Privacy policy

Privacy Policy

Last updated: September 4, 2025

Silk Route AB (“Silk Route”, “we”, “us”, “our”) operates this website and online store, and provides related content, features, tools, products, and services (the “Services”). Our store is powered by Shopify, which helps us provide and improve the Services.

By accessing or using the Services, you acknowledge that you have read this Privacy Policy and understand how we collect, use, and disclose your personal information as described here. If there is a conflict between our Terms of Service and this Privacy Policy regarding personal information, this Privacy Policy controls.

1) Who is responsible for collecting the personal data?

Silk Route AB, org-number : 559493-1684
Parkvägen 13, 135 52, Sweden, hello@silkroute.se

2) Definitions

Personal information” means information that identifies or can reasonably be linked to you, a person/individual. It does not include anonymized or de-identified data. The new General Data Protection Regulation (GDPR) law from 25/5 2018, which replaces the Personal Data Act, sets some requirements on how personal data can be handled. 

3) What We Collect

We collect personal data that you send to us when you place orders on our webshop, sign up for our newsletter or participate in events and possible competitions. Depending on how you use the Services and as permitted by law, we may collect:

  • Contact details: name, billing/shipping address, phone number, email.

  • Account data: username, password, preferences, settings.

  • Order & transaction data: items viewed/added/purchased/returned, order history.

  • Payment data: payment method details, payment confirmations (note: we do not store card numbers; payments are processed by our payment providers).

  • Communications: content of messages you send to us (e.g., support emails).

  • Device & usage data: IP address, browser, device identifiers, pages viewed, timestamps, interactions, approximate location inferred from IP.

  • Inferences: preferences drawn from your interactions with the Services.

4) Sources of Personal Information

  • Directly from you: when you browse, create an account, make a purchase, or contact us.

  • Automatically: via cookies and similar technologies when you use the Services.

  • Service providers & partners: where they perform services for us or facilitate the Services.

  • Other third parties: e.g., advertising or analytics partners.

5) How We Use Personal Information

We use personal information to:

  • Provide and improve the Services: process orders and payments, fulfill and deliver purchases, handle returns, manage your account, remember preferences, recommend products, and maintain site functionality.

  • Customer support & communications: respond to inquiries and service messages.

  • Marketing & advertising: send you product updates and offers (where permitted), and show you online ads on our Services or other sites (see “Advertising & Analytics”).

  • Security & fraud prevention: authenticate accounts, detect and prevent fraud and abuse, and protect our rights and users.

  • Legal compliance: comply with laws, respond to lawful requests, and enforce our terms.

6) Legal Bases (EEA/UK)

Where GDPR or UK GDPR applies, we process personal information under these legal bases:

  • Contract: to perform our contract with you (e.g., to fulfill an order).

  • Consent: for certain marketing, cookies, or optional features (you can withdraw consent at any time).

  • Legitimate interests: to operate, secure, and improve the Services; to communicate with you about your account/orders; to prevent fraud (balanced against your rights).

  • Legal obligation: to meet accounting, tax, and other legal requirements.

7) Sharing & Disclosures

We may disclose personal information in these situations:

  • With Shopify (hosting, checkout, store functionality) and service providers who process data on our behalf, such as:

    • Payment processors: e.g., Shopify Payments, Stripe and  PayPal

    • Fulfilment & shipping/logistics: e.g., PostNord, Shipmondo, DHL

    • Email & customer communications: e.g., Klaviyo, 

    • Analytics/ads: e.g., Google Analytics, Meta (Facebook/Instagram)

  • With business/marketing partners: where applicable and in accordance with law and your choices—confirm if used.

  • With affiliates/within our group: if applicable.

  • For legal reasons or business transactions: compliance with law, enforcement of terms, or in connection with mergers, acquisitions, or reorganization.

Service providers are contractually required to process data only on our instructions and to protect it appropriately.

8) Cookies & Similar Technologies

We use cookies and similar technologies to operate the site, remember your preferences, analyze usage, and (where applicable) personalize advertising.

  • Essential cookies: required for core functionality (e.g., checkout, login).

  • Performance/analytics cookies: help us understand site usage.

  • Marketing cookies: show relevant ads (where permitted).

You can control cookies via your browser settings. Some features may not function if certain cookies are disabled.

9) Advertising & Analytics (If Used)

If enabled, we may use platforms to measure performance and show ads:

  • Meta Pixel (Facebook/Instagram)

These tools may use cookies or similar technologies to collect information about your interactions with our site and ads. Where required, we rely on your consent.
 Choices: You can manage your preferences via our cookie banner (where available) and through platform settings (e.g., Google Ad Settings, Facebook Ad Preferences).

10) Automated Decision-Making

We do not make decisions with legal or similarly significant effects based solely on automated processing. Our processor, Shopify, may use limited automated systems (e.g., temporary fraud prevention checks) to protect the platform.

11) International Transfers

We may transfer, store, and process your information outside your country, including to countries that may not offer the same level of data protection. When transferring data from the EEA/UK, we rely on recognized safeguards such as the EU Standard Contractual Clauses and UK-approved equivalents, where applicable.

12) Data Retention

We retain personal informationfor 48 months for the purposes described above, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce agreements.

13) Your Rights (EEA/UK and Where Applicable)

Subject to local law and exceptions, you may have the right to:

  • Access / Know the personal information we hold about you.

  • Rectify inaccurate or incomplete information.

  • Delete certain information.

  • Restrict or object to certain processing (including direct marketing).

  • Portability of certain information.

  • Withdraw consent where processing is based on consent (without affecting prior lawful processing).

To exercise your rights, contact hello@silkroute.se. We may need to verify your identity and, where applicable, you may designate an authorized agent.

Complaints: You may contact us at any time. You also have the right to lodge a complaint with your local data protection authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY).

14) Security

We implement technical and organizational measures to protect personal information. No method of transmission or storage is completely secure; please use caution when sharing information online and keep your account credentials confidential.

15) Children

The Services are not intended for children under the age of majority in your jurisdiction. We do not knowingly collect personal information from such children. If you believe a child has provided personal information, contact us to request deletion.

16) Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information to provide and improve the Services. Shopify may process data in countries other than your own. To learn more about Shopify’s privacy practices and your rights, please refer to Shopify’s privacy policy and resources. 

17) Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal/regulatory reasons. We will post the updated version here and update the “Last updated” date above.