The core of the General Data Protection Regulation (GDPR) consists of 99 articles. These are accompanied by 173 recitals. The recitals are found in the first part of the regulation. On this page, we have highlighted that section. You can find the GDPR articles here:

The European Parliament and the Council of the European Union have adopted this regulation considering the Treaty on the Functioning of the European Union, especially Article 16, taking into account the proposal from the European Commission, after forwarding the draft legislative act to the national parliaments, considering the opinion of the European Economic and Social Committee (OJ C 229, 31.7.2012, p. 90.), considering the opinion of the Committee of the Regions (OJ C 391, 18.12.2012, p. 127.), in accordance with the ordinary legislative procedure*, and for the following reasons:

The European Parliament's position of 12 March 2014 (not yet published in the OJ) and the Council's position at first reading of 8 April 2016 (not yet published in the OJ). The European Parliament's position of 14 April 2016.
(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8.1 of the Charter of Fundamental Rights of the European Union (the "Charter") and Article 16.1 of the Treaty on the Functioning of the European Union (TFEU) stipulate that everyone has the right to the protection of personal data concerning him or her.

(2) The principles and rules for the protection of natural persons regarding the processing of their personal data should, regardless of their nationality or residence, respect their fundamental rights and freedoms, particularly their right to the protection of personal data. The purpose of this regulation is to contribute to the creation of an area of freedom, security, and justice, and an economic union, to economic and social progress, to the strengthening and convergence of the economies within the internal market, and to the well-being of natural persons.

(3) Directive 95/46/EC of the European Parliament and of the Council aims to harmonize the protection of fundamental rights and freedoms of natural persons concerning processing activities and to ensure the free flow of personal data between member states.

(4) The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and balanced against other fundamental rights, following the principle of proportionality. This regulation respects all fundamental rights and observes the freedoms and principles recognized in the Charter as enshrined in the Treaties, particularly the protection of private and family life, home and communications, the protection of personal data, freedom of thought, conscience, and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and a fair trial, and cultural, religious and linguistic diversity.

(5) The economic and social integration resulting from the functioning of the internal market has led to a substantial increase in cross-border flows of personal data. The exchange of personal data between public and private actors, including natural persons, associations, and enterprises across the Union has increased. National authorities in the member states are called upon by Union law to cooperate and exchange personal data to perform their duties or tasks for an authority in another member state.

https://www.datainspektionen.se/lagar--regler/dataskyddsforordningen/dataskyddsforordningens-beaktandesatser/

This policy describes how and what we collect, how we use, store, disclose, and protect your personal data. It applies to Dragon’s Lair's website and other purchasing channels you may use.

We do not consider information that has been anonymized or aggregated in such a way that it cannot be used to identify a specific individual, even with the help of other information, as personal data.

Third-party websites linked from dragonslair.se are not covered by Dragon’s Lair's privacy policy but are considered independent data controllers. These have their own privacy policies that you as a customer must review in each case.

By accepting this privacy policy, you consent to our collection, use, and disclosure of your personal data as described in this document.

We may make changes to this policy. The current policy is always available at dragonslair.se. In the event of changes, we will inform you via email. You can withdraw your consent to the processing of personal data at any time.

Draknästet AB is the data controller for the information you provide to Dragon’s Lair. The data is stored securely and protected to fulfill our obligations to you as a customer and for marketing purposes.

As a new customer, you must provide your name and email address. When ordering, you must also provide your address and phone number.

When you register as a customer online, you agree that Dragon’s Lair may use your personal data for the purposes specified in this document.

You can choose to unsubscribe from further communication at any time, and in connection with that, our data processing will cease, and we will remove your personal data from our register for the purposes listed below.

Protection of Personal Data

Our IT systems are designed to ensure that we do not grant access to your personal data to more people than necessary. Only those who need access to your personal data to fulfill our obligations to you as a customer and for the purposes listed below have access to it.

Sharing of Personal Data

We may share your personal data with organizations that are independent data controllers. When your personal data is shared with organizations that are independent data controllers, the organization's privacy policy and personal data management apply.

Independent data controllers with whom we may share your personal data include government authorities if we are legally required to do so or if there is suspicion of a crime. It can also involve companies that handle general goods transport, companies offering payment solutions, or companies/associations at events where you participate.

Storage Period

Personal data is stored for as long as you have an ongoing user relationship and for a period thereafter, or in accordance with the given consent. The consent is valid until the user terminates it and does not expire if the service is not used, and the consent is not dependent on any product purchases.

Cookies

Cookies are small text files that websites send to your device, where they are then stored. You can set how you want cookies to be handled on your computer.

We use cookies for website functionality. If you disable cookies, certain website functionality will stop working. We also use cookies to provide you, as a visitor, with a personalized shopping experience and to conduct analyses to improve the overall shopping experience for all users.

Social Media & Online Advertising

To the extent we use social media or online platforms for marketing purposes, we utilize the platform's personal data, i.e., we do not provide our social media or internet accounts with personal data. Therefore, the individual platforms are independent data controllers for the personal data found there. By posting in our feeds, sharing posts, or "liking" posts, this is considered active consent to save that personal data in the feed on the social media platforms. We moderate posts made in our feeds if we find that someone is publishing personal data without consent.

Supervision

The Data Inspection Board is the supervisory authority for compliance with the legislation. If we suspect a personal data incident, we report it within 72 hours of becoming aware of the incident to the Data Inspection Board.

Data Controller

Draknästet AB, Kungsholmstorg 8, 112 21 Stockholm, is the data controller. If you need to contact Dragon’s Lair regarding data protection, you can send an email to info@dragonslair.se or call our customer support at 08-6546050.

Purpose of Processing Personal Data and Legal Basis

To manage orders, we store contact details, name, phone number, email, delivery address, billing address, payment history, payment information, order information, and user data.

The legal basis for this is the "Fulfillment of the purchase agreement." This data is necessary for us to fulfill our obligations under the purchase agreement.

To manage customer service matters, via phone or digital channels, including social media, we store name, contact details, all correspondence, order information, purchase channel, and the nature of the matter.

The legal basis for this is "Legitimate interest." The processing is necessary to meet the parties' legitimate interest in handling customer service matters.

To manage the sending of newsletters, general offers, product recommendations, and invitations to events, we store email addresses and postal codes. We store the data until the user unsubscribes. This can be done either via a link in email messages or by contacting Dragon’s Lair customer support at 08-654 60 50.

The legal basis for this is "Legitimate interest."

To protect you as a customer and us as a supplier against fraud and intrusions and to ensure a stable e-commerce platform, we store technical data regarding devices that connect to dragonslair.se, order data, and information about how the user account interacted.

To fulfill the company's legal obligations according to legal requirements, court decisions, or government decisions, we store name, personal number, contact details, payment history, correspondence, and customer service matters.

The legal basis for this is "Legal obligation" when such exists, or "Legitimate interest" if there is no legal obligation, but the processing is necessary to meet our legitimate interest in preventing abuse of a service or to prevent, investigate, and resolve crimes against Dragon’s Lair.

Your Choices and Rights

You can contact us with your questions and concerns at any time. You have the right to know what personal data we process about you and can request a copy upon written request.

You also have the right to have incorrect personal data about you corrected, and you can ask us to delete your personal data.

You also have the right to receive your personal data in a machine-readable format and transfer data to another party responsible for data processing.

You can choose to unsubscribe from further communication at any time, and in connection with that, our data processing will cease, and we will remove your personal data from our register for the purposes listed below.

Unsubscribing is easiest by logging in to My Pages and selecting settings.