Privacy Policy Effective Date: 17/09/2025 Cina Rosén AB (“Company, ” “we, ” “us, ” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website stitchesbycina.com, purchase our Products or Services, or interact with us. 1. Data We Collect We collect the following types of data when you use our Site or Services: Identity Data: Name, email address, billing address, shipping address.Payment Data: Payment details (processed securely by third-party providers such as Stripe, PayPal, Wix Payments — we do not store your full payment information). Usage Data: Information on how you use our Site, Products, and Services.Technical Data: IP address, browser type, device information, cookies. 2. How We Use Your DataWe process your personal data to: Deliver and manage your purchases, Products, and Services. Send you order confirmations, invoices, and course access details. Communicate with you about updates, promotions, or new offerings (only if you’ve opted in). Improve our Site, Products, and customer experience. Comply with legal, tax, and accounting obligations. 3. Legal Basis for Processing We process your personal data only when we have a lawful basis under GDPR, including: Contract: To fulfill our obligations when you purchase our Products/Services. Consent: When you sign up for newsletters or marketing. Legal Obligation: To comply with accounting or tax requirements. Legitimate Interest: To improve our services and protect against misuse. 4. Sharing Your Data We only share your data with trusted third-party providers who help us operate our business, such as: Payment processors (Stripe, PayPal, Wix Payments) Website hosting & platform providers (Wix) Email service providers (e.g. Wix Email Marketing, Mailchimp, etc.) We do not sell or rent your data to third parties. 5. Data Retention We keep your personal data only as long as necessary: For purchases: as long as required under Swedish bookkeeping/accounting law (normally 7 years). For marketing emails: until you unsubscribe or withdraw consent. For website analytics: as per cookie retention policies. 6. Your Rights Under GDPR You have the right to: Access your personal data. Correct inaccurate or incomplete data. Request deletion of your data (“right to be forgotten”). Restrict or object to processing of your data. Request data portability (receive your data in a usable format). Withdraw consent for marketing at any time. To exercise your rights, contact us at: cinarosen@gmail.com. 7. Cookies Our Site uses cookies to improve user experience, analyze website traffic, and deliver relevant marketing. You can control or disable cookies through your browser settings. 8. Data Security We use appropriate technical and organizational measures to keep your data secure. However, no transmission over the internet can be guaranteed as 100% secure. 9. International Data Transfers If your data is transferred outside the EU/EEA (e.g., if our service providers store data in the U.S.), we ensure safeguards are in place in line with GDPR requirements (such as Standard Contractual Clauses). 10. Contact Us If you have any questions about this Privacy Policy or how your data is handled, please contact us: 📧 cinarosen@gmail.com 📍 Hemmingsväg 13b