Lyko Privacy Notice
Lyko Online AB is part of an international chain of hair care and beauty specialists who are passionate about beauty. We understand that you care about your personal privacy, and so this privacy notice describes our policies and practices regarding the collection and use of your personal data as well as sets forth your privacy rights. We take your privacy seriously and will from time to time update this privacy notice as we undertake new personal data practices or adopt new privacy policies.
- This website is operated by Lyko Online AB, reg no.: 556740-9502 (“Lyko”, “we”, “us”) a company incorporated under Swedish law whose principal place of business is at Kyrkbyvägen 1, 780 50 Vansbro, Sweden.
- Through this website you may learn about our products and services, subscribe to our newsletters, as well as learn about what we at Lyko do and are passionate about.
- Certain sections of the website require that you provide us with some information about yourself. Such sections may include, for example, the page for recruitment when you submit a job application with us or when you subscribe to our newsletter. These sections may ask you to provide information such as, but not limited to, your name, your email and your address.
- For the specific services, such as Club Lyko, and services managed by our affiliates, such as the webshop, which you may access from lyko.se, specific terms and privacy policies of the relevant services will apply.
- We are part of an international group of companies and share administrative systems. Because of this, we may share some or all of your personal data with affiliates for administrative purposes, or for the legitimate business purposes described below.
- If you have any questions or concerns, please contact us at email@example.com.
Please follow the links below for further information
Last Revised: 2018-06-25
Last Revised: 2018-05-24
Table of Contents
- Our principles
- Personal data that we collect
- How and why we use your personal data
- When and how we share information with others
- Data subject rights
- Security of your information
- Data storage and retention
- Changes and updates to the Privacy Notice
- Questions, concerns or complaints
Welcome to lyko.se! Lyko is an international chain of hair care and beauty specialists who are passionate about beauty! This website is operated by Lyko Online AB, reg. no.: 556740-9502 (“Lyko”, “we”, “us”) a company incorporated under Swedish law whose principal place of business is at Kyrkbyvägen 1, 780 50 Vansbro, Sweden. This Privacy Notice is therefore applicable on the websites and services provided by Lyko Online AB, reg no.: 556740-9502, as well as Lyko’s affiliates. For information about the affiliates included in the Lyko Group, please visit our Affiliates Page.
Through this website you may learn about our products and services, subscribe to our newsletters, and learn about what we at Lyko do and are passionate about.
Please Note: For the specific services, such as Club Lyko, and services managed by our affiliates, such as the webshop, which you may access from lyko.se, the specific terms and privacy policies of the relevant service will apply.
We understand and acknowledge that privacy is an ongoing responsibility. We will therefore from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
2. Our principles
We do our best to protect your privacy by using security technology appropriately. This means that:
- We make sure that we have appropriate security measures to protect your information; and
- We make sure that when we ask another company to provide a service for us, they have appropriate security measures.
- We will respect your privacy. You should receive marketing (whether by email, post, SMS or telephone) only from us and, if you agree, from other organisations we have carefully chosen.
- We will make sure it is clear when you can make choices regarding our marketing to you. You will, for example, always have the option to opt out of receiving direct marketing from us.
- We will collect and use individual visitor details only if we have your permission or we have sensible business reasons for doing so, such as for marketing purposes.
- We will be clear and transparent regarding what personal information we collect and how we will use it.
- We will use personal information only for the purposes for which it was originally collected, and we will make sure we delete it securely.
If we or our service providers transfer any information out of the European Union and European Economic Area (EEA), it will only be done with the relevant protection (stated under applicable data protection legislation) being in place.
3. Personal data that we collect
Collection of personal data
Lyko collects personal data about its website visitors. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our products and services. For more on this, see Section 5.
Personal data you provide to us
When using certain functions of the website, you provide us with personal information directly, e.g.: If you order an annual report or subscribe to our newsletter we will ask for your email address. If you submit a job application, we will ask you for additional information, such as your name, your contact information, and in applicable cases, your previous work experience and education.
When you visit our website, we collect certain information about you, for the purposes described in section 4.
