Privacy Policy

Last updated:

1. Introduction

Welcome to Draxylonbrozen. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services.

This policy is designed to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

• Company Name: Draxylonbrozen
• Address: Kullstavägen 7, 844 31 Hammarstrand, Sweden
• Email: reply@draxylonbrozen.world
• Country: Sweden

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide

• Full name
• Email address
• Phone number (optional)
• Delivery address
• Messages and communications

3.2 Automatically Collected Information

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referral source
• Cookie data (see our Cookie Policy)

4. Purposes of Processing

We process your personal data for the following purposes:

• To process and fulfill your orders
• To communicate with you about your orders and inquiries
• To send you marketing communications (with your consent)
• To improve our website and services
• To comply with legal obligations
• To protect our legitimate interests

4.1 Purpose and Legal Basis Mapping

• Order processing, payment, delivery, and after-sales support: Performance of a contract (GDPR Art. 6(1)(b))
• Accounting and tax record keeping: Legal obligation (GDPR Art. 6(1)(c))
• Fraud prevention and website security: Legitimate interests (GDPR Art. 6(1)(f))
• Email marketing and non-essential cookies: Consent (GDPR Art. 6(1)(a))

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to fulfill our contractual obligations to you
• Consent: Where you have given explicit consent for specific purposes
• Legal obligation: Processing necessary to comply with applicable laws
• Legitimate interests: Processing necessary for our legitimate business interests, provided they are not overridden by your rights

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order and transaction data: 7 years (for tax and accounting purposes)
• Marketing data: Until you withdraw consent or unsubscribe
• Website analytics: 26 months
• Customer service communications: 3 years

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Request limitation of processing
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time

To exercise any of these rights, please contact us at reply@draxylonbrozen.world. We may request reasonable information to verify your identity before fulfilling your request.

8. Data Sharing and Third Parties

We may share your personal data with:

• Payment processors for transaction processing
• Shipping and logistics providers for order delivery
• Analytics providers for website improvement
• Legal authorities when required by law

We ensure that all third parties process your data in accordance with GDPR requirements and have appropriate data protection agreements in place.

8.1 Data Processing Agreements

Where third parties act as processors on our behalf, we maintain written data processing agreements that require confidentiality, security controls, and GDPR-compliant handling of personal data.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure server infrastructure
• Access controls and authentication
• Regular security assessments
• Employee training on data protection

11. Cookies

Our website uses cookies and similar technologies. Non-essential cookies (such as analytics and marketing cookies) are used only after your consent. You can change your preferences at any time via the "Manage Cookies" option on the website. For details, please refer to our Cookie Policy.

12. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. For Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): https://www.imy.se/.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: reply@draxylonbrozen.world
• Address: Kullstavägen 7, 844 31 Hammarstrand, Sweden