Privacy Policy

1. Introduction

Xexvalonsrophao ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase.

This policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Norwegian Personal Data Act (Personopplysningsloven), and other applicable data protection laws.

2. Data We Collect

2.1 Personal Data You Provide

When you interact with our website, we may collect the following personal data:

• Contact Information: Name, email address, phone number (optional), and postal address
• Order Information: Products ordered, order history, payment information
• Communication Data: Messages, inquiries, and correspondence with our support team
• Consent Records: Records of consents you have provided

2.2 Automatically Collected Data

When you visit our website, we may automatically collect:

• Technical Data: IP address, browser type and version, operating system, device type
• Usage Data: Pages visited, time spent on pages, navigation paths, referring URLs
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract Performance (Article 6(1)(b)): Processing necessary to fulfill your order and provide our services
• Consent (Article 6(1)(a)): Where you have given explicit consent for specific processing activities, such as marketing communications
• Legitimate Interests (Article 6(1)(f)): For website analytics, fraud prevention, and improving our services, where our interests do not override your rights
• Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with legal requirements

4. Purposes of Data Processing

We use your personal data for the following purposes:

• Processing and fulfilling your orders
• Communicating with you about your orders and inquiries
• Sending order confirmations, shipping notifications, and delivery updates
• Providing customer support and responding to your requests
• Sending marketing communications (with your consent)
• Improving our website, products, and services
• Analyzing website usage and performance
• Preventing fraud and ensuring security
• Complying with legal obligations

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order Data: Retained for 5 years after the last transaction for accounting and legal compliance purposes under Norwegian law
• Communication Records: Retained for 3 years after resolution for quality assurance and dispute resolution
• Marketing Preferences: Retained until you withdraw consent or unsubscribe
• Website Analytics: Aggregated data retained for 26 months; identifiable data anonymized or deleted after 14 months
• Consent Records: Retained for as long as the consent is valid plus 5 years

6. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

• Service Providers: Companies that help us deliver our services, including payment processors, shipping carriers, and email service providers
• Analytics Providers: Third-party analytics services (with your consent)
• Legal Authorities: When required by law or to protect our legal rights

We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure a similar degree of protection by implementing at least one of the following safeguards:

• Transfers to countries with adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for transfers within a corporate group

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data under certain circumstances
• Right to Restrict Processing (Article 18): Request limitation of processing of your data
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with the Norwegian Data Protection Authority (Datatilsynet)

To exercise any of these rights, please contact us at privacy@xexvalonsrophao.world. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted between your browser and our website
• Secure storage of personal data with access controls
• Regular security assessments and updates
• Staff training on data protection and security practices
• Incident response procedures for potential data breaches

10. Children's Privacy

Our website is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately, and we will take steps to delete such information.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. We encourage you to review this policy periodically.

13. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Norwegian Data Protection Authority:

Datatilsynet
Postboks 458 Sentrum
0105 Oslo, Norway
Website: www.datatilsynet.no

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Xexvalonsrophao
Bragernes Torg 1, 3017 Drammen, Norway
Email: privacy@xexvalonsrophao.world