Your correspondence with Lyko
If you correspond with us by email, telephone, or any other form of communication, we may keep such correspondence and the information within (such as name, inquiry, location, and any personal identifiable information you provide in free text form) and use it to respond to your inquiry; to notify you of publications or other services; or to keep a record of your complaint, question, request, and the like. If you wish to have Lyko “erase” your personal information or otherwise refrain from communicating with you, you are always welcome to contact us at firstname.lastname@example.org.
Note: if you ask Lyko not to contact you by email at a certain email address, we will retain a copy of that email address on its “master do not send” list specifically to comply with your no-contact request.
What happens if you do not provide us with your data
You can use our website without providing us with your personal data. However, you will not be able to submit a job application or subscribe to our newsletters without providing Lyko with essential data for the performance of the contract.
You can choose to only enter the minimal amount of mandatory information when making a purchase.
4. How and why we use your personal data
We use your personal data for the purposes described below.
Managing subscriptions. When you subscribe to our newsletter, or order a report, we will ask you to provide us with your email address, so that we can deliver the services and products that you’ve asked for.
Managing recruitment. Via our website you can apply for specific job openings. When you do this, we need certain information from you, so that we can manage the application and contact you if necessary, and so that we can assess whether you are suitable for employment with Lyko.
Providing you with relevant marketing from our affiliates and business partners: We work with our affiliates and several other businesses which we have carefully selected. When you provide us with your email and/or your billing/shipping address, you may receive marketing from our affiliates and other companies you might be interested in. You may always choose to unsubscribe to such messages or emails, should you not wish to receive these marketing messages. When unsubscribing, you must contact the sender in question, to opt-out from marketing communication.
Security: We use visitor data to protect the security of our products, services and customers, to detect and prevent fraud and to resolve disputes and to enforce our agreements.
Customer support/Communication with you: As is mentioned above in section 3, certain information that you provide to us when you contact us is stored and processed in order to best manage your inquiry with us.
Other Purposes: If we intend to use any personal data in any manner that is not consistent with this Privacy Notice, you will be informed of such anticipated use prior to or at the time the personal data is collected, or we will obtain your permission subsequent to such collection but prior to such use.
Lyko will collect personal information about you when you engage in our recruitment services. We use a third party provider, Reachmee, for our recruitment activities. You may access and submit, store, change and update your personal information through your candidate profile in the recruitment portal provided by Reachmee.
You can use the recruiment portal to:
- Apply for the positions at Lyko which are specifically advertised on our website,
- Apply speculatively for possible future job openings at Lyko, and
- Sign up to receive email notifications about vacant positions at Lyko (you can always choose to stop receiving such emails via Settings in your account).
The information we may collect when you use our recruitment services for the purposes described above include, for example, your CV, information about previous education, employment history and references, your answers to questions from work psychology aptitude tests, and any other information which may be relevant for assessing your suitability for a position with us at Lyko. We also need to collect contact information in order to communicate with you, such as your name, your postal and email address, and your telephone number. In connection with our recruitment services, we will also collect additional special categories of personal data in order to comply with our legal obligations or to be able to provide employment benefits; we will ask you to provide us with, for example, your gender identity and your age, as part of our actions to promote equality in the work place, as allowed or necessary by law.
Lyko uses your personal information to match your skills and experience with the roles offered by Lyko. The information is processed by Reachmee and may also be passed to relevant hiring managers and other persons involved with HR and recruitment at Lyko. If you are invited to an interview, Lyko might collect further information about you to help assess your suitability for the role. This additional information might include certain health information in order to provide disability benefits as well as a suitable working environment for specific candidates; we may also need to conduct criminal background checks for some candidates, for example regarding certain managerial positions.
We may collect personal information from the following sources:
- Directly from you
- From recruitment agencies
- Through publicly available sources online, e.g. LinkedIn, or
- By reference or word of mouth (such as from a previous employer).
Although we will transfer your personal information from our recruitment portal to our internal HR systems if we hire you, this Notice does not form part of an employment offer or contract between you and Lyko. If we do make an employment offer to you, we will separately provide further information about our handling of your personal information.
