Important: This is a generic template for merchants selling in the EU/EEA, UK, and North America. It is not legal advice. Customize details for your business and obtain qualified counsel.

Effective date: 22 April 2026

1. Who we are

The data controller for this storefront is Cognis Commerce AB, operating the customer-facing brand Skandique. For privacy requests, contact us at support@skandique.com.

Where we use processors (hosting, email delivery, analytics, payment services, customer support tools), they process personal data on our instructions and under appropriate agreements.

2. Scope

This policy describes how we process personal data when you visit our site, create an account, place an order, subscribe to updates, or contact support. It is intended to align with transparency expectations under the GDPR (EU/EEA and UK) and common expectations for consumers in the United States and Canada.

It does not apply to third-party websites, apps, or services that we link to; their privacy notices govern those services.

3. Data we collect

Depending on how you use our services, we may process:

• Identity and contact: name, email, phone, and similar identifiers you provide.
• Order and account: delivery and billing address; order history; cart and wishlist where available; account credentials (we do not store your full payment card number).
• Payments: payment references and transaction status. Card data is collected and tokenized by our payment providers under their terms and PCI-DSS requirements.
• Device and usage: IP address, approximate location derived from IP, browser type, device identifiers where applicable, pages viewed, referring URL, and timestamps.
• Communications: messages you send to support and records needed to assist you.
• Marketing preferences: opt-in/out status, campaign interactions where tracked.

4. Cookies and similar technologies

We use cookies and similar technologies for essential site operation (e.g. session, security, load balancing), preferences (e.g. language), analytics (e.g. understanding traffic and errors), and, where you consent, marketing measurement. You can control non-essential cookies through our cookie banner or your browser settings; blocking essential cookies may affect functionality.

5. Purposes and legal bases (GDPR)

Where GDPR applies, we rely on appropriate legal bases such as:

• Contract: processing and delivering your orders, managing your account, and related customer service.
• Legitimate interests: fraud prevention, IT security, improving our store and content, limited analytics, and asserting or defending legal claims—balanced against your rights.
• Consent: where required (e.g. certain non-essential cookies or marketing emails).
• Legal obligation: tax, accounting, and regulatory requirements.

6. Marketing

We send promotional emails only where permitted (e.g. consent or soft opt-in where applicable). You can unsubscribe via the link in any marketing email or by contacting us. Transactional messages about your order may still be sent where necessary.

7. Automated decisions

We do not use fully automated decision-making that produces legal or similarly significant effects solely based on automated processing. If that changes, we will provide information required by applicable law.

8. United States & Canada

If you reside in the United States or Canada, we provide this notice to describe our practices at a high level. Depending on your state or province, you may have rights to access, correct, delete, or opt out of certain uses of personal information (including targeted advertising or “sale”/sharing where those terms apply). Submit requests using the contact email above. We do not discriminate against you for exercising privacy rights to the extent prohibited by law.

9. International transfers

If we transfer personal data outside your country, we use appropriate safeguards where required (for example, Standard Contractual Clauses for transfers from the EEA/UK, or other mechanisms recognized under applicable law).

10. Retention

We keep personal data only as long as needed for the purposes above, including legal, tax, and accounting requirements, dispute resolution, and enforcing our agreements—then delete or anonymize it. Retention periods vary by data category and obligation.

11. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, or alteration. No method of transmission over the Internet is completely secure; we encourage strong passwords and device security.

12. Your rights

Where applicable, you may have the right to access, rectify, erase, restrict processing, data portability, and object to processing. You may lodge a complaint with your local supervisory authority. We will respond within applicable timelines and may need to verify your identity before fulfilling certain requests.

13. Children

Our storefront is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect children’s data. If you believe we have collected a child’s data, contact us and we will take appropriate steps.

14. Updates

We may update this policy. Material changes will be posted on this page with an updated effective date. Where required, we will provide additional notice.