Phythraxzak

Privacy Policy

Last Updated: March 15, 2024

1. Introduction

This Privacy Policy describes how Phythraxzak ("we," "us," or "our") collects, uses, stores, and protects your personal information when you visit our website at phythraxzak.world or use our services. We are committed to protecting your privacy and ensuring transparency in our data processing practices in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller Information

Company Name: Phythraxzak

Registered Address: Stationsplein 6, 4811 BB Breda, Netherlands

Contact Email: ask@phythraxzak.world

Contact Phone: +31 76 579 7000

We are the data controller responsible for your personal information. If you have any questions about this Privacy Policy or our data practices, please contact us using the information provided above.

3. Information We Collect

3.1 Information You Provide Directly

When you interact with our website or place an order, we may collect the following personal information:

  • Contact Information: Full name, email address, phone number, and postal address
  • Order Information: Product selections, quantities, delivery preferences, and any special instructions or messages you provide
  • Communication Data: Any correspondence you send to us, including emails, messages through contact forms, and phone call records
  • Payment Information: Billing address and payment method details (note: we do not store complete credit card numbers; payment processing is handled by secure third-party payment processors)

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

  • Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers
  • Usage Data: Pages visited, time spent on pages, links clicked, referring website addresses, and other navigation patterns
  • Location Data: Approximate geographic location based on IP address
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see our Cookies Policy for details)

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Payment processors who confirm transaction details
  • Delivery service providers who update us on shipment status
  • Analytics providers who help us understand website usage patterns
  • Marketing platforms that facilitate our advertising campaigns

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing is necessary to fulfill our contract with you when you place an order or request services
  • Consent: You have given explicit consent for specific processing activities, such as receiving marketing communications or using certain cookies
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, network security, and improving our services, provided these interests do not override your fundamental rights
  • Legal Obligations: Processing is required to comply with legal obligations, such as tax laws, accounting requirements, and regulatory compliance

5. How We Use Your Information

We use your personal information for the following purposes:

5.1 Order Processing and Fulfillment

  • Processing and completing your orders
  • Arranging delivery and shipment of products
  • Sending order confirmations and updates
  • Handling returns, refunds, and exchanges
  • Providing customer support and responding to inquiries

5.2 Communication

  • Responding to your questions, comments, and requests
  • Sending transactional emails related to your orders
  • Providing important updates about our products or services
  • Sending marketing communications (only with your consent)

5.3 Website Improvement and Analytics

  • Analyzing website usage to improve user experience
  • Conducting research and statistical analysis
  • Testing new features and functionality
  • Optimizing website performance and loading times

5.4 Security and Fraud Prevention

  • Detecting and preventing fraudulent transactions
  • Protecting against unauthorized access and security threats
  • Enforcing our terms and conditions
  • Investigating and resolving disputes

5.5 Legal Compliance

  • Complying with legal obligations and regulatory requirements
  • Responding to lawful requests from authorities
  • Maintaining records for tax and accounting purposes
  • Protecting our legal rights and interests

6. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information with the following categories of recipients:

6.1 Service Providers

We engage trusted third-party service providers who assist us in operating our business:

  • Payment Processors: To securely process your payments
  • Shipping Companies: To deliver your orders
  • Email Service Providers: To send transactional and marketing emails
  • Web Hosting Providers: To host our website and databases
  • Analytics Providers: To analyze website traffic and user behavior
  • Customer Support Tools: To manage customer inquiries and support tickets

These service providers are contractually obligated to protect your data and use it only for the specific purposes we authorize.

6.2 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Requests from law enforcement or government authorities
  • Situations involving potential threats to public safety
  • Protection of our legal rights and property

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

7. International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for intra-group transfers
  • Your explicit consent for specific transfers

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

  • Order and Transaction Data: Retained for 7 years to comply with tax and accounting regulations
  • Customer Account Information: Retained while your account is active and for 2 years after account closure
  • Marketing Communications: Retained until you withdraw consent or unsubscribe
  • Website Analytics Data: Typically retained for 26 months
  • Customer Support Records: Retained for 3 years after the last interaction

8.2 Deletion Criteria

When determining retention periods, we consider:

  • The nature and sensitivity of the personal data
  • Legal and regulatory requirements
  • The purposes for which we collected the data
  • Whether we can achieve those purposes through other means
  • Potential risks from continued storage

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal information:

9.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data, along with information about how we use it.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information we hold about you.

9.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

9.4 Right to Restriction of Processing

You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

9.6 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.

9.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

9.9 Exercising Your Rights

To exercise any of these rights, please contact us at ask@phythraxzak.world or call +31 76 579 7000. We will respond to your request within one month, though this may be extended by two additional months for complex requests. We may request additional information to verify your identity before processing your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

10.1 Technical Safeguards

  • SSL/TLS encryption for data transmission
  • Encrypted storage of sensitive data
  • Regular security assessments and vulnerability testing
  • Firewalls and intrusion detection systems
  • Secure authentication and access controls
  • Regular software updates and security patches

10.2 Organizational Safeguards

  • Strict access controls limiting data access to authorized personnel only
  • Employee training on data protection and security practices
  • Confidentiality agreements with employees and contractors
  • Data protection impact assessments for high-risk processing
  • Incident response procedures for data breaches
  • Regular audits of data processing activities

10.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay, providing information about the nature of the breach and measures taken to address it.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child, please contact us immediately.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website usage. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our separate Cookies Policy.

13. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of third parties and encourage you to review their privacy policies before providing any personal information.

14. Marketing Communications

With your consent, we may send you marketing communications about our products, special offers, and updates. You can opt out of marketing emails at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us directly at ask@phythraxzak.world
  • Updating your communication preferences in your account settings

Please note that even if you opt out of marketing communications, we will still send you transactional emails related to your orders and account.

15. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automated processing we conduct is limited to basic analytics and does not involve decisions that impact your rights or interests.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if you have an account with us
  • Display a prominent notice on our website
  • Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: ask@phythraxzak.world

Phone: +31 76 579 7000

Postal Address: Phythraxzak, Stationsplein 6, 4811 BB Breda, Netherlands

We will respond to your inquiry as promptly as possible, typically within 5 business days.

18. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

Postbus 93374

2509 AJ Den Haag

Netherlands

Website: autoriteitpersoonsgegevens.nl