Skip to main content
Sign in
Create account

Privacy at Mathem

You probably know us best as Sweden’s largest online grocery store. Given that we operate on digital platforms, we are highly committed to protecting your personal data. This commitment is especially important to us since the majority of our employees are also Mathem customers.

To ensure your peace of mind, we have written a clearly articulated privacy policy and developed privacy settings that empower you with control over how we use your data. We also have our customer service ready to answer any questions you may have.

All our collection and use of personal data is subject to your local data protection legislation, including the EU's General Data Protection Regulation, also known as GDPR. We see compliance with these regulations as the bare minimum, and will always work hard to go beyond this baseline when it comes to ethical and sensible use of your data.

About this policy

Mathem’s Privacy Policy tells you about how the information you share with us, or that you generate by creating orders and so on, when you use our services is stored, used and protected.

When we talk about “services”, we mean our website and apps, as well as any other websites and things we do as part of our relationship with our customers that fall under the same policy.

Put simply, when you use our services, you share some data with us. We want to be completely transparent about what we know about you, how we use that information, who we share it with, and the choices you have to control, change and access it.

We have written this privacy policy to:

  • show what we do to protect and respect your privacy;
  • explain how we collect, use, and store your personal data; and
  • give you information about your rights.

We will do our best to explain all this in an understandable way, keeping the information free of complex legal jargon. If you still have questions, please feel free to contact us.

Data collection

Personal data

When we talk about personal data, we mean information that can be linked to an individual. In the context of this policy, that might include your name, home address, phone number, email address, etc.

We will sometimes refer to this kind of information simply as “data” and we’ll make it clear in cases where the data has been anonymized (in other words stripped of details that identify you individually).

How we collect data

The data we collect about you depends on which parts of our services you use, whether you shop with us or provide data in other contexts. We collect personal data that:

  • you provide to us, for example when you register a user account, shop for goods, subscribe to our newsletters, provide feedback on delivery or contact us with questions.
  • is automatically registered when you use the service, for example when you visit our online store or app or shop for goods.
  • we receive from other sources, like when you give us your postal code and we match it to the correct address from the public register, or when you use a service like Klarna or Apple Pay to pay for your groceries.
  • we receive from partners when you order delivery of goods from online stores we cooperate with.

You have no obligation to provide personal data to us, but if you choose not to, we may not be able to provide you with our services. Some examples of this could be that we can’t deliver goods if we don’t know your address, or collect payments if we don’t have your payment details, or contact you about your order without an email address or phone number.

Quick reference guide – what we collect and why

This is a very basic guide to the kinds of data we collect and why. For more detail, see What we collect and How we use data below.

Data collected

Purpose

Basic contact information

To contact you about your account and orders, deliver to you, etc.

Your use of our apps and website

To administer your customer relationship, provide good service, help you and have the opportunity to contact you if needed.

Technical information about devices you use

To give you the best experience for your device

Your settings and preferences

To tailor your experience of our product so that you get the most out of it for your personal priorities

Referral information

To issue rewards to both the referee and the new customer, and to help us improve our referral program

Cross-referenced data

To improve our products and give you a personalized and useful experience

Delivery information

To help our drivers streamline their delivery practices and make sure your orders are delivered safely and to the right place

Demographic information

To help us learn what customers like you want from our service and how we can improve

Payment information

So that we can process your payments

Other data given with your consent

We will always inform you of any other data we collect and use, and its purposes

What we collect

We collect personal data in the following categories:

  • Basic information like your name, address, and date of birth, and ways to contact you like your email address and phone number. There may also be situations where we’re legally required to confirm your date of birth (for alcohol or tobacco sales, for example).
  • Information about your use of our products, like order and delivery information, bottle deposits, coupons, shopping lists and shopping cart, marketing and communication settings, and partner programs you participate in.
  • Information collected from public registries and partners (third party data). We collect information like your address from the national register, and customer segments that are based on geographic areas from Mathem’s data analytics partner Dun & Bradstreet, like types of housing, life stage and purchasing power. We also receive date of birth information from Klarna Bank AB in connection with purchases using Klarna payment.
  • Conversations, emails, and interactions you have with customer support staff (including phone conversations with customer service).
  • Technical information about devices you use to access our services, emails and messages we have sent you, coupons and personalized content, cookies, etc.
  • Information about your settings, preferences, and household, if you choose to share it with us.
  • If you have been referred to us by a friend, or you refer a friend to us, we store information about that. For example, who was involved, the date, and whether the referral led to a new user signing up, and whether they ended up shopping with us.
  • Information that is based on your pathway through our app or website, like how long you took to fill your cart and complete your payment, or how many times you shop in a given timespan.
  • Information in connection with deliveries, like when a driver finds the best place to park near you, or discovers the best place to leave orders when you can’t come to the door.
  • Any other data collected with your consent. In these cases, you’ll receive specific information about what data we collect and what it is used for when we ask for your consent.
  • Payment information, which is stored exclusively with the relevant payment provider and is subject to their privacy policy. If you want to save time at the checkout, you can store your card information with our payment provider; you can opt out again at any time by changing your settings. We will be able to link data collected in connection with different services to the extent that the data is collected for the same purpose (see information about the purposes below).

