Language
en | fr

Privacy policy

Revised : June 16, 2021

(“Essity” or "we" or "us") takes data privacy seriously. This Privacy Policy describes how Essity as controller within the meaning of the General Data Protection Regulation ("GDPR") collects and processes the personal data and other information of the users.

1. Categories of personal data and processing purposes

Metadata

You may use our website or app without providing any personal data about you. In this case, Essity will collect only the following metadata that result from your usage:

Referral page, data and time of access, data volume transmitted, status of transmission, type of web browser, IP-address, operating system and interface, language and version of browser software.

Your IP-address will be used to enable your access to our website or app. Once the IP-address is no longer necessary for this purpose, we will shorten your IP-address by removing the last octet of your IP-address. The metadata, including the shortened IP-address will be used to improve the quality and services of our website or app by analyzing the usage behavior of our users.

Account

If you create an account on/in our website or app, you may be asked to provide personal data about you, for example: Name, postal address, email address, selected password, telephone number, bank account details, credit card details, invoicing and delivery address, interests in certain products/services (voluntary), request to receive marketing emails (voluntary). Essity processes such personal data for purposes of providing our services to you, to provide you with marketing materials to the extent permitted by applicable law, and to analyze your interests for marketing purposes.

Product Orders

If you order a product via our website or app, Essity collects and processes the following personal data about you: Your account data, type and amount of product, purchase price, order date, order status, product returns, customer care requests. Essity processes such personal data for purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing, and exercising legal claims, and tailored marketing.

Sweepstakes:

If you participate in a sweepstake, Essity collects and processes the following personal data about you: Name, postal address, email address, date of entry, selection as winner, prize, answer to quiz. Essity processes such personal data for purposes of carrying out the sweepstake, informing the winner, delivering the price to the winner, carrying out the event, and marketing.

Health Data:

By ordering some products, Essity may collect and process also information about health conditions as implied by product order. Health data are sensitive data within the meaning of the GDPR and Essity is taking all necessary steps to protect such sensitive data as legally required. Subject to consent, Essity collects and processes health data solely for the purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing, and exercising legal claims, and tailored marketing.

2. Third Parties

Transfer to service providers

Essity may engage external service providers, who act as a data processor of Essity, to provide certain services to Essity, such as website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data.

We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.

Other recipients

Essity may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties being involve in the merger or acquisition.

International transfers of Personal Data

The Personal Data that we collect or receive about you may be transferred to and processed by recipients which are located inside or outside the European Economic Area ("EEA"). The countries include those listed at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm which provide an adequate level of data protection from a European data protection law perspective. Other recipients might be located in other countries which do not adduce an adequate level of protection from a European data protection law perspective. Essity will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of the such appropriate safeguards by contacting us as set out in Sec. 7 (Contact us) below.

3. Legal basis for the processing

We may carry out the processing of your personal data on the following legal basis:
 
  • You have given your consent to the processing of your data for one or more specific purposes;
  • The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract;
  • The processing is necessary for compliance with a legal obligation to which we are subject to;
  • The processing is necessary to protect your vital interests of you or of another natural person;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data, in particular if you are a child;
  • Other applicable legal basis for data processing, especially provisions set out by member state law;
 
We may carry out the processing of your sensitive personal data on the following legal basis:
 
  • You have given your explicit consent to the processing of your sensitive personal data for one or more specific purposes;
  • The processing is necessary for the purposes of carrying out the obligations and exercising specific rights of Essity or of the data subject in the field of employment and social security and social protection law;
  • The processing relates to personal data which are manifestly made public by the data subject;
  • The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
 
The provision of your personal data is required by a statutory or contractual obligation, or necessary to enter into a contract with us or to receive our services/products as requested by you, or simply voluntary for you.
 
Not providing your personal data may result in disadvantages for you, e.g. you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.

4. What rights do you have and how can you assert your rights?

If you have declared your consent regarding certain collecting, processing and use of your personal data, you can revoke this consent at any time with future effect. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.
 
