Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for processing your personal data is:

Graxylonzit
Amagertorv 16, 1160 København K, Denmark
Email: correspondence@graxylonzit.world
Website: https://graxylonzit.world

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Full name as provided through our order form.
  • Contact Data: Email address and, optionally, phone number.
  • Communication Data: Any messages or inquiries you submit through our contact or order forms.
  • Technical Data: IP address, browser type and version, operating system, time zone setting, browser plug-in types and versions, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website, including pages visited, time spent on pages, navigation paths, and click patterns.
  • Cookie Data: Data collected through cookies and similar tracking technologies, as described in our Cookie Policy.

3. How We Collect Your Data

We collect personal data through the following methods:

  • Direct interactions: When you fill out our order form, subscribe to communications, or contact us via email.
  • Automated technologies: As you navigate our website, we may automatically collect Technical Data and Usage Data through cookies, server logs, and similar technologies.
  • Third-party sources: We may receive Technical Data from analytics providers and advertising networks.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a) GDPR): Where you have given clear consent for us to process your personal data for specific purposes, such as sending marketing communications or setting non-essential cookies.
  • Contract Performance (Article 6(1)(b) GDPR): Where processing is necessary to fulfill a contract with you or to take steps at your request prior to entering into a contract, such as processing your order.
  • Legitimate Interests (Article 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, such as improving our website, preventing fraud, and ensuring network security, provided these interests do not override your fundamental rights.
  • Legal Obligation (Article 6(1)(c) GDPR): Where processing is necessary to comply with a legal obligation to which we are subject.

5. Purposes of Data Processing

We use your personal data for the following purposes:

  • To process and manage your orders and inquiries.
  • To communicate with you regarding your orders, including confirmation emails and customer support.
  • To operate, maintain, and improve our website and services.
  • To analyze website usage and user behavior for the purpose of improving user experience.
  • To comply with legal and regulatory obligations.
  • To prevent fraud and ensure the security of our website.
  • To send marketing communications where you have provided consent (you may withdraw consent at any time).

6. Data Sharing and Third Parties

We may share your personal data with the following categories of third parties:

  • Service Providers: Companies that provide services on our behalf, such as web hosting, email delivery, payment processing, and analytics. These providers process data only on our instructions and are contractually bound to protect your data.
  • Legal Authorities: Government bodies, law enforcement agencies, or other authorities where required by applicable law or regulation.
  • Professional Advisors: Lawyers, auditors, and insurers where necessary for legal, audit, or insurance purposes.

We do not sell your personal data to third parties. Any data sharing is conducted in compliance with GDPR and applicable Danish data protection legislation (the Danish Data Protection Act, Databeskyttelsesloven).

7. International Data Transfers

Where we transfer personal data outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Transfers to countries with an adequacy decision by the European Commission.
  • Other legally recognized transfer mechanisms under GDPR.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Order Data: Retained for a period of 5 years from the date of the transaction for accounting and legal compliance purposes, in accordance with Danish bookkeeping requirements (Bogføringsloven).
  • Communication Data: Retained for up to 2 years from the date of the last communication unless a longer period is required for legal purposes.
  • Technical and Usage Data: Retained for up to 26 months from the date of collection.
  • Marketing Consent: Retained until you withdraw your consent.

After the applicable retention period, your data will be securely deleted or anonymized.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR and the Danish Data Protection Act:

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to Restriction (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet), Borgergade 28, 5., 1300 København K, Denmark. Website: www.datatilsynet.dk.

To exercise any of these rights, please contact us at: correspondence@graxylonzit.world.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Use of HTTPS/TLS encryption for all data transmitted between your browser and our servers.
  • Secure storage of personal data with access controls limiting access to authorized personnel only.
  • Regular security assessments and updates to our systems and processes.
  • Employee training on data protection and confidentiality obligations.

While we take all reasonable steps to ensure the security of your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

11. Cookies

Our website uses cookies and similar technologies. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

12. Children's Privacy

Our website and products are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any material changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Graxylonzit
Amagertorv 16, 1160 København K, Denmark
Email: correspondence@graxylonzit.world