top of page

PRIVACY POLICY

Updated: November 7, 2025

This Privacy Policy describes how Hey Mish Handelsbolag (“Hey Mish,” “we,” “us,” or “our”) collects, uses, and protects your personal data when you visit heymish.se (the “Website”), shop in our online store, or otherwise communicate with us (together referred to as the “Services”).

When we say “you” or “your,” we mean you as a customer, website visitor, or any individual whose personal data we process under this policy.

We want you to feel safe when shopping with us. That is why we handle all personal data with care and in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation.

Who is responsible for your data?

Hey Mish Handelsbolag (reg. no. 969802-5823) is the data controller for the processing of personal data described in this policy.

📍 Registered office: Stockholm, Sweden
📧 Contact: hey@heymish.se

Personal Data We Collect

We collect personal data both directly from you and automatically through our website.

Information You Provide

When you make a purchase, contact us, or subscribe to our newsletter, we may collect:

  • Name, address, and contact details

  • Email address and phone number

  • Delivery and payment information

  • Order history and purchase details

  • Messages you send to us, for example via email or contact forms

Information We Collect Automatically

When you visit our website, we automatically collect certain technical information through cookies and similar technologies, such as:

  • IP address, device type, and browser

  • How you navigate and interact with the website

  • Traffic and usage data

Information From Third Parties

We may also receive certain information from our partners, such as payment details from our payment service providers or delivery information from our shipping partners.

How We Use Personal Data

We use your personal data to deliver our products, provide good service, and improve our services.

 

This may include:

  • Processing orders, payments, and deliveries

  • Sending order confirmations and updates about your purchase

  • Responding to customer inquiries and providing support

  • Sending newsletters and offers (only if you have chosen to subscribe)

  • Improving our website and user experience

  • Fulfilling legal obligations, such as accounting and record-keeping requirements

 

We only process personal data when there is a legal basis for doing so: to fulfill a contract, comply with legal obligations, based on your consent, or when we have a legitimate interest - such as improving our services or preventing misuse of our website.

How We Share Personal Data

Under certain circumstances, we may share your personal data with third parties in order to provide our services, fulfill our obligations, or for other reasons described in this Privacy Policy.

Such circumstances may include:

  • Service Providers and Partners
    We work with carefully selected providers who help us operate our business, such as for e-commerce systems, customer service, payments, IT support, order management, data analytics, and marketing.These parties may only process personal data according to our instructions and in compliance with GDPR.​

​​

  • Payment and Shipping Partners
    We share necessary information with our payment and delivery partners (such as Stripe, Klarna, PostNord, and DHL) to process and deliver your order, as well as handle returns and claims.

​​

  • Technical Providers and Analytics Tools
    Certain personal data is shared with technical providers that support the operation, security, and analysis of our website, such as Wix and Google Analytics. This information is used solely to improve our website and user experience.

​​

  • When You Request It or Give Consent
    In some cases, we may share data with third parties when you request it or provide explicit consent—for example, in connection with payments, deliveries, or customer communication.

​​

  • Legal Obligations and Protection of Rights
    We may disclose personal data to authorities or other parties if required by law, legal proceedings, or to protect our rights, prevent fraud, or ensure the safety of our customers.

​​

  • Business Transactions
    If Hey Mish undergoes a restructuring, sale, or merger, personal data may be transferred to the receiving party, provided that the processing continues in accordance with applicable data protection laws.

We never share personal data for commercial purposes beyond what is described above, and we do not sell your data to third parties.

Cookies

We use cookies and similar technologies on our website. A cookie is a small text file stored on your device that helps us improve the website and your user experience.

Why We Use Cookies

We use cookies to:

  • ensure the website functions properly (e.g., remembering items in your cart)

  • analyze traffic and usage so we can improve the website

  • save your settings and preferences

  • display relevant products and ads

Types of Cookies

  • Necessary cookies – required for the website to function and cannot be disabled.

  • Analytical cookies – used to understand how visitors use the site (e.g., through Google Analytics).

  • Functional cookies – allow us to save settings such as language or cart contents.

  • Marketing cookies – used to show relevant ads or promotions (only with your consent).

Cookie Consent

When you visit our website, you are informed that we use cookies. You can choose to accept or reject non-essential cookies. You can also change your settings or delete cookies in your browser. Please note that some website features may not work as intended if you block cookies.

Third-Party Cookies

Some cookies are set by third parties, such as Google Analytics, to analyze traffic and help us understand how the website is used. These third parties are responsible for their own processing of data.

How Long We Store Personal Data

We store personal data for as long as necessary to fulfill the purposes for which it was collected, or for as long as required by law.

Examples:

  • Order and payment information is stored for seven years in accordance with Swedish accounting regulations.

  • Customer communication is stored for up to twelve months after the matter has been resolved.

  • Newsletter data is stored for as long as you choose to subscribe. If you unsubscribe, we will remove you from our mailing list, but your email address may be kept in a suppression list to ensure you do not receive further emails by mistake.

  • Cookies are stored for the duration specified in your browser settings.

 

When the data is no longer needed, it is deleted or anonymized.

Your Rights

You have the right to, at any time:

  • request access to the personal data we hold about you

  • request correction or deletion of your data

  • object to or restrict the processing of your data

  • withdraw your consent

  • file a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe we are handling your data incorrectly

 

To exercise your rights, please contact us at hey@heymish.se. We will respond to your request within 30 days.

Security

We take both technical and organizational security measures to protect your personal data from unauthorized access, loss, or misuse.

This includes, among other things, encrypted data transmission (SSL), restricted access to our systems, and secure storage solutions.

Processing of Personal Data Concerning Children

Our services and products are not intended for use by children under the age of 13. Hey Mish does not knowingly collect personal data from children, and we encourage guardians to contact us if they suspect that their child has provided personal information to us.

If we become aware that we have unintentionally collected personal data from a child without valid consent from a guardian, we will take steps to delete the information as soon as possible.

International Data Transfers

Some of our service providers, such as Wix, may process personal data outside the EU/EEA. In such cases, the transfer is carried out in accordance with applicable data protection laws and supported by approved safeguards, such as the European Commission’s adequacy decisions or Standard Contractual Clauses (SCCs). This ensures that your personal data is always protected to a level equivalent to that required within the EU.

Changes to This Policy

We may update this Privacy Policy at any time, for example if we make changes to our services or if relevant legislation is updated.

The most recent version will always be published on heymish.se, with the updated date displayed at the top of the page.

Contact

If you have any questions about how we process personal data, this Privacy Policy, or if you wish to exercise any of your rights, you are always welcome to contact us.

📧 Email: hey@heymish.se
📍 Address: Hey Mish Handelsbolag, Bäckaskiftsvägen 66, 122 42 Enskede, Sweden

Unless otherwise stated, Hey Mish Handelsbolag is the data controller responsible for the processing of your personal data under applicable data protection laws.

bottom of page