Xomtyraxtrshak

Privacy Policy

Last Updated: January 1, 2024

1. Introduction

Xomtyraxtrshak ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://xomtyraxtrshak.world and use our services.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Norwegian Personal Data Act (Personopplysningsloven).

2. Data Controller

The data controller responsible for your personal data is:

Xomtyraxtrshak
Nydalsveien 33
0484 Oslo, Norway
Phone: +47 22 89 50 00
Email: customer@xomtyraxtrshak.world

3. Personal Data We Collect

3.1 Information You Provide Directly

When you place an order or contact us, we collect:

  • Full name
  • Email address
  • Phone number
  • Delivery address
  • Payment information (processed securely by third-party payment processors)
  • Any messages or communications you send to us

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Referring website
  • Pages visited and time spent on pages
  • Date and time of visit
  • Device information

3.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information, please see our Cookies Policy.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing is necessary to fulfill our contract with you when you place an order (GDPR Art. 6(1)(b))
  • Consent: You have given explicit consent for specific processing activities, such as marketing communications (GDPR Art. 6(1)(a))
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention and website security (GDPR Art. 6(1)(f))
  • Legal Obligation: Processing is necessary to comply with legal obligations, such as tax and accounting requirements (GDPR Art. 6(1)(c))

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Processing and fulfilling your orders
  • Communicating with you about your order status
  • Providing customer support
  • Processing payments and preventing fraud
  • Sending you marketing communications (with your consent)
  • Improving our website and services
  • Analyzing website usage and customer behavior
  • Complying with legal obligations
  • Protecting our legal rights and preventing misuse

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

6.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

  • Payment processors (for secure payment processing)
  • Shipping and logistics companies (for order delivery)
  • Email service providers (for communications)
  • Web hosting providers (for website infrastructure)
  • Analytics providers (for website analysis)

6.2 Legal Requirements

We may disclose your data when required by law, court order, or government regulation, or to protect our rights, property, or safety.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

We do not sell your personal data to third parties for their marketing purposes.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Order data: 5 years (for accounting and legal compliance)
  • Marketing consent: Until you withdraw consent or 3 years of inactivity
  • Website analytics: 26 months
  • Customer support communications: 3 years

After the retention period expires, we will securely delete or anonymize your personal data.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access (Art. 15)

You have the right to obtain confirmation of whether we process your personal data and to receive a copy of your data.

9.2 Right to Rectification (Art. 16)

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Art. 17)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary or you withdraw consent.

9.4 Right to Restriction of Processing (Art. 18)

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data.

9.5 Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

9.6 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you have the right to withdraw your consent at any time.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, workplace, or where an alleged infringement occurred.

In Norway, the supervisory authority is:
Datatilsynet (Norwegian Data Protection Authority)
Website: www.datatilsynet.no
Email: postkasse@datatilsynet.no

9.9 Exercising Your Rights

To exercise any of these rights, please contact us at customer@xomtyraxtrshak.world. We will respond to your request within one month.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • SSL/TLS encryption for data transmission
  • Secure server infrastructure with firewalls
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Employee training on data protection
  • Secure backup procedures
  • Incident response procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

12. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Xomtyraxtrshak
Nydalsveien 33
0484 Oslo, Norway
Phone: +47 22 89 50 00
Email: customer@xomtyraxtrshak.world