Privacy Policy

1. Data controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Khodraxnchepur
Klarabergsgatan 64
111 21 Stockholm
Sweden

Email: touch@khodraxnchepur.world
Phone: +46 771 450 450

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us using the details above.

2. Overview and legal basis

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website https://khodraxnchepur.world (the "Website") and our services. We process personal data in accordance with:

• Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR")
• Swedish supplementary legislation, including the Swedish Data Protection Act (SFS 2018:218) and the Swedish Act on Electronic Communications (SFS 2003:389) where applicable

We process your data only where we have a lawful basis: performance of a contract, consent, legitimate interest, or legal obligation, as explained in the relevant sections below.

3. Personal data we collect and purposes

3.1 Data you provide to us

When you place an order, use our contact form, or get in touch with us, we may collect:

• Name – to address you and fulfil the order (contract)
• Email address – for order confirmation, shipping updates, and replies to your enquiries (contract / consent)
• Phone number (if provided) – for delivery-related contact (contract / consent)
• Message content (if provided) – to respond to your requests (contract / legitimate interest)
• Consent to terms and privacy – to document your agreement (legal obligation / legitimate interest)

Purpose: Order processing, delivery, customer service, and compliance with legal and contractual obligations.

3.2 Data collected automatically

When you visit our Website, we may automatically collect:

• IP address – for security, fraud prevention, and (if applicable) analytics
• Browser type and version, device type, operating system – to ensure compatibility and improve the website
• Date and time of access, pages viewed, referrer URL – for technical operation and, where you have consented, analytics

Legal basis: Legitimate interest (security, operation of the website) or, where required, consent (e.g. analytics cookies).

3.3 Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Strictly necessary cookies do not require consent; analytics and marketing cookies are used only with your consent.

4. Retention periods

We keep your personal data only for as long as necessary for the purposes stated in this policy or as required by law:

• Order and customer data: For the duration of the contractual relationship and thereafter for up to 7 years for accounting, tax, and legal claims (Swedish Bookkeeping Act and limitation periods).
• Contact and enquiry data: Until your request is resolved, and for a reasonable period thereafter for follow-up and legal defence (typically up to 2 years unless longer retention is required by law).
• Consent records: For as long as necessary to demonstrate compliance (typically up to 3 years after the last interaction).
• Server and access logs (IP, etc.): Typically up to 12 months for security and troubleshooting, unless a longer period is required for legal or regulatory reasons.
• Cookie-related data: As specified in our Cookie Policy.

After the retention period, we delete or anonymise the data so that it can no longer identify you.

5. Recipients and transfers of data

We may share your personal data with:

• Payment and fulfilment partners – to process payments and ship orders (processors acting on our instructions).
• IT and hosting providers – to operate and secure the Website (processors, typically within the EU/EEA).
• Authorities – when required by law (e.g. tax, police, data protection supervisory authority).

We do not sell your personal data. If we transfer data to countries outside the EU/EEA, we ensure appropriate safeguards (e.g. EU Standard Contractual Clauses or adequacy decision) in accordance with the GDPR.

6. Security measures

We implement technical and organisational measures to protect your personal data, including:

• Use of HTTPS (TLS/SSL) for all pages to prevent mixed content and ensure encrypted transmission.
• Access controls and restrictions so that only authorised personnel can access personal data.
• Secure storage and processing environments for our systems and any processors we use.
• Regular review of our practices and, where appropriate, updates to security and privacy measures.

Despite these measures, no transmission or storage over the internet can be guaranteed to be 100% secure. We encourage you to use strong passwords and keep your contact details up to date.

7. Your rights under the GDPR

Under the GDPR and Swedish law, you have the following rights in relation to your personal data:

• Right of access (Art. 15 GDPR): You may request a copy of the personal data we hold about you and information about how we process it.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") (Art. 17 GDPR): You may request deletion of your data where the legal basis for processing no longer applies (e.g. withdrawal of consent, no overriding legitimate interest, or unlawful processing).
• Right to restriction of processing (Art. 18 GDPR): You may request that we limit how we use your data in certain situations (e.g. while accuracy is contested or you need the data for legal claims).
• Right to data portability (Art. 20 GDPR): Where processing is based on contract or consent and carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format, or to have it transmitted to another controller where technically feasible.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interest. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, or for the establishment, exercise or defence of legal claims.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Sweden, the authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): www.imy.se. You may also complain in the EU member state of your residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us using the details in section 1. We will respond without undue delay and in any event within one month, subject to possible extensions where permitted by law. We may need to verify your identity before processing your request.

8. Minors

Our Website and services are not directed at persons under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us and we will take steps to delete it.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The "Last updated" date at the top will be revised when we make changes. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on the Website where appropriate.

10. Contact

For any questions about this Privacy Policy or our processing of your personal data:

Khodraxnchepur
Klarabergsgatan 64, 111 21 Stockholm, Sweden
Email: touch@khodraxnchepur.world
Phone: +46 771 450 450