Pursuant to the applicable data protection law you have the right (i) to request access to your personal data, (ii) to request rectification of your personal data, (iii) to request erasure of your personal data, (iv) to request restriction of processing of your personal data, (v) to request data portability, (vi) to object to the processing of your personal Data (including objection to profiling), and (vii) to object to automated decision making (including profiling).
 
To exercise your rights please contact us as stated under Sec. 7 (Contact us) below.
 
In case of complaints you also have the right to lodge a complaint with the competent data protection supervisory authority.

5. Cookies and other tracking technologies

This website or app uses cookies. For further information please visit our Cookie Policy

6. How long do we keep your Personal Data?

Your personal data will be retained as long as necessary to provide you with the services and products requested. Once our relationship has come to an end, we will either delete your personal data or anonymize your personal data, unless statutory retention requirements apply (such as for taxation purposes). We may retain your contact details and interests in our products or services for a long period of time if Essity is allowed to send you marketing materials. Also, we may be required by applicable law to retain certain of your personal data for a period of 10 years after the relevant taxation year. We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.

7. Contact us

If you want to exercise your data subject rights or if you have any other questions concerning this Privacy Policy, please submit/email your request to:

dataprivacy@essity.com

Essity Aktiebolag (publ), Compliance & Ethics Team, P.O. Box 200, SE-101 23 Stockholm, Sweden

North American Supplemental Privacy Policy

This Supplemental Privacy Policy forms part of the Global Privacy Policy which can be accessed here. If you are a resident of the United States or Canada these additional terms apply to you. The Global Privacy Policy and this Supplemental Privacy Policy are collectively referred to herein as the “Privacy Policy.”

We reserve the right to update or modify this Privacy Policy at any time. We will notify you of any changes by, at a minimum, posting the updated Privacy Policy here. Please review this Privacy Policy periodically, and especially before you provide any information.

Residents of California and Nevada in the United States have additional rights under applicable laws. If you are a resident of California, click here. If you are a resident of Nevada, click here.

As the Essity companies operate globally, we may share your personal information among the Essity companies worldwide for the purposes described in this Privacy Policy.

This Privacy Policy does not apply to information that health care facilities or health care providers provide to us about their patients and residents. Health care facilities and providers determine the type of information that is collected, processed, transferred, and stored through their use of the Service, and we simply process the information on their behalf to provide requested products or services. We will retain any personal information collected for as long as necessary to provide our products and services or as required to comply with legal obligations, resolve disputes, and enforce any agreements. If you are a resident of a health care facility or patient of a health care provider, the facility or provider collects and processes your information in accordance with the facility’s or provider’s own privacy policy. You should contact the facility or provider for more information about its privacy practices. If you would like to access, update, or delete your information, you should contact the facility or provider, and we will respond to any such request they transmit to us as required by applicable laws.

The Service may contain links to other websites not owned by us and other websites not owned by us may reference or link to our Service. We encourage our users to read the privacy policies of each website they interact with. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of other websites that we do not own. Visiting these other websites is at your own risk.

The Service may also contain links and interactive features with various social media platforms. If you already use these platforms, their cookies may be set on your device when using our Service. You should be aware that personal information you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes.

We implement reasonable physical, administrative, and technical security measures to protect your personal information. While we take reasonable measures to protect the information we collect via the Services against loss, theft and unauthorized access, use, disclosure, or modification, we cannot guarantee its absolute security. No Internet, email, or mobile application transmission or database is ever fully secure or error free. You should use caution whenever submitting or sharing information through the Service. Please keep your account password confidential to help ensure the security of your personal information.

California Privacy Notice

If you are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) provides you with certain rights with regard to your personal information. This Privacy Notice describes how we collect, use, sell or disclose personal information of residents of the State of California, either online or offline.

The term “personal information” is defined in the CCPA as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information obtained from government records or deidentified or aggregated consumer information that cannot be reconstructed to identify you.

