Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for processing your personal data is:

Tholmarewrozelon
Kungsgatan 55, 111 22 Stockholm, Sweden
Email: managers@tholmarewrozelon.world
Website: https://tholmarewrozelon.world

2. What Personal Data We Collect

We collect the following categories of personal data when you use our website or place an order:

  • Identity data: full name
  • Contact data: email address, phone number (optional)
  • Communication data: messages you send through our order form
  • Technical data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit
  • Cookie data: information collected through cookies and similar technologies (see our Cookie Policy)

3. How We Collect Your Data

We collect personal data through the following methods:

  • Direct interactions: when you fill out and submit our order form
  • Automated technologies: when you browse our website, we may automatically collect technical data using cookies and server logs

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Consent (Article 6(1)(a) GDPR): you have given clear consent for us to process your personal data for the specific purposes described herein
  • Performance of a contract (Article 6(1)(b) GDPR): processing is necessary to fulfill your order or take steps at your request before entering into a contract
  • Legitimate interest (Article 6(1)(f) GDPR): processing is necessary for our legitimate business interests, such as improving our website and services, provided these interests do not override your fundamental rights and freedoms
  • Legal obligation (Article 6(1)(c) GDPR): processing is necessary to comply with applicable legal or regulatory requirements

5. Purposes of Processing

We use your personal data for the following purposes:

  • To process and fulfill your orders
  • To communicate with you regarding your orders and inquiries
  • To provide customer support
  • To improve our website, products, and services
  • To comply with legal obligations, including tax and accounting requirements
  • To analyze website usage and performance (with your consent, via analytics cookies)
  • To protect the security of our website and prevent fraud

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients when necessary:

  • Service providers: hosting providers, email service providers, and payment processors who assist us in operating our business, bound by data processing agreements
  • Legal authorities: government bodies, law enforcement, or regulators when required by applicable law or to protect our legal rights
  • Professional advisors: lawyers, accountants, and auditors where necessary for professional advice or legal compliance

All third-party service providers are required to respect the security of your personal data and treat it in accordance with the law. We only allow them to process your data for specified purposes and in accordance with our instructions.

7. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order data: retained for up to 5 years after the transaction to comply with tax and accounting obligations under Swedish law (Bokföringslagen)
  • Communication data: retained for up to 2 years following your last interaction for customer support purposes
  • Technical and analytics data: retained for up to 26 months
  • Cookie consent preferences: retained for up to 12 months

After the retention period expires, your data will be securely deleted or anonymized.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of access (Article 15): you have the right to request a copy of the personal data we hold about you
  • Right to rectification (Article 16): you have the right to request correction of inaccurate or incomplete personal data
  • Right to erasure (Article 17): you have the right to request deletion of your personal data under certain circumstances
  • Right to restriction of processing (Article 18): you have the right to request that we restrict the processing of your data in certain situations
  • Right to data portability (Article 20): you have the right to receive your data in a structured, commonly used, and machine-readable format
  • Right to object (Article 21): you have the right to object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another relevant supervisory authority

To exercise any of these rights, please contact us at: managers@tholmarewrozelon.world

We will respond to your request within 30 days. In complex cases, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for the delay.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Access controls to limit data access to authorized personnel only
  • Regular security assessments and updates
  • Secure storage of personal data with encryption at rest where applicable
  • Employee training on data protection and privacy practices

11. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

12. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy statements of each website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. The updated version will be indicated by the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Tholmarewrozelon
Kungsgatan 55, 111 22 Stockholm, Sweden
Email: managers@tholmarewrozelon.world

You may also contact the Swedish Authority for Privacy Protection (IMY) if you believe your data protection rights have been violated:

Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
Website: https://www.imy.se