Vorghalxzol

Privacy Policy

Last updated: 5 March 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website and the services offered is:

Vorghalxzol
Mannerheimintie 96
00250 Helsinki
Finland

Phone: +358 300 20200
Contact identifier: team@vorghalxzol.world

If you have questions about this Privacy Policy or the processing of your personal data, or if you wish to exercise your rights under data protection law, you may contact us using the details above or via our contact form.

2. Scope and applicability

This Privacy Policy applies to the website vorghalxzol.world and all related subpages (the "Website"), as well as to the processing of personal data in the context of orders, enquiries, customer support and marketing activities carried out by Vorghalxzol. It describes what personal data we collect, for what purposes we use it, on what legal basis we process it, how long we retain it, and what rights you have under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Finnish Data Protection Act (1050/2018).

We process personal data only in accordance with applicable law and in a transparent manner. By using our Website or providing your data to us, you acknowledge that you have read and understood this Privacy Policy.

3. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

3.1 Data you provide to us

  • Identity and contact data: name, email address, telephone number, and postal address when you place an order, use the contact form, or subscribe to communications.
  • Order and transaction data: order details, delivery address, payment-related information (e.g. payment method; we do not store full card numbers), and correspondence relating to your order.
  • Communