Privacy Policy
We respect your privacy and are committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights under applicable law.
1. Data Controller
The data controller responsible for your personal data is:
Zephyroxaothepal
Ringvägen 2, 845 31 Svenstavik, Sweden
Email: connectuse@zephyroxaothepal.world
Phone: +46 70 621 60 04
2. Data We Collect
We collect personal data only when you actively provide it to us or when it is collected automatically during your use of this website.
2.1 Data You Provide
- Contact form: name, email address, and message content submitted via the contact form on this website.
- Cookie preferences: your cookie consent choices, which are stored locally in your browser.
2.2 Data Collected Automatically
- Technical data: IP address, browser type, operating system, referral URL, pages visited, and time of visit. This data is collected via server logs and, where consented, via analytics cookies.
- Cookie data: data stored in cookies placed on your device, subject to your consent preferences.
3. Purposes and Legal Basis for Processing
| Purpose | Legal Basis (GDPR Art. 6) | Data Used |
|---|---|---|
| Responding to your contact form enquiry | Legitimate interest (Art. 6(1)(f)) / Performance of a contract (Art. 6(1)(b)) | Name, email, message |
| Ensuring the technical operation of the website | Legitimate interest (Art. 6(1)(f)) | IP address, technical logs |
| Analytics — understanding how visitors use the site | Consent (Art. 6(1)(a)) | Cookie data, anonymised usage data |
| Marketing — showing relevant content | Consent (Art. 6(1)(a)) | Cookie data, browsing behaviour |
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
- Contact form data: retained for up to 12 months from the date of submission, or until the matter is resolved.
- Server logs: retained for up to 90 days.
- Cookie consent records: stored in your browser's localStorage until you clear it or change your preferences.
- Analytics data: retained for up to 26 months from collection, where consent is given.
5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We may share your data with trusted service providers who process it on our behalf (data processors), including:
- Website hosting and infrastructure providers located within the European Economic Area (EEA).
- Analytics service providers, subject to your consent, with appropriate data processing agreements in place.
All third-party processors are bound by contractual obligations to process your data securely and only as instructed by us. We do not transfer personal data outside the EEA without appropriate safeguards in place.
5A. International Data Transfers
Where a service provider processes personal data outside the EEA, we ensure a valid transfer mechanism is in place under Chapter V GDPR. This may include an adequacy decision, the European Commission's Standard Contractual Clauses (SCCs), and supplementary safeguards where required.
6. Your Rights Under GDPR
As a data subject in the European Union or European Economic Area, you have the following rights:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may request that inaccurate or incomplete data be corrected.
- Right to erasure (Art. 17): You may request deletion of your personal data where the legal basis no longer applies.
- Right to restriction of processing (Art. 18): You may request that we restrict how we use your data in certain circumstances.
- Right to data portability (Art. 20): Where processing is based on consent or contract, you may request your data in a machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interests at any time.
- Right to withdraw consent (Art. 7): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at: connectuse@zephyroxaothepal.world. We will respond within 30 days.
7. Security Measures
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including:
- HTTPS encryption for all data transmitted between your browser and our website.
- Access controls limiting who within our organisation can access personal data.
- Regular review of our data processing practices and security procedures.
8. Cookies
We use cookies on this website. Please refer to our Cookie Policy for full details of the cookies used, their purposes, and how to manage your preferences.
8A. Automated Decision-Making and Profiling
We do not use your personal data for solely automated decision-making that produces legal or similarly significant effects within the meaning of Art. 22 GDPR.
9. Complaints
If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the relevant supervisory authority. In Sweden, this is:
Integritetsskyddsmyndigheten (IMY)
Website: www.imy.se
Phone: +46 8 657 61 00
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The "Last Updated" date at the top of this page will reflect when changes were made. We encourage you to review this page periodically.
11. Swedish Legal Framework
In addition to GDPR, processing and storage of information on user devices are handled in line with applicable Swedish legislation implementing the ePrivacy framework, including the Swedish Electronic Communications Act (SFS 2022:482), as applicable.