6. When and how we share information with others
We share your personal data when it is necessary for the completion of any transaction or for the performance of any contract, or when we have sensible business reasons for doing so.
For the purpose of managing your subscription, or managing the functioning of our website, we may disclose your personal information to our affiliates and service partners (i.e. companies we've hired to provide customer support, assist in protecting and securing our systems, or assist us in the administration of our newsletter or reports) that are entrusted to process your information on our behalf and in accordance with our instructions, this Privacy Notice and other appropriate measures for privacy and security.
We may also disclose your personal information to third parties if we have good reasons to believe that access, use, retention or disclosure of such information is reasonable necessary to:
- comply with any court order, governmental order or decision, or other legal obligation,
- enforce or apply our agreements,
- manage and maintain the security of our products, including preventing or stopping an attack our computer system or network, and
- protect the rights, property, or safety of Lyko, its customer, its franchisees, or others.
7. Data subject rights
Lyko complies with current data protection laws in the European Union, which, when applicable, include the following rights:
- You are free to request access to a record of your processing (as defined in the law), and you have the right to access to a copy of your personal data, request a correction and, in certain circumstances, deletion of your personal data,
- You are entitled to request restriction, and object to the processing, of your personal information which has as its basis our legitimate interests,
- You have the right to file a complaint with a data protection authority. The Swedish Data Protection Authority (Sw. ‘Datainspektionen’) is the authority in Sweden that oversees how we as a company comply with relevant data protection legislation,
- If processing of personal data is based on your consent, you are entitled to withdraw your consent for future processing of your personal information at any time.
- You are entitled to request that we provide your personal information to another organisation responsible for processing your personal data (controller) in cases where our right to process your personal data is based either on your consent or performance of an agreement with you.
You will have reasonable access to your personal information at no extra cost, if you request this via email@example.com. If we cannot provide you with this within a reasonable time frame, we will provide you with a date for when the information can be provided. If such access is denied, we will explain to you why access has been denied.
When processing your personal information, we will do so in cooperation with our affiliates in order to offer you the functions of the website, operate our business, meet our contractual and legal obligations, protect our systems and customers, or meet the legitimate interests as described in detail in the sections "How and why we use your personal data" and "When and how we share information with others" above. When we transfer personal data from the European Union, we make it based on a number of legal mechanisms, as described in the section "Data storage and retention".
To what extent do we use automated individual decision-making (including profiling)?
As a rule, we do not make decisions based on automated processing and profiling that will have legal effect for you as defined in Article 22 GDPR. If we were to use such procedures in the future, on a case-by-case basis, we will inform you separately and request your consent before such new use of your personal data, to the extent required by law.
Information on your right to object under article 21 of the EU General Data Protection Regulation (GDPR)
1. Right to object to processing which is based on our legitimate interests.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on article 6 (1) f) GDPR (processing for the purposes of safeguarding legitimate interests); this includes any profiling based on those provisions within the meaning of article 4 (4) GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.
If you choose to refrain from receiving interest-based advertising, it does not mean that you will no longer see advertisements on our web sites without the advertisements displayed will not be appropriate for you and therefore, are perceived as less relevant. See more under the section "Data subject rights" below.
2. Right to object to the processing of data for marketing purposes.
In certain cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes. There are no formal requirements for lodging an objection; where possible it should be made by firstname.lastname@example.org.
Note: if you ask Lyko not to contact you by email at a certain email address, Lyko will retain a copy of that email address on its “master do not send” in order to comply with your request.
8. Security of your information
To help protect the privacy of data and personally identifiable information you transmit through use of our website, we maintain physical, technical and administrative safeguards. We regularly update and test our security technology.
We restrict access to your personal data to those employees who need to know this information to provide services to you or to administer our systems. We train our employees about the importance of confidentiality, privacy and security.
