1. Introduction and Scope
Shrexxonvorthral ("we", "us", "our") operates the website shrexxonvorthral.world (the "Website"). We are committed to protecting your personal data and to full compliance with applicable data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the "General Data Protection Regulation" or "GDPR"), the Danish Data Protection Act (Databeskyttelsesloven, LBK nr. 502 af 23/05/2018), and any national implementing or supplementary legislation.
This Privacy Policy provides a comprehensive explanation of how we collect, use, store, disclose, and protect your personal data when you visit our Website, place an order, subscribe to our communications, or otherwise interact with us. It also sets out your rights under applicable law and how you may exercise them. We encourage you to read this policy carefully and to contact us if you have any questions.
2. Data Controller and Contact Details
The data controller responsible for determining the purposes and means of processing your personal data is:
Shrexxonvorthral
Hovedvejen 101
2600 Glostrup
Denmark
Email: support@shrexxonvorthral.world
Phone: +45 43 96 00 20
You may contact us at any time regarding your personal data or this Privacy Policy. We aim to respond to all enquiries within a reasonable timeframe and in any event within the periods required by law.
3. Categories of Personal Data We Collect
3.1 Data You Provide Directly to Us
- Identity data: Full name, title (if provided).
- Contact data: Email address, telephone number (if provided), postal address for delivery and invoicing.
- Transaction data: Order details (products ordered, quantities, prices), delivery preferences, and payment-related information. Note: Payment card details are processed directly by our payment service providers; we do not store full card numbers on our systems.
- Communications data: Correspondence, enquiries, complaints, and feedback you send to us via contact forms, email, postal mail, or other channels.
- Consent and preference data: Records of your consent to our Terms of Service, Privacy Policy, marketing communications, and cookie usage; and any preferences you express.
3.2 Data Collected Automatically
- Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access the Website.
- Usage data: Information about how you use the Website, including pages visited, time spent on pages, navigation paths, clickstream data, referral sources, and interaction with content.
- Cookie and similar technologies data: As described in our Cookie Policy, including data stored in cookies, local storage, and similar technologies.
3.3 Data from Third Parties
We may receive personal data about you from third parties in limited circumstances, for example: (a) from payment service providers in connection with transaction verification; (b) from delivery partners regarding delivery status; or (c) from publicly available sources where relevant for fraud prevention or legal compliance.
4. Purposes and Legal Bases for Processing
We process your personal data only where we have a lawful basis to do so. The table below sets out the purposes for which we process your data and the corresponding legal bases under the GDPR.
| Purpose | Legal basis (GDPR) |
|---|---|
| Processing and fulfilling orders, including payment and delivery | Article 6(1)(b) – performance of a contract |
| Customer service, responding to enquiries and complaints | Article 6(1)(b) – performance of a contract; Article 6(1)(f) – legitimate interests |
| Website operation, maintenance, and security (e.g. preventing fraud, ensuring availability) | Article 6(1)(f) – legitimate interests |
| Compliance with legal obligations (e.g. tax, accounting, consumer law, anti-money laundering) | Article 6(1)(c) – legal obligation |
| Analytics and improvement of our services and user experience | Article 6(1)(a) – consent; Article 6(1)(f) – legitimate interests (where applicable) |
| Direct marketing (e.g. newsletters, promotions) where you have opted in | Article 6(1)(a) – consent |
Where we rely on legitimate interests (Article 6(1)(f)), our interests include: operating and improving our Website and services; ensuring security and preventing fraud; providing efficient customer service; and defending legal claims. We have balanced these interests against your rights and freedoms and consider that our processing is necessary and proportionate. You have the right to object to processing based on legitimate interests (see Section 8 below).
5. Data Retention Periods
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, or reporting requirements. Specific retention periods are as follows:
- Order and transaction data: 5 years from the end of the financial year in which the transaction occurred, in accordance with the Danish Bookkeeping Act (Bogføringsloven) and tax legislation.
- Customer service and communications data: 3 years from the last contact, unless a longer retention period is required for the establishment, exercise, or defence of legal claims.
- Marketing consent records: For the duration of your consent; thereafter, we retain records of consent for up to 3 years as evidence of compliance.
- Cookie and analytics data: As specified in our Cookie Policy.
- Technical and security logs: Up to 12 months, unless a shorter or longer period is required for security or legal purposes.
After the applicable retention period has expired, we will delete or anonymise your personal data so that it can no longer be used to identify you.
6. Recipients of Your Data and International Transfers
We may share your personal data with the following categories of recipients:
- Service providers (data processors): Payment processors, delivery and logistics partners, IT and hosting providers, email and communication service providers. We enter into data processing agreements with such processors to ensure they process your data only on our instructions and in accordance with applicable law.
- Professional advisers: Lawyers, accountants, auditors, and insurers when necessary for the provision of their services.
- Public authorities: Tax authorities, consumer protection bodies, data protection authorities, and other public bodies when required by law or to protect our legal rights.
We do not sell your personal data to third parties. Where we transfer personal data to countries outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as: (a) adequacy decisions by the European Commission; (b) standard contractual clauses approved by the European Commission; or (c) other mechanisms recognised under the GDPR. You may request further information about such transfers by contacting us.
7. Security Measures
We implement appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk, including protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. These measures include:
- Encryption: Encryption of data in transit using HTTPS/TLS protocols.
- Access controls: Restricted access to personal data on a need-to-know basis; strong authentication where applicable.
- Security monitoring: Regular security assessments, vulnerability scanning, and monitoring of systems.
- Staff training: Training for staff on data protection and information security.
- Backup and recovery: Regular backups and disaster recovery procedures.
Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of any passwords or account credentials.
8. Your Rights Under the GDPR
Under the GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15): You may request a copy of the personal data we hold about you and information about how we process it.
- Right to rectification (Article 16): You may request that we correct inaccurate or incomplete personal data.
- Right to erasure (Article 17): You may request deletion of your personal data in certain circumstances, e.g. where the data is no longer necessary, you withdraw consent, or you object to processing.
- Right to restriction of processing (Article 18): You may request that we restrict processing in certain situations, e.g. where you contest the accuracy of the data or the lawfulness of processing.
- Right to data portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
- Right to object (Article 21): You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
To exercise any of these rights, please contact us at support@shrexxonvorthral.world. We will respond without undue delay and in any event within one month of receipt of your request. That period may be extended by up to two further months where necessary, taking into account the complexity and number of requests. We may require proof of identity before processing your request.
You have the right to lodge a complaint with a supervisory authority. In Denmark, the supervisory authority is the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk. You may also lodge a complaint in the EU/EEA country of your residence, place of work, or place of the alleged infringement.
9. Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making (including profiling) that produces legal effects concerning you or similarly significantly affects you.
10. Children
Our Website and services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.
11. Third-Party Links
Our Website may contain links to third-party websites. We are not responsible for the privacy practices of such third parties. We encourage you to read the privacy policies of any third-party sites you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically. Continued use of the Website after changes constitutes acceptance of the updated policy, except where further consent is required by law.
13. Contact
For any questions about this Privacy Policy or our processing of your personal data, please contact us at:
Shrexxonvorthral
Hovedvejen 101, 2600 Glostrup, Denmark
Email: support@shrexxonvorthral.world
Phone: +45 43 96 00 20