 6(1)(f)) in gaining a better understanding of our customers and improving our marketing serves as the basis for aggregating data. Contact us if you want to know more about how we have balanced your interests against ours.

  • The processing of Technical Data collected through cookies or similar tracking technologies relies on your consent, which is obtained via our cookie banner (GDPR, Article 6(1)(a)). The same applies to profiling activities used for personalized marketing, customer segmentation, and marketing performance measurement.

3.5 General Processing

Why?
Investigating incidents, responding to requests, and providing materials to the relevant authority

Personal Data
The categories of personal data involved in the incident, request, or supervision

Retention Period
The data is retained during the incident/supervision and up to 24 months thereafter.


Legal Basis
Legal obligation (GDPR, Article 6.1(c) and GDPR, Articles 31, 33–34, and 58)

Why?
To protect our interests in the event of a dispute.

Personal Data
The categories of personal data necessary with regard to the subject of the dispute and the parties involved.

Retention Period
The data is retained for as long as the dispute is ongoing and for ten years thereafter.


Legal Basis
Our legitimate interest (GDPR, Article 6.1(f)) in safeguarding our interests in disputes. Contact us if you wish to know more about how your interests have been balanced against ours.

Why?
To transfer personal data in the event of a possible merger or business transfer.

Personal Data
The categories of personal data covered by the merger or transfer.

Retention Period
Not applicable.

Legal Basis
Our legitimate interest (GDPR, Article 6.1(f)) in meeting our interest in being able to carry out mergers or business transfers. Contact us if you wish to know more about how your interests have been balanced against ours.

Why?
To accommodate your request to exercise any of your rights under GDPR.

Personal Data
The categories of personal data necessary to fulfill your request.

Retention Period
The data is retained for 24 months after your request has been processed.


Legal Basis
Legal obligation (GDPR, Article 6.1(c) and GDPR, Chapter III)

Why?
To fulfill legal obligations, we need to process certain personal data.

Personal Data
The categories of personal data necessary to fulfill each respective legal obligation.

Retention Period
The storage period of the data varies depending on purpose, context, and specific legislation, but is retained only as long as necessary to fulfill each respective legal obligation — for accounting purposes, the data is retained until the seventh year after the end of the calendar year in which the financial year was concluded, in accordance with the rules of the Accounting Act (1999:1078).


Legal Basis
Legal obligation (GDPR, Article 6.1(c)), such as tax, accounting, bookkeeping, sanctions, health and safety, and consumer legislation.

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We need to share your personal data with other parties in order to provide our products and services, as well as to comply with laws and regulations:

• Group companies so that they can send marketing about their business, products, and services.

• Logistics and courier services for order management and delivery.

• Service providers that supply us with systems essential for our operations and who handle ongoing operations, technical support, storage, and maintenance of our IT solutions, such as internally used systems, platforms, and hosting services.

• Banks and payment service providers for processing payments and refunds.

• Providers of analytics, server-side tracking, and advertising services, such as Google, Meta, Microsoft, and TikTok, to analyze website traffic, measure marketing performance, and provide personalized advertising.

• Providers of social media platforms such as Google and Meta for marketing purposes.

• Suppliers of security cameras, insurance companies, and other providers of physical security services.

• Companies within our group that provide customer service and support functions on our behalf.

• PR/marketing agencies to facilitate and manage competitions and events.

• Debt collection agencies in the event of unpaid invoices for collection of overdue receivables.

• Government authorities when required by law or official decisions.

• Courts in the event of disputes or other legal proceedings.

• Law firms, auditors, and other advisors.

• Other external parties, such as potential buyers and sellers, and advisors, if necessary to carry out a restructuring, merger, acquisition, or sale of all or part of our assets.

5. WHERE YOUR DATA IS PROCESSED

We always strive to process your personal data within the EU/EEA, but in certain situations, we may need to transfer your personal data to partners and service providers located outside the EU/EEA (so-called “third countries”). This happens in some cases and to a limited extent.

Regardless of where your personal data is processed, we take all reasonable contractual, technical, and organizational measures to ensure that the level of protection for this processing is equivalent to that in the EU/EEA. If there is an EU Commission adequacy decision covering the processing of personal data in third countries by our partners and service providers, we rely on that. Otherwise, we enter into the EU Commission’s standard contractual clauses with our partners and service providers who process personal data in third countries.

6. WHERE WE OBTAIN YOUR PERSONAL DATA FROM

We primarily collect personal data directly from you, for example when you order a product from us, communicate with us, or visit our website. We also collect personal data from other actors and sources, such as:

·        Other group companies

·        Public address registers or credit information agencies

·        Providers of advertising and social media platforms, such as Google, Meta, Microsoft, and TikTok

We may also create new information about you, for example when we anticipate your preferences based on how you have interacted with us.

