GDPR & e-Privacy

LastObject Privacy Policy

Last updated: 14 September 2021


This Privacy Policy describes how your personal data is collected, used, and shared when you visit or make a purchase from www.lastobject.com and the related domain names (the “Site”). Please read this document carefully before submitting any personal data to us.

What is covered in this privacy policy?

Owner of the Site

Our role as a data controller

What personal data we collect and how we use it

Sharing your personal data

International transfers of personal data

Do not track

Commercial communication

Your rights to access and manage your personal data

Protection of personal data

Retention period

Children

Changes

Contact us


Owner of the Site

The Site is owned and operated by LastObject ApS having a registered business address at Yderlandsvej 1, 2300 Copenhagen S, Denmark, and the company registration number DK37924679 (“we,” “us,” or “our”). Our Data Protection Officer is Christian Holse. 


Our role as a data controller

We act in the capacity of a data controller with regard to the personal data processed through the Site in terms of the applicable data protection laws, including the Danish Data Protection Act and the EU General Data Protection Regulation (GDPR). We are responsible for the collection of your personal data through the Site and their further use. We make decisions about the types of personal data that should be collected from you, the purposes for which such personal data should be used, the third parties to which your personal data may be disclosed, and make sure that we have a legal basis for collecting and using your personal data. 


What personal data we collect and how we use it

Sources of personal data

We obtain your personal data from the following categories of sources:

  • Directly from you. For example, if you submit your personal data on the Site or when contact us;
  • Directly or indirectly through your activity on the Site. When you use Site, we automatically collect technical information about your use of the Site; and
  • From third parties. We may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a legal basis for disclosing your personal data to us (for example, for payment processing purposes).

Automatically collected personal and non-personal data 

When you visit the Site, we or our analytics service providers automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We collect such personal and non-personal data by using the following technologies:

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about our use of cookies and how to disable cookies, please refer to our Cookie Policy.
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.

We use your such information data for the following purposes:

  • To analyse how you use the Site;
  • To examine the relevance, popularity, and engagement rate of the content available on the Site;
  • To improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns);
  • To investigate and help prevent bugs, security issues and abuse; and
  • To develop and provide additional features to the Site and our new services.

The legal bases on which we rely are ‘pursuing our legitimate business interests’ (to analyse, grow, and protect our business) and ‘your consent’ (for non-essential cookies). 

Personal data that you submit to us

  • Account Information. When you register your user account on the Site, we collect your first name, last name, email address, and password. We refer to this information as “Account Information”. We use your Account Information to register and maintain your user account, facilitate your orders, contact you, if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (to administer our business). We keep your Account Information until you delete your user account. 
  • Order Information. When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, company, billing address, shipping address, payment information (including credit card numbers and PayPal details), email address, and phone number. We refer to this information as “Order Information”. We use your Order Information to send you your order updates, deliver your orders, process your payments, contact you, if necessary, inform you about our special offers, maintain our business records, and screen orders for potential risk or fraud. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (to administer and protect our business). We keep your Order Information until you delete your user account, unless we are required by law to retain information for accounting and business records purposes.
  • Inquiries. When you contact us by email, we collect your name, email address, and any information that you decide to include in your message. We use such data to respond to your inquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We store such data until you stop communicating with us. 
  • Newsletter. When you subscribe to our newsletter, we collect your email address. We use your email address to deliver you the requested newsletter. The legal basis on which we rely is ‘your consent’. We keep your email address in our newsletter database until you unsubscribe from our newsletters. 

Aggregated and de-identified data

If we combine your non-personal data with certain elements of your personal data and such a combination allows us to identify you as a natural person, we will handle such aggregated data as personal data. If your personal data is de-identified in a way that it can no longer be associated with a natural person, it will not be considered personal data and we may use it for any business purpose.


Sharing your personal data

We share your personal data with third parties (our processors) that help us to support our business, operate and maintain the Site, process payments, deliver your orders, conduct analytics, and send our emails. We do not sell your personal data to third parties. The disclosure is limited to the situations when your personal data is required for the following purposes:

  • Ensuring the proper operation of the Site;
  • Ensuring the delivery of your orders;
  • Providing you with the requested information;
  • Pursuing our legitimate business interests;
  • Enforcing our rights, preventing fraud, and security purposes;
  • Carrying out our contractual obligations; or 
  • If you provide your prior consent to such a disclosure. 

List of our data processors

We use a limited number of data processors. We choose them only if they agree to ensure an adequate level of protection of your personal data that is consistent with this privacy policy and the applicable data protection laws. The data processors that have access to your personal data are: 

  • Our hosting service providers One located in Sweden and Shopify located in Canada;
  • Our cloud storage service providers Google BigQuery located in the European Union and Google Drive located in the United States;
  • Our database service providers Skubana, Kickstarter, IndieGogo, Backerkit, and Crowdox located in the United States;
  • Our newsletter service provider Klaviyo located in the United States;
  • Our marketing service providers Facebook Ads, Google ads, Bing ads, Instagram, Pinterest, TikTok, Snapchat, and LinkedIn located in the United States;
  • Our advertising service provider Google Customer Match located in the Unites States;
  • Our analytics service providers Google Analytics and Google Datastudio located in the United States; 
  • Our payment service providers Withreach (UK), Shopify Pay (Canada), Paypal and Braintree (Luxembourg); 
  • Our live chat service provider Gorgias located in the United States;
  • Our data processing service providers Zapier and Stitch located in the United States, and Supermetrics located in Finland;
  • Our shipping service providers ShipBob, LinkLogistics located in the United States, Floship  and Aftership located in Hong Kong, and ProFS located in the UK;
  • Our delivery service providers DHL, UPS, FedEx, GLS, Postnord, Royalmail, and others; and
  • Our independent contractors and consultants.

