Privacy Policy

Last Updated:

1. Introduction

Xlozarinsyfriz ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website xlozarinsyfriz.world and purchase our products.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679, the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and other applicable data protection laws.

2. Data Controller Information

The data controller responsible for your personal data is:

Company Name: Xlozarinsyfriz

Address: Siemensstraße 5, 37327 Leinefelde-Worbis, Germany

Email: talk@xlozarinsyfriz.world

Country: Germany

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

  • Contact Information: Name, email address, phone number (optional), shipping address
  • Order Information: Purchase history, product preferences, payment details
  • Communication Data: Messages you send us, customer service inquiries

3.2 Automatically Collected Information

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages visited, time spent on site, referring URLs
  • Cookies and Tracking: See our Cookie Policy for details

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to fulfill your order and provide our services
  • Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for marketing communications
  • Legitimate Interests (Art. 6(1)(f)): For improving our services, fraud prevention, and website security
  • Legal Obligation (Art. 6(1)(c)): Compliance with tax, accounting, and other legal requirements

5. Purposes of Data Processing

We use your personal data for the following purposes:

  • Processing and fulfilling your orders
  • Communicating with you about your orders and inquiries
  • Providing customer support
  • Sending order confirmations and shipping notifications
  • Improving our website and services
  • Analyzing website usage and trends
  • Preventing fraud and ensuring security
  • Complying with legal obligations
  • Marketing communications (only with your consent)

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Order Data: 10 years (legal requirement for tax and accounting purposes in Germany)
  • Customer Accounts: Until you request deletion or 3 years of inactivity
  • Marketing Consent: Until you withdraw consent
  • Website Analytics: 26 months
  • Customer Service Records: 3 years after resolution

7. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Request limitation of processing
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time
  • Right to Lodge a Complaint (Art. 77): File a complaint with a supervisory authority

We will respond to your request without undue delay and at the latest within one month of receipt (Art. 12(3) GDPR). That period may be extended by two further months where necessary. We will inform you of any such extension and the reasons for the delay.

To exercise these rights, contact us at: talk@xlozarinsyfriz.world

8. Data Sharing and Recipients

We may share your personal data with:

  • Payment Processors: To process secure payments
  • Shipping Partners: To deliver your orders
  • IT Service Providers: For website hosting and maintenance
  • Analytics Providers: To analyze website usage (with anonymization)
  • Legal Authorities: When required by law

All third parties are contractually obligated to protect your data and process it only according to our instructions.

9. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for all data transmission
  • Secure data storage with access controls
  • Regular security assessments and updates
  • Employee training on data protection
  • Incident response procedures

11. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling within the meaning of GDPR Article 22. No decisions producing legal effects concerning you or similarly significantly affecting you are based solely on automated processing.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours (Art. 33 GDPR). If the breach is likely to result in a high risk to you, we will also inform you without undue delay (Art. 34 GDPR).

13. Children's Privacy

Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy regularly.

15. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us:

Xlozarinsyfriz

Siemensstraße 5, 37327 Leinefelde-Worbis, Germany

Email: talk@xlozarinsyfriz.world

16. Supervisory Authority

You have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). For our place of business (Thuringia), the competent authority is:

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit (TLfDI)

Häßlerstraße 8, 99096 Erfurt, Germany

Postfach 900455, 99107 Erfurt, Germany

Website: www.tlfdi.de

Email: poststelle@datenschutz.thueringen.de

You may also lodge a complaint with the supervisory authority in the EU member state of your residence, place of work, or place of the alleged infringement.