Privacy Policy

1. Controller and contact details

The data controller responsible for your personal data in connection with this website is:

Kryxelonphrixxen
489 Oxford St, London W1C 2AU, United Kingdom
Phone: +44 20 7491 8444
Email: managers@kryxelonphrixxen.world

If you have questions about this Privacy Policy or about how we process your personal data, you may contact us using the details above.

2. Legal basis and applicable law

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we refer to the European Economic Area (EEA), we also comply with the EU General Data Protection Regulation (EU GDPR) where applicable. This Privacy Policy describes what data we collect, the purposes for which we use it, how long we keep it, your rights, and the measures we take to protect your data.

3. Personal data we collect

We may collect and process the following categories of personal data:

• Identity and contact data: name, email address, telephone number, and delivery address when you place an order or contact us.
• Transaction data: details of orders, payments, and correspondence related to your purchases.
• Technical data: IP address, browser type and version, time zone, device type, and information about how you use our website (e.g. pages visited, time spent), where this is collected through cookies or similar technologies. For more detail, see our Cookie Policy.
• Marketing and communications data: your preferences regarding marketing (e.g. whether you have agreed to receive newsletters), where applicable.

We do not routinely collect special category data (e.g. health data) unless you voluntarily provide it (e.g. in a message) and we have a lawful basis to process it. We will not use such data for purposes other than those you have been informed about.

4. Purposes and lawful bases for processing

We use your personal data only for the following purposes and on the following lawful bases:

• Order fulfilment and customer service: to process and deliver your order, manage payments, and respond to enquiries. Lawful basis: performance of a contract and, where relevant, legal obligation.
• Communication: to contact you about your order (e.g. confirmation, delivery, returns). Lawful basis: performance of a contract.
• Legal and regulatory compliance: to comply with applicable UK and, where relevant, EU laws (e.g. tax, consumer rights). Lawful basis: legal obligation.
• Website operation and security: to run and secure our website, prevent fraud, and ensure proper functioning. Lawful basis: legitimate interests (running our business and protecting our systems).
• Analytics and improvement: where you have consented or we rely on legitimate interests, we may use technical data to understand how the website is used and to improve it. See our Cookie Policy for details.
• Marketing: if you have given consent, we may send you marketing communications. You can withdraw consent at any time.

We will not use your personal data for purposes incompatible with those described here unless we inform you and, where required by law, obtain your consent or rely on another lawful basis.

5. Data retention

We keep your personal data only for as long as necessary for the purposes set out in this policy and to meet legal obligations:

• Order and customer data: typically for the duration of the contractual relationship plus a period required for tax, warranty, and legal claims (e.g. up to 7 years from the end of the contract or transaction, in line with UK requirements).
• Enquiries and correspondence: for the time needed to resolve your enquiry and, where relevant, for a further period for legal or operational reasons (e.g. up to 3 years).
• Technical and access logs: as set out in our Cookie Policy and internal policies, generally for a limited period (e.g. up to 12–24 months) unless a longer period is required for security or legal reasons.
• Marketing consent: until you withdraw consent or object, after which we will stop processing for that purpose and retain only what is needed to record your preference.

After the retention period, we will securely delete or anonymise your data so it can no longer identify you.

6. Sharing and international transfers

We may share your personal data with:

• Service providers: payment processors, delivery and logistics partners, IT and hosting providers, and professional advisers, who act on our instructions and are bound by confidentiality and data protection obligations.
• Public authorities: where we are required to do so by UK or other applicable law (e.g. tax, law enforcement).

We do not sell your personal data. If we transfer personal data outside the United Kingdom or the EEA, we will ensure that appropriate safeguards are in place (e.g. UK adequacy decisions, standard contractual clauses, or other approved mechanisms) in accordance with UK GDPR and, where applicable, EU GDPR.

7. Security measures

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or destruction, including:

• Use of HTTPS and encryption for data in transit where appropriate.
• Access controls and restrictions so that only authorised personnel can access personal data where necessary.
• Secure storage and handling of data, with regular review of our security practices.
• Selection of service providers that meet appropriate security and data protection standards.

Despite these measures, no system can be completely secure. If you become aware of any suspected breach, please contact us using the details in section 1.

8. Your rights

Under UK GDPR (and, where applicable, EU GDPR), you have the following rights in relation to your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request correction of inaccurate or incomplete data.
• Right to erasure: in certain circumstances, you may request that we delete your personal data.
• Right to restrict processing: in certain circumstances, you may request that we limit how we use your data.
• Right to data portability: where we process your data by automated means on the basis of contract or consent, you may request a copy in a structured, commonly used format.
• Right to object: you may object to processing based on legitimate interests or to processing for direct marketing.
• Right to withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month (or within the period required by applicable law). You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO): ico.org.uk. If you are in the EEA, you may lodge a complaint with the supervisory authority in your country of residence.

9. Children

Our website and services are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data relating to a child, please contact us and we will take steps to delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The "Last updated" date at the top will be revised when we make changes. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on our website where appropriate.

11. Third-party links

Our website may contain links to other websites. We are not responsible for the privacy practices or content of those sites. We recommend that you read their privacy policies before providing any personal data.