Privacy Policy

Last updated: 8 March 2025

1. Introduction and scope

This Privacy Policy ("Policy") describes in detail how Vlozarinclox ("we," "us," "our") collects, uses, discloses, stores, and protects your personal data when you access our website at vlozarinclox.world, place orders, contact us, or otherwise interact with our services. We are committed to transparency and compliance with applicable data protection laws.

This Policy applies to all visitors, customers, and users of our website and services, regardless of your location. If you are located in the European Union (EU), the European Economic Area (EEA), or the United Kingdom, the General Data Protection Regulation (GDPR) and related national legislation apply to the processing of your personal data.

2. Data controller

The data controller responsible for the processing of your personal data is:

Vlozarinclox
Fredericiagade 57
1310 København
Denmark

Email: callback@vlozarinclox.world
Phone: +45 31 40 60 30

As the data controller, we determine the purposes and means of the processing of your personal data and are responsible for ensuring that such processing complies with applicable law.

3. Legal basis for processing

We process your personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"), the Danish Data Protection Act (Act No. 502 of 23 May 2018, "databeskyttelsesloven"), the Danish Marketing Practices Act (markedsføringsloven), the ePrivacy Directive (2002/58/EC) as implemented in Denmark, and any other applicable data protection legislation in your jurisdiction.

Our processing is based on one or more of the following legal bases under Article 6(1) GDPR:

• Consent (Article 6(1)(a)): Where you have given clear, specific, informed, and unambiguous consent for one or more specific purposes, such as receiving marketing communications or the use of non-essential cookies.
• Contract performance (Article 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract, such as processing your order and delivering products.
• Legal obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which we are subject, such as accounting, tax, or consumer law requirements.
• Legitimate interest (Article 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms. This includes website security, fraud prevention, and improving our services.
• Protection of vital interests (Article 6(1)(d)): Where processing is necessary to protect the vital interests of you or another person (e.g. in an emergency).

4. Categories of personal data we collect

4.1 Data you provide directly

When you interact with our website or services, you may voluntarily provide the following categories of personal data:

• Identity data: Full name, title.
• Contact data: Email address, telephone number (optional), postal address (delivery address).
• Transaction data: Details of products purchased, payment method (we do not store full card numbers), order history.
• Communications data: Content of messages, inquiries, complaints, or feedback you send to us via contact forms, email, or other channels.
• Preference data: Marketing and communication preferences, cookie consent choices.

4.2 Data collected automatically

When you visit our website, we automatically collect certain technical and usage data, including:

• IP address and approximate geographic location
• Browser type, version, and language
• Device type, operating system, and screen resolution
• Pages visited, time spent on each page, and navigation paths
• Referring URL (the website or link from which you arrived)
• Date and time of each visit

4.3 Cookies and similar technologies

We use cookies, local storage, and similar technologies to enhance your experience and for certain analytical or marketing purposes when you have consented. For a comprehensive description of the cookies we use, their purposes, retention periods, and how to manage them, please refer to our Cookie Policy.

5. Purposes of processing

We process your personal data for the following purposes, each with its corresponding legal basis:

• Order processing and fulfilment: To receive, process, and fulfil your orders; to communicate with you regarding order status, shipping, and delivery; to handle payments and refunds. Legal basis: contract performance, legal obligation.
• Customer service: To respond to your inquiries, complaints, and support requests; to provide product information and assistance. Legal basis: contract performance, legitimate interest.
• Marketing communications: To send you promotional offers, newsletters, or product updates, where you have given consent or where we are permitted by law to do so. Legal basis: consent, legitimate interest (for existing customers within the limits of applicable law).
• Website operation and security: To ensure the proper functioning, security, and availability of our website; to detect and prevent fraud, abuse, or other unlawful activity. Legal basis: legitimate interest, legal obligation.
• Analytics and improvement: To understand how visitors use our website, which pages are most popular, and how we can improve our content and user experience. When we use cookies or similar technologies for this purpose, we do so only with your consent. Legal basis: consent, legitimate interest (for aggregated, non-identifying data).
• Legal and regulatory compliance: To comply with legal obligations, including but not limited to accounting, tax, consumer protection, and data protection laws. Legal basis: legal obligation.

