Xlozarinwlixarun

Privacy Policy

Last updated: 17 March 2025

Xlozarinwlixarun (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store and protect your information when you use our website xlozarinwlixarun.world and our services, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Act 2018 (Ireland), and other applicable data protection laws.

1. Data controller

The data controller responsible for your personal data is:

Xlozarinwlixarun
21 Grafton Street, Dublin 2, D02 FW29, Ireland
Email: office@xlozarinwlixarun.world
Phone: +35316790467

If you have questions about this policy or your data, you may contact us at the above address or email.

2. Personal data we collect

We may collect and process the following categories of personal data:

2.1 Data you provide

  • Identity data: name, title.
  • Contact data: email address, telephone number, postal address.
  • Transaction data: order details, payment-related information (we do not store full card numbers; payment processing may be handled by third-party providers).
  • Communication data: messages you send via contact or order forms, correspondence with us.
  • Marketing and consent data: your preferences regarding marketing, consent records where required by law.

2.2 Data collected automatically

  • Technical data: IP address, browser type and version, time zone, device type, operating system.
  • Usage data: how you use our website (e.g. pages visited, time spent), referring URLs.
  • Cookie and similar technologies data: as described in our Cookie Policy.

2.3 Data from third parties

We may receive limited data from analytics providers, payment processors or delivery services, to the extent necessary to provide our services and comply with legal obligations.

3. Purposes and legal bases for processing

We process your personal data only where we have a valid legal basis under GDPR. Our main purposes and bases are:

  • Contract performance: To process orders, deliver products, manage your account and provide customer support. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Legal compliance: To comply with tax, accounting, consumer and other legal obligations (e.g. in Ireland and the EU). Legal basis: legal obligation (Art. 6(1)(c) GDPR).
  • Legitimate interests: To operate and improve our website, prevent fraud, ensure security and defend legal claims. Legal basis: legitimate interests (Art. 6(1)(f) GDPR), where not overridden by your rights.
  • Consent: For optional cookies (e.g. analytics, marketing), newsletters and other marketing where required by law. Legal basis: consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.

4. How we use your data

Specifically, we use your data to:

  • Fulfil and manage orders and returns.
  • Communicate with you about your orders and enquiries.
  • Send service-related messages (e.g. order and shipping confirmations).
  • Improve our website, products and services (including analytics, where you have consented or where based on legitimate interests).
  • Send marketing communications only where you have given consent or where permitted by law.
  • Comply with legal, regulatory and tax requirements.
  • Protect against fraud and ensure the security of our systems and users.

5. Data retention

We keep your personal data only for as long as necessary for the purposes set out in this policy and as required by law.

  • Order and transaction data: Typically 7 years from the end of the financial year (for tax and legal compliance in Ireland), unless a longer period is required by law.
  • Customer support and correspondence: For the duration of the matter plus a reasonable period (e.g. 3–6 years) for legal and quality purposes.
  • Marketing and consent records: Until you withdraw consent or object, plus a short period to record your choice (e.g. up to 3 years).
  • Technical and access logs: Usually up to 12–24 months, unless needed longer for security or legal reasons.
  • Cookie-related data: As specified in our Cookie Policy.

After the retention period, we securely delete or anonymise your data so it can no longer identify you.

6. Data sharing and recipients

We may share your personal data with:

  • Service providers: Hosting, payment processing, delivery and logistics, email delivery, analytics (where used), IT support. Such providers act as processors and are bound by contract to use data only for the agreed purposes and in line with GDPR.
  • Professional advisers: Lawyers, accountants or auditors where necessary for compliance or legal advice.
  • Authorities: When required by law (e.g. tax, police, courts).

We do not sell your personal data. We do not transfer your data outside the European Economic Area (EEA) unless we have put in place appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) as required by GDPR.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Use of HTTPS and encryption where appropriate for data in transit.
  • Access controls and limited access to personal data on a need-to-know basis.
  • Secure storage and secure disposal of data when no longer needed.
  • Regular review of our security practices and, where applicable, confidentiality obligations for staff and processors.

While we strive to protect your data, no method of transmission or storage over the internet is completely secure; we cannot guarantee absolute security.

8. Your rights under GDPR

Under the GDPR and Irish law, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): You may request deletion of your data in certain circumstances (e.g. where no longer necessary or where you withdraw consent).
  • Right to restrict processing (Art. 18): You may request that we limit how we use your data in certain situations.
  • Right to data portability (Art. 20): Where processing is based on contract or consent and carried out by automated means, you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests or to direct marketing at any time.
  • Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Ireland, this is the Data Protection Commission (DPC): www.dataprotection.ie.

To exercise any of these rights, please contact us at office@xlozarinwlixarun.world or at our postal address. We will respond within one month, subject to any permitted extension under GDPR. We may need to verify your identity before processing your request.

9. Children

Our website and services are not directed at individuals under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such data.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our practices or our services. The “Last updated” date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent or notify you of significant changes.

11. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact:

Xlozarinwlixarun
21 Grafton Street, Dublin 2, D02 FW29, Ireland
Email: office@xlozarinwlixarun.world
Phone: +35316790467