Privacy Policy

This Privacy Policy explains how Varnorexshimau ("we", "us", "our") collects, uses, stores and protects personal data when you visit our website at varnorexshimau.world or place an order for Glavatrix. We are committed to processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Swedish Data Protection Act (Dataskyddslagen 2018:218).

1. Data Controller

The data controller responsible for your personal data is:

• Company: Varnorexshimau
• Address: Svedengatan 1, 582 73 Linköping, Sweden
• Phone: +46 77 520 00 00
• Email: write-to-us-@varnorexshimau.world

2. Personal Data We Collect

We collect personal data you provide directly when:

• Completing the order form: full name, email address, phone number, and any message submitted.
• Communicating with us via email or phone.

We also collect certain data automatically via cookies and similar tracking technologies (see our Cookie Policy):

• IP address, browser type and version, operating system.
• Pages visited, time spent on pages, referring URLs.
• Device identifiers (for analytics purposes only, where consent is given).

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Art. 6:

• Performance of a contract (Art. 6(1)(b)): To process and fulfil your order, arrange delivery and respond to enquiries.
• Consent (Art. 6(1)(a)): To send optional marketing communications and to use non-essential analytics cookies. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): To comply with applicable accounting, tax and consumer protection laws.
• Legitimate interests (Art. 6(1)(f)): To improve our website and services, prevent fraud and ensure security.

4. How We Use Your Data

• To process and deliver your order for Glavatrix.
• To communicate with you about your order, including confirmations and delivery updates.
• To respond to your questions or requests.
• To analyse website usage and improve our service (only where consent is given for analytics cookies).
• To comply with legal and regulatory obligations.

5. Data Retention

We retain your personal data for the following periods:

• Order data: 7 years, as required by Swedish accounting law (Bokföringslagen 1999:1078).
• Customer correspondence: Up to 3 years from the date of last contact.
• Analytics data: Up to 26 months, in line with standard analytics provider settings, where consent is given.
• Consent records: Up to 5 years from the date consent was recorded.

After these periods, data is securely deleted or anonymised.

6. Data Sharing and Transfers

We do not sell your personal data. We may share data with trusted third parties strictly necessary to fulfil our services:

• Delivery partners: To arrange shipment of your order within Sweden.
• Payment processors: To process payments securely.
• IT and hosting providers: For website operation and data storage.
• Legal and regulatory authorities: Where required by applicable law.

All third-party processors are bound by data processing agreements. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15): Request a copy of your personal data.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17): Request deletion of your data where no legitimate grounds remain.
• Right to restriction (Art. 18): Request that we limit our processing of your data.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at the details below. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at www.imy.se.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These include HTTPS encryption, access controls, regular security reviews and secure data processing agreements with all third parties.

9. Cookies

We use cookies on this website. For full details about the types of cookies we use, their purposes and how to manage your preferences, please see our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent update is shown at the top of this page. We encourage you to review this policy periodically.