Privacy Policy

Effective Date: 2025-10-03

This policy explains what information we collect, how we use it, and your rights under Swedish and EU law (including GDPR).

Table of Contents

  1. Who We Are
  2. Information We Collect
  3. How We Collect Information
  4. How We Use Your Information
  5. Sharing Your Information
  6. Cookies & Similar Technologies
  7. Data Security
  8. Data Retention
  9. Your Rights
  10. Changes to This Policy

Who We Are

We’re a small Swedish duo running Liin, offering hand-selected clothing, second-hand treasures, handmade pottery, accessories, and soon, our own designs.

Business Name: Liin
Country: Sweden
Contact: Contact us on email and Instagram here

Information We Collect

We only collect the details needed to process and deliver your order:

  • Name
  • Shipping address
  • Email address
  • Phone number (only if needed for delivery)

We don’t use your details for marketing unless you choose to sign up for a newsletter in the future.

How We Collect Information

  • When you place an order in our webshop
  • When you contact us by email

How We Use Your Information

We use your details only to:

  • Process your payment and order
  • Ship your order within Sweden
  • Communicate with you to arrange a local pickup if you select that option
  • Get in touch if there’s an issue with your order

Sharing Your Information

We share your data only with trusted services we need to run our shop:

  • Stripe, Klarna, Swish, Apple Pay – payment processing
  • Vercel – website hosting
  • Sanity CMS – content management
  • Resend - sending transactional emails (like order notifications)
  • Postal and courier services – delivery

We never sell or rent your personal data.

Some of these third-party services may be based outside of the European Union. When we transfer your data to these services, we ensure that the transfer is lawful and that your data is protected by relying on established legal mechanisms such as Standard Contractual Clauses (SCCs).

Data Retention

We retain your order information for as long as necessary to fulfill our legal obligations, such as for tax and accounting purposes as required by Swedish law. After this legally required period has expired, the personal data held by our payment service providers will be securely deleted in accordance with their own data retention policies. For customer service inquiries sent to our email, we periodically delete old conversations that are no longer relevant to an ongoing order or issue to ensure we do not keep your personal information for longer than necessary.

Cookies & Similar Technologies

Like most online stores, we need to use some cookies to make our website work. These aren't the delicious, chocolatey kind, but rather small data files stored on your device. We use "strictly necessary" cookies provided by our payment processor, Stripe, to handle the checkout process securely and to prevent fraud. These are essential for the operation of our shop. Because they are essential, they are active by default. Currently, we do not use any cookies for analytics, advertising, or tracking. If that ever changes, we will update this policy and ask for your explicit consent beforehand.

Data Security

We take the security of your information seriously. We rely on the robust security infrastructure of our trusted third-party partners to protect your data. Specifically:

  • Payment Security: All payment transactions are processed securely by Stripe, a certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. We do not store or have direct access to your full credit card information.
  • Website Security: Our website is hosted on Vercel, which provides secure HTTPS encryption (you'll see the padlock in your browser) for all data transferred between your device and our site.
  • Content Security: Our website's content and product information are managed through Sanity, which employs its own comprehensive security measures to protect the integrity of our data.

While no system is 100% impenetrable, these measures provide strong, industry-standard protection for your personal information.

Your Rights

Under GDPR, you can:

  • Request a copy of your data
  • Ask us to correct or delete your data
  • Object to or limit how we use it
  • Ask for your data in a portable format

To do so, please contact us.

You also have the right to lodge a complaint with the relevant supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY).

Changes to This Policy

If we change this policy, we’ll post the updated version here.