Privacy policy

Last updated: 2 December 2025

Your privacy is important to Totíne Underwear AB (reg. no 559388-3191) (“Totíne”, “we”, “our”, “us”).
We want you to feel safe when shopping with us.
This Privacy Policy explains how we collect, use, store and protect your personal data — and what rights you have under the EU General Data Protection Regulation (GDPR – EU 2016/679) and applicable Swedish data-protection law.

We process personal data to give you a secure, personal and inspiring experience with Totíne — from your first visit to delivery and customer care.
When you use our services, you trust us with your information. We take that responsibility seriously.

Personal data means any information that can directly or indirectly identify you — for example your name, contact details, IP address, purchase history or data stored through cookies.

Totíne Underwear AB operates this store and website (together “the Services”).
We use Shopify as our e-commerce platform to provide secure shopping, payments, deliveries, customer service and marketing.

This policy describes:

  • what personal data we process,

  • why we process it,

  • how long we keep it, and

  • with whom it may be shared when you visit our website, make a purchase or contact our customer service.

If anything in our Terms & Conditions conflicts with this Privacy Policy, this policy shall prevail for matters related to personal data.
By using our Services, you acknowledge that you have read and understood how we process your personal data in accordance with this Privacy Policy.

Who is responsible for your personal data

Totíne Underwear AB (reg. no 559388-3191)
Sturegatan 16A, 114 36 Stockholm, Sweden
Email: info@totineunderwear.com

We are the data controller responsible for processing your personal data in accordance with this policy.
Please note that some of our partners — for example Klarna — act as independent data controllers for information required to handle payments.
Totíne never stores or processes your card details.

How and why we process your personal data

When we refer to personal data, we mean information that can directly or indirectly be linked to you.
Data that has been anonymised or de-identified so that you can no longer be identified is not considered personal data.

The data we collect depends on how you interact with our Services, where you live and what is required by law.
We only collect and process information that is necessary to provide our products, fulfil our agreements and create a safe, personal experience with Totíne.

Categories of personal data we may process

  • Contact details – name, address, billing address, delivery address, phone number, email.

  • Payment and transaction information – account details, payment method, order history, delivery data, returns and receipts (we never store card numbers).

  • Account information – username, password, preferences and settings linked to your customer account.

  • Transaction and purchase behaviour – products you view, add to cart, add to wishlist, buy, exchange or return.

  • Communication with us – information you provide when contacting customer service by email, chat or form.

  • Device information – data about your device, browser, network connection, IP address and other technical identifiers.

  • Usage data – how and when you visit our website, click history and navigation patterns.

How we use your personal data

We use your personal data to provide, improve and personalise our Services, and to meet our legal obligations.
The processing depends on how you use our Services.

To provide and improve our Services

We process your data to:

  • manage orders, payments, deliveries and returns,

  • fulfil our contract with you,

  • create and maintain your account,

  • remember preferences and items in your cart,

  • handle communication about your order, and

  • create a personalised shopping experience, for example by recommending relevant products.
    Legal basis: Contract and legitimate interest (service improvement).

Marketing and advertising

We may use your data to:

  • send newsletters, offers and inspiration via email or SMS,

  • display personalised ads on social media or other websites,

  • analyse customer behaviour to improve our marketing.
    Legal basis: Consent (for newsletters and ads) and legitimate interest (marketing to existing customers).
    You can unsubscribe at any time via the link in every message or by contacting info@totineunderwear.com

Security and fraud prevention

We process data to:

  • detect and prevent fraud,

  • secure payments and deliveries,

  • protect our systems and customers from unauthorised access.
    If you have an account, you are responsible for keeping your login details secure.
    Legal basis: Legitimate interest (IT and data security).

Customer service and communication

We use your data to:

  • manage enquiries and customer-service cases,

  • provide support,

  • request feedback or reviews, and

  • follow up on your experience.
    Legal basis: Contract (for purchase-related matters) and legitimate interest (for other contact).

Legal obligations

We process certain data to:

  • comply with laws such as the Swedish Bookkeeping Act, consumer-protection laws and anti-money-laundering legislation,

  • handle legal claims, disputes or decisions from authorities.
    Legal basis: Legal obligation.
    We retain this data for up to seven (7) years, or longer if required by law.

Where we obtain personal data

We collect personal data from several sources depending on how you use our Services.
We only collect information necessary to deliver our products, improve your experience and meet our legal obligations.

We may obtain data:

  • Directly from you – when you create an account, make a purchase, visit our website, contact customer service or fill out a form.

  • Automatically – through cookies, pixels and similar technologies that record information about your device and how you use our website (if your browser allows it).

  • From our service providers – for example payment solutions, shipping companies, IT and marketing partners who process data on our behalf.

  • From partners and other third parties – for example social-media platforms when you interact with our ads or use an external login.

When and how we share personal data

We only share personal data with third parties when necessary to deliver our Services or meet our obligations.
We may share your data with:

  • Shopify, our e-commerce platform. Shopify may act as an independent data controller for certain processing (e.g. payments, security). See Shopify’s Privacy Policy for more information.