Personal data about children

In line with our terms of use, you have to be over eighteen years of age to create an account with us. This means we don’t process any personal data about children. The only exception to this is if you choose to share information about your household with us where you inform us that there are children in your household.

How we use data

We use data that we register about you for the following purposes:

To provide services: We process data to provide various services to you. That means we have an agreement with you to process data in connection with:

  • offering digital services through a personal user account;
  • selling, packaging and delivering goods to a specific person at a specific address;
  • offering a user-friendly and safe service;
  • complying with various legislation, like in cases where we deliver of alcoholic beverages, pharmaceutical products, tobacco, and so on;
  • sending information and updates about your order deliveries;
  • providing extra services beyond delivery, like receiving and handling bottle deposits;
  • invoicing, credit checks, payment follow-ups and secure payment;
  • error corrections, customer service, and complaint handling;
  • personalizing our offers (e.g., opening hours, capacity, prices, functionality, etc.) based on information like your location, settings, preferences, and usage patterns;
  • delivering goods when you can’t come to the door. For example, we might take a picture of where the goods were left; and
  • delivery of goods from partnered online stores to whom we offer logistics and delivery services.

Development and analysis: We process data to understand your needs and to improve and expand the services we provide. The legal basis for this is our legitimate interest in improving our services, as we consider the consequences of this processing not to be significant for you. We limit the personal data processed, consider the impact of the processing, and apply security measures and other measures to limit the impact of such processing. Examples of this purpose may be:

  • collection and analysis of data to understand usage patterns and needs, for example to improve and optimize the service, communications, product offerings, capacity, etc. This might mean running user surveys (electronically or by telephone), asking for your feedback via an online form, or requests and suggestions you send to us;
  • use of statistical data that groups users into similar usage patterns, the length of time you’ve been a customer, your general location, age group, or other data that helps us understand how people like you use our services. In these cases, the data will be aggregated and/or anonymized, so you are not personally identifiable;
  • to be able to troubleshoot and correct errors you might encounter; and
  • to prepare user surveys, user analyses and market analyses based on usage patterns and demographics;
  • analyzing customer service enquiries and phone calls to improve our customer service.

Sales and marketing: We process data for marketing purposes in accordance with all applicable laws. The legal basis for this is our legitimate interest in marketing our services. Examples of this purpose may be:

  • our referral program where you can refer other people to our products;
  • sharing data with sub-processors that provide sales and marketing services to us (for example, the CRM system we use);
  • exchanging information with partners when this is necessary in order to fulfill our obligations to you. For example, we would need to tell partners with a bonus program that you have shopped with us if you want to earn your bonus points; and
  • marketing relevant products and services when we deliver goods from other online stores we cooperate with.

Personal marketing in other digital channels: In order to ensure relevant advertising on other websites or services, we cooperate with advertising partners, like Google, Facebook and Schibsted. We use the “customer list” functionalities from these advertising partners, making us able to reach you on those platforms. We also use other marketing functionalities where we share your data to personalize and optimize our marketing on Facebook and Google Platforms (this processing only takes place if you accept when providing consent in our cookie consent banner on our web-pages). The legal basis for this is our legitimate interest in marketing our services, as we consider the consequences of this processing not to be significant for you. You can opt out of our use of your data for personalized marketing in other digital channels in your account settings. This doesn’t include marketing in our own services, or general marketing that is personalized to you on other platforms, like ads that appear randomly to all visitors to another website.

Direct marketing: We might communicate offers, news and information about our selection as well as functionality changes or news about our service, or anything else that we believe is relevant to you. This might come to you by email, phone, traditional mail, or as a notification in the app. The legal basis for this is our legitimate interest in marketing our services, as we consider the consequences of this processing not to be significant for you. We limit the personal data processed, consider the impact of the processing, apply security measures and measures to limit the impact of such processing. To receive direct electronic marketing is optional, and you can change your communication settings at any time in your account settings.

