eComID Privacy Policy

Published: 27 October 2025

Latest update: 27 October 2025

1. Introduction

eComID AB ("eComID", "we", "our", or "us"), registered with the Swedish Companies Registration Office under reg. no. 559428-6188 and with its registered address at Fiskargatan 8, SE-116 20 Stockholm, Sweden, is committed to protecting your privacy. This privacy policy (the "Privacy Policy") explains how we, as a data controller, collect, use, disclose, and safeguard your information when you use our services, e.g. on merchants' websites or mobile applications, interact with our website, register an eComID profile, download our app or engage with us through any other online platform (the "Services").

For the purposes of the Services, eComID acts as a data controller for the personal data it collects or creates. This means that eComID determines how and why data is processed in accordance with applicable privacy laws, including the General Data Protection Regulation (the "GDPR").

2. Processing of your personal data

The tables below specify what we will use your personal data for (the purpose) and what types of personal data we use for each purpose. They also specify the legal basis for the processing of the personal data as well as how long we will continue to use the personal data for each purpose. Please note that when legitimate interests have been assessed as the legal basis you always have the right to object to this conclusion and can read more about your rights below under the section "Your rights".

Processing of personal data when you have registered an eComID profile and use our Services

Purpose	Categories of personal data	Legal basis	Retention period
We process your personal data to register and administrate your eComID profile.	Personal identifiers: Name and email address Demographic information: Age and gender Profile picture, if you provide us with this	With the exception for the processing of your profile picture, the legal basis for the processing of personal data is that it is necessary for the performance of a contract between you and eComID. The legal basis for the processing of your profile picture is our legitimate interests. Our assessment is that this processing of your personal data is necessary to enable you to personalise your eComID profile. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained until you delete your eComID profile, or at such earlier time when your eComID profile has not been used for a period of three years.
We process your personal data to manage our customer relationship with you and to communicate with you.	Personal identifiers: Name and email address Interaction data: Information about how you interact with our Services Technical data: Device information (IP address, browser type, operating system, MAC address)	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to manage our customer relationship with you and to communicate with you. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained until you delete your eComID profile, or at such earlier time when your eComID profile has not been used for a period of three years.
We process your personal data to communicate about and market our business, including to administer and send newsletters or other marketing communications to you.	Personal identifiers: Name and email address	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to market our business, administer and send marketing communications, provide information about our business and initiatives, or draw attention to specific news or information about us in connection with a current event or a launch of a new Service. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be processed until you delete your eComID profile, or at such earlier time when you opt out from receiving marketing communication or when your eComID profile has not been used for a period of three years.
We process your personal data to provide you our Services, such as the Size Finder and the eComID Agent. The purposes of this processing include providing you with insights about your shopping behaviour, an overview of your purchase and return history, accurate size recommendations for different products and brands, access to your size recommendations and profiles, product discovery, recommendations, and size and fit guidance.	Personal identifiers: Name and email address Order history Return rates Demographic information: Age and gender Physical characteristics: Height, weight and body shape Preference data: Your fit and size preferences Interaction data: Information on how you interact with our Services Your size profile: Your recommended size for different products and brands Information about the merchant and product you want a size recommendation for Technical data: Device information (IP address, browser type, operating system, MAC address)	The legal basis for the processing of personal data is that it is necessary for the performance of a contract between you and eComID.	The personal data will be retained until you delete your eComID profile, or at such earlier time when your eComID profile has not been used for a period of three years.
We process your personal data to enable you to personalise your eComID profile.	Information about your product wish lists Information about your favourite brands Ratings and reviews	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us to personalise your eComID profile. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained until you delete your eComID profile, or at such earlier time when your eComID profile has not been used for a period of three years.
We process your personal data to analyse your preferences and behaviours to tailor the Services to your interests, to display relevant and personalised products, content, offers and recommendations, and to enhance your user experience. Additionally, we identify trends among users with similar behaviours, enabling us to present content that is likely to interest you. This processing involves profiling. Profiling means the automated processing of personal data to analyse or predict aspects related to an individual's preferences, behaviour, or interests.	Order history Return rates Demographic information: Age and gender Physical characteristics: Height, weight and body shape Preference data: Your fit and size preferences Your size profile: Your recommended size for different products and brands Information about the merchant and product you want a size recommendation for Product wish lists Favourite brands Ratings and reviews Location and geolocation data Technical data: Device information (IP address, browser type, operating system) Interaction data: Information on how you interact with our Services	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us to tailor the Services for you. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained until you delete your eComID profile, or at such earlier time when your eComID profile has not been used for a period of three years.
We process your personal data to aggregate and anonymize such data, utilising the aggregated and anonymized data for statistical, research, and analytical purposes.	All of the above categories of personal data	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to aggregate and anonymize data for statistical, research, and analytical purposes in order to improve and develop our Services. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained until the aggregation and anonymization process is complete. Once your personal data is anonymized, it will no longer be classified as personal data.
We process your personal data to enhance the functionality and accuracy of our Services by analysing usage patterns.	Interaction data: Information on how you interact with our Services Technical data: Device information (IP address, browser type, operating system)	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to improve and enhance the functionality of our Services. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained until you delete your eComID profile, or at such earlier time when your eComID profile has not been used for a period of three years.

