Privacy Policy

Last updated: 17 March 2025

1. Controller and contact details

The controller responsible for the processing of your personal data in connection with this website is:

Phroxxenwhthrana
NDSM-Straat 7
1033 SN Amsterdam
Netherlands
Email: connectuse@phroxxenwhthrana.world
Phone: +31 20 765 7555

2. Scope and legal basis

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website https://phroxxenwhthrana.world (the "Website"). Our processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Dutch implementation law (UAVG), and other applicable data protection laws.

We process personal data only where we have a lawful basis: your consent (Article 6(1)(a) GDPR), performance of a contract (Article 6(1)(b) GDPR), compliance with a legal obligation (Article 6(1)(c) GDPR), or our legitimate interests (Article 6(1)(f) GDPR) where they are not overridden by your rights.

3. Personal data we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email address, telephone number (if provided), and postal address when you place an order or contact us.
• Transaction and order data: order details, payment-related information (processed by our payment providers), and delivery information.
• Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, and approximate location (e.g. country or region), where necessary for the operation and security of the Website.
• Communication data: content of messages you send us via contact forms or email.
• Cookie and similar technologies data: as described in our Cookie Policy.

4. Purposes of processing

We use your personal data for the following purposes:

• To process and fulfil your orders and to communicate with you about your orders (contract performance).
• To respond to your enquiries and provide customer support (contract performance and/or legitimate interest).
• To send order confirmations, shipping updates and, where you have consented, marketing communications (consent and/or contract performance).
• To operate, maintain and secure the Website, prevent fraud and ensure network and information security (legitimate interest and/or legal obligation).
• To comply with legal obligations (e.g. tax, accounting, consumer law) (legal obligation).
• To analyse and improve our services and the Website (legitimate interest, and where applicable with your consent for analytics cookies).

5. Retention periods

We retain your personal data only for as long as necessary for the purposes set out in this policy or as required by law:

• Order and customer data: for the duration of the contractual relationship and thereafter for a period of up to 7 years for legal, tax and accounting obligations (e.g. under Dutch law).
• Contact and enquiry data: for as long as needed to handle your enquiry and for a reasonable period thereafter (typically up to 2 years) unless a longer retention is required by law.
• Technical and access logs: typically up to 12 months for security and troubleshooting, unless a longer period is required for legal or regulatory reasons.
• Marketing consent and preferences: until you withdraw consent or object, and for a short period thereafter to record your choice.
• Cookie-related data: as specified in our Cookie Policy.

After the retention period, we will securely delete or anonymise your data so that it can no longer identify you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction, including:

• Use of HTTPS (TLS/SSL) for all pages to encrypt data in transit.
• Secure hosting and access controls to limit who can access personal data.
• Regular review of our security practices and, where applicable, use of encryption at rest for sensitive data.
• Training and procedures for staff or contractors who process personal data on our behalf.
• Where we use service providers (e.g. hosting, payment, email), we ensure they provide sufficient guarantees and, where required, conclude data processing agreements in line with Article 28 GDPR.

While we take these measures seriously, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and to contact us immediately if you suspect any unauthorised use of your data.

7. Sharing and international transfers

We may share your personal data with:

• Service providers: such as hosting providers, payment processors, email and delivery services, and analytics providers, who process data on our instructions and are bound by confidentiality and data protection obligations.
• Legal and public authorities: when required by law, court order or to protect our rights, safety or property.

Where we transfer data to countries outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g. adequacy decision, Standard Contractual Clauses approved by the European Commission, or other mechanisms permitted under GDPR). You may request details of these safeguards by contacting us.

8. Your rights under GDPR

Under the GDPR, you have the following rights in relation to your personal data:

• Right of access (Article 15): you may request a copy of the personal data we hold about you.
• Right to rectification (Article 16): you may request correction of inaccurate or incomplete data.
• Right to erasure (Article 17): you may request deletion of your data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent where consent was the basis).
• Right to restriction of processing (Article 18): you may request that we limit how we use your data in certain situations.
• Right to data portability (Article 20): where processing is based on consent or contract and carried out by automated means, you may request to receive your data in a structured, commonly used format or to have it transmitted to another controller.
• Right to object (Article 21): you may object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
• Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work or place of the alleged infringement. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month, subject to any extension where permitted by law. We may need to verify your identity before processing your request.

9. Children

Our Website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such data.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the Website. The "Last updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a prominent notice on the Website.

11. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact us at:

Phroxxenwhthrana
NDSM-Straat 7, 1033 SN Amsterdam, Netherlands
Email: connectuse@phroxxenwhthrana.world
Phone: +31 20 765 7555