Personal Information We Collect

During the preceding 12 months, we have collected the following categories of personal information:


Category of Personal Information Examples
Identifiers  IP address
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) None
Characteristics of protected classifications under federal and California law None
Commercial information Records of products or services purchased, obtained, or considered
Biometric information  None
Internet or other electronic network activity information Device information, browser type, operating system, browsing history, search history, and information regarding a user’s interaction with our website or an advertisement
Sensory data  None
Professional or employment-related information Household or lifestyle information, interests, tastes, and preferences 
Other information you choose to provide  Photos, videos, and other content and information you provide through the services or in communications with us


Sources of Personal Information

We collect personal information about you (1) directly from you when you provide it to us, (2) automatically using cookies and other tracking technologies when you use our website and mobile applications, and (3) from third parties.

Business or Commercial Purposes for Collecting Personal Information

We use and process the personal information we collect to:

  • Facilitate our provision of, and your use, of the Service;
  • Develop and improve our products and services;
  • Process and respond to your inquiries and requests;
  • Provide products and services you request;
  • Identify you as a user of the Service;
  • Contact and communicate with you, including for marketing purposes;
  • Conduct promotions;
  • Perform analytics;
  • Display relevant advertising;
  • Prevent fraudulent transactions and prevent misuse of the Service, monitor against theft, protect our intellectual property or the rights or property of others, and otherwise protect our users and our business; and
  • Comply with legal obligations and defend, establish and exercise legal claims.
We may combine any of the information we collect from or about you and use it in the manner described in this Privacy Policy.

Disclosure and Sale of Personal Information

We share your personal information with other parties as described in the Global Privacy Policy. We may engage in the “sale” of your personal information, as that term is defined in the CCPA. For more information about the circumstances in which we may sell your personal information and your right to opt-out, see the Right to Opt-Out section below.

Your California Privacy Rights and How to Exercise Them 

If you are a California resident, the CCPA provides you with the following rights with respect to your personal information:

  • Right to Know. You have a right to request that we disclose, no more than twice in a 12-month period:
    • The categories and specific pieces of personal information we have collected about you.
    • The categories and sources from which personal information is collected.
    • The business or commercial purposes for collecting or selling personal information.
    • The categories of third parties with whom we share personal information.
We will provide this information upon receipt of a verifiable consumer request. How we will verify your identity depends on how you have interacted with us in the past. To exercise this right, you can contact us by phone at 1-866-722-6659 or by email at dataprivacy@essity.com
  • Right to Delete.  You have a right to request that we delete personal information about you that we have collected from you, subject to certain exceptions. If we are required to delete your personal information, then upon receipt of a verifiable request, we will delete your personal information from our records and direct any service providers to delete your personal information from their records. To exercise this right, you can contact us by phone at 1-866-722-6659 or by email at  dataprivacy@essity.com .
  • Right to Opt-Out. You have a right to opt-out of the “sale” of your personal information to third parties. We share certain personal information with third parties under circumstances that might be deemed a “sale” under the CCPA, such as when we allow advertising technology partners to use cookies and other technologies to collect your information and present advertising messages based on your preferences and to help us identify other users likely to be interested in our products and services. For more information or to opt-out, you can contact us at  dataprivacy@essity.com  or  click here .

Only you, or someone legally authorized to act on your behalf, may make a request under the CCPA related to your personal information. Any request must provide sufficient details so we can evaluate and respond to the request. We may request an individual’s first and last name, email address, mailing address, and/or other information to verify an individual’s identity. If you designate an authorized agent, the agent will be required to submit proof of authorization and you will be required to verify your identity. We will not discriminate against you for exercising your rights under the CCPA. We reserve the right to refuse any requests, in whole or in part, to the extent permitted by law.

Under California Civil Code Section 1798.83, California residents have a right to request, once per year and free of charge, information about the categories of personal information (if any) we have disclosed to third parties for their direct marketing purposes during the previous calendar year. If you are a California resident and would like to make such a request, please send an email to dataprivacy@essity.com with the subject line “California Shine the Light Request.”

Nevada Privacy Notice

Nevada residents have a right to submit a verified request directing a website operator to not make any “sale” of covered information collected about a consumer for monetary consideration to a person for such person to license or sell the information to additional persons, subject to certain exceptions. We do not engage in the “sale” of covered information, as that term is defined."