Processing of personal data when you use our Services without having registered an eComID profile

Purpose	Categories of personal data	Legal basis	Retention period
When you use our Size Finder function, we process your personal data to provide you accurate size recommendations for different products and brands.	Personal identifiers: Name and email address Demographic information: Age and gender Physical characteristics: Height, weight and body shape Preference data: Your fit preferences Your size profile: Your recommended size for different products and brands Information about the merchant and product you want a size recommendation for	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us provide size recommendations to you. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained for one year from the date of collection.
When you use our eComID Agent, we process your personal data to provide you with product discovery, personalized recommendations, and size and fit guidance.	Demographic information (if provided): Age and gender Physical characteristics (if provided): Height, weight and body shape Preference data (if provided): Your fit preferences Technical data: Device information (IP address, browser type, operating system)	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us provide personalized recommendations to you. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained for one year from the date of collection.
We process your personal data to aggregate and anonymize such data, utilising the aggregated and anonymized data for statistical, research, and analytical purposes.	All of the above categories of personal data	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to aggregate and anonymize data for statistical, research, and analytical purposes in order to improve and develop our Services. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained until the aggregation and anonymization process is complete. Once your personal data is anonymized, it will no longer be classified as personal data.
We process your personal data to enhance the functionality and accuracy of our Services by analysing usage patterns.	Interaction data: Information on how you interact with our Services Technical data: Device information (IP address, browser type, operating system)	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to improve and enhance the functionality of our Services. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be retained for one year from the date of collection.

Processing of personal data when you contact us

Purpose	Categories of personal data	Legal basis	Retention period
We process your personal data to handle all matters that we receive from you through eComID's customer service. This includes retaining various forms of written conversations to document customer issues, as well as for security purposes and to counter fraud.	Personal identifiers: Name, email address, phone number, delivery address, and customer ID Information about your contacts with eComID's customer service Other information submitted by you when contacting us	If you do not have an eComID profile, the legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us to facilitate communication with you and to maintain security. We have also concluded that these interests override any competing interests and fundamental rights and freedoms. If you have an eComID profile, the legal basis for the processing of personal data is that it is necessary for the performance of a contract between you and eComID.	If you have an eComID profile, the personal data will be retained until you delete your eComID profile, or at such earlier time when your eComID profile has not been used for a period of three years. In other cases, the personal data will be retained until the customer service matter has been closed.
We process your personal data to facilitate communication when you reach out to us through various channels, including our website and social media platforms like Facebook, Instagram, or Twitter, and to manage these interactions.	Personal identifiers: Name and email address Information about your contacts with eComID's customer service Other information submitted by you when contacting us	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us to facilitate communication with you. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be deleted following a continuous assessment of necessity, taking into account the subject of the communication. However, it will never be stored for more than three years.

Processing of personal data in other contexts

Purpose	Categories of personal data	Legal basis	Retention period
If you register for an event advertised on social media, we process your personal data to organize and manage such events. This includes, among other things, the administration of invitations, participant lists, dietary preferences, travel, and schedule.	Personal identifiers: Name and email address Other information you may submit when you register for the event	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us to organize and manage events. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data may be retained until the event has taken place and one year thereafter.
If you have signed up to receive newsletters and marketing communications from us, we process your personal data to communicate about and market our business, including to administer and send newsletters or other marketing communications to you.	Personal identifiers: Name and email address	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to market our business, administer and send marketing communications, provide information about our business and initiatives, or draw attention to specific news or information about us in connection with a current event or a launch of a new Service. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data will be processed until you opt out from receiving newsletters and marketing communication.
With regard to contacts with representatives of corporate customers and suppliers, we process your personal data to perform bookkeeping and accounting in accordance with applicable law.	Personal identifiers: Name and email address Payment information	The legal basis for the processing of personal data is to comply with legal obligations.	The personal data processed to fulfil the obligations under the Swedish Accounting Act (Sw. bokföringslagen) will be retained for seven years. In addition, personal data processed to comply with other legal requirements may be retained for as long as necessary to fulfil the relevant legislation.
In regards to contacts with representatives of corporate customers and suppliers, we process your personal data to administer agreements, invoicing and payment with corporate customers and suppliers.	Personal identifiers: Name and email address Payment information	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us to administer agreements, invoicing and payment. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data is retained until the customer or supplier agreement is terminated.
If applicable, we process your personal data in order to establish, exercise, or defend legal claims.	Personal identifiers: Name and email address Technical data: Device information (IP address, browser type, operating system) Other information relevant to the establishment, exercise, or defence of a legal claim	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to establish, exercise and defend legal claims. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	The personal data may be retained for five years, or such longer time as is necessary due to an on-going or concluded dispute (or preparations thereof).