Legal requests

Finally, we may also share your personal data to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Disclosure of non-personal data

Your technical (non-personal) data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the Site, responding to lawful requests from public authorities or developing new products and services.

Successors

In case the Site is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this privacy policy. We will notify you of any changes of the data controller. 

Selling personal data

We do not directly sell your personal data to third parties. However, some of your personal data, including online identifiers (e.g., cookie-generated data and IP addresses) may be used for advertising, marketing, and monetisation purposes (e.g., programmatic advertising, retargeting, third-party marketing, profiling, or cross-device tracking). To make sure that you have full transparency and control over your personal data, we provide you with a possibility to manage your personal data used for such purposes as described in our Cookie Policy.


International transfers of personal data

Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude a data processing agreement with the respective third party that ensures such protection. We will not transfer your personal data internationally if no appropriate level of protection can be granted.


Do not track

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.


Commercial communication

Newsletters

If we have your email address, we may, from time to time, send you a newsletter informing you about the latest developments related to the Site, our products, and special offers. You will receive our newsletters in the following instances:

  • If we receive your express (“opt-in”) consent to receive marketing messages; or
  • If you voluntarily subscribe for our newsletter via the newsletter box on the Site; or
  • If we decide to send you information closely related to services already used by you.

Opting-out 

You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters or by contacting us directly.

Tracking pixels

The newsletters sent by us may contain tracking pixels that allow us to conduct analysis of our marketing campaigns. Tracking pixels allow us to see whether you opened the newsletter and what links you have clicked on. We use such information to conduct analytics and pursue our legitimate business interests.

Service-related notices

If necessary, we will send you important informational messages, such as confirmation receipts, payment information, order updates, technical emails, and other administrative matters. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.

Customer Match

If you provide us with your consent to our commercial communication or we have another legal basis for sending you our promotional messages (as described above) or running our targeted advertising, we may use Customer Match. Customer Match is an advertising service provided by Google LLC located in the US. This service allows us to match your email address and other data that we collect through the Site with the data Google holds about you. As a result, you can see tailor-made advertising that may be of interest to you via the Google advertising network. Such advertising may be based on your interests, search keywords, or similar demographics. Please note that we do not match your email address if we do not have a legal basis for doing so. You can control how tailor-made advertising is shown to you or opt-out from such advertising by consulting:

Facebook hashing

We use Facebook hashing for analytics purposes. Hashing is a cryptographic security method that means turning your email address into a unique number and sending that number to Facebook. Afterwards, this number is compared with the hashed data that Facebook holds about you. If there is a match, you may be offered our products that may be of interest to you, without knowing who you actually are. Such hashing helps us to protect your personal data while conducting our marketing campaigns.

Your rights to access and manage your personal data

You have the right to access and manage the personal data we hold about you and to ask that your personal data be corrected, updated, or deleted (unless, in very limited cases, the applicable law provides otherwise).

The list of your rights

  • Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
  • Right to rectification: you can rectify inaccurate personal data that we hold about you;
  • Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
  • Right to restriction: you can ask us to restrict the processing of your personal data;
  • Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
  • Right to object: you can ask us to stop processing your personal data;
  • Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
  • Right to complaint: you can submit your complaint regarding our processing of your personal data.

How to exercise your rights? 

If you would like to exercise any of your rights, please contact us by email at hello@lastobject.com or by post (you can find our postal address at the end of this privacy policy) and explain your request in detail. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than 2 weeks.

Complaints

If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

Non-discrimination

We do not discriminate against you if you decide to exercise your rights. It means that we will not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with lower quality services.


Protection of personal data

Security measures

We implement organisational and technical information security measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include:

  • Access control;
  • Secured networks;
  • SSL protocol;
  • Strong passwords;
  • Anonymisation of personal data (when possible); and
  • Carefully selected data processors.

Security breaches

Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data that was caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law. 


Retention period

Retention of personal data 

We store your personal data in our systems only for as long as such personal data is required for the purposes described in this privacy policy or until you request us to delete your personal data, whichever comes first. After your personal data is no longer necessary for its primary purposes and we do not have another legal basis for storing it, we securely delete your personal data from our systems.

Retention of non-personal data

We retain non-personal data pertaining to you for as long as necessary for the purposes described in this privacy policy. For example, we can store it for the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

Retention as required by law 

In certain cases, we are required by law to store your personal data for a certain period of time (e.g., your payment data should be stored for business records or accounting purposes). Thus, we keep your personal data for the time period stipulated by the applicable law and securely delete it as soon as the required storage period expires.


Children

The Site is not intended for use by children (i.e., persons who are minors in their country of residence). Therefore, we do not knowingly collect minors’ personal data. If you, as a parent or a legal guardian of a child, become aware that the child has submitted his/her personal data to us, please contact us immediately. We will delete your child’s personal data from our systems without undue delay.  


Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We encourage you to review our privacy policy to stay informed. For significant material changes in the privacy policy or, where required by the applicable law, we may seek your consent. The date of the last amendment is always specified at the top of the privacy policy.


Contact us

For more information about our privacy practices, if you have questions, or if you would like to exercise your rights, please contact us by e‑mail at hello@lastobject.com.

Alternatively, you can send us a letter by post at LastObject ApS, Yderlandsvej 1, 2300 Copenhagen S, Denmark.