Privacy Policy

1. Identity of the Data Controller

This Privacy Policy describes how personal data is processed by:

VIKADI AB
Company registration number: 559297-7796
Brand name: Wheelyshop
Website: www.wheelyshop.com
Email: info@wheelyshop.com

VIKADI AB (“we”, “us”, “our”) acts as the data controller for all personal data processed through this website and in connection with our commercial activities within the European Union.

2. Scope of Application

This policy applies to:

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data (e.g. collection, storage, use)
  • Data Controller: The entity determining purposes and means of processing
  • Data Processor: A party processing data on behalf of the controller
  • Data Subject: The individual whose data is processed

4. Purpose of Processing, Legal Basis & Retention

4.1 Order Management and Contract Fulfilment

Data: Name, address, email, phone number, payment details, order history
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

Retention:

  • During the contractual relationship
  • Warranty period (typically 2–3 years depending on country)
  • Legal retention requirements (e.g. Germany: up to 10 years, France: 6–10 years)

Failure to provide this data may prevent order processing.

4.2 User Account Management

Data: Name, email, order history
Legal basis: Contract + legitimate interest (Art. 6(1)(b), 6(1)(f))
Retention: Until account deletion request

4.3 Customer Support

Data: Name, email, communications, order data, serial numbers
Legal basis: Contract + legitimate interest
Retention: Up to 12 months after resolution, unless legal obligations require longer storage

4.4 Legal Obligations (Accounting & Tax)

Data: Name, address, transaction history
Legal basis: Legal obligation (Art. 6(1)(c))
Retention: According to applicable national laws (typically 6–10 years within the EU)

4.5 Marketing Communications

Data: Email address and/or phone number
Legal basis:

  • Consent (Art. 6(1)(a))
  • Legitimate interest for existing customers (Art. 6(1)(f) + applicable ePrivacy rules)

Retention: Until consent is withdrawn or objection is made

You may unsubscribe at any time via email or account settings.

4.6 Website Analytics, Advertising & Profiling

We use tools such as:

  • Google Analytics
  • Google Ads Conversion Tracking
  • Meta Pixel (Facebook/Instagram)

These technologies allow us to analyze user behavior, measure campaign performance and deliver personalized advertising.

Legal basis: Consent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy Directive)

Important:

  • Non-essential cookies and tracking technologies are only activated after explicit user consent
  • No tracking is performed prior to consent
  • Consent can be withdrawn at any time via cookie settings

Retention: According to each provider or until consent is withdrawn

5. Automated Decision-Making & Fraud Prevention

We may use automated fraud detection systems (e.g. Shopify Payments powered by Stripe).

These systems may assess transaction risk and flag or block potentially fraudulent orders.

Legal basis:

  • Contract (Art. 6(1)(b))
  • Legitimate interest (Art. 6(1)(f))
  • Art. 22 GDPR safeguards

You have the right to request human intervention, express your point of view and contest decisions.

6. Recipients of Personal Data

Your personal data may be shared with:

  • Shopify Inc. (e-commerce platform)
  • Payment providers (e.g. Stripe, PayPal, card networks)
  • Logistics and shipping providers
  • Marketing & analytics providers (Meta Platforms, Google)
  • IT and hosting providers
  • Accounting, legal and advisory services

All providers act as data processors in accordance with Article 28 GDPR and are bound by Data Processing Agreements (DPAs).

7. International Data Transfers

Some service providers may process data outside the EU/EEA.

In such cases, we ensure adequate safeguards through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Additional technical and organizational safeguards

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Request erasure (Art. 17)
  • Restrict processing (Art. 18)
  • Object to processing (Art. 21)
  • Data portability (Art. 20)
  • Not be subject to automated decisions where applicable (Art. 22)

To exercise your rights, contact:
info@wheelyshop.com

You also have the right to lodge a complaint with your local supervisory authority.

9. Security Measures

We implement appropriate technical and organizational measures, including:

  • SSL/HTTPS encryption
  • Secure infrastructure and firewalls
  • Access control systems
  • Data minimization principles
  • Regular backups and monitoring
  • Internal data protection policies

10. Cookies

We use cookies and similar technologies in accordance with GDPR and the ePrivacy Directive.

Types of cookies:

  • Essential cookies (always active)
  • Analytics cookies (require consent)
  • Marketing cookies (require consent)

Non-essential cookies are only activated after explicit opt-in consent. No pre-ticked boxes or implied consent is used.

For full details, see our Cookie Policy.

11. Changes to This Policy

We reserve the right to update this policy to reflect legal, technical or business changes.

Where changes significantly affect your rights, we will inform you in advance.

12. Contact

For questions regarding this Privacy Policy or your data:

info@wheelyshop.com