Privacy Policy

Toybite is the data controller for the processing of personal data described in this privacy policy. In this privacy policy we explain what type of personal data we store and how we process it. This privacy policy applies to Toybite.com, its subdomains and APIs, hereinafter also referred to as the "Service".

We process the following categories of personal data:

• Account information: When you create an account on the service, you will need to provide an email address and password. You can also provide additional information such as name, address, phone number, social security number, date of birth, profile pictures, settings and preferences.
• Shop information: As a seller, you need to provide your name, address and email address. As a seller who is a private individual, you also need to provide your personal identification/tax number and date of birth, as well as your VAT number and phone number if applicable. As a company, you need to provide your company name, registration number and VAT/Tax number and phone number if applicable. Seller information can be publicly visible, including your name, address, company name, registration number, support email address, support phone number, VAT number if applicable, store image(s), store descriptions and similar store information such as any discount codes, stock values, variations, store messages or similar if you have provided these.
• Orders and payments: When ordering, you need to provide your name, address, email address and any telephone number and message to the seller. This information is used so that the seller can know who is buying and where the product should be sent, so that the payment provider can handle payments and so that the seller can be paid and to pay its fees to us at Toybite. We also save information about what each user has bought or sold, which is used to, among other things, inform sellers about what orders they have.
• Technical information: When you use the service, we manage and save device information such as IP addresses, technical information about your browser, which pages are visited and how the service is used.
• Cookies: We use cookies to improve your user experience, to remember your user session and to remember your preferences. For example, we use cookies to remember that you are logged in. We only use strictly necessary cookies that are required for the service to function. In some cases, we may use third-party providers, for example for payments. These third-party cookies are also strictly necessary to be able to offer the service.
  
  Cookies are small text files that are stored in your browser by websites that you visit. They usually contain a website and an identifier. Cookies help to improve your experience when you browse our website, for example by remembering which items you put in your shopping cart.
  
  You can prevent cookies from being saved or used by changing your browser settings, however this may affect the functionality of websites you visit. Cookies on our website are strictly necessary, and may cause the service to not function if you delete or block these cookies.

• Service delivery: We use your personal data to fulfill our agreements with you, that is, when you use the service, when you create an account, or when you make a purchase. The legal basis for processing personal data for this purpose is that the processing is necessary for the performance of a contract with you.
• Customer relationship management: We use your personal data to manage our customer relationship with you. This may include customer service, handling complaints and troubleshooting your account. The legal basis for processing personal data for this purpose is that the processing is necessary for the performance of a contract with you.
• Analysis, business development and service improvement: We are continuously working to develop and improve our services and products. A large part of this work involves analyzing various forms of personal data, such as customer activity, customer history, and account and profile information. The legal basis for processing personal data for this purpose is our legitimate interest.
• Customized user experience: We tailor the user experience and communication to your customer relationship and we use personal data for this purpose. The legal basis for processing personal data for this purpose is our legitimate interest.
• Sales and marketing: We use personal data in connection with the sale and marketing of our own and our vendors' products and services, for example by sending you emails from us. The legal basis for processing personal data for this purpose is our legitimate interest. You have the opportunity to opt out of parts of this processing, for example by opting out of receiving emails from us.
• System monitoring, troubleshooting, etc.: We monitor our systems for errors and problems. Some of these processes involve the storage and processing of personal data. The legal basis for processing personal data for this purpose is our legitimate interest.
• Security, fraud detection and criminal activity: We process personal data in our efforts to protect our users and ourselves against fraud, abuse and criminal activity. The legal basis for processing personal data for this purpose is our legitimate interest.
• Comply with legal obligations: In some cases, we are obliged to process personal data in order to comply with other legal obligations. An example of this is information related to sales, which we are obliged to record and save under the Accounting Act. The legal basis for processing personal data for this purpose is that the processing is necessary to fulfil a legal obligation to which we are subject.

We retain personal data only for as long as is necessary to operate and offer the service. Personal data that is no longer needed and that is not required to be saved by law will be deleted.

Personal data that we are required to save according to the Swedish Accounting Act is stored for at least 7 years.

Technical information such as visitor logs, browser information and the like is saved for a maximum of 1 year.

We do not share or sell your personal data to external parties. This does not include sub- or third-party suppliers that we use to operate and offer the service. We may share personal data with external parties for example when sending emails, making payments, complying with regulatory requirements or similar. We limit access to your personal data to only those who need it in order for us to be able to offer the service. Your data may also be shared with:

• Payment service providers: We use Stripe to handle payments between buyers, sellers and Toybite. When you pay at checkout, your details are shared with Stripe. You can read Stripe's privacy policy here: https://stripe.com/privacy.

We handle and store all personal data within Sweden. In special cases, for example in the case of payments, we may use third-party providers with operations within or outside the EU, of which third-country transfers of some data may occur. In such cases, we ensure that appropriate security measures are taken before third-country transfers are initiated to ensure that the recipient meets an adequate level of protection. This means that we only transfer personal data to countries that the EU Commission has deemed to meet such a level of security or enter into standard contractual clauses (SCC) with the recipient where a decision from the EU Commission is missing.

If you wish to exercise any of your rights, you can contact us

Right to access your own data

You can request a copy of all the information we process about you.

Right to rectification of personal data

You have the right to request that we correct or supplement information that is incorrect or misleading.

Right to erasure of personal data

You have the right to have your personal data erased without delay. You can request that we erase information about you at any time. However, please note that information that we are required to retain due to other legal obligations (such as the Swedish Accounting Act) will not be erased.

Restriction of processing of personal data

In certain situations, you can also request that we restrict the processing of your data. You can do this by contacting us.

Object to the processing of personal data

If you think that we are processing your personal data incorrectly, you can object to this by contacting us.

Data portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format. Contact us to receive your personal data.

We place high demands on how we protect your personal data and work actively to ensure that it is treated with the utmost care. We take the necessary measures to ensure that your personal data is treated securely and in accordance with this policy and the General Data Protection Regulation. For example, all traffic between your browser and Toybite's servers is protected with TLS, and passwords are hashed with a strong one-way algorithm.

If you have any questions regarding the processing of your personal data, you are welcome to contact us.

Last updated 2025-05-26