Last Updated: September 25, 2025
1. Introduction
Echo Company AB (“we,” “us,” or “our”) is committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Swedish data protection laws. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit https://shadkam.net (the “Website”), place orders, or interact with us.
We are the data controller for your personal data:
• Company Name: Echo Company AB
• Organisation Number: 559392-9051
• Address: Kryddgårdsgränd 15, 13536 Tyresö, Sweden
• Phone: +46 (0)704734187
• Email: info@shadkam.net
If you have questions or requests regarding your data, contact us at the above details. We do not have a designated Data Protection Officer (DPO), but our contact person handles GDPR inquiries.
This Policy applies to all individuals whose data we process, with special emphasis on EU residents protected by GDPR. For non-EU residents (e.g., Middle East), we apply equivalent standards where possible, but local laws may also apply.
2. Data We Collect
We collect personal data necessary for our business operations. Categories include:
• Identity and Contact Data: Name, billing/shipping address, email address, phone number.
• Transaction Data: Order details, payment information (e.g., card type, last four digits; full details are not stored by us but processed by third parties), order history, and purchase preferences.
• Technical Data: IP address, browser type, device information, operating system, and usage data (e.g., pages visited, time spent) collected via cookies and analytics tools.
• Communication Data: Inquiries, feedback, or correspondence via email, phone, or Website forms.
• Marketing Data: Preferences for receiving newsletters or promotions (if you opt-in).
We may also collect aggregated or anonymized data that does not identify you personally.
Data is collected when you:
• Place an order or create an account.
• Contact us via email, phone, or forms.
• Browse the Website (automatically via cookies; see Section 7).
• Subscribe to newsletters.
We do not collect sensitive data (e.g., health, race, religion) unless voluntarily provided and relevant (e.g., allergy inquiries for products).
3. Legal Bases for Processing
We process your data based on the following GDPR legal bases:
• Contract Performance: To fulfill orders, process payments, and deliver products (Art. 6(1)(b)).
• Legitimate Interests: For business operations like improving services, fraud prevention, and direct marketing (Art. 6(1)(f)). We conduct balancing tests to ensure your rights are not overridden.
• Consent: For optional activities like newsletters or cookies (Art. 6(1)(a)). You can withdraw consent anytime.
• Legal Obligations: For compliance with tax, accounting, or regulatory requirements (Art. 6(1)(c)).
4. How We Use Your Data
Your data is used for:
• Processing and fulfilling orders, including payment verification and shipping.
• Communicating with you about orders, updates, or inquiries (e.g., delivery status emails).
• Managing your account and providing customer support.
• Complying with legal obligations, such as bookkeeping (retained for 7 years under Swedish law) and tax reporting.
• Improving the Website and services through analytics (e.g., understanding user behavior).
• Preventing fraud and ensuring security (e.g., monitoring for suspicious activity).
• Sending marketing communications if you opt-in (e.g., promotions on saffron products).
We do not use automated decision-making or profiling that significantly affects you.
5. Data Sharing and Transfers
We share data only when necessary and with safeguards:
• Service Providers: Payment processors (e.g., Stripe), shipping companies (e.g., PostNord, DHL), and IT providers (e.g., hosting services). These are processors bound by GDPR-compliant contracts.
• Legal Requirements: Authorities (e.g., tax agencies) or in response to court orders.