Privacy Policy

1. Introduction and Our Commitment

We at Thalfyrophythrax.world are deeply committed to protecting your privacy and ensuring the security of your personal data. This comprehensive Privacy Policy explains in detail how we collect, use, store, share, and protect your information when you visit our website or interact with our services. Our practices are designed to comply with the EU General Data Protection Regulation (GDPR), the Norwegian Personal Data Act, and other applicable data protection legislation.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy. We encourage you to review this document periodically, as we may update it to reflect changes in our practices or legal requirements.

2. Legal Basis for Processing

We process personal data only when we have a valid legal basis. Our processing activities rely on the following grounds under GDPR Article 6:

• Consent: When you voluntarily submit contact forms, subscribe to our communications, or accept non-essential cookies, you provide explicit consent for that specific processing.
• Contract performance: When you place an order or request a quotation, we process your data to fulfil the contract and deliver our products and services.
• Legitimate interests: We may process data for purposes such as website security, fraud prevention, improving our services, and conducting analytics (where permitted and with appropriate safeguards).
• Legal obligations: We retain and process data when required by law, including tax, accounting, and regulatory compliance.

3. Types of Data We Collect

We collect several categories of personal data, depending on how you interact with us:

Contact and identification data: When you contact us or place an order, we collect your name, email address, and any message content you provide. For order fulfilment, we may also collect your postal address and phone number.

Technical and usage data: When you visit our website, we automatically collect your IP address, browser type and version, device type, operating system, pages visited, referring URL, and timestamps. This helps us understand how our site is used and improve its performance.

Cookie data: With your consent, we use cookies and similar technologies. Details are set out in our Cookie Policy.

Sensitive data: We do not routinely collect sensitive personal data (such as health information, religious beliefs, or political opinions). If you voluntarily include such information in a message, we will process it only with your explicit consent and for the purpose you specified.

4. Purposes of Processing

We use your personal data for the following purposes:

• Responding to your enquiries, order requests, and support questions
• Processing and delivering orders, including payment and shipping
• Providing, maintaining, and improving our website and services
• Sending order confirmations, shipping updates, and essential service communications
• Conducting analytics to understand usage patterns and improve user experience (only with your consent)
• Sending marketing communications where you have opted in (you may withdraw consent at any time)
• Ensuring security, preventing fraud, and complying with legal obligations

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Enquiry and contact data: Up to 24 months after your last contact, unless a longer retention period is required for legal or regulatory reasons.
• Order data: 5 years from the end of the fiscal year in which the transaction occurred, for tax and accounting compliance.
• Cookie and analytics data: As specified in our Cookie Policy; typically up to 26 months for analytics.
• Marketing preferences: Until you withdraw consent or request deletion.

After the retention period expires, we securely delete or anonymise your data so that it can no longer identify you.

6. Data Security

We implement robust technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption for all data transmitted between your browser and our servers
• Secure, industry-standard hosting infrastructure with regular security updates
• Access controls and authentication to limit data access to authorised personnel only
• Regular security assessments and monitoring
• Employee training on data protection and confidentiality

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to applying best practices.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate or incomplete data.
• Right to erasure: You may request deletion of your data where there is no compelling reason for us to retain it.
• Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
• Right to data portability: You may request a machine-readable copy of your data to transfer to another service provider.
• Right to object: You may object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: You may lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority.

To exercise any of these rights, please contact us at admin@thalfyrophythrax.world. We will respond within one month.

8. Data Sharing and Recipients

We do not sell, rent, or trade your personal data. We may share your data with:

• Service providers: Hosting providers, email services, payment processors, and shipping carriers who act as data processors under our instructions and under data processing agreements.
• Legal and regulatory authorities: When required by law or to protect our rights and the rights of others.

All processors are contractually obliged to protect your data and use it only for the purposes we specify.

9. International Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, or adequacy decisions confirming that the destination country provides an adequate level of data protection.

10. Contact Us

For any privacy-related enquiries, to exercise your rights, or to report a concern, please contact us: