# Privacy Policy for HeNåAnne *Last updated: 2026-04-21* ## 1. Introduction This Privacy Policy describes how HeNåAnne ("we", "us", "our") collects, uses, and protects your personal data when you visit our [Shopify store](https://henaanne.myshopify.com) or interact with our other services. We are committed to complying with the EU General Data Protection Regulation (GDPR) and Swedish data protection laws. Our business operates under the brand HeNåAnne ("Our Creative Universe"), selling original art, art prints, clothing, and other print-on-demand (POD) products via platforms like Printful, Gelato, and Printify. We use Shopify as our primary e‑commerce platform and Airwallex for payment processing. ## 2. Data Controller The data controller is: **HeNåAnne** Email: [henaannesweden@gmail.com](mailto:henaannesweden@gmail.com) Address: Radhusvägen 4c 69674 Hammar If you have questions about your personal data, contact us at the email above. ## 3. What Personal Data We Collect We collect the following categories of personal data: - **Identity & contact details**: Name, email address, shipping/billing address, phone number (provided during checkout). - **Payment information**: Credit/debit card details processed securely by Airwallex and Shopify Payments – we do not store full card numbers. - **Order information**: Products purchased, order history, preferences. - **Technical & usage data**: IP address, browser type, device information, cookies, pages viewed, referral source (collected via Shopify analytics and Google Analytics). - **Communication data**: Messages sent via contact forms, email, or social media. - **Marketing preferences**: Whether you wish to receive newsletters or promotional offers. ## 4. How We Use Your Personal Data | Purpose | Legal Basis (GDPR) | |---------|-------------------| | Process and fulfill your orders (including sharing with POD partners for production/shipping) | Contractual necessity | | Send order confirmations, shipping notifications, and customer support | Contractual necessity | | Process payments via Airwallex/Shopify Payments | Contractual necessity | | Comply with legal obligations (e.g., tax, accounting) | Legal obligation | | Improve our website, products, and services (analytics) | Legitimate interest | | Send marketing emails (only with your explicit consent) | Consent | | Detect and prevent fraud | Legitimate interest | ## 5. Sharing Your Personal Data We share your data only as necessary with the following third‑party service providers: - **Shopify** – hosts our store and processes order data. - **Airwallex** – processes payments securely. - **Print‑on‑Demand partners** (Printful, Gelato, Printify) – receive your shipping address and order details to produce and ship products. They act as data processors and have their own privacy policies. - **Shipping carriers** (PostNord, DHL, etc.) – receive your address and contact details for delivery. - **AI‑agent systems** (Content Factory, Data Engine, Execution Engine) – these internal AI tools **do not store personal data**; they only access anonymized or aggregated data for business intelligence, content creation, and operational tasks. Financial data is read‑only and never used for transactions. - **Legal & regulatory authorities** – when required by law. All third parties are contractually obligated to protect your data and may not use it for any other purpose. ## 6. International Transfers Some of our service providers (e.g., Shopify, Printful, Airwallex) are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or Privacy Shield certification where applicable. ## 7. Data Retention We retain your personal data only as long as necessary: - **Order data**: 7 years (Swedish accounting law). - **Customer account data**: As long as your account is active, or until you request deletion. - **Marketing consent data**: Until you withdraw consent. - **Technical/log data**: Up to 26 months. After the retention period, data is securely deleted or anonymized. ## 8. Your Rights (GDPR) As a data subject, you have the right to: - **Access** – request a copy of the personal data we hold about you. - **Rectification** – request correction of inaccurate data. - **Erasure** – request deletion of your data (subject to legal obligations). - **Restriction** – request temporary restriction of processing. - **Data portability** – receive your data in a structured, machine‑readable format. - **Object** – object to processing based on legitimate interest. - **Withdraw consent** – at any time, for marketing communications. To exercise any of these rights, contact us at [henaannesweden@gmail.com](mailto:henaannesweden@gmail.com). ## 9. Cookies We use cookies to enhance your shopping experience, analyze traffic, and remember your preferences. You can manage cookie settings in your browser. For details, see our separate Cookie Policy (if applicable). ## 10. Security We implement technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration. All payment transactions are encrypted using SSL/TLS. ## 11. Automated Decision‑Making & Profiling We do not use fully automated decision‑making that produces legal effects concerning you. Our AI agents assist with content creation, data analysis, and operational tasks but do not make decisions about individuals. ## 12. Changes to This Policy We may update this Privacy Policy periodically. The latest version will always be available with a new "Last updated" date. Material changes will be communicated via our website or email. ## 13. Contact & Complaints If you have questions or wish to lodge a complaint about our data processing, contact us first. You also have the right to file a complaint with the Swedish Authority for Privacy Protection (**Integritetsskyddsmyndigheten**). **HeNåAnne** Email: [henaannesweden@gmail.com](mailto:henaannesweden@gmail.com) Address: radhusvägen 4c 69674 Hammar