Privacy Policy

Last updated: 8 March 2025

1. Data Controller and Contact Information

Vrozelonclox, operating the website vrozelonclox.world, is the data controller responsible for the processing of your personal data in connection with this website. As the data controller, we determine the purposes and means of the processing of your personal data.

Full legal name: Vrozelonclox

Business address: Nørrebrogade 8, 2200 København, Denmark

Email address: contact@vrozelonclox.world

Phone number: +4569164101

You may contact us at any time regarding questions about the processing of your personal data or to exercise your data protection rights.

2. Introduction and Scope

This Privacy Policy describes in detail how Vrozelonclox collects, uses, stores, protects, and discloses your personal data when you visit our website vrozelonclox.world, place orders for our products, use our contact forms, subscribe to our communications, or otherwise interact with our services. This policy applies to all personal data we process, whether collected through our website, by email, by telephone, or through any other channel.

We are committed to complying with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the Danish Data Protection Act (Databeskyttelsesloven, LBK nr. 502 af 23/05/2018), the Danish Executive Order on Data Protection (Databeskyttelsesbekendtgørelsen), the ePrivacy Directive (2002/58/EC as amended), and any other applicable data protection legislation in Denmark and the European Union. We process your personal data in a lawful, fair, and transparent manner.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data only when we have a valid lawful basis. The legal bases we rely on for different processing activities include:

• Contract performance (Article 6(1)(b)): Processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contract. This includes order processing, payment processing, delivery arrangements, and customer support related to your purchase.
• Legitimate interests (Article 6(1)(f)): Processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Our legitimate interests include: ensuring the security and integrity of our website and systems; preventing fraud; improving our services; conducting analytics to understand how our website is used; and communicating with you about your orders.
• Consent (Article 6(1)(a)): You have given clear, specific, informed, and unambiguous consent for us to process your personal data for specified purposes. This includes marketing communications, newsletter subscriptions, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal obligation (Article 6(1)(c)): Processing is necessary for compliance with a legal obligation to which we are subject. This includes obligations under Danish bookkeeping law (Bogføringsloven), tax legislation, consumer protection law, and other regulations.

Where we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your rights. You may request further information about this assessment by contacting us.

4. Types of Personal Data We Collect

4.1 Data You Provide Directly

• Order and purchase data: Full name, email address, telephone number (optional), billing address, delivery address, payment method details (card type, last four digits where stored), and order history including products purchased, quantities, prices, and dates.
• Contact form data: Name, email address, telephone number (if provided), and the content of your message when you use our contact form or email us.
• Account registration data: If you create an account on our website, we store your login credentials (encrypted), profile information, saved addresses, and order preferences.
• Marketing and communications preferences: Your preferences regarding receipt of marketing communications, including email newsletters and promotional offers.

4.2 Data Collected Automatically

• Technical and device data: IP address, browser type and version, operating system, device type (e.g. desktop, mobile, tablet), screen resolution, language settings, and referrer URL.
• Usage and behaviour data: Pages visited, time spent on the site, click patterns, scroll depth, and navigation paths. This data is collected subject to your cookie preferences and may be anonymised or pseudonymised.
• Log data: Server logs may record timestamps, requested URLs, HTTP status codes, and other technical information necessary for security and troubleshooting.

4.3 Special Categories of Data

We do not intentionally collect special categories of personal data (e.g. health data, ethnic origin, religious beliefs, biometric data) unless you voluntarily provide such information (e.g. in a message regarding dietary requirements or allergies). In such cases, we will process the data only with your explicit consent or where otherwise permitted by law.

5. Purposes of Processing

We process your personal data for the following specific purposes:

• Processing and fulfilling orders for our products, including payment authorisation, order confirmation, and delivery coordination
• Communicating with you about your orders, including order status updates and delivery notifications
• Responding to your enquiries submitted via our contact form, email, or telephone
• Providing customer support, including handling complaints and after-sales service
• Managing your account if you have registered on our website
• Ensuring the security and proper functioning of our website and preventing fraud
• Improving our website, products, and services through analysis of usage patterns (where consent is given)
• Complying with legal and regulatory obligations, including tax, accounting, and consumer protection requirements
• Sending marketing communications, promotional offers, and newsletters (only with your explicit consent)
• Establishing, exercising, or defending legal claims where necessary

6. Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. After the retention period expires, your data is securely deleted or anonymised so that it can no longer be associated with you.

