Privacy Policy

Last updated:

1. Introduction

Xytharelvimxul ("we," "us," or "our"), operated at the domain xytharelvimxul.world, is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website or use our services.

This policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Swedish Data Protection Act (Dataskyddslag 2018:218), and other applicable data protection laws.

2. Data Controller

The data controller responsible for the processing of your personal data is:

  • Company Name: Xytharelvimxul
  • Address: Södergatan 15, 211 34 Malmö, Sweden
  • Email: help-center@xytharelvimxul.world
  • Website: https://xytharelvimxul.world

3. What Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide Directly

  • Contact Information: Full name, email address, phone number (if voluntarily provided)
  • Order Information: Messages and preferences submitted through our order form
  • Consent Records: Records of consents you have given (e.g., GDPR consent, cookie preferences)

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device type
  • Usage Data: Pages visited, time spent on pages, referring website, click patterns
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

  • Consent (Art. 6(1)(a)): When you have given explicit consent for specific processing activities, such as receiving marketing communications or enabling optional cookies.
  • Contractual Necessity (Art. 6(1)(b)): When processing is necessary for the performance of a contract with you, such as processing your order.
  • Legal Obligation (Art. 6(1)(c)): When we are required to process data to comply with legal obligations, such as tax and accounting requirements.
  • Legitimate Interest (Art. 6(1)(f)): When processing is necessary for our legitimate interests, such as improving our services, fraud prevention, and website security, provided these interests are not overridden by your rights.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and fulfill your orders
  • To communicate with you about your orders, inquiries, and requests
  • To provide customer support
  • To improve our website, products, and services
  • To analyze website usage and performance
  • To comply with legal and regulatory obligations
  • To send you information about our products if you have given consent
  • To detect and prevent fraud or unauthorized access

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients only when necessary:

  • Service Providers: Companies that help us operate our website, process payments, fulfill orders, and provide customer support. These providers are contractually obligated to protect your data.
  • Legal Authorities: When required by law, regulation, legal process, or governmental request.
  • Analytics Providers: Third-party analytics services to help us understand website usage (only if you have consented to analytics cookies).

All third-party service providers are required to process your data in accordance with GDPR and our instructions.

7. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If any data transfer outside the EEA is necessary, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order Data: Retained for up to 7 years after the last transaction to comply with Swedish accounting and tax obligations (Bokföringslagen 1999:1078).
  • Contact and Communication Data: Retained for up to 3 years after your last interaction with us, unless a longer retention is required by law.
  • Consent Records: Retained for as long as the consent is valid and for up to 5 years after withdrawal for compliance documentation.
  • Cookie Data: Retention periods vary by cookie type. See our Cookie Policy for details.
  • Analytics Data: Anonymized and retained for up to 26 months.

When data is no longer needed, it is securely deleted or anonymized.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of Access (Art. 15): You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): You have the right to request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction of Processing (Art. 18): You have the right to request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se or any other relevant supervisory authority.

To exercise any of these rights, please contact us at: help-center@xytharelvimxul.world. We will respond to your request within 30 days, as required by GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure storage with access controls
  • Regular security assessments and updates
  • Staff training on data protection practices
  • Incident response procedures for data breaches

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and within 72 hours where feasible, in accordance with Article 33 and 34 of the GDPR.

11. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

12. Links to Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

  • Email: help-center@xytharelvimxul.world
  • Address: Södergatan 15, 211 34 Malmö, Sweden
  • Website: https://xytharelvimxul.world