Privacy Policy for Vraxylonshak.world

Controller and contact channels

The controller responsible for processing is Vraxylonshak.world, registered correspondence address Postgatan 26, 411 06 Göteborg, Sweden. The primary channel for privacy questions and rights requests is ask@vraxylonshak.world. Please include enough context for us to verify your identity without over-collecting data. If you prefer postal mail, mark the envelope “Privacy” and reference any order number you may have.

We do not require you to create an account to read informational pages. When you voluntarily submit the hero form, you become the originator of a data subject request or commercial inquiry, and we process the fields you complete according to this Policy.

Categories of personal data

Depending on how you engage with us, we may process identity and contact details (name, email, phone if provided, shipping address for orders), transaction metadata (order identifiers, payment status from our payment partners, delivery confirmations), communication content (free-text messages, attachments you send), technical identifiers (IP address, device type, browser version, approximate location derived at country or city level), cookie identifiers when you consent to optional cookies, and internal notes created by staff when resolving tickets.

We avoid collecting special categories of data (such as health information) through the public form. If you voluntarily disclose health context, we restrict internal access and delete it when no longer needed for the conversation unless a separate legal ground applies.

Purposes of processing

We process data to fulfill orders, communicate about shipments, respond to questions, manage refunds, improve website stability, measure aggregated traffic when permitted, comply with accounting and tax rules, defend legal claims, and document consent for optional marketing or analytics tools. Each purpose is tied to a legal basis described in the next section.

We do not sell personal data for money. If we run digital advertising, we rely on processor agreements and, where required, your consent for any non-essential tracking.

Legal bases under Article 6 GDPR

• Contract (Art. 6(1)(b)): processing necessary to conclude or perform a purchase, including payment orchestration and delivery.
• Legitimate interests (Art. 6(1)(f)): securing the site, detecting fraud, analyzing aggregated usage in a privacy-preserving way, and training staff, balanced against your rights.
• Legal obligation (Art. 6(1)(c)): bookkeeping, tax filings, and cooperation with competent authorities when compelled.
• Consent (Art. 6(1)(a)): optional cookies, certain newsletters, or surveys that go beyond core service delivery.

Where consent is the basis, you may withdraw it without affecting prior lawful processing. Withdrawing consent may limit features such as personalized campaign measurement.

Retention schedules

Accounting records and invoices are generally retained for seven years to satisfy Swedish bookkeeping legislation. Marketing consents and mailing list entries remain until you unsubscribe or withdraw consent, after which we delete or irreversibly anonymize contact data within thirty days except where proof of consent must be kept longer.

Customer service transcripts and email threads are usually kept for twenty-four months after the last substantive message unless a dispute requires a longer evidence window. Server logs rotate after ninety days unless a security investigation is active. Cookie consent logs are stored for up to twenty-four months to demonstrate compliance.

Processors and categories of recipients

We engage infrastructure, email delivery, payment, logistics, analytics (if consented), and customer-support tooling providers. Each processor signs a data processing agreement, implements confidentiality duties, and may only subprocess with our authorization or statutory permission.

Tax advisors, auditors, or legal counsel may receive limited extracts when their professional role requires it. Courts or regulators may compel disclosure; we review the scope of such requests carefully.

International transfers

If data leaves the European Economic Area, we implement Standard Contractual Clauses, supplementary measures such as encryption in transit, and vendor due diligence. We monitor regulatory developments affecting transfers to the United States and other jurisdictions.

Security measures

We use TLS for website traffic, role-based access inside the organization, unique credentials, periodic access reviews, and contractual security annexes with vendors. While we implement reasonable safeguards, no internet transmission is perfectly secure. If a breach likely risks your rights, we notify IMY and, when required, affected individuals without undue delay.

Your GDPR rights

You may request access, rectification, erasure, restriction, data portability (for automated processing based on contract or consent), and objection to processing grounded on legitimate interests. You may lodge a complaint with IMY or another EU supervisory authority. To exercise rights, email ask@vraxylonshak.world with a clear description; we may ask proportionate verification questions.

Automated decision-making that produces legal or similarly significant effects solely by profiling is not part of the standard Easeva purchase path.

Children

Easeva products target adults. We do not knowingly collect data from children under sixteen without parental authority. If you believe a minor submitted data, contact us so we can delete it promptly.

Policy updates

We revise this document when our processing activities or applicable law change. Significant updates appear on this page and, when appropriate, we notify active customers by email. Continued use of optional services after notice may require renewed consent where the law demands it.

Printed reference: Vraxylonshak.world · Postgatan 26, 411 06 Göteborg, Sweden · ask@vraxylonshak.world · Last browser-rendered calendar date: