How long will it take to receive my order?

Typically, it takes 3-5 business days to receive your order. We’re doing our best to deliver it promptly for you.

How to track my order?

Please track your order at our Tracking page https://17track.net/en

Do you ship internationally?

Yes, we do ship internationally. The shipping fee may vary depending on your location.

I never got my order, what to do?

Please make sure you tracked your order from our Tracking page. Or contact us via mail.

What is your return policy?

Please check our return/refund/exchange policy here.

Can I exchange an item?

You can exchange an item with a higher-price item or the same item with a different size. See detailed policy here.

GDPR

Privacy Notice (GDPR) – Casebob Sweden (2025)

Effective date: 2025-08-08 Scope: This notice explains how Casebob Sweden (“Casebob”, “we”, “us”) collects and processes personal data when you visit casebob.com, place orders, contact support, subscribe to communications, or interact with us through our websites, emails, or social channels.

Who we are (controller)

Controller: Casebob Sweden
Address: Fjällbo Park 23B, 415 74 Göteborg, Sweden
Organisation number: 790713-4931
VAT: SE790713493101
Email: hello@casebob.com
Data Protection Officer: Not appointed. Contact us via hello@casebob.com for data protection matters.

2. What data we collect A) Data you provide

Identification and contact: name, email, phone, billing and shipping addresses
Account data: login details, preferences, saved items
Order and support: order contents, transaction references, messages to support
Marketing choices: newsletter opt-in/out, communication preferences
Documentation you choose to share: e.g., return photos, warranty claims

B) Data collected automatically

Device and usage: IP address, device identifiers, browser and OS, pages viewed, time stamps, referral URLs
Approximate location (derived from IP)
Cookies and similar technologies (pixels, SDKs) as described in our Cookie Policy

C) Data from third parties

Payment status and fraud signals from payment providers
Delivery status from carriers and logistics partners
Customer acquisition and campaign performance from marketing/advertising partners (aggregated where possible)
Basic identity or address verification from verification or anti-fraud services
Public or commercially available sources (e.g., address standardization databases)

3. Purposes and legal bases We process personal data only when we have a lawful basis under GDPR.

Provide the website and basic functions: legitimate interests (operate and improve our services)
Account registration and management: contract; legitimate interests (smooth user experience)
Order processing, delivery, and returns: contract; legal obligation (consumer and accounting laws)
Payments: contract; legal obligation (tax, bookkeeping). Card details are processed by our payment providers; we do not store full card numbers or CVCs.
Customer support and communications: contract; legitimate interests (respond to queries, quality assurance)
Security, fraud prevention, and abuse detection: legitimate interests; legal obligation where applicable
Analytics to improve site performance and products: consent for non-essential cookies/analytics; legitimate interests for strictly necessary analytics and debugging
Direct marketing (email/SMS/push): consent. For existing customers, we may rely on legitimate interests for marketing similar products (you can opt out at any time)
Compliance with law, requests from authorities, dispute handling: legal obligation; legitimate interests (establish, exercise, defend legal claims)

Where we rely on consent, you can withdraw it at any time via the unsubscribe link, Cookie Settings, or by contacting us.

4. Is providing data mandatory?

Required to purchase: contact details, delivery address, and payment confirmation are necessary to complete your order. If you do not provide these, we cannot fulfill the contract.
Optional: marketing preferences, certain profile details, and non-essential cookies are optional.

5. Recipients (categories) of personal data We share data only as needed, under confidentiality and data processing agreements where required.

Payment service providers and banks (e.g., card processors, invoicing/BNPL providers)
E-commerce platform, hosting, and cloud infrastructure providers
Fulfilment centers, warehouses, carriers, and returns handlers
Customer support and communication tools (email service providers, chat/ticketing systems)
Analytics, A/B testing, and marketing/advertising partners (only with your consent for non-essential cookies)
Professional advisers (accountants, auditors, legal counsel)
Public authorities and courts when required by law or to protect our rights

6. International data transfers Some recipients are outside the EEA. When we transfer data internationally, we use one of the following:

An adequacy decision by the European Commission (including the EU–US Data Privacy Framework where the recipient is certified), or
Standard Contractual Clauses (SCCs) with supplementary measures as needed. You can contact us for a copy of the relevant transfer safeguards.