Customized shopping experience and communication: To make your shopping experience with Mathem the best it can possibly be, we personalize parts of our online store and our communications to you. The legal basis for this is our legitimate interest in adapting our services; we consider the consequences of this will have low impact on you and you can always choose to opt out of the customized shopping experience and communications in your account settings. Some examples of a customized shopping experience may be that we use your past orders, settings, preferences and usage patterns to provide you with:

  • personalized content like special offers, sponsored products, dinner suggestions, and recommendations for items we think you might be looking for;
  • more relevant search results;
  • customized recipes or prioritization and sorting of products;
  • customized editorial content and campaigns;
  • customized offers and content unique to you; and
  • free samples.

Security and prevention of abuse: We might process personal data to ensure security in all our services, and to detect or prevent various types of abuse and fraud, like money laundering or identity theft. The legal basis for this is our legitimate interest in detecting and preventing fraud or abuse of our services or payment methods. Again, we consider the consequences of this processing to be of low significance for you. We always limit the personal data processed, consider the impact of the processing, apply security measures and measures to limit the impact of such processing.

Transactions, restructuring and other corporate changes: We might process and transfer data in connection with acquisitions and sales of businesses, shares, changes to our group structure, or liquidation. In cases like this, personal data might also be shared with advisers, counter-parties, suppliers and partners. We will always make full use of security measures to prevent abuse. The legal basis for processing, transferring, and sharing personal data for this purpose is our legitimate interest in conducting business development, adapting our services and regulatory considerations.

Complying with laws and regulations: We process personal data to comply with accounting laws and similar regulations, including presenting information to authorities when the law requires it.

Other purposes you have consented to: We might process your personal data for other purposes, but only when you have given us your consent. An example of this might be when you sign up to receive marketing emails from us.

Data protection

How we store and protect your data

Protecting your data is one of our top priorities. Our security work includes both physical, technical and administrative measures and includes risk assessments, access management, archiving routines, data handling routines and much more. The security measures we have in place will prevent your data from getting lost.

We regularly review whether there are changes or improvements we can make in risk exposure, technology choices, training, and in relation to legal requirements. You can rest assured that Oda always stores your data in a secure way.

Transfers outside the EU/EEA

We mainly process personal data in Norway and within the EU/EEA. In some cases, we work with partners located outside the EU/EEA (sometimes referred to as “third countries”), and in these situations we take extra precautions to ensure that your data is processed to our standards through measures like:

  • Using the European Commission's standard agreement that ensures the transfer of data to third countries (Standard Contractual Clauses); and
  • Transferring data to countries pre-approved by the European Commission.
  • Transferring data to US companies certified under the US Data Privacy Framework

Our precautions include organizational, contractual and technical measures incorporating risk assessments, access management, archiving routines, data handling routines, and more.

If you would like to know more about the precautions we take with regard to transfers of personal data outside the EU/EEA, please contact us at privacy@mathem.se.

How long we store your data

We will keep your personal data for as long as we are required to. For example, we may require it for our legitimate business purposes, to carry out our contractual obligations, or when the law or regulations obliges us. When you delete your user account, we will delete all your personal data except for any data we are required or allowed to store for a longer period according to relevant laws and regulations (e.g. local accounting regulations). That means that we may keep some personal data for a longer period after your relationship with us ends. We would then expect to delete your personal data at the latest when there is no longer any legal or regulatory requirement or legitimate business purpose for retaining it. Any data that is no longer needed for its purpose will be deleted. Note that anonymized data is not subject to these kinds of retention requirements.

How we handle data breaches

In the case of a personal data breach, we will notify the personal data breach to the local Data Protection Authorities as quickly as we can, and in most cases no later than 72 hours after we become aware of it. The only exception to this routine is if the breach is unlikely to result in a risk to our customers' rights and freedoms.

Data sharing

We disclose personal data to:

  • Companies within the Oda Group. We might, for example, need to do this so that we can deliver our services to you, or in connection with corporate changes. You can see a list of entities that make up the Oda Group here.
  • Partners and sub-suppliers may access personal data so that they can perform services for us. In such cases, we have data processor agreements in place to ensure data security; our partners may not use the data for any purpose other than to provide the agreed service. You can see a list of our third-party sub-suppliers here.

We might also disclose personal data:

  • In statutory cases, for example by court order, the police or other public authorities, in accordance with strict predefined processes.
  • In connection with transactions, restructurings or other corporate changes, e.g. as part of a merger, acquisition, sale of Oda's assets or transfer of services to another company.

Cookies and tracking

Background

Like many other websites, we use cookies and similar technologies on our websites and other digital services. A cookie is a piece of text that is stored on your device that helps us determine which parts of our websites are most popular, as well as which pages users visit, and for how long. We also use technology other than cookies, such as Software Development Kits (SDKs), to do the same. The data is used to give you a good experience, to improve performance, and in development, analysis and targeting of ads.

