Privacy Policy

Last updated: 12 March 2025

1. Controller and contact details

The controller responsible for the processing of your personal data in connection with this website is:

Graxylonzyath
Address: Helmholtzstraat 57, 1098 LE Amsterdam, Netherlands
Email: office@graxylonzyath.world
Phone: +31204682724

If you have questions about this Privacy Policy or about how we process your data, you can contact us using the details above.

2. Scope and applicability

This Privacy Policy applies to the website graxylonzyath.world and to all personal data we collect, use and store when you use our website, place orders, contact us or interact with our services. It describes what data we collect, for what purposes, on what legal basis, for how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable laws in the Netherlands and the European Union.

3. What personal data we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email address, telephone number (if you provide it), and delivery address when you place an order or contact us.
• Transaction and order data: order details, payment-related information (we do not store full payment card numbers; payment processing may be handled by third-party providers subject to their own privacy policies).
• Communication data: content of messages you send us via contact forms, email or other channels.
• Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar technical data that your browser or device sends when you use our website. We may also use cookies and similar technologies as described in our Cookie Policy.

We do not collect special categories of personal data (such as health data) unless you voluntarily provide them in a message and we need them to respond to your request. In that case we will use them only for the purpose you indicated and in accordance with the law.

4. Purposes and legal basis for processing

We process your personal data only for specified, explicit and legitimate purposes. The main purposes and legal bases are:

• Performance of a contract (Art. 6(1)(b) GDPR): to process and deliver your orders, manage your account (if applicable), and provide customer support related to purchases.
• Legitimate interests (Art. 6(1)(f) GDPR): to operate and improve our website, prevent fraud and abuse, ensure security of our systems, and communicate with you about your orders or enquiries. Our legitimate interests are balanced against your rights and we do not use your data in ways that would override your interests.
• Consent (Art. 6(1)(a) GDPR): where we ask for your consent, for example for non-essential cookies, marketing communications or other optional processing. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal obligation (Art. 6(1)(c) GDPR): where we must retain or disclose data to comply with laws (e.g. tax, consumer law) in the Netherlands or the EU.

5. How we collect your data

We collect data:

• Directly from you when you fill in forms (e.g. order form, contact form), when you contact us by email or phone, or when you subscribe to communications.
• Automatically when you use our website (e.g. technical and usage data, cookies as set out in our Cookie Policy).
• From third parties only where necessary (e.g. payment providers for transaction status, or delivery services for delivery status), in line with their privacy policies and applicable law.

6. Data retention

We keep your personal data only for as long as necessary for the purposes for which it was collected and to comply with legal obligations.

• Order and transaction data: generally for the duration of the contractual relationship plus a period required by Dutch and EU law (e.g. tax and consumer law, typically up to 7 years where required).
• Contact and communication data: for the time needed to handle your request and any follow-up, and where relevant for legal claims or obligations.
• Technical and access logs: for a limited period necessary for security and troubleshooting (e.g. up to 12 months), unless a longer period is required by law.
• Cookie and analytics data: as described in our Cookie Policy.
• Marketing data (where consent was given): until you withdraw consent or object, and then only as needed for legal obligations.

After the retention period, we delete or anonymise your data so that it can no longer be attributed to you.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. These include:

• Use of HTTPS (TLS/SSL) for all pages to encrypt data in transit.
• Restricting access to personal data to authorised personnel who need it for their duties.
• Secure handling and storage of data, including where we use service providers (we choose providers that offer adequate safeguards).
• Regular review of our security practices and updating them as appropriate.

Despite our efforts, no transmission or storage over the internet can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

8. Sharing and disclosure of data

We do not sell your personal data. We may share your data only in the following cases:

• Service providers: with processors that help us run our website, process orders, send emails, or provide support (e.g. hosting, payment, delivery). We ensure that such processors are bound by contract to use the data only as we instruct and to protect it appropriately.
• Legal requirements: when required by law, court order or authority (e.g. in the Netherlands or EU), or when necessary to protect our rights, your safety or the safety of others.
• Business transfers: in the event of a merger, acquisition or sale of assets, your data may be transferred to the successor, subject to the same privacy commitments.

We do not transfer your personal data to countries outside the European Economic Area (EEA) unless we have put in place appropriate safeguards (e.g. standard contractual clauses or an adequacy decision) as required by GDPR.

9. Your rights under GDPR

Under the GDPR and applicable Dutch law, you have the following rights in relation to your personal data:

• Right of access (Art. 15): you can ask us to confirm whether we process your data and to provide a copy of your data and relevant information about the processing.
• Right to rectification (Art. 16): you can ask us to correct inaccurate or complete incomplete data.
• Right to erasure (Art. 17): you can ask us to delete your data in certain circumstances (e.g. when it is no longer necessary, when you withdraw consent, or when it was processed unlawfully), subject to exceptions (e.g. legal obligations).
• Right to restriction of processing (Art. 18): you can ask us to restrict processing in certain situations (e.g. while we verify accuracy or while you object).
• Right to data portability (Art. 20): where processing is based on contract or consent and is carried out by automated means, you can ask to receive your data in a structured, commonly used and machine-readable format, or to have it transmitted to another controller where technically feasible.
• Right to object (Art. 21): you can object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests. You may also object at any time to processing for direct marketing.
• Right to withdraw consent: where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. In the Netherlands, the competent authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us using the contact details in section 1. We will respond without undue delay and in any event within one month, subject to possible extensions where permitted by law. We may need to verify your identity before processing your request.

10. Children

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the law or our website. The "Last updated" date at the top will be revised when we make changes. We encourage you to review this page periodically. Where changes are material, we may notify you by email or a notice on our website where appropriate.

12. Additional information

For information about cookies and similar technologies used on this website, please see our Cookie Policy. For the terms governing the use of our website and services, see our Terms of Service.

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Graxylonzyath, Helmholtzstraat 57, 1098 LE Amsterdam, Netherlands. Email: office@graxylonzyath.world, Phone: +31204682724.