Privacy Policy

1. Introduction

Welcome to Ghakleonscyx. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ghakleonscyx.world and purchase our products.

This policy is compliant with the General Data Protection Regulation (GDPR), the Norwegian Personal Data Act (personopplysningsloven), and other applicable data protection laws in Norway and the European Economic Area (EEA).

2. Data Controller Information

The data controller responsible for your personal data is:

• Company Name: Ghakleonscyx
• Address: Rondevegen 770, 2632 Venabygd, Norway
• Email: helpdesk@ghakleonscyx.world
• Country: Norway

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide

• Identity Data: Full name
• Contact Data: Email address, phone number (optional), delivery address
• Transaction Data: Order details, payment information, purchase history
• Communication Data: Messages, feedback, and correspondence with us

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system
• Usage Data: Pages visited, time spent on pages, navigation paths
• Cookie Data: Information collected through cookies and similar technologies

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract Performance: Processing necessary to fulfill your order and deliver products
• Consent: When you have given explicit consent for marketing communications
• Legitimate Interests: For improving our services, website security, and fraud prevention
• Legal Obligation: When required by law, such as for tax and accounting purposes

5. Purpose of Data Processing

We use your personal data for the following purposes:

• Processing and fulfilling your orders
• Communicating with you about your orders and inquiries
• Providing customer support
• Sending marketing communications (with your consent)
• Improving our website and services
• Detecting and preventing fraud
• Complying with legal obligations

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order Data: Retained for 7 years for accounting and legal compliance
• Marketing Data: Retained until you withdraw consent or unsubscribe
• Technical Data: Retained for up to 12 months for analytics purposes
• Customer Support Data: Retained for 3 years after the last interaction

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us at helpdesk@ghakleonscyx.world.

We will respond to your request without undue delay and at the latest within one (1) month of receipt. If we need to extend this period (e.g. due to the complexity of the request), we will inform you within one month and may extend by up to two further months, stating the reasons.

You also have the right to object to decisions based solely on automated processing, including profiling, where such processing produces legal effects concerning you or similarly significantly affects you. We do not currently make such decisions.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure server infrastructure
• Access controls and authentication procedures
• Regular security assessments and updates
• Staff training on data protection

9. Data Sharing and Third Parties

We may share your personal data with:

• Service Providers: Payment processors, shipping companies, and IT service providers
• Legal Authorities: When required by law or to protect our legal rights

We do not sell your personal data to third parties. All third-party service providers are contractually bound to protect your data and use it only for specified purposes.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify Datatilsynet (Norwegian Data Protection Authority) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in such a risk
• Notify you without undue delay when the breach is likely to result in a high risk to your rights and freedoms, so that you can take necessary precautions

We maintain internal records of all breaches (including those not reported), in accordance with our legal obligations.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. When this occurs, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission

12. Cookies

We use cookies and similar technologies on our website. For detailed information about how we use cookies, please see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet), P.O. Box 458 Sentrum, NO-0105 Oslo, Norway (www.datatilsynet.no), or another supervisory authority in your country of residence in the EEA.