6. Retention periods

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods are as follows:

• Order and transaction data: Up to 5 years after the end of the calendar year in which the transaction occurred, in accordance with the Danish Bookkeeping Act (bogføringsloven) and the Danish Limitation Act (forældelsesloven), which may require retention for the assertion or defence of legal claims.
• Customer contact and inquiry data: Up to 5 years after the last meaningful interaction, unless a shorter or longer period is required by law or for the establishment, exercise, or defence of legal claims.
• Marketing and newsletter data: Until you withdraw your consent or unsubscribe from our communications. We will delete or anonymise your data promptly upon withdrawal.
• Technical and access logs: Up to 12 months, unless a longer retention period is required for security, legal, or regulatory purposes.
• Cookie data: As specified in our Cookie Policy for each category of cookies.
• Complaint and dispute data: For the duration of the complaint or dispute resolution process, plus any additional period required by law or for the establishment, exercise, or defence of legal claims.

After the applicable retention period has expired, we will delete or anonymise your personal data in a secure manner, unless we are legally required to retain it for a longer period.

7. Recipients and sharing of personal data

We may share your personal data with the following categories of recipients:

• Service providers (data processors): We engage trusted third-party service providers who assist us in operating our website, processing payments, fulfilling orders (including warehousing and shipping), sending emails, and performing analytics. These processors act only on our documented instructions and are bound by data processing agreements that comply with Article 28 GDPR. They are required to implement appropriate technical and organisational measures to protect your data.
• Payment service providers: To process payments, we share necessary transaction data with our payment processors. We do not store your full credit or debit card number.
• Shipping and logistics partners: To deliver your orders, we share your name, address, and contact details with our chosen carriers.
• Public authorities: We may disclose your data to law enforcement, regulatory bodies, or other public authorities when required by law or to protect our legal rights.
• Professional advisers: We may share data with lawyers, accountants, or auditors when necessary for legal, regulatory, or professional advice.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. If we transfer personal data to countries outside the EU/EEA, we will ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, such as Standard Contractual Clauses approved by the European Commission, or an adequacy decision by the European Commission.

8. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, destruction, or loss. These measures include, but are not limited to:

• Encryption: Data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) / HTTPS.
• Access controls: Access to personal data is restricted to authorised personnel who need it to perform their duties. We use strong authentication and access management procedures.
• Secure storage: Personal data is stored on secure servers with appropriate backup and recovery procedures.
• Staff training: Our staff are trained on data protection principles and their responsibilities under applicable law.
• Regular reviews: We periodically review and update our security practices to address new risks and regulatory requirements.

Despite our best efforts, no method of transmission over the Internet or electronic storage is completely secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the Danish Data Protection Agency (Datatilsynet) without undue delay and, where required by law, notify you without undue delay. We will document all breaches and the remedial actions taken.

9. Your rights under the GDPR

If you are in the EU, EEA, or UK, you have the following rights in relation to your personal data:

• Right of access (Article 15): You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of your data and information about the processing (purposes, categories, recipients, retention, your rights, and the source of the data).
• Right to rectification (Article 16): You have the right to have inaccurate or incomplete personal data concerning you corrected without undue delay.
• Right to erasure (Article 17): You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary, you withdraw consent, you object to processing, or the data has been unlawfully processed.
• Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your data in certain situations, for example where you contest the accuracy of the data or where the processing is unlawful but you prefer restriction to erasure.
• Right to data portability (Article 20): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
• Right to object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease such processing.
• Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Denmark, the supervisory authority is the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk, Carl Jacobsens Vej 35, 2500 Valby, Denmark.

To exercise any of these rights, please contact us using the details provided in section 12. We will respond to your request without undue delay and in any event within one month, subject to any extension permitted by the GDPR for complex or numerous requests.

10. Children's privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately. We will take steps to delete such information from our systems.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top of this Policy indicates when it was last revised. Material changes will be communicated to you, where appropriate, by email or by a prominent notice on our website. We encourage you to review this Policy periodically to stay informed about how we protect your data.

12. Contact

For any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, or to exercise your data protection rights, please contact us:

Vlozarinclox
Fredericiagade 57, 1310 København, Denmark
Email: callback@vlozarinclox.world
Phone: +45 31 40 60 30