• Order and transaction data: 5 years from the end of the financial year in which the transaction occurred, in accordance with the Danish Bookkeeping Act (Bogføringsloven) § 10.
• Contact form enquiries and correspondence: 2 years from the date of your last contact, unless longer retention is required for the establishment, exercise, or defence of legal claims.
• Marketing consent records: Until you withdraw consent or object to processing; we will cease sending marketing communications immediately upon withdrawal.
• Technical and usage data (analytics): Up to 26 months where consent is given; data may be aggregated and anonymised earlier.
• Server and access logs: Typically 90 days, unless a longer period is necessary for security investigations.
• Cookie data: As specified in our Cookie Policy for each cookie type.
• Data related to legal claims: For the duration of any legal proceedings and for a reasonable period thereafter as required by limitation periods.

7. Recipients of Your Data and Data Processors

We may share your personal data with the following categories of recipients:

• Payment service providers: To process payments securely. These providers are PCI-DSS compliant and process payment card data in accordance with industry standards.
• Shipping and logistics partners: To deliver your orders. We provide your name, delivery address, and contact details as necessary for delivery.
• IT and hosting providers: To host and operate our website, manage our email systems, and provide technical support.
• Professional advisers: Lawyers, accountants, and auditors when necessary for compliance or legal advice.
• Regulatory and law enforcement authorities: When required by law, court order, or to protect our legal rights.

All data processors acting on our behalf are bound by data processing agreements (DPAs) that require them to process your data only on our documented instructions, to implement appropriate technical and organisational security measures, and to comply with applicable data protection law. We do not sell your personal data to third parties for their marketing purposes.

8. International Transfers

Your personal data is primarily processed within the European Economic Area (EEA). Where we transfer data to countries outside the EEA, we ensure that appropriate safeguards are in place as required by Chapter V of the GDPR. These safeguards may include:

• Transfer to a country that has been recognised by the European Commission as providing an adequate level of data protection
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) where applicable
• Any other mechanism approved under Article 46 of the GDPR

You may obtain a copy of the safeguards we use for international transfers by contacting us.

9. Your Rights Under the GDPR

Under the GDPR, you have the following rights regarding your personal data. These rights may be subject to certain conditions and limitations as set out in the Regulation.

• Right of access (Article 15): You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, access to your personal data. You may request a copy of the data we hold about you. We may charge a reasonable fee for additional copies.
• Right to rectification (Article 16): You have the right to obtain the rectification of inaccurate personal data concerning you. You may also request that we complete any incomplete personal data.
• Right to erasure ("right to be forgotten") (Article 17): You have the right to obtain the erasure of your personal data in certain circumstances, including where the data is no longer necessary, where you withdraw consent, where you object to processing, or where the data has been unlawfully processed. This right is not absolute and may not apply where we have a legal obligation to retain the data.
• Right to restriction of processing (Article 18): You have the right to obtain restriction of processing in certain circumstances, such as where you contest the accuracy of the data, where the processing is unlawful but you prefer restriction to erasure, or where we no longer need the data but you need it for legal claims.
• Right to data portability (Article 20): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit those data to another controller.
• Right to object (Article 21): You have the right to object at any time to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will cease such processing.
• Right to withdraw consent: Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right not to be subject to automated decision-making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. We do not engage in such processing.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us at contact@vrozelonclox.world. We will respond without undue delay and in any event within one month of receipt of your request. That period may be extended by a further two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension and the reasons for delay.

Danish Data Protection Agency (Datatilsynet): Carl Jacobsens Vej 35, 2500 Valby, Denmark. Website: www.datatilsynet.dk. Phone: +45 33 19 32 00.

10. Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit using TLS/HTTPS
• Secure, access-controlled servers and infrastructure
• Authentication and access controls limiting access to personal data on a need-to-know basis
• Regular security assessments and vulnerability testing
• Staff training on data protection and information security
• Procedures for managing data breaches, including notification to the supervisory authority and affected individuals where required by Article 33 and 34 of the GDPR

Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure. We encourage you to use strong passwords and to protect your account credentials.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Danish Data Protection Agency without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to you, we will also inform you without undue delay, unless we have implemented appropriate technical and organisational measures that render the data unintelligible to any person who is not authorised to access it, or unless we have taken subsequent measures that ensure the high risk is no longer likely to materialise.

12. Children

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately. We will take steps to delete such information as soon as practicable.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date at the top. For significant changes that affect how we use your data, we may provide additional notice, such as an email notification or a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact

For any questions about this Privacy Policy, our data practices, or to exercise your data protection rights, please contact us:

Vrozelonclox
Nørrebrogade 8
2200 København
Denmark

Email: contact@vrozelonclox.world
Phone: +4569164101