Privacy Policy

Ghefryonthit.world ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This comprehensive Privacy Policy explains in detail how we collect, use, disclose, store, and safeguard your information when you visit our website ghefryonthit.world, place orders, or interact with our services. We comply with the General Data Protection Regulation (GDPR), the Danish Data Protection Act, and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Company: Ghefryonthit.world

Address: Vesterbrogade 6C, 1620 København V, Denmark

Country: Denmark

Email: question@ghefryonthit.world

For any questions regarding this Privacy Policy or your personal data, please contact us using the details above. We aim to respond to all inquiries within 30 days.

2. Data We Collect

We may collect the following categories of personal data, depending on your interactions with our website and services:

• Identity data: Your first name, last name, and any other identifiers you provide when placing an order or contacting us.
• Contact data: Email address, telephone number, and postal address for order fulfillment and communication.
• Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, device information, and other technology on the devices you use to access our website.
• Usage data: Information about how you use our website, including pages visited, time spent on pages, click paths, and navigation patterns.
• Communication data: Messages, inquiries, and correspondence you send to us via email, contact forms, or other channels.
• Transaction data: Details about orders you have placed, including products purchased, payment information (processed securely by our payment providers), and delivery addresses.

3. Purposes of Processing

We process your personal data for the following purposes, each supported by a lawful basis under GDPR:

• To process and fulfill your orders, including payment processing, shipping, and delivery coordination.
• To respond to your inquiries, provide customer support, and resolve any issues you may experience.
• To send order confirmations, shipping updates, and transactional communications necessary for your purchase.
• To improve our website, products, and services through analysis of usage patterns and feedback.
• To comply with legal obligations, including tax reporting, accounting, and regulatory requirements.
• To send marketing communications, where you have given explicit consent and have not withdrawn it.
• To detect, prevent, and address fraud, security issues, and other technical problems.

4. Legal Basis (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

• Contract performance: Processing necessary to fulfill our contract with you, including order processing and delivery.
• Consent: Where you have given explicit consent for specific processing activities, such as marketing emails or analytics cookies.
• Legitimate interests: To operate and improve our business, protect our rights, and provide a secure user experience, where such interests are not overridden by your rights.
• Legal obligation: To comply with applicable laws, including tax, accounting, and regulatory requirements.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are as follows:

• Order and transaction data: 7 years from the date of the transaction, in accordance with Danish accounting and tax legislation.
• Contact inquiries and correspondence: 2 years from the date of last contact, unless a longer retention period is required for legal purposes.
• Marketing consent records: Until you withdraw consent, plus a short period to record the withdrawal.
• Technical and access logs: Up to 12 months, unless a shorter period is sufficient for security purposes.
• Cookie data: As specified in our Cookie Policy, typically up to 24 months for analytics and marketing cookies.

After the retention period expires, we securely delete or anonymize your data so that it can no longer be associated with you.

6. Your Rights

Under the GDPR and Danish Data Protection Act, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you, along with information about how we process it.
• Right to rectification: Request correction of any inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten") in certain circumstances, such as when the data is no longer necessary or you withdraw consent.
• Right to restriction: Request that we limit how we process your data in certain situations.
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Right to object: Object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint: Lodge a complaint with a supervisory authority. In Denmark, the relevant authority is Datatilsynet (www.datatilsynet.dk).

To exercise any of these rights, please contact us at question@ghefryonthit.world. We will respond within one month. We may need to verify your identity before processing your request.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• HTTPS encryption (TLS/SSL) for all data transmitted between your browser and our servers.
• Secure storage with access controls and encryption where appropriate.
• Regular security assessments and updates to our systems.
• Limited access to personal data on a strict need-to-know basis for authorized personnel only.
• Training for staff on data protection and security best practices.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining high standards.

8. Data Sharing

We may share your personal data with the following categories of recipients, only when necessary and under appropriate safeguards:

• Payment processors: To complete transactions securely. These providers are PCI-DSS compliant and process data according to their own privacy policies.
• Shipping and logistics providers: To deliver your orders. We share only the data necessary for delivery (name, address, contact details).
• Service providers: Companies that assist our operations, such as hosting, analytics, and customer support tools. We use data processing agreements to ensure they process data only on our instructions and in compliance with applicable law.
• Legal and regulatory authorities: When required by law, court order, or to protect our rights and the rights of others.

We do not sell your personal data to third parties. We do not share your data for marketing purposes with third parties unless you have given explicit consent.

9. International Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries recognized as providing adequate protection by the European Commission.

10. Children's Privacy

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact

For privacy-related questions, to exercise your rights, or to report a data breach:

Email: question@ghefryonthit.world

Address: Vesterbrogade 6C, 1620 København V, Denmark