Last updated: 22 April 2025

1. Introduction
This Privacy Policy outlines in detail how the website miriell.com processes personal data. It applies to all forms of personal data processing, whether manual or automated, and covers all visitors who interact with or use the website’s services. The policy forms part of the legal terms governing the relationship between the website and its users. Processing is conducted in accordance with Regulation (EU) 2016/679 (“GDPR”), supplementary Swedish data protection laws, guidelines from the Swedish Authority for Privacy Protection (IMY), and relevant EU Court rulings.

2. Data Controller and Contact Information
The data controller responsible for processing under this policy is the operator of the website, who can be contacted at info@miriell.se. All inquiries regarding rights, data security, or consent are handled via this email address.

3. Legal Basis and Processing Principles
All personal data processing is based on a clear legal basis, primarily consent, contractual obligation, legal requirement, or legitimate interest. Processing is carried out in accordance with the principles of lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

4. Types of Data Processed
Processed data may include name, personal identity number (if necessary), address, email address, IP address, device information, geographic location, payment information, user ID, preferences, cookies, and session metadata. Information provided through contact forms, emails, or other communication channels is also included.

5. Purpose of Processing
Personal data is processed for several purposes, including:

• Delivery of products or services

• Contact and customer support

• Account and user profile management

• Enhancing user experience

• Statistics and analytics

• Targeted marketing (upon consent)

• Legal compliance (e.g. accounting laws)

6. Sharing and Transfer of Personal Data
Personal data is only shared with third parties when necessary and only with parties that provide sufficient data protection guarantees. Transfers to third countries occur only under valid protection mechanisms, such as standard contractual clauses or adequacy decisions.

7. Data Retention
Personal data is not stored longer than necessary. Retention periods depend on the purpose of processing and legal requirements. Contact details may be stored for up to 12 months, while accounting data is kept for at least 7 years.

8. Data Security
Miriell.com implements technical and organizational measures to protect personal data against loss, theft, unauthorized access, alteration, or deletion. These measures include encryption, access controls, password management, and logging. Security procedures are continuously evaluated and improved when needed.

9. Data Subject Rights
Under the GDPR, you have the right to access, rectify, delete, restrict processing, object, data portability, and withdraw consent. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

10. Cookies
Miriell.com uses cookies in accordance with applicable laws. Cookies are used to enhance functionality, analyze traffic, and display targeted ads. You are given options via a cookie banner upon your first visit. More information is available in our separate Cookie Policy.

11. Profiling and Automated Decision-Making
Profiling may be used in certain cases to personalize content and offers. Automated decision-making is never conducted without explicit consent and never in ways that have legal or similarly significant effects.

12. Third-Party Services and Privacy
The website may contain embedded content or functions from third parties, such as Google, Meta, YouTube, or similar providers. These parties are responsible for their own data processing. Users are encouraged to read each provider’s privacy policy for details.

13. Updates to this Policy
We reserve the right to update this policy. The date of the latest revision is shown at the top. Major changes will be communicated to users via the website.

14. Mandatory Law
If any part of this policy is found invalid under mandatory law, it shall not affect the validity of the remaining provisions. All processing is governed by Swedish law, and any dispute shall be settled by a Swedish court.