010-520 04 69
Attachment Warehouse

Privacy Policy

How Attachment Warehouse collects, uses, and protects your personal data — under the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

Last updated: 2026-05-07

1. Who we are

Attachment Warehouse is the data controller for personal data processed through attachmentwarehouse.eu. We operate from Saltsjö-Boo, Stockholm, Sweden.

For all data-protection matters, contact privacy@attachmentwarehouse.eu.

2. What data we collect

We collect only data necessary to operate the Site and fulfil orders:

  • Order data: name, billing and delivery address, phone, email, company name, VAT number where applicable.
  • Payment data: handled by our payment providers (Klarna, our card processor). We never see or store full card numbers.
  • Account data: if you create an account, your saved machine preference and order history.
  • Browsing data: IP address, device type, browser, pages visited, referrer URL, time on page. Stored as analytics events with consent.
  • Communications: support emails, chat transcripts, call notes when you contact us.
  • Cookies and similar technologies: see our Cookies Policy for the full list.

3. Why we collect it

  • Process and deliver your order, including handling returns and warranty claims.
  • Provide customer service and technical support.
  • Comply with legal obligations (tax, accounting, consumer protection).
  • Detect and prevent fraud, abuse, and unauthorised access.
  • Improve the Site, product range, and customer experience through analytics.
  • Send marketing communications, where you have given consent or where we have a legitimate interest in retaining existing customers.

4. Legal basis for processing

Under GDPR Article 6, we rely on:

  • Contract performance — to fulfil orders, accounts, and warranty obligations.
  • Legitimate interest — for fraud prevention, retention of existing customers, and Site improvement, balanced against your rights.
  • Consent — for marketing cookies, third-party analytics, and direct marketing emails. You can withdraw consent at any time.
  • Legal obligation — to retain accounting records (Swedish Bokföringslagen requires 7 years), VAT records, and to respond to lawful requests.

5. Sharing your data

We share data with the following categories of recipients, only as needed:

  • Payment processors: Klarna and our card-acquiring bank.
  • Carriers: PostNord, DHL, Schenker, and freight forwarders for larger items.
  • Warehouse and logistics partners involved in pick, pack, and dispatch.
  • Analytics: Google Analytics 4 (with consent).
  • Marketing: Meta (Facebook/Instagram) Pixel and Google Ads remarketing (with consent).
  • Professional advisors: accountants, auditors, lawyers, when bound by confidentiality.
  • Authorities: tax, customs, and law enforcement when required by law.

We do not sell your personal data.

6. Retention

  • Order and accounting data: 7 years from end of fiscal year (Swedish Bokföringslagen).
  • Account data: until you delete the account, then anonymised.
  • Marketing data: until you withdraw consent or 3 years of inactivity.
  • Browsing analytics: 26 months in Google Analytics 4 by default.
  • Support communications: 3 years from last contact.

7. Your rights

Under GDPR you have the right to:

  • Access — get a copy of the data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion, subject to our legal retention obligations.
  • Restriction — limit processing in specific circumstances.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest, including direct marketing.
  • Withdraw consent — at any time, without affecting prior lawful processing.
  • Complaint — lodge a complaint with the Swedish Authority for Privacy Protection (IMY, imy.se) or your local supervisory authority.

To exercise any of these rights, email privacy@attachmentwarehouse.eu. We respond within 30 days.

8. International transfers

Most of our processing happens within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, when using Google or Meta services), the transfer is protected by Standard Contractual Clauses approved by the European Commission, supplementary safeguards, or an adequacy decision.

9. Security

We protect your data with TLS encryption in transit, role-based access controls, regular backups, and limited data retention. We do not store full card numbers. Where we discover a personal-data breach with risk to your rights, we notify IMY within 72 hours and inform affected users without undue delay.

10. Changes to this policy

We update this policy when our processing changes or when law requires it. The "Last updated" date at the top reflects the latest revision. Material changes are notified by Site banner and, where appropriate, by email.

11. Contact

Privacy contact: privacy@attachmentwarehouse.eu

General contact: info@attachmentwarehouse.eu

Phone: 010-520 04 69

Saltsjö-Boo, Stockholm, Sweden