This privacy policy complies with the EU General Data Protection Regulation (GDPR) and German data protection law (BDSG).
1. Data Controller
Thryxellkhak.world
Graf-Adolf-Straße 35
40215 Düsseldorf, Germany
Email: ask@thryxellkhak.world
2. Data We Collect
We collect the following categories of personal data:
- Contact information (name, email address) when you submit the contact form
- Message content you provide voluntarily
- Technical data (IP address, browser type, device information) for security and analytics
- Cookie data as described in our Cookie Policy
3. Purpose of Processing
We process your data for the following purposes:
- To respond to your inquiries and provide customer support
- To process orders and fulfill contractual obligations
- To improve our website and services
- To comply with legal obligations
- To send marketing communications (only with your consent)
4. Legal Basis
Under the General Data Protection Regulation (GDPR), we process your data based on:
- Consent (Art. 6(1)(a) GDPR) for contact requests and marketing
- Contract performance (Art. 6(1)(b) GDPR) for order processing
- Legitimate interests (Art. 6(1)(f) GDPR) for website security and analytics
- Legal obligation (Art. 6(1)(c) GDPR) where required by law
5. Data Retention
We retain your data only for as long as necessary:
- Contact form submissions: 24 months unless longer retention is required
- Order data: 7 years for tax and legal compliance
- Analytics data: 14 months
- Marketing consent: Until withdrawal
6. Your Rights
Under GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure ("right to be forgotten") (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
To exercise these rights, contact us at ask@thryxellkhak.world.
7. Data Security
We implement appropriate technical and organizational measures including encryption (HTTPS), access controls, and regular security assessments to protect your data.
8. Data Transfers
Your data is processed within the European Economic Area. Any transfers outside the EEA comply with GDPR and use adequate safeguards (e.g., Standard Contractual Clauses).
9. Third-party Processors
We may use processors for hosting, analytics, and email services. All processors are bound by data processing agreements and GDPR requirements.
10. Changes
We may update this policy. Continued use of our website after changes constitutes acceptance. We will notify you of material changes.
← Return to Homepage