Privacy policy
This page explains how Armtac processes personal data in accordance with the EU General Data Protection Regulation (GDPR), Swedish data protection rules and recognised e-commerce standards.
Last updated: 5 June 2026
Controller
Armtac is the controller for personal data processed in the webshop, customer accounts, orders, support and marketing.
Contact: Armtac, Vindåkersvägen 12, 311 50 Falkenberg, Sweden. Email: info@armtac.se. Phone: +46 (0)725-49 94 98.
Data we process
We may process name, company name, organisation number, billing and delivery address, email, phone number, customer number, order history, payment and delivery information, support cases, technical logs, IP address and cookies or similar identifiers.
For products requiring specific checks, permits or age verification, we may process the information needed to meet legal requirements and ensure proper handling.
Purposes and legal bases
We process personal data to administer accounts, handle orders, deliver goods, receive payment, provide support, manage returns and complaints, and meet accounting, product responsibility and authority requirements.
The legal basis is usually contract, legal obligation, legitimate interest or consent. Consent is used for voluntary marketing and certain cookies and can be withdrawn at any time.
Sharing data
We only share personal data when needed, for example with payment providers, freight carriers, IT and hosting providers, system suppliers, advisers or authorities where required by law.
Processors may only process data under our instructions and must protect it with appropriate technical and organisational measures.
Retention
Personal data is kept only for as long as needed for the purposes above or as required by law. Accounting records are normally retained for seven years under Swedish accounting law.
Customer account details and order history are retained while the customer relationship exists and thereafter as needed for warranty, complaint, safety and limitation-period purposes.
Your rights
You may request access, rectification, erasure, restriction, portability and object to certain processing. Where processing is based on consent, you may withdraw that consent.
If you believe we process personal data incorrectly, you can contact us or lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
Transfers outside the EU/EEA and security
If personal data is transferred outside the EU/EEA, we use GDPR safeguards such as the European Commission’s standard contractual clauses where required.
We use access controls, encrypted communication, logging, permission management and incident response routines to protect personal data.