Privacy Policy

Last updated: · Applies to quimnarrfroz.world

1. Data controller

The data controller responsible for the processing of your personal data is:

Quimnarrfroz
Låsbomsgatan 27, 589 41 Linköping, Sweden
Telephone: +46 13 13 28 08
Email: inquiry-@quimnarrfroz.world

All references to "we", "us" or "our" in this policy refer to the above entity.

2. Data we collect

We may collect the following categories of personal data:

  • Identity data: full name provided in the order form.
  • Contact data: email address and, if provided, telephone number.
  • Order and communication data: messages and notes submitted via the contact or order form.
  • Technical data: IP address, browser type and version, time zone, operating system, and pages visited, collected automatically via server logs or analytics.
  • Cookie data: preferences and usage data collected via cookies as described in our Cookie Policy.

We do not intentionally collect special category data (e.g. health, biometric or genetic data) and ask that you do not submit such information through our forms.

3. Purposes and legal bases

We process your personal data only where we have a valid legal basis under Article 6 of the GDPR:

  • Order processing (Article 6(1)(b) — performance of a contract): We use your name, email and phone to process your order inquiry, respond to your request and arrange delivery.
  • Legal compliance (Article 6(1)(c)): We retain certain records to comply with applicable Swedish and EU law, including tax and consumer protection legislation.
  • Legitimate interests (Article 6(1)(f)): We may process technical data to maintain the security and performance of our website, and to detect and prevent fraud.
  • Consent (Article 6(1)(a)): Where you have given specific consent (e.g. for marketing communications or analytics cookies), we will process data on that basis. Consent may be withdrawn at any time.

4. Retention periods

We retain personal data only as long as necessary for the purpose for which it was collected:

  • Order and contact data: retained for up to 36 months from the date of last interaction, then deleted or anonymised.
  • Financial and tax records: retained for 7 years in accordance with Swedish accounting law (Bokföringslagen).
  • Technical logs: retained for up to 12 months.
  • Cookie consent records: retained for up to 12 months from the date of consent.

5. Disclosure to third parties

We do not sell, rent or trade your personal data. We may share data with:

  • Service providers (e.g. hosting, email delivery, analytics) who process data on our behalf under data processing agreements in line with GDPR requirements.
  • Authorities when required by applicable law, court order or regulatory obligation.

Any third-party processors are required to implement appropriate technical and organisational security measures and may not use your data for their own purposes.

6. International transfers

We primarily process data within the European Economic Area (EEA). Where any transfer outside the EEA is necessary, we ensure it is covered by an adequacy decision from the European Commission or by appropriate safeguards such as Standard Contractual Clauses as required under Chapter V of the GDPR.

7. Your rights under GDPR

As a data subject under the GDPR you have the following rights:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): You may ask us to delete your data in certain circumstances ("right to be forgotten").
  • Right to restriction (Art. 18): You may ask us to restrict processing in certain circumstances.
  • Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at inquiry-@quimnarrfroz.world. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish supervisory authority: Integritetsskyddsmyndigheten (IMY), Box 8114, 104 20 Stockholm, www.imy.se.

8. Security measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include HTTPS encryption for all data in transit, access controls and regular security reviews. No method of transmission over the internet is completely secure; we cannot guarantee absolute security but will notify you and the relevant authority in the event of a personal data breach as required by law.

9. Cookies

We use cookies and similar technologies on our website. Full details of the cookies we use, their purposes and how you can manage your preferences are set out in our Cookie Policy.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically. Continued use of our website following any update constitutes acceptance of the revised policy.

11. Contact

For any questions, requests or complaints relating to this Privacy Policy or our data processing practices, please contact us:

Quimnarrfroz
Låsbomsgatan 27, 589 41 Linköping, Sweden
Telephone: +46 13 13 28 08
Email: inquiry-@quimnarrfroz.world