Privacy Policy

    Hickap AB - Information about the processing of personal data

    At Hickap AB (”Hickap”, ”we”, ”us”, ”our”), we believe that trust and privacy are important parts of our business, and we therefore provide a high level of protection for your personal data. It is important to us that you feel safe and well informed when using our products and services. On this page, we therefore inform you about how we process your personal data. Hickap is registered with the Swedish Companies Registration Office with company registration number 559122-9488 and has its head office at Munkbron 3, 111 28 Stockholm, Sweden. We process your personal data as the data controller in accordance with EU Regulation 2016/679 (”GDPR”).

    If you have any questions about this information or about how we otherwise process your personal data, you are welcome to contact us at info@hickap.com.

    1. What personal data we process and why

    We process personal data that is necessary for us to be able to offer you our products and services. The types of personal data we process depend on your relationship with us and therefore on the purposes for which we process your data.

    Contact and identification details
    Name, date of birth, personal identity number, billing and delivery address, email address, phone number, IP address,

    Information about products or services
    Details relating to the products you have purchased or the services you use, such as type of product/service, order number, tracking number, etc.

    Payment details
    Information related to your payment, such as payment method, payment provider, order and transaction number, card type, limited card information (e.g. the last four digits of the card number), payment status, and information required to complete and verify a payment.

    Contact history
    Chat conversations and email correspondence, other information in support cases received through contact with our customer service.

    Your answers
    The answers you provide to us when you answer questions in any of our quizzes about your personal preferences or in our feedback forms

    Cookie data
    IP address, browser and device information, as well as information about how you use our website (cookies and click history), in accordance with our cookie policy.


    We use your personal data to provide you with the best possible experience with us. This means that we process your data to:

    Purpose of processing

    Categories of personal data processed

    Legal basis for processing

    Provide our products and services

    • Establish and administer agreements and receipts for the products or services you use or purchase

    • Manage payments, deliveries, returns and complaints

    • Contact and identification details

    • Information about products

    • Payment details

    Entering into and performing an agreement
    (Article 6(1)(b) GDPR)

    • Help you with customer service questions

    • Contact and identification details

    • Contact history

    Legitimate interest (Article 6(1)(f) GDPR)

    Stay in touch with you

    • Communicate with you about your account, your orders or other matters.

    • Contact and identification details

    • Contact history

    Legitimate interest (Article 6(1)(f) GDPR)

    • Send marketing

    • Contact and identification details

    Consent (Article 6(1)(a) GDPR)

    Create a more personalized experience

    • Adapt ads and offers based on how you use our services

    • Provide product recommendations based on your preferences

    • Contact and identification details

    • Information about products and services

    • Your answers

    • Cookie data

    Legitimate interest
    (Article 6(1)(f) GDPR) and consent (Article 6(1)(a) GDPR) for the use of cookies

    For loyalty and membership

    • Administer points in our customer club based on your purchases and newsletter subscription

    • Use your date of birth to offer gifts or other benefits

    • Allow you to access personalized offers connected to loyalty programs

    • Contact and identification details

    • Information about products and services

    Legitimate interest (Article 6(1)(f) GDPR)

    Improve our services

    • Collect statistics and carry out analyses and to improve products, services

    • Information about products and services

    Legitimate interest (Article 6(1)(f) GDPR)

    • Collect feedback through customer surveys

    • Contact and identification details

    • Your answers

    Consent (Article 6(1)(a) GDPR)

    • Improve the user experience on the website

    • Cookie data

    Consent (Article 6(1)(a) GDPR)

    To protect you and us

    • Handle requests from authorities and supervisory proceedings

    • We disclose the information requested by the authority.