7. Retention periods We keep personal data only as long as necessary for the purposes above, then delete or irreversibly anonymize it.

Orders, invoices, and bookkeeping records: retained for 7 years after the end of the financial year (required by Swedish Bookkeeping Act/Bokföringslagen)
Customer account: kept while the account is active; deleted or anonymized after 24 months of inactivity unless we must retain specific data by law
Customer support correspondence: up to 3 years after last interaction (longer if needed for disputes/warranty)
Marketing data (consent records, email activity): until you withdraw consent or opt out; we keep minimal logs of consent/opt-out for up to 3 years to demonstrate compliance
Security and server logs: typically 12 months, longer if investigating incidents
Cookies: per lifespan listed in our Cookie Policy

8. Your GDPR rights

Access: request a copy of your personal data
Rectification: correct inaccurate or incomplete data
Erasure: delete data in the situations set out in Article 17 GDPR
Restriction: limit processing in certain cases
Portability: receive data you provided in a machine-readable format and transmit it to another controller
Object: object to processing based on legitimate interests, including profiling for direct marketing
Withdraw consent: at any time, without affecting prior lawful processing

To exercise your rights, email hello@casebob.com. We respond within one month; this may be extended by up to two months for complex requests. We may ask for information to verify your identity. Exercising rights is free of charge, except for manifestly unfounded or excessive requests.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): www.imy.se, Box 8114, 104 20 Stockholm, imy@imy.se.

9. Cookies and similar technologies We use cookies, pixels, and similar technologies to run our site, measure performance, and personalize content/ads.

Non-essential cookies (e.g., analytics, marketing) are used only with your prior consent. You can change or withdraw consent at any time via “Cookie Settings” on our site.
Details of each cookie category, provider, purpose, and lifespan are described in our Cookie Policy.

Children’s privacy Our services are not directed to children under 13. We do not knowingly collect personal data from children under 13 without verified parental consent (the digital consent age in Sweden is 13). If you believe a child has provided data, contact us to delete it.
Automated decision-making and profiling We do not use automated decision-making that produces legal or similarly significant effects. We may use limited profiling to:

Tailor marketing communications and on-site recommendations (with your consent for marketing cookies)
Assess fraud risk and secure transactions (our legitimate interests) You can object to profiling for direct marketing at any time.

Data security We apply administrative, technical, and physical safeguards appropriate to the risk, including access controls, encryption in transit and at rest where feasible, network segmentation, secure development practices, backups, and vendor due diligence. Payments are processed by PCI DSS–compliant providers; we do not store full card numbers or CVCs. No system is perfectly secure, but we continuously work to enhance our security.
Third-party links and services Our site may link to third-party sites or services with their own privacy policies. We are not responsible for their practices; review their notices before providing personal data.
Changes to this notice We may update this notice to reflect legal or operational changes. The latest version is posted on this page with an updated effective date. We will inform you of material changes in a reasonable manner (e.g., email notice or site banner).

How to contact us

Email: hello@casebob.com
Address: Casebob Sweden, Fjällbo Park 23B, 415 74 Göteborg, Sweden
Business hours: 08:00–17:00 CEST, Monday–Friday

Notes for your implementation

Ensure your Cookie Policy and consent banner list each cookie/tool, provider, purpose, and lifespan, with granular choices (e.g., Essential, Analytics, Marketing).
Replace generic “payment provider,” “hosting,” “analytics,” and “marketing” references with your actual vendors in your internal records and, if you wish, in the public policy (transparency best practice).
If you begin hosting user-generated content, add a short section on takedown/reporting and copyright complaints (outside this policy).
If you appoint a DPO or change your company details, update Section 1.