  • Suppliers and service providers who help us with payments, deliveries, IT operations, customer support, data analytics or marketing.

  • Marketing and business partners (e.g. social-media platforms) if you have consented to targeted advertising or cookies.

  • Authorities, if required by law or to protect our rights.

  • In business transactions, such as mergers, acquisitions or restructuring, where data may be transferred in accordance with applicable law.

We never sell your personal data.

Our legitimate interest

In some cases, we process personal data based on our legitimate interest under Article 6(1)(f) of the GDPR.
This means the processing is necessary for our legitimate business purposes but always balanced against your right to privacy.

Examples include:

  • providing customer service and handling enquiries,

  • improving and developing our Services,

  • preventing fraud and ensuring IT security,

  • reminding you of items left in your cart, and

  • limited direct marketing to existing customers.

We never process sensitive personal data (e.g. concerning health or political opinions) based on legitimate interest.
You may object to processing based on legitimate interest at any time by contacting info@totineunderwear.com

Shopify as our e-commerce platform

Our Services are provided through Shopify, which processes personal data in connection with your visit, use or purchase through our website to provide, operate and improve the platform.
Information you provide via our website may be transferred to and shared with Shopify and certain third parties located in other countries, to enable a secure and smooth shopping experience.

In some cases, Shopify acts as an independent data controller (for example, for security and analytics functions).
You can read more about how Shopify processes personal data and exercise your rights via Shopify’s Consumer Privacy Policy and Privacy Portal (linked from our website).

Third-party websites and links

Our Services may contain links to websites or platforms operated by third parties.
If you choose to follow such a link, that third party’s own terms and privacy policy apply.
We encourage you to read their privacy and data-protection policies before providing any personal data.

We are not responsible for how those websites handle personal data or for the accuracy or completeness of their content.
Information you share publicly — for example on social media — may be visible to others without restriction.

Including a link to a third-party platform does not imply that we endorse its content, owners or operators, except as explicitly stated in our own Services.

Children’s data

Our Services are not intended for children, and we do not knowingly collect personal data from anyone under 18 years of age.
If you are a parent or guardian and believe that your child has provided us with personal data, please contact us and we will delete it.

Security and storage of your data

We use technical and organisational security measures — such as encrypted data transfer (TLS), access controls, two-factor authentication and regular security audits — to protect your data from unauthorised access, loss or misuse.

We retain your data only as long as necessary for the relevant purpose or as required by law (e.g. bookkeeping obligations for up to 7 years).
When the data is no longer needed, it is securely deleted or anonymised.

If a personal-data incident (such as a data breach) occurs, we will notify affected individuals and the Swedish Authority for Privacy Protection (IMY) in accordance with GDPR Articles 33–34.

International transfers

Your personal data may be transferred, stored and processed outside the country where you live — for example to service providers based outside the EU/EEA.
Whenever personal data is transferred outside the EU/EEA or the UK, we ensure an adequate level of protection in line with GDPR requirements by using:

  • the European Commission’s Standard Contractual Clauses (SCCs), or

  • equivalent agreements approved by the relevant authority, or

  • transfers to countries recognised by the EU Commission as providing an adequate level of protection.

You may contact us to obtain a copy of the safeguards used for international transfers.

Your rights

Depending on the circumstances, you have the right to:

  • request access to the data we process about you (data-subject access),

  • request correction of inaccurate or incomplete data,

  • request deletion of data that is no longer needed or unlawfully processed,

  • request restriction of certain processing,

  • object to processing (e.g. direct marketing or legitimate-interest processing),

  • request data portability (to receive your data in a structured, commonly used and machine-readable format), and

  • withdraw consent (e.g. for newsletters) at any time — without affecting the lawfulness of processing carried out before withdrawal.

You can exercise your rights by contacting info@totineunderwear.com
If you believe that we process your data unlawfully, you can file a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

Complaints

If you have comments or complaints about how we handle your personal data, please contact us first and we will do our best to resolve the matter.
Depending on where you live, you may also:

  • appeal our decision by contacting us again, or

  • lodge a complaint with your local data-protection authority.

For individuals within the European Economic Area (EEA), the relevant supervisory authority is the Swedish Authority for Privacy Protection (IMY).


Changes to this policy

We may update this Privacy Policy from time to time — for example to reflect changes in our practices or to comply with new legal, regulatory or technical requirements.
The latest version is always available on our website.
When we make material changes, we will update the “Last updated” date at the top of this policy and notify you where required by law.

Contact

If you have any questions about how we process your personal data or wish to exercise your rights, please contact:

Totíne Underwear AB (reg. no 559388-3191)
Sturegatan 16A
114 36 Stockholm, Sweden
Email: info@totineunderwear.com

Quick Help

  • Unsubscribe from newsletters: via the link at the bottom of each email.

  • Object to marketing or request access/deletion/correction: info@totineunderwear.com

  • Learn more about cookies: see our Cookie Policy.