Privacy policy
Version 2.1 – Last updated: 5 April 2026
1. INTRODUCTION
Common Clouds AB (“we”, “us”, “our”) takes your privacy seriously. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.
This Privacy Policy explains:
- What personal data we collect
- Why and how we process it
- The legal bases we rely on
- How long we retain data
- Your rights
- How to contact us
This policy applies to customers, potential customers, and visitors to www.commonclouds.com
2. DATA CONTROLLER
Common Clouds AB, company registration number 559313-1476, is the data controller for your personal data.
Contact details:
Email: hej@commonclouds.com
Postal address: Tegnérgatan 37a
111 61 Stockholm, Sweden
3. HOW WE COLLECT PERSONAL DATA
Directly from you (e.g. when you make a purchase or contact us)
Automatically via cookies and similar technologies
Through our e-commerce platform Shopify
4. WHAT PERSONAL DATA WE PROCESS
We only collect data necessary for these purposes (data minimization). |
5. PURPOSES OF PROCESSING
We use your personal data to:
- Process and deliver orders
- Provide customer support
- Improve our services and user experience
- Send marketing communications (where required, based on your consent)
- Prevent fraud and comply with legal obligations
6. DATA RETENTION
We retain personal data only as long as necessary:
- Order and payment data: up to 7 years (accounting laws)
- Marketing data: until you withdraw consent
- Customer service data: up to 3 years
- Technical data/cookies: see Cookie Policy
7. SHARING OF PERSONAL DATA
We do not sell your personal data.
We may share data with:
- Payment service providers
- Logistics and delivery partners
- IT and system providers (including Shopify)
These parties act as data processors and only process data on our behalf.
8. SHOPIFY AND INTERNATIONAL DATA TRANSFERS
We use Shopify as our e-commerce platform. Shopify may process personal data on servers outside the EU/EEA, including in Canada and the United States.
When transferring personal data outside the EU/EEA, we ensure an adequate level of protection through:
- Standard Contractual Clauses (SCCs)
- Other safeguards in accordance with GDPR
For more information: https://www.shopify.com/legal/privacy
9. SECURITY
We implement appropriate technical and organizational measures, including:
- Encryption of payment data
- Access controls
- Secure storage and system monitoring
10. YOUR RIGHTS
You have the right to:
- Access your personal data
- Rectify incorrect data
- Request deletion (“right to be forgotten”)
- Restrict processing
- Object to processing (especially marketing)
- Data portability
If processing is based on consent, you may withdraw your consent at any time.
You also have the right not to be subject to decisions based solely on automated processing if they have legal or similarly significant effects.
11. AUTOMATED DECISION-MAKING
We may use profiling to:
- Personalize marketing
- Send abandoned cart reminders
This does not produce legal or similarly significant effects.
12. COOKIES
We use cookies in accordance with our Cookie Policy (see below).
Non-essential cookies are only used after you provide consent via our cookie banner.
13. CHANGES
We may update this policy from time to time. The latest version is always available on our website.
14. COMPLAINTS
If you believe we process your data incorrectly, you may contact us or lodge a complaint with:
Swedish Authority for Privacy Protection (IMY)
https://www.shopify.com/legal/privacy