Privacy Policy
When you visit fjallravenkanken.co.uk, you share personal data with us — even if you never place an order. This policy explains what we collect, why we use it, and what choices you have. We take our obligations seriously. The rules that govern how we handle your information are set out in the UK General Data Protection Regulation (UK GDPR) and the Data (Use and Access) Act 2025. If something here is unclear, you are welcome to contact us directly at any point — we are happy to help.
General Provisions
This Privacy Policy applies to all personal data processed by us in connection with the operation of this website and the sale of Fjällräven Kånken products to customers in the United Kingdom. It covers data collected via the website, email enquiries, and any other direct interactions with our service. We act as the data controller for all processing described here.
We update this policy from time to time. The version published on this page is always the current one. Continued use of the website after any revision means you have seen and acknowledged the updated terms.
Definitions
A few key terms appear throughout this document. Being clear about what they mean avoids confusion later.
- Personal data — any information that identifies you or could reasonably be used to do so, such as your name, email address, or IP address
- Processing — anything done with personal data, from collection and storage through to deletion
- Data controller — the entity that decides how and why personal data is processed (that is us)
- Data subject — the individual whose personal data is being processed (that is you)
- UK GDPR — the UK General Data Protection Regulation, retained in UK law and amended by the Data (Use and Access) Act 2025
- ICO — the Information Commissioner's Office, the UK's independent data protection regulator
Personal Data We Collect
The data we collect depends on how you use the site. Browsing without registering generates a limited set of technical data. Placing an order or creating an account generates considerably more. We only ever collect what is genuinely necessary for the purpose at hand.
Data You Provide Directly
When you complete a purchase or send us a message, we collect the information you submit. This typically includes your full name, delivery address, email address, and telephone number. Payment details are handled by our third-party payment processor — we do not store card numbers on our systems at any point.
Data Collected Automatically
Each visit to our website generates log data: your IP address, browser type, pages visited, and session timestamps. We also use cookies to remember your preferences and to measure how visitors navigate the site. You can manage your cookie settings at any time through your browser or our cookie consent tool.
Purposes of Data Processing
We do not collect data for the sake of it. Each piece of information we hold serves a specific, documented purpose.
- Processing and fulfilling your order, including dispatch notifications and delivery updates
- Managing returns, refunds, and customer service requests
- Sending marketing emails where you have opted in
- Improving website performance based on aggregated usage data
- Detecting and preventing fraud or unauthorised access
- Meeting our legal obligations under UK law
We never sell your personal data to third parties. We never use it for purposes that contradict what is set out in this policy.
Legal Basis for Processing
Under UK GDPR, every processing activity must rest on a valid legal basis. The table below sets out the main bases we rely on and the corresponding processing activities.
| Purpose | Legal Basis |
|---|---|
| Fulfilling your order | Contract performance (Article 6(1)(b)) |
| Fraud prevention | Legitimate interests (Article 6(1)(f)) |
| Marketing emails | Consent (Article 6(1)(a)) |
| Legal compliance | Legal obligation (Article 6(1)(c)) |
| Website analytics | Legitimate interests (Article 6(1)(f)) |
Where we rely on legitimate interests, we have carried out a balancing test to confirm that those interests do not override your fundamental rights and freedoms.
Data Storage, Transfer and Protection
Your data is stored on servers located within the United Kingdom or the European Economic Area. We do not transfer personal data outside these regions unless adequate safeguards are in place — for example, using UK International Data Transfer Agreements (IDTAs) where required by law.
Retention Periods
Order-related data is kept for six years to meet UK tax and accounting requirements. Marketing preferences are retained until you withdraw your consent. Website log data is deleted after 12 months as a rule. Once data is no longer needed for its original purpose, it is securely and permanently erased.
Security Measures
We use SSL encryption across the entire website. Access to personal data within our internal systems is restricted to staff who genuinely need it to do their jobs. Third-party processors we work with are contractually bound to maintain equivalent security standards. No system is entirely risk-free — but we take practical, proportionate steps to keep your data protected.
Your Rights
UK GDPR gives you a real and enforceable set of rights over your personal data. Want to know exactly what we hold about you? You can ask — and we are obliged to tell you. Here is the full list of rights available to you:
- Access — request a copy of the personal data we hold about you (a Subject Access Request)
- Rectification — ask us to correct data that is inaccurate or incomplete
- Erasure — request deletion of your data in certain circumstances, sometimes called the right to be forgotten
- Restriction — ask us to limit how we process your data while a dispute is being resolved
- Portability — receive your data in a structured, commonly used, machine-readable format
- Objection — object to processing based on legitimate interests, or opt out of direct marketing at any time
- Complaint — raise a concern directly with us before escalating to the ICO if needed
To exercise any of these rights, contact us by email. We will respond within one calendar month. Complex or multiple requests may require up to two additional months — we will always notify you if that extension applies.
You also have the right to complain to the ICO at ico.org.uk if you believe your data has been handled unlawfully. We would, of course, always prefer to resolve concerns directly first.