Privacy Policy

1. Introduction

Wlaxyronxar ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website wlaxyronxar.world and use our services.

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), applicable supplementary rules in Sweden (including the Act with supplementary provisions to the EU General Data Protection Regulation, SFS 2018:218, and related legislation), and other applicable data protection law. This notice is provided under Articles 13 and 14 GDPR where relevant.

Where processing is based on your consent, you are free to withdraw consent at any time without affecting the lawfulness of processing before withdrawal. Where processing is necessary for a contract, legal obligation, or legitimate interests, other rules apply as described below; not all use of the website requires consent.

2. Data Controller

The data controller responsible for your personal data is:

Wlaxyronxar
Bruksvägen 191
896 31 Husum
Sweden
Email: clients@wlaxyronxar.world

3. Information We Collect

3.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Fill out contact or order forms on our website
• Subscribe to our newsletter
• Contact us via email or other communication channels
• Participate in surveys or promotions

This information may include:

• Name
• Email address
• Phone number (optional)
• Shipping and billing address
• Message content

3.2 Information Collected Automatically

When you visit our website, we may automatically collect certain information, including:

• IP address
• Browser type and version
• Operating system
• Referring website
• Pages visited and time spent on pages
• Date and time of visits
• Device information

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Consent (Art. 6(1)(a)): Where required—for example, non-essential cookies, certain marketing, or where we ask you to tick a box before submitting a form.
• Contract (Art. 6(1)(b)): Processing necessary to take steps at your request before a contract, or to perform a contract (e.g. processing orders, delivery, customer service for your purchase).
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with law (e.g. accounting, tax, or regulatory obligations in Sweden or the EU).
• Legitimate Interests (Art. 6(1)(f)): Where applicable—e.g. limited website security, fraud prevention, or business analytics that do not require consent under applicable law—provided our interests are not overridden by your rights. You may object to such processing as described in Section 9.

Unless we state otherwise, providing personal data marked as required is necessary to enter into or perform a contract or to respond to your request. Optional fields are voluntary.

5. How We Use Your Information

We use the collected information for the following purposes:

• Process and fulfill your orders
• Communicate with you about your orders and inquiries
• Send marketing communications (with your consent)
• Improve our website and services
• Analyze website usage and trends
• Prevent fraud and ensure security
• Comply with legal obligations

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information with:

• Processors (service providers): Third parties that process data on our instructions (e.g. payment processors, shipping carriers, hosting, email delivery). We use written agreements (including GDPR Article 28 terms) where required.
• Independent controllers: Where you use third-party services linked from our site, their privacy notices apply separately.
• Legal requirements: When required by EU/EEA or Swedish law, court order, or competent authority.
• Business transfers: In connection with a merger, acquisition, or asset sale, subject to appropriate safeguards and notice where required.

Recipients may be located inside or outside the EEA; see Section 7 for transfers.

7. International Data Transfers

Your personal data is primarily processed within the EEA. If transferred to countries outside the EEA/UK that are not subject to an adequacy decision, we implement appropriate safeguards under GDPR Chapter V (e.g. EU Standard Contractual Clauses, supplemented measures where required by case law and guidance), unless a specific derogation applies.

You may request further information about transfers by contacting us using the details in Section 2.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Order and transaction data: 7 years (for tax and legal compliance)
• Customer inquiries: 2 years from the last interaction
• Marketing preferences: Until you withdraw consent
• Website analytics: 26 months

9. Your Rights Under GDPR

If you are in the EEA/UK or otherwise covered by GDPR, you have the following rights in relation to your personal data (subject to conditions and exceptions in the law):

• Right of access (Art. 15): Obtain confirmation of processing and a copy of your data.
• Right to rectification (Art. 16): Correct inaccurate or complete incomplete data.
• Right to erasure (Art. 17): Request deletion in certain cases ("right to be forgotten").
• Right to restriction (Art. 18): Request limitation of processing in certain circumstances.
• Right to data portability (Art. 20): Receive data you provided in a structured, commonly used, machine-readable format, where processing is based on consent or contract and is automated.
• Right to object (Art. 21): Object to processing based on legitimate interests (including profiling) or to direct marketing.
• Right to withdraw consent: Where processing is based on consent, withdraw at any time without affecting prior lawful processing.
• Right related to automated decisions: We do not make decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects on you. If that changes, we will inform you.

To exercise these rights, contact us at clients@wlaxyronxar.world. We will respond without undue delay and in any event within one month (GDPR Art. 12(3)); that period may be extended by two further months where necessary, in which case we will inform you.

You also have the right to lodge a complaint with a supervisory authority (Section 16).

10. Data Breaches

If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where required by GDPR, inform affected individuals when the risk is high.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data transmission
• Secure data storage with access controls
• Regular security assessments
• Employee training on data protection

While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our website and services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Cookies

Our website uses cookies and similar technologies. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any third-party sites you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

16. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first using the details in Section 2.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

In Sweden, the supervisory authority is the Integritetsskyddsmyndigheten (IMY) (Swedish Authority for Privacy Protection). Contact details: imy.se; Box 8114, 104 20 Stockholm, Sweden. You may also contact another EU/EEA authority if applicable.

We have not appointed a Data Protection Officer (DPO) where not mandatory under Articles 37–39 GDPR; for all privacy matters, use the contact details above.