We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
9. Data storage and retention
Personal data handled by Lyko is stored and processed in the region in which you live, in Sweden or in other European countries where Lyko, its affiliates, subsidiaries, partners or suppliers are active. We take steps to ensure that the information we collect in accordance with this Privacy Notice is dealt with in accordance with the provisions of this Notice and in accordance with applicable laws where the information is available.
If we were to transfer your personal data to third countries, i.e. countries outside the EU / EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements.
Lyko retains personal data for as long as necessary to be able to provide you with our services, and to fulfil the purposes set out in section 4 above. Different types of data may be stored different amounts of time, due to certain criteria.
The criteria that determines how long we store your personal data may be:
How long is the personal data needed for us to be able to provide you with the functions of our website? This includes, among other things, maintaining and improving the website, managing your subscriptions or other agreements we have with you, protecting our systems, and administering necessary business and accounting information. This is the general rule underlying the calculation of most storage periods.
Is the personal data considered sensitive? In these cases, the storage period is usually shorter.
Have you, as a data subject, consented to a longer storage period? In these cases, we store the information longer, with your consent.
Do we have legal, contractual or other similar obligations to store the data? Examples of this may include mandatory legislation on retention of information, such as for accounting reasons, government orders to store data which is relevant for surveys or data that must be retained for resolving a possible dispute.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact the Lyko privacy team at email@example.com.
Aggregated data: Aggregated data is collected and processed to monitor and evaluate user trends on the website. This means that information about your actions on our website is collected and then anonymised in a way that means we cannot link the information back to you any longer. We use this anonymous information about how our users use our website and services for statistics, service improvement and product development. This data will be completely anonymous and does not constitute personal data. It may therefore be stored a longer time than your personal information.
Anonymisation means that data which was once personal information is stripped away of anything that may connect it to an individual, as well as being severed from anything that in the future might make it possible to reconnect this data to an individual. This de-personalisation treatment of data is one step further than the process of pseudonymisation, which means keeping certain information apart, to make it harder to identify an individual using this data.
Third Party Links: This Privacy Notice does not apply to any personal data that you provide to another user through the website or through any other means. Any third party links you click on via our website may be subject to these third parties’ privacy policies, terms or other rules. Please make sure you read the respective privacy information for each third party whose links you click in, to keep yourself up to date about the processing of your personal data.
Children: Lyko does not knowingly collect personal data from children under the age of thirteen (13). If you are under the age of thirteen (13), please do not submit any personal data through our website. We encourage parents and legal guardians to monitor their children’s Internet usage and to instruct their children never to provide personal data through the website without the permission of the parent/legal guardian. If you have reason to believe that a child under the age of 13 has provided personal data to us through the website, please email us at [firstname.lastname@example.org], and we will endeavor to delete that information from our databases.
11. Changes and updates to the Privacy Notice
To reflect customer feedback, and changes to the Service, we might from time to time change this Privacy Notice. The latest update date will be shown at the top of the Notice and the changes are described on the Change History page. If there are major changes in the Notice or how Lyko uses your personal information, you will be notified via web or email before the changes come into force to the extent required by law. Please read this Privacy Notice from time to time to keep you informed about how Lyko protects your personal information and privacy.
12. Questions, concerns or complaints
Responsibility for customers and users lies with:
Lyko Online AB
reg. no. 556740-9502
786 91 Vansbro
To ask questions or comment about our Privacy Notice and our privacy practices, contact our group privacy team at:
You are also welcome to contact our data protection officer at:
Sharp Cookie Advisors AB
with lead attorney Mrs. Sofia Edvardsen (LLM, MSc, CIPP/E)
P.O. Box 45411,
SE-104 31 Stockholm, Sweden
020-10 40 25
May 2018: Due to the entry into force of the new Data Protection Regulation ("GDPR") on May 25, 2018, clarifications on how we process personal data have been made. The updated Privacy Notice will automatically enter into force for all existing customers and visitors on May 25, 2018. Your continued use of our services from that date will be subject to the new Privacy Notice. The Notice has also been revised to be concise, clear, comprehensible, and easier to understand.
June 2018: Updates with regard to recruitment practices. Your continued use of our services from that date will be subject to the new Privacy Notice.