Ghelroxxgharvynn

Privacy Policy

Last updated: 5 March 2025

1. Data controller and contact details

The data controller responsible for your personal data in connection with this website is:

Ghelroxxgharvynn
Mall of Tripla, Firdonkatu 2 B
00520 Helsinki
Finland

Contact: welcome@ghelroxxgharvynn.world

Phone: +358 97 745 620

If you have questions about this Privacy Policy or about how we process your personal data, you may contact us using the details above.

2. Scope and legal basis

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website https://ghelroxxgharvynn.world (the "Website") and our services. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (1050/2018, as amended), and other applicable data protection laws.

Personal data means any information relating to an identified or identifiable natural person. We process personal data only where we have a lawful basis: your consent, performance of a contract, compliance with a legal obligation, or our legitimate interests where they are not overridden by your rights.

3. Personal data we collect and purposes

3.1 Data you provide to us

  • Contact and order data: When you place an order or contact us (e.g. name, email address, phone number, postal address, message content), we use this data to process your order, communicate with you, and fulfil our contractual and pre-contractual obligations. Legal basis: contract performance, and where relevant consent or legitimate interest (e.g. customer service).
  • Consent and preferences: If you give consent (e.g. for marketing or non-essential cookies), we process the related data in accordance with that consent. Legal basis: consent.

3.2 Data collected automatically

  • Technical and usage data: When you visit the Website, we may collect technical data such as IP address, browser type and version, device type, operating system, referring URL, pages visited, and approximate time of access. We use this to operate the website, ensure security, and improve our services. Legal basis: legitimate interest (secure and efficient operation of the website) or, where required by law, consent.
  • Cookies and similar technologies: We use cookies and similar technologies as described in our Cookie Policy. Strictly necessary cookies do not require consent; for others we rely on your consent where required by law.

4. Retention periods

We keep your personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

  • Order and customer data: For the duration of the contractual relationship and thereafter for the period required by Finnish law for accounting and tax (e.g. typically at least 6 years from the end of the financial year).
  • Contact and support: For the time needed to handle your request and any follow-up, and where relevant for the periods above if the contact relates to a contract.
  • Marketing and consent-based processing: Until you withdraw consent or object, or until we no longer need the data for the stated purpose, subject to any longer retention required by law.
  • Technical and access logs: For a limited period necessary for security and troubleshooting (e.g. up to 12 months), unless a longer period is required by law.
  • Cookie-related data: As set out in our Cookie Policy.

After the retention period, we delete or anonymise the data so that it no longer identifies you.

5. Your rights under the GDPR

If you are in the European Economic Area (including Finland), you have the following rights in relation to your personal data:

  • Right of access (Article 15): You may request a copy of the personal data we hold about you and information about how we process it.
  • Right to rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You may request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent where consent was the basis).
  • Right to restriction of processing (Article 18): You may request that we limit how we use your data in certain situations.
  • Right to data portability (Article 20): Where processing is based on contract or consent and is carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format, or to have it transmitted to another controller where technically feasible.
  • Right to object (Article 21): You may object to processing based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing.
  • Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or place of the alleged infringement. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), https://tietosuoja.fi.

To exercise any of these rights, please contact us using the contact details in section 1. We will respond within the time limits set by the GDPR (generally one month). We may need to verify your identity before processing your request.

6. Recipients and international transfers

We may share your personal data with:

  • Service providers who process data on our behalf (e.g. hosting, payment, shipping, email delivery), under strict contractual obligations to protect your data and use it only for the purposes we specify.
  • Public authorities where we are legally obliged to do so (e.g. tax, law enforcement).

Your data is processed within the European Economic Area (EEA). If we transfer data outside the EEA, we will ensure appropriate safeguards are in place (e.g. adequacy decision, standard contractual clauses, or other mechanisms approved under the GDPR).

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Use of HTTPS and encryption in transit for the Website.
  • Restricted access to personal data on a need-to-know basis.
  • Secure storage and access controls for our systems and databases.
  • Regular review of our security practices and, where applicable, contracts with processors that require adequate security.

While we strive to protect your data, no transmission or storage over the internet can be guaranteed to be completely secure. We encourage you to use strong passwords and keep your own devices secure.

8. Children

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such data.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the law, or the Website. The "Last updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material or affect how we use your data in a way that requires your consent under applicable law, we will seek your consent or provide other notice as required.

10. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact us:

Ghelroxxgharvynn
Mall of Tripla, Firdonkatu 2 B, 00520 Helsinki, Finland
Contact: welcome@ghelroxxgharvynn.world
Phone: +358 97 745 620