Dloxarinxaria.world
Legal

Privacy Policy

Last updated:

01

Data Controller

The data controller responsible for your personal data is Dloxarinxaria.world, a company registered and operating in Norway. We are committed to protecting your privacy and ensuring transparency in all data processing activities.

Dloxarinxaria.world

Vetrlidsallmenningen 11

5014 Bergen

Norway

Email: admin@dloxarinxaria.world

02

Categories of Personal Data We Collect

We collect and process the following categories of personal data to provide our services and comply with legal obligations:

  • Contact data: name, email address, telephone number (when provided), and postal address for delivery purposes.
  • Communication data: the content of messages you send via our contact forms, email correspondence, and any feedback you provide.
  • Order and transaction data: purchase history, payment information (processed securely by our payment providers), and order status.
  • Technical data: IP address, browser type and version, operating system, device type, referring URLs, and pages visited on our site.
  • Cookie data: preferences, session information, and usage analytics as described in our Cookie Policy.
  • Marketing preferences: your choices regarding promotional communications and consent records.
03

Purposes and Legal Bases for Processing

We process your personal data for the following purposes, each supported by a lawful basis under the General Data Protection Regulation (GDPR):

  • Order fulfillment: to process orders, arrange shipping, and provide customer support (legal basis: contract performance, Article 6(1)(b) GDPR).
  • Communication: to respond to enquiries, send order confirmations, and provide product information (legal basis: contract performance and legitimate interests).
  • Service improvement: to analyze website usage, optimize performance, and develop new features (legal basis: legitimate interests, Article 6(1)(f) GDPR).
  • Marketing: to send promotional offers and newsletters where you have given consent (legal basis: consent, Article 6(1)(a) GDPR).
  • Legal compliance: to satisfy accounting, tax, and regulatory requirements (legal basis: legal obligation, Article 6(1)(c) GDPR).
  • Security and fraud prevention: to protect our systems and detect fraudulent activity (legal basis: legitimate interests).
04

Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined above, or as required by law. Our retention schedule is as follows:

  • Order and transaction data: 7 years from the end of the financial year, in accordance with Norwegian accounting and bookkeeping legislation.
  • Contact form and correspondence data: 24 months from the last contact, or until you request deletion, whichever is sooner.
  • Marketing and consent records: until you withdraw consent, plus a short period to evidence compliance.
  • Cookie and analytics data: as specified in our Cookie Policy, typically between 12 and 24 months depending on the cookie type.
  • Technical and access logs: up to 90 days for security and troubleshooting purposes.

When retention periods expire, we securely delete or anonymize your data so that it can no longer identify you.

05

Your Rights Under GDPR

Under the General Data Protection Regulation (EU) 2016/679 and the Norwegian Personal Data Act, you have the following rights in relation to your personal data:

  • Right of access (Article 15): You may request a copy of the personal data we hold about you and information about how we process it.
  • Right to rectification (Article 16): You may request correction of any inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You may request deletion of your personal data in certain circumstances ("right to be forgotten").
  • Right to restriction of processing (Article 18): You may request that we limit how we use your data in specific situations.
  • Right to data portability (Article 20): You may request to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.

To exercise any of these rights, please contact us at admin@dloxarinxaria.world. We will respond within 30 days of receiving your request.

06

Data Sharing and Recipients

We do not sell your personal data to third parties. We may share your data with the following categories of recipients when necessary:

  • Payment service providers: to process payments securely. These providers are PCI DSS compliant and process data in accordance with their privacy policies.
  • Shipping and logistics partners: to deliver your orders. We share only the data necessary for delivery.
  • Analytics providers: to analyze website usage. We use such services only where you have given consent.
  • Professional advisers: lawyers, auditors, and consultants where required for legal or business purposes.
  • Public authorities: when required by law or to protect our legal rights.

All processors and sub-processors are bound by data processing agreements that require them to protect your data in line with GDPR and our instructions.

07

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • HTTPS/TLS encryption for all data transmitted between your browser and our servers.
  • Secure access controls, including role-based permissions and authentication requirements.
  • Regular security assessments and penetration testing of our systems.
  • Encryption of sensitive data at rest where appropriate.
  • Staff training on data protection and security best practices.
  • Incident response procedures to detect, report, and address data breaches.
08

International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). Where we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission.
  • Standard Contractual Clauses approved by the European Commission.
  • Binding Corporate Rules where applicable.
09

Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

10

Contact Us

For any questions regarding this Privacy Policy or your personal data, please contact:

Email: admin@dloxarinxaria.world

Address: Vetrlidsallmenningen 11, 5014 Bergen, Norway