Momokio Data Policy

1. Introduction Norrhavet Group AB, operating under the brand Momokio, is committed to protecting your privacy. This Data Policy outlines how we collect, use, and protect personal data in compliance with GDPR and CCPA.

2. Data Collection We collect personal data including, but not limited to:

• Names
• Email addresses
• Phone numbers
• Payment information
• Other details necessary to process orders, provide customer support, and improve our services.

3. Legal Basis for Processing We process personal data based on the following legal grounds:

• Consent: Customers provide consent by agreeing to these terms and our privacy policy when placing an order or contacting us.
• Contractual Necessity: Processing personal data is necessary to fulfill our contractual obligations to provide the requested services.
• Legitimate Interests: We may process personal data for legitimate business interests, such as improving our services, provided that these interests are not overridden by the individual’s rights and freedoms.

4. Data Usage Personal data collected is used for the following purposes:

• To process and fulfill orders.
• To communicate with customers regarding their orders and our services.
• To provide customer support and respond to inquiries.
• To improve our services and website functionality.
• To comply with legal obligations and prevent fraud.

5. Data Sharing Personal data may be shared with third parties under the following circumstances:

• Service Providers: We share data with third-party service providers who assist in the delivery of our services, such as payment processors and IT service providers. These providers are contractually obligated to protect your data and only process it on our behalf.
• Legal Requirements: We may disclose personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred to the acquiring entity.

6. Data Security We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use encryption to protect sensitive data during transmission.
• Access Controls: We restrict access to personal data to employees, contractors, and service providers who need to know that information to process it for us and who are subject to strict contractual confidentiality obligations.
• Regular Audits: We conduct regular audits of our data processing activities and security measures.

7. Data Retention We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements. When personal data is no longer needed, we securely delete or anonymize it.

8. Rights of Data Subjects Individuals have the following rights regarding their personal data:

Under GDPR (General Data Protection Regulation):

• Right to Access: The right to request access to the personal data we hold about them.
• Right to Rectification: The right to request correction of any inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): The right to request deletion of their personal data under certain circumstances.
• Right to Restrict Processing: The right to request restriction of processing their personal data under certain conditions.
• Right to Data Portability: The right to receive a copy of their personal data in a structured, commonly used, and machine-readable format.
• Right to Object: The right to object to the processing of their personal data under certain conditions.
• Right to Withdraw Consent: The right to withdraw consent at any time where we rely on consent to process personal data.

Under CCPA (California Consumer Privacy Act):

• Right to Know: The right to request disclosure of the personal data we collect, use, disclose, and sell.
• Right to Delete: The right to request deletion of personal data collected from them, subject to certain exceptions.
• Right to Opt-Out: The right to opt-out of the sale of their personal data. Momokio does not sell personal data.
• Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising their privacy rights under CCPA.

9. Exercising Your Rights To exercise any of the above rights, please contact our Data Protection Officer at [email protected]. We may request specific information to verify your identity and ensure your right to access your data or exercise any of your other rights. We will respond to all legitimate requests within one month.

10. International Data Transfers If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect the data in accordance with applicable data protection laws. This includes using standard contractual clauses approved by the European Commission or ensuring that the recipient country has adequate data protection laws.

11. Children’s Privacy Our services are not directed at children under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under the age of 16, we will delete such data from our records.

12. Updates to Our Privacy Policy We may update our Privacy Policy from time to time in response to changing legal, technical, or business developments. We will notify customers of any significant changes by posting the new Privacy Policy on our website and indicating the date of the latest revision.

Contact Information For any questions or concerns regarding this Data Policy, please contact us at:

• Email: [email protected]
• Address: Norrhavet Group AB c/o Momokio, Bangatan 5A, 722 28 Västerås, Sweden