Xiphranniz.world

Privacy Policy

Last updated:

Introduction

This Privacy Policy describes in detail how Xiphranniz.world ("we," "us," or "our") collects, uses, discloses, stores, and protects your personal data when you visit our website at xiphranniz.world and when you use our products and services. We are committed to transparency and compliance with the General Data Protection Regulation (GDPR), the Swedish Personal Data Act (PUL), and other applicable data protection laws. This document is designed to give you a clear understanding of your rights and our practices.

Data Controller

The data controller responsible for your personal data is:

Xiphranniz.world
Kungsgatan 51
111 22 Stockholm
Sweden

For any questions regarding your personal data, you may contact us at: admin@xiphranniz.world. We aim to respond to all data-related inquiries within 30 days.

Personal Data We Collect

We may collect the following categories of personal data, depending on how you interact with our website and services:

  • Identity data: Your first and last name, when you submit our contact form, order form, or create an account.
  • Contact data: Your email address, telephone number, and postal address, when you place an order or contact us.
  • Technical data: Your IP address, browser type and version, time zone, browser plug-in types and versions, operating system, device type, and unique device identifiers, when you visit our website.
  • Usage data: Information about how you use our website, including pages visited, time spent on pages, page interaction information (such as scrolling, clicks, and mouse-overs), navigation paths, and referring URLs.
  • Marketing and communications data: Your preferences in receiving marketing from us and your communication preferences, including consent records.
  • Consent data: Records of your cookie consent and marketing preferences, stored in accordance with applicable law.

We do not collect sensitive personal data (such as health information) unless you voluntarily provide it to us in a message or inquiry, and we will only use it for the purpose for which you provided it.

Purposes of Processing

We process your personal data for the following purposes:

  • To respond to your inquiries, process your orders, and provide customer support.
  • To fulfill and deliver orders, including processing payments and sending order confirmations.
  • To improve our website, products, and services through analytics and user feedback.
  • To comply with legal obligations, including tax, accounting, and regulatory requirements.
  • To send you marketing communications, where you have given your consent and where permitted by law.
  • To detect, prevent, and address fraud, security incidents, and technical issues.
  • To enforce our Terms of Service and protect our rights and the rights of others.

Legal Basis for Processing

Under the GDPR, we process your personal data based on one or more of the following legal bases:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose, such as cookies or marketing emails.
  • Contract: When processing is necessary to perform a contract with you (e.g., processing your order).
  • Legitimate interests: When processing is necessary for our legitimate interests (such as improving our website, preventing fraud, or ensuring security), provided your interests and rights do not override those interests.
  • Legal obligation: When we need to comply with a legal or regulatory obligation.

Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods include:

  • Contact and order data: Up to 3 years after your last interaction with us, or longer if required for legal claims, accounting, or tax purposes.
  • Technical and usage data: Up to 24 months, unless a longer retention period is required by law or for security purposes.
  • Cookie consent preferences: Until you withdraw consent, delete cookies, or until the cookies expire according to our Cookie Policy.
  • Marketing communications data: Until you unsubscribe or withdraw consent, plus a short period to process the withdrawal.

After the retention period expires, we will securely delete or anonymize your data.

Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You may request that we delete your personal data ("right to be forgotten") in certain circumstances.
  • Right to restrict processing: You may request that we limit the processing of your data in certain situations.
  • Right to data portability: You may request to receive your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
  • Right to lodge a complaint: You may lodge a complaint with a supervisory authority, such as the Swedish Data Protection Authority (Integritetsskyddsmyndigheten), or your local data protection authority.

To exercise any of these rights, please contact us at admin@xiphranniz.world. We will respond within 30 days. You may also use our cookie settings to manage your cookie preferences at any time.

Data Sharing and Transfers

We may share your personal data with the following categories of recipients:

  • Service providers who assist us with website hosting, analytics, payment processing, email delivery, and customer support, subject to contractual obligations to protect your data.
  • Professional advisers, including lawyers, auditors, and insurers, where necessary.
  • Regulatory authorities, law enforcement agencies, or other third parties when required by law or to protect our rights.

If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or adequacy decisions. You may request more information about these safeguards by contacting us.

Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS.
  • Access controls, authentication, and authorization procedures.
  • Regular security assessments and monitoring.
  • Staff training on data protection and security practices.
  • Secure storage and restricted access to personal data.

Despite our efforts, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use strong passwords and to keep your login credentials confidential.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your data.

Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Xiphranniz.world
Kungsgatan 51, 111 22 Stockholm, Sweden
Email: admin@xiphranniz.world