7. ARE YOU REQUIRED TO PROVIDE YOUR PERSONAL DATA?

It is voluntary to provide your personal data to us, but for us to be able to perform certain services and functions, it is necessary that you share your personal data, such as when purchasing products, subscribing to our newsletter, or participating in contests and events. If you do not provide the requested personal data, it will not be possible for us to deliver the requested services or provide our products to you.

8. YOUR RIGHTS

8.1 General information

We are responsible for ensuring that your personal data is processed lawfully, transparently, and fairly in relation to you, and that your information remains accurate and up to date. You have certain rights regarding our processing of your personal data. If you wish to exercise any of your rights, you can contact us using the contact details in section 1.

We will respond to you as promptly as possible and no later than one month after receiving your request. If we are unable to respond to your inquiry or need more time, we will provide an explanation.

8.2 Right of access (Data Subject Access Request)

You have the right to know whether we process personal data about you. If we do, you are also entitled to information about what personal data we process and how we process it. You are further entitled to a copy of the personal data we process about you.

If you are interested in specific data, please specify this in your request. For example, you may indicate a particular type of data or request information regarding data from a specific time period.

8.3 Right to rectification

If any of the personal data we process about you is inaccurate, you have the right to have it rectified. You also have the right to have incomplete personal data completed, including by providing a supplementary statement, for the data to be accurate. When we rectify or complete your personal data, we will inform any recipients to whom your data has been disclosed of the updated data, unless this proves impossible or involves disproportionate effort. If you request it, we will also inform you of these recipients. If you request rectification, you are also entitled to request that we restrict our processing of your data while we investigate the matter.

8.4 Right to erasure (“right to be forgotten”)

In certain cases, you have the right to request the erasure of your personal data that we have registered about you. You are entitled to have your data erased if:

• The data is no longer necessary for the purposes for which it was collected or otherwise processed.

• You object to processing based on our legitimate interest and we cannot demonstrate compelling legitimate grounds for the processing that override your interests.

• The personal data has been processed unlawfully.

• We have a legal obligation to erase the personal data.

If we erase your data after you have requested it, we will also inform any recipients to whom your data has been disclosed, unless this proves impossible or involves disproportionate effort. If you ask us, we will also inform you of these recipients.

8.5 Right to restriction of processing

Restriction means that the data is marked so that it may only be processed for certain limited purposes in the future. The right to restriction applies:

• When you believe the data is inaccurate and you have requested rectification. You can also request that processing is restricted while we verify the accuracy of the data.

• If the processing is unlawful and you do not want the data erased.

• When we no longer need the data for the purposes for which it was collected, but you require it for the establishment, exercise, or defense of legal claims.

• If you have objected to processing based on our legitimate interest. In this case, you can request that we restrict processing while we assess whether our legitimate grounds override your interests.

Even if you have requested restriction, we may still process the data for storage, for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person. We may also process the data for reasons of important public interest. When the restriction ends, we will inform you. If we restrict the processing of your data, we will also inform any recipients to whom your data has been disclosed, unless this proves impossible or involves disproportionate effort. If you ask us, we will also inform you of these recipients.

8.6 Right to object

You have the right to object to our processing of your personal data based on our legitimate interest. If you object, we will, based on your particular situation, evaluate whether our legitimate grounds for processing outweigh your interests in not having the data processed for that purpose. If we cannot demonstrate compelling legitimate grounds that override your interests, we will cease the processing to which you object – unless we are required to process the data for the establishment, exercise, or defense of legal claims.

If you object, you are also entitled to request restriction during the period we assess the issue.

8.7 Right to data portability

Data portability means that you have the right to receive the data we have collected from you, relating to you, in a structured, commonly used, and machine-readable format and to transmit those data to another controller. The right to data portability applies only:

• To data that has been collected from you, about you,

• If processing is based on your consent, and

• The processing is carried out by automated means.

8.8 Right to withdraw consent

You have the right to withdraw consent you have given for certain processing at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

Contact us using the contact information provided in section 1 above if you wish to withdraw your consent. You withdraw your consent for processing of Technical Data in our cookie banner, i.e., in the same place where you gave your consent.

8.9 Right to lodge a complaint

Contact us if you are dissatisfied with how we process your personal data, so we can try to resolve your concern together. See our contact details under section 1 above. You also have the right to lodge a complaint with a supervisory authority. The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) is the supervisory authority for our use of your personal data in Sweden. You also have the right to lodge a complaint with the supervisory authority in the country where you reside or work, or where you believe a breach of the regulation has occurred.

9. CHANGES TO THIS PRIVACY NOTICE

We reserve the right to modify and update this privacy notice on an ongoing basis. In the event of significant changes, we will clearly inform you of this in an appropriate manner.