Privacy Policy

1. Introduction and Data Controller

Quythraxmychulai.world operates the website quythraxmychulai.world and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our services. We act as the data controller for all personal data processed through this site.

Contact details:

Quythraxmychulai.world
De Lairessestraat 40hs
1071 PB Amsterdam
Netherlands
Email: admin@quythraxmychulai.world

2. Purposes of Data Processing

We process your personal data for the following purposes:

• Order fulfillment: To process and fulfil orders for Ulvera and related products, including shipping and delivery coordination.
• Customer support: To respond to your inquiries, complaints, and requests.
• Communication: To send order confirmations, updates, and essential service-related messages.
• Website functionality: To enable core features such as navigation, forms, and cookie consent management.
• Security: To protect against fraud, abuse, and security threats.
• Legal compliance: To meet tax, accounting, and regulatory obligations.
• Analytics (with consent): To understand how visitors use our site and improve our services.

3. Categories of Data We Collect

We may collect the following categories of personal data:

• Identity data: Name, when you submit the order form or contact us.
• Contact data: Email address, and optionally postal address or phone number.
• Transaction data: Details of orders and payments.
• Technical data: IP address, browser type and version, device information, and time zone.
• Usage data: How you interact with our website, including pages visited and time spent.
• Communications data: Message content when you contact us via forms or email.
• Cookie data: As described in our Cookie Policy.

4. Legal Basis Under the GDPR

We process your data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws. Our legal bases include:

• Contract: Processing necessary to perform our contract with you (e.g. order fulfillment).
• Consent: Where you have given explicit consent (e.g. analytics and marketing cookies).
• Legitimate interest: For security, fraud prevention, website operation, and improving our services.
• Legal obligation: For tax, accounting, and regulatory compliance.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Order and transaction data: Up to 7 years for legal and accounting requirements.
• Customer communications: Up to 3 years after the last interaction.
• Marketing data: Until you withdraw consent or request erasure.
• Analytics data: Up to 26 months, aggregated where possible.
• Security logs: Up to 12 months.

6. Your Rights Under the GDPR

You have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data (right to be forgotten).
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.
• Right to lodge a complaint: Lodge a complaint with a supervisory authority (e.g. the Dutch Data Protection Authority).

To exercise these rights, contact us using the details above. We will respond within one month.

7. Data Recipients and Sharing

We may share your data with:

• Payment processors: To process payments securely.
• Shipping and logistics providers: To fulfil and deliver orders.
• IT and hosting providers: Under data processing agreements ensuring GDPR compliance.
• Legal and regulatory authorities: When required by law.

We do not sell your personal data to third parties.

8. International Data Transfers

If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, or adequacy decisions. We will inform you of any such transfers and the safeguards applied.

9. Security Measures

We implement technical and organizational measures to protect your data:

• HTTPS encryption for all data transmitted between your device and our servers.
• Access controls, authentication, and authorization procedures.
• Regular security assessments and updates.
• Limited access to personal data on a need-to-know basis.
• Training of personnel on data protection and security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via the website or email where appropriate. The "Last updated" date indicates when this version was last revised. We encourage you to review this policy periodically.

11. Contact

For privacy-related inquiries or to exercise your rights: Quythraxmychulai.world, De Lairessestraat 40hs, 1071 PB Amsterdam, Netherlands. Email: admin@quythraxmychulai.world