Privacy Policy

Last updated: 17 March 2025

1. Controller and contact details

The controller responsible for the processing of your personal data in connection with this website is:

Shryxellsvryxell
De Ruijterkade 24a
1012 AA Amsterdam
Netherlands

Email: touch@shryxellsvryxell.world
Phone: +31202357822

2. Scope and legal basis

This Privacy Policy applies to the website shryxellsvryxell.world and to all personal data we process in connection with the use of our website, orders, and customer relations. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Dutch implementation law (UAVG), and other applicable data protection laws.

3. Personal data we collect

We may collect the following categories of personal data:

• Identification and contact data: name, email address, telephone number (if provided), delivery address.
• Order and transaction data: order details, order history, payment-related information (e.g. payment method; we do not store full card numbers).
• Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar data generated when you use our website.
• Communication data: content of messages you send us (e.g. via contact form or email), and our replies.
• Cookie and similar technologies data: data collected via cookies and similar technologies, as described in our Cookie Policy.

4. Purposes and legal bases for processing

We process your personal data for the following purposes and on the following legal bases:

• Performance of a contract (Art. 6(1)(b) GDPR): to process and deliver your orders, to manage your account if you have one, to communicate about your order (e.g. confirmations, shipping updates).
• Legitimate interests (Art. 6(1)(f) GDPR): to operate, secure and improve our website; to prevent and detect fraud and misuse; to handle complaints and disputes; to conduct internal analyses and statistics (where not requiring consent).
• Legal obligation (Art. 6(1)(c) GDPR): to comply with tax, accounting, and other legal obligations (e.g. retention of invoices and order data as required under Dutch law).
• Consent (Art. 6(1)(a) GDPR): where we have asked for your consent (e.g. for marketing emails, non-essential cookies, or other optional processing). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Retention periods

We retain your personal data only for as long as necessary for the purposes described above or as required by law.

• Order and customer data: generally for the duration of the contractual relationship plus the period required for warranty, claims, and legal retention (e.g. 7 years for tax and accounting under Dutch law where applicable).
• Contact form and correspondence: for the time needed to handle your request and any follow-up, and where relevant for legal or legitimate interest purposes (e.g. evidence in case of disputes).
• Technical and access logs: as needed for security and troubleshooting, typically for a limited period (e.g. up to 12 months unless a longer period is justified).
• Cookie data: as specified in our Cookie Policy.

After the retention period, we delete or anonymise your data so that it no longer identifies you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

• Use of HTTPS and encryption for data in transit where applicable.
• Restriction of access to personal data to authorised personnel who need it for their duties.
• Regular review of our security practices and procedures.
• Where we use service providers that process data on our behalf, we ensure they are bound by contract to protect your data and process it only in accordance with our instructions and applicable law.

Despite these measures, no transmission or storage over the internet can be guaranteed to be completely secure; we encourage you to use secure connections and keep your own credentials safe.

7. Recipients and international transfers

We may share your personal data with:

• Service providers who assist us (e.g. hosting, payment processing, shipping, email delivery), acting as processors under our instructions.
• Public authorities where we are legally obliged to do so (e.g. tax, law enforcement).

When we transfer data to countries outside the European Economic Area (EEA), we ensure an adequate level of protection by using mechanisms such as standard contractual clauses approved by the European Commission or other approved transfer tools, where required by law.

8. Your rights under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

• Right of access (Art. 15): you may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): you may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): you may request deletion of your data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent where consent was the basis).
• Right to restriction of processing (Art. 18): you may request that we limit how we use your data in certain situations.
• Right to data portability (Art. 20): where processing is based on contract or consent and is carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): you may object to processing based on legitimate interests; we will cease unless we demonstrate compelling legitimate grounds. You may also object to processing for direct marketing at any time.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. In the Netherlands, the competent authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us using the details in section 1. We will respond within the time limits set by the GDPR (generally one month).

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The “Last updated” date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on our website where appropriate.

10. Additional information

For information about cookies and similar technologies, please see our Cookie Policy. For the terms governing the use of our website and orders, please see our Terms of Service.