Privacy Policy

1. Introduction

This Privacy Policy explains how Cholmarewyxap ("we", "us", or "our") collects, uses, stores, and protects your personal data when you visit our website at https://cholmarewyxap.world (the "Website") or use our services. We are committed to ensuring that your privacy is protected in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Norwegian Personal Data Act (Personopplysningsloven), and other applicable data protection laws.

By using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please refrain from using the Website.

2. Data Controller

The data controller responsible for the processing of your personal data is:

• Company Name: Cholmarewyxap
• Address: Karl Johans gate 20, 0159 Oslo, Norway
• Email: feedback@cholmarewyxap.world
• Website: https://cholmarewyxap.world

If you have any questions about how we process your personal data, or if you wish to exercise your rights, please contact us using the details above.

3. What Personal Data We Collect

We may collect the following categories of personal data when you interact with our Website:

3.1 Data You Provide Directly

• Contact information: Full name, email address, and phone number (if provided) when you submit our order form.
• Message content: Any messages, inquiries, or special requests you include in the order form.
• Consent records: Records of your consent to data processing and our policies.

3.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage data: Pages visited, time spent on pages, referring URLs, click patterns, and navigation paths.
• Cookie data: Information collected through cookies and similar technologies (see our Cookie Policy for details).

4. Purposes of Data Processing

We process your personal data for the following purposes:

• Order processing: To receive, review, confirm, and fulfill your orders for our products.
• Communication: To respond to your inquiries, send order confirmations, shipping updates, and provide customer support.
• Website operation: To ensure the proper functioning, security, and performance of our Website.
• Analytics: To understand how visitors use our Website and to improve our content, layout, and user experience (only with your consent).
• Marketing: To send promotional communications about our products (only with your explicit consent, and you can withdraw at any time).
• Legal compliance: To comply with applicable laws, regulations, and legal obligations, including tax and accounting requirements.
• Fraud prevention: To detect and prevent fraudulent activities and protect our legitimate interests.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

• Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as analytics cookies and marketing communications.
• Contractual necessity (Art. 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract (e.g., order processing).
• Legal obligation (Art. 6(1)(c)): Where processing is necessary for compliance with legal obligations to which we are subject (e.g., tax regulations, consumer protection laws).
• Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests, such as improving our Website, preventing fraud, and ensuring security, provided these interests are not overridden by your rights and freedoms.

6. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

• Service providers: Third-party companies that provide services on our behalf, such as web hosting, email delivery, payment processing, and analytics. These providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection laws.
• Shipping partners: Logistics and delivery companies to fulfill and deliver your orders.
• Legal authorities: Government agencies, courts, or regulatory bodies when required by law, legal process, or to protect our rights.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions by the European Commission confirming the recipient country provides an adequate level of protection.
• Other lawful transfer mechanisms as permitted under the GDPR.

You may request further information about the safeguards in place by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. Specific retention periods include:

• Order data: Retained for up to 5 years after the order date, as required by Norwegian bookkeeping and tax laws (Bokføringsloven).
• Communication records: Retained for up to 2 years after the last communication, unless a longer period is required for legal purposes.
• Consent records: Retained for as long as the consent remains valid and for up to 3 years after withdrawal, for documentation purposes.
• Analytics data: Aggregated and anonymized analytics data may be retained indefinitely. Identifiable analytics data is retained for up to 26 months.
• Cookie data: Retention periods vary by cookie type. See our Cookie Policy for details.

When personal data is no longer needed, we securely delete or anonymize it.

9. Your Rights Under GDPR

Under the GDPR and Norwegian data protection law, you have the following rights regarding your personal data:

• Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you and information about how it is processed.
• Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You have the right to request deletion of your personal data, subject to certain legal exceptions.
• Right to restriction (Art. 18): You have the right to request restriction of processing in certain circumstances.
• Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Art. 7): Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at feedback@cholmarewyxap.world. We will respond to your request within 30 days, as required by law.

10. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website usage. For detailed information about the types of cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

11. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption (TLS/SSL) for all data transmitted between your browser and our Website.
• Secure server infrastructure with access controls and firewalls.
• Regular security assessments and updates to our systems.
• Access to personal data restricted to authorized personnel only, on a need-to-know basis.
• Contractual obligations on third-party service providers to maintain appropriate security standards.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our Website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

13. Links to Third-Party Websites

Our Website may contain links to external websites that are not operated by us. We are not responsible for the content regarding, or the privacy practices of, third-party websites. We encourage you to review the privacy policies of any external websites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.