    Legal obligation
    (Article 6(1)(c) GDPR) or legitimate interest (Article 6(1)(f) GDPR)

    To comply with laws and regulations

    • Comply with the Accounting Act

    • Payment details and other information shown on your invoice, such as contact details

    Legal obligation
    (Article 6(1)(c) GDPR)

    2. Storage of data

    Hickap stores your personal data only for as long as necessary to fulfill each respective purpose of processing. In some cases, Hickap is subject to requirements arising from a legal obligation to store personal data for a certain specified period of time. An example of such applicable law requiring us to store personal data is applicable accounting legislation, under which we need to store accounting information for at least seven (7) years. Personal data used to fulfill the contractual relationship between us and our customers is normally stored for as long as the agreement applies and thereafter for a certain period of time if needed to establish, exercise or defend legal claims. If no agreement is entered into between you and us, or if the data is not needed to fulfill a legal requirement, the data is stored only for as long as necessary to fulfill the relevant purpose of processing, as described above.

    3. Your rights

    The person whose personal data is processed has a number of rights under applicable data protection legislation, including the GDPR. As data controller, we ensure that the following rights are fulfilled when a request is received by us. Your rights in relation to your personal data are as follows:

    • Right to information – You have the right to receive information when your personal data is processed. We do this through this information and by answering questions from you.

    • Right of access – You have the right to request a copy of your personal data if you want to know what information we have about you.

    • Right to rectification – You have the right to have incorrect personal data corrected. In addition, you have the right to supplement information that is missing and that is relevant with regard to the purpose of the personal data processing.

    • Right to erasure – In certain cases, you have the right to have your personal data erased.

    • Right to restriction of processing – In certain cases, you have the right to require that the processing of personal data be restricted.

    • Right to object – You have the right to object to personal data processing that we carry out based on our legitimate interest. If you object to such processing, we may only continue to process the data if we show that there are legitimate interests for us to process the data and that our interests outweigh your interests, for example when the processing is carried out to establish, exercise or defend legal claims. An example of when your interests outweigh ours is when you object to marketing.

    • Right to data portability – When we process personal data by automated means based on your consent or to fulfill an agreement with you, you have the right to receive your personal data in a structured, commonly used and machine-readable format in order to transfer the data to another data controller.

    • Right to withdraw your consent – you have the right to withdraw your consent for cookies and marketing at any time. You can do this through the same tool in which you gave your consent, through an unsubscribe link in emails from us or by contacting us.

    • Right to lodge a complaint – You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), which is the supervisory authority responsible for our processing of personal data.

    More information about the respective rights can be found on IMY's website here.

    Contact us at info@hickap.com if you want to exercise your rights by stating which right your request concerns in the subject line. You are always welcome to contact us if you have any other questions regarding the processing of your personal data.

    4. Recipients of personal data

    We only share personal data with others when it is necessary to fulfill the purposes described above.

    If we share your personal data with a company that processes the data on our behalf, the recipient is a so-called data processor. Through a data processing agreement with the recipient, we ensure that the personal data is processed in accordance with this information and applicable legislation. Consequently, your data is processed with an adequate level of protection. Examples of suppliers with whom we may share your personal data for the purposes described above in section 1 are software and data storage providers, payment processing providers and carriers.

    In addition, sharing of personal data may take place as a result of both we and the recipient processing personal data as independent data controllers, for example when we are obliged to provide necessary information to authorities such as the Swedish Tax Agency or the Swedish Consumer Agency.

    5. Transfer outside the EU/EEA

    Hickap processes your personal data within the EU/EEA. In some cases, personal data may be processed by recipients in countries outside the EU/EEA. Some examples of such recipients are providers of email, cloud services and Shopify apps. In such cases, we ensure that an adequate level of protection for the personal data exists for the transfer or that appropriate safeguards have been implemented in accordance with applicable legislation. Such appropriate safeguards include, among other things, the use of the European Commission's standard contractual clauses when entering into agreements between Hickap and recipients outside the EU/EEA. In addition, we also assess whether there is legislation in recipient countries that affects the protection of your personal data and, where necessary, implement supplementary safeguards so that an equivalent level of protection for your data remains when transferred to the relevant country outside the EU/EEA.

    6. Updates to this information

    Hickap is constantly working to improve our products and services in order to offer you an even better customer experience. We may therefore update this information. If we make major changes, we will provide information about this in accordance with applicable legislation. We also recommend that you visit this page regularly to stay updated on how we process your personal data.

    This information was last updated on 16 June 2026.