Privacy Policy
1. Introduction
Shrixxenyz ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website shrixxenyz.world and use our services.
We comply with the General Data Protection Regulation (EU 2016/679, GDPR), the Finnish Data Protection Act (Tietosuojalaki 1050/2018), and other applicable data protection laws in Finland and the European Union.
2. Data Controller Information
The data controller responsible for your personal data is:
- Company Name: Shrixxenyz
- Address: Koulutie 2, 41330 Vihtavuori, Finland
- Email: team@shrixxenyz.world
- Country: Finland
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Information You Provide
- Contact Information: Name, email address, phone number (optional)
- Order Information: Delivery address, payment details, order history
- Communication Data: Messages, inquiries, and feedback you send us
- Consent Records: Records of consents you have provided
3.2 Information Collected Automatically
- Technical Data: IP address, browser type and version, operating system
- Usage Data: Pages visited, time spent on pages, navigation patterns
- Device Data: Device type, screen resolution, unique device identifiers
- Cookie Data: Information collected through cookies and similar technologies
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Contract Performance (Art. 6(1)(b)): Processing necessary to fulfill orders and provide our services
- Consent (Art. 6(1)(a)): Where you have given explicit consent for specific purposes
- Legitimate Interests (Art. 6(1)(f)): For business operations, security, and improving our services
- Legal Obligation (Art. 6(1)(c)): Where processing is required by law
5. Purposes of Processing
We use your personal data for the following purposes:
- Processing and fulfilling your orders
- Communicating with you about your orders and inquiries
- Providing customer support and responding to requests
- Improving our website, products, and services
- Sending marketing communications (with your consent)
- With your consent, using data for advertising and personalization (e.g. on platforms such as Google) in accordance with our Cookie Policy
- Analyzing website usage and performance
- Preventing fraud and ensuring security
- Complying with legal obligations
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Order Data: 7 years for accounting and tax purposes
- Customer Account Data: Until account deletion or 3 years of inactivity
- Marketing Consent: Until consent is withdrawn
- Cookie Data: As specified in our Cookie Policy
- Communication Records: 2 years after the last communication
7. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access (Art. 15): Request a copy of your personal data
- Right to Rectification (Art. 16): Request correction of inaccurate data
- Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing (Art. 18): Request limitation of data processing
- Right to Data Portability (Art. 20): Receive your data in a structured format
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing
To exercise any of these rights, please contact us using the contact details below. We will respond without undue delay and in any event within one month (30 days) as required by GDPR Article 12(3). That period may be extended by two further months where necessary; we will inform you of any such extension.
Automated decision-making and profiling: We do not use your personal data for automated decision-making or profiling within the meaning of GDPR Articles 22 and 4(4).
8. Data Sharing and Transfers
We may share your personal data with:
- Service Providers: Payment processors, shipping companies, hosting providers
- Legal Authorities: When required by law or to protect our rights
All service providers are contractually obligated to protect your data and process it only on our instructions.
If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- SSL/TLS encryption for data transmission
- Secure storage with access controls
- Regular security assessments and updates
- Staff training on data protection
- Incident response procedures
10. Cookies and Tracking
We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy.
11. Children's Privacy
Our website and services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date. We encourage you to review this policy periodically.
13. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority in your country of residence or with:
- Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) — the national supervisory authority for data protection in Finland under the Data Protection Act (1050/2018)
- Address: Lintulahdenkuja 4, 00530 Helsinki, Finland
- Website: tietosuoja.fi
14. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us:
- Email: team@shrixxenyz.world
- Address: Koulutie 2, 41330 Vihtavuori, Finland