Purpose	Categories of personal data	Legal basis	Retention period
When you visit our website, we collect information about you with the help of cookies. Some of these cookies are always active and are necessary to provide you with a functioning website. For more information about the cookies we use, please visit https://www.ecomid.com/cookie-policy.	IP address Information about your use of eComID's website	The legal basis for the processing of personal data is our legitimate interests. Our assessment is that the processing of your personal data is necessary to enable us to provide a functioning website. We have also concluded that these interests override any competing interests and fundamental rights and freedoms.	Please visit https://www.ecomid.com/cookie-policy for retention information.
If you choose to accept the use of additional cookies, we process your personal data through functional and performance cookies to provide additional features and services on our website, to make the website more user-friendly, measure performance, and for marketing purposes. Some statistical and marketing cookies are provided by third parties. For more information about the cookies we use, please visit https://www.ecomid.com/cookie-policy.	IP address Information about your use of eComID's website	The legal basis for the processing of personal data is your consent.	Please visit https://www.ecomid.com/cookie-policy for retention information. You may withdraw your consent at any time by following the instructions in our cookie policy in which case the processing will stop.

3. How we collect your personal data

Most of the personal data that we process is collected from you directly, e.g. when you register for an eComID profile or use our Services, either through our website or app. In addition, we collect your personal data, such as order history and return data, by obtaining information from other sources, such as merchants, including when you engage with our Services through the websites or mobile applications of our affiliated merchants.

4. Data sharing

We may share your information with:

Third-party service providers: Who assist us in delivering the Services, such as data analytics providers and email service providers.
Legal authorities: If required by law or a compelling authority decision, to protect our legal rights or the legal rights of a third party (in the last case, subject to the balance of interests determination).
The merchant you are interacting with: We share personal data about you such as recommended size, order history and preferences with the merchant you are interacting with.

5. Global operations and data transfers

We are committed to keeping your personal information within the EU/EEA as much as possible. However, as we operate globally, there may be instances where your personal data are transferred to, stored, or processed outside of the EU/EEA. In cases where personal data is transferred to countries outside the EU/EEA, we ensure that there is either (i) a decision from the European Commission that the country in question ensures an adequate level of protection or (ii) appropriate safeguards that ensure that your rights are protected in the form of e.g. standard contractual clauses.

To ensure transparency of our processing of your personal data, you have the right to obtain a copy of any such standard contractual clauses by contacting us. You can also read more about which countries are considered to have an ‘adequate level of protection' on the European Commission's website here and you can read more about standard contractual clauses on the European Commission's website here.

6. Your rights

You have the following rights regarding your personal data:

Access: The right to request access to and information of our processing of the personal data we hold about you.
Rectification: The right to request correction of any inaccurate data and to have any incomplete data completed.
Deletion: The right to request deletion of your data under certain conditions.
Restriction: The right to request that we restrict the processing of your personal data.
Data portability: The right to receive your data in a structured, commonly used format and transfer it to another data controller.
Objection: The right to object to our processing of your personal data under certain circumstances. You always have a right to object to our processing of your personal data for direct marketing purposes and to processing of your data that includes profiling.
Withdraw consent: The right to withdraw your consent at any time, when the processing of your personal data is based on consent.

To exercise any of these rights, please contact us at privacy@ecomid.com.

7. Lodging a complaint

If you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten). Information on how to lodge a complaint is available on the authority's website. You can also contact them using the following contact details:

Contact information:
Integritetsskyddsmyndigheten Box 8114
104 20 Stockholm Sweden
Email: imy@imy.se
Telephone: +46 8 657 61 00

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any updates will be effective immediately upon posting on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

9. Contact information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@ecomid.com.