Privacy Policy

Last updated: 18 March 2025

This Privacy Policy describes how Traxylonxolblix (“we”, “us”, “our”) collects, uses, stores and protects your personal data when you use our website https://traxylonxolblix.world and related services. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Norwegian Personal Data Act (personopplysningsloven), and other applicable data protection laws.

1. Data controller

The data controller responsible for your personal data is:

Traxylonxolblix
Operagata 18, 0194 Oslo, Norway
Email: office@traxylonxolblix.world
Phone: +47 22 33 23 00

If you have questions about this policy or your data, please contact us using the details above.

2. Personal data we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email address, telephone number, postal address when you place an order, use the contact form or subscribe to communications.
• Transaction data: order details, payment-related information (we do not store full card numbers; payment processing may be handled by third-party providers subject to their own privacy policies).
• Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, date and time of access, and similar technical data when you use our website.
• Communication data: content of messages you send us via contact form, email or other channels.
• Cookie and consent data: your cookie preferences and consent choices, as described in our Cookie Policy.

We do not collect special categories of personal data (e.g. health data) unless you voluntarily provide them in a message; in that case we use them only to respond to your request and in accordance with applicable law.

3. Legal basis and purposes of processing

We process your personal data only where we have a valid legal basis under GDPR:

• Contract (Art. 6(1)(b) GDPR): to perform our contract with you (e.g. processing orders, delivering products, handling returns and customer service).
• Legitimate interests (Art. 6(1)(f) GDPR): to operate and improve our website, prevent fraud, ensure security, analyse usage and enforce our terms, where such interests are not overridden by your rights.
• Consent (Art. 6(1)(a) GDPR): where you have given clear consent (e.g. for non-essential cookies, marketing communications or optional processing). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation (Art. 6(1)(c) GDPR): where we must comply with laws (e.g. tax, accounting, consumer rights).

Purposes include: order fulfilment and shipping; customer support; website operation and security; communication about your orders; compliance with legal obligations; and, where you have consented, analytics and marketing.

4. How we collect data

We collect data (a) directly from you when you fill in forms, place orders, contact us or set cookie preferences; (b) automatically when you use our website (e.g. technical and usage data, cookies as set out in our Cookie Policy); and (c) occasionally from third parties such as payment or delivery providers where necessary for the service.

5. Data retention

We retain your data only as long as necessary for the purposes above or as required by law:

• Order and customer data: for the duration of the contractual relationship and thereafter as required by Norwegian law (e.g. bookkeeping typically 5 years, consumer rights up to the statutory limitation period).
• Contact form and correspondence: until your request is resolved and for a reasonable period for follow-up and legal claims (typically up to 3 years unless longer retention is required).
• Technical and access logs: as needed for security and troubleshooting, typically up to 12 months, unless a shorter or longer period is justified.
• Cookie and consent records: as long as necessary to honour your choices and demonstrate compliance (typically up to 2 years).
• Marketing (where consent applies): until you withdraw consent or object, and then only as needed to record your objection.

After the retention period, we delete or anonymise your data so it can no longer identify you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:

• Use of HTTPS and encryption in transit for our website.
• Restricted access to personal data on a need-to-know basis.
• Secure storage and secure handling of any payment-related data in line with industry standards.
• Regular review of our security practices and updating of systems.

While we strive to protect your data, no method of transmission or storage over the internet is 100% secure; we cannot guarantee absolute security.

7. Sharing and international transfers

We may share your data with:

• Service providers: hosting, payment processing, shipping, email delivery and analytics, acting as processors on our instructions and under appropriate contracts.
• Authorities: when required by law or to protect our rights.

Where we transfer data outside the European Economic Area (EEA), we ensure adequate safeguards (e.g. EU Standard Contractual Clauses or adequacy decisions) in line with GDPR Chapter V.

8. Your rights under GDPR

You have the following rights in relation to your personal data:

• Access (Art. 15): obtain confirmation as to whether we process your data and a copy of your data.
• Rectification (Art. 16): have inaccurate data corrected.
• Erasure (Art. 17): request deletion where the data is no longer necessary, you withdraw consent, you object, or it was processed unlawfully, subject to legal exceptions.
• Restriction (Art. 18): request that we limit processing in certain circumstances.
• Data portability (Art. 20): receive your data in a structured, commonly used format where processing is based on contract or consent and is carried out by automated means.
• Object (Art. 21): object to processing based on legitimate interests or to processing for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise these rights, contact us at office@traxylonxolblix.world or the address above. We will respond within one month. You also have the right to lodge a complaint with a supervisory authority; in Norway, this is Datatilsynet (www.datatilsynet.no).

9. Children

Our services are not directed at persons under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will be revised, and we encourage you to review this page periodically. Material changes may be communicated via the website or by email where appropriate.

11. Contact

For any questions about this Privacy Policy or our processing of your personal data:

Traxylonxolblix
Operagata 18, 0194 Oslo, Norway
Email: office@traxylonxolblix.world
Phone: +47 22 33 23 00