We may combine cookie data with other data we have registered about you and your relationship with us, but only when permitted by applicable laws or when you have given us your consent.

We mention some examples of relevant third party vendors below, for the full overview visit our list of sub-processors and third parties here.

How and why

Here are some details about the typical types of cookies and how we use them and other similar technologies:

  • Functional cookies and service provision: These cookies are important for Oda’s operations and providing our digital services. They are necessary in order for you to be able to create an account and complete a purchase, and they help us give you a good experience when you use our services. For example, we store a cookie that is used to recognize you when you come back to our site or app, so you don’t have to log in every time you visit us (this is deleted when you log out of your account). This type of cookie is used both when you are logged in, and when you browse anonymously, for example to track what a logged-out user has in its shopping cart.
  • Analysis of use and development of the service: These cookies help us monitor people’s use of our services so that we can improve them. We collect and store basic data about which categories and products our users click on or search for, which parts of the store are most popular, which links you came from or follow, and how long you stay. This is to be able to learn what our users are interested in, as well as to improve our product range and offers. The data is also used to show you more relevant products and for capacity planning.
  • Targeted marketing: With the help of these cookies, we can show relevant ads or content to a specific user. Third-party providers, including Google (Doubleclick), Snapchat, and Facebook, use cookies and anonymous identifiers on Oda and through SDKs in our app to collect or receive data. They then use this to display ads based on your visits to Oda and other websites. Oda uses remarketing, targeted marketing on demographics, location and other types of interest-based marketing through Facebook, Snapchat and Google AdWords. If you do not want us to use cookies in connection with third party marketing partners like Google and Facebook you can opt out in “Manage cookies” (you can find a link to this at the bottom of our homepage). To adapt advertising seen on these platforms, you have to visit their ads settings.

Oda respects the "Do Not Track" header, which you can enable in most browsers. You can also read more about advertising with cookies and opt out completely for one or more third-party providers on the opt-out page of the Network Advertising Initiative.

Your rights

You always have the right to:

Know what data we have about you

This is known as “Right of access”. You have the right to know what personal data we process and how we process it. You can see an overview of most of the data we have about you in your Mathem account. If you want to access all of your personal data, please contact us at privacy@mathem.se and we will provide it to you.

Correct any incorrect information

This is known as “Right to rectification”. It’s important that the information we have about you is correct. If it isn’t, you have the right to demand that we correct it. You can change or correct most personal data in your Mathem account settings. If you find any errors that you can’t fix yourself, please contact us at privacy@mathem.se.

Change the way we process your data

This is known as the “Right to restrict processing” or the “Right to object to data processing”. You have the right to object to the processing of your personal data which is based on our legitimate interests. You can do this by opting out of personalization and marketing communications in your privacy settings, or by contacting us at privacy@mathem.se.

Receive your data in a readable format

This is known as “Right to data portability”. You have the right to receive personal data we have about you in a structured, commonly used and machine-readable format. If you’d like this kind of data, please contact us at privacy@mathem.se.

Withdraw your consent

This is known as “Right of withdrawal”. You have the right to withdraw your consent for us to process your data in cases where consent is the reason we process it. You can do this in your Mathem account settings or by contacting us directly at privacy@mathem.se.

Be forgotten

Sometimes known as “Right to erasure”, you can always delete your user data or your account with us. We automatically erase personal data when it is no longer needed, but you can also request that we erase your personal data by deleting your user account. In this case, your personal data will be erased within 30 days, with the exception of data we are required to store for other reasons (e.g. to comply with accounting regulations). You can request closure and deletion of your user account in your profile pages.

File a complaint with the local data protection authority

If you believe that the way we process personal data doesn’t match up with what we have described here, or that we are in violation of data protection legislation, you can also get in direct contact with your local data protection authority. You can find information on how to contact your local data protection authority on their website.

Changes to this policy

When you sign up for an account with us, you agree to the contents of the policy and take on responsibility to familiarize yourself with it. Our latest Privacy Policy is always available on our webpages, and we will always state the date of the most recent change. We might update our Privacy Policy when there are changes in legislation, our practices, or when needed for any other reason. We will share information about any significant changes, which will apply from the time and date of this announcement.

Questions and concerns

Mathem i Sverige AB is responsible for the processing of personal data as described in this policy. If you disagree with how we process your personal data or have questions, please feel free to send us an email at privacy@mathem.se or write a letter to us at Mathem i Sverige AB Att: Dataskyddsombudet Slottsbacken 10 111 30 Stockholm. You can also send an email to our appointed data protection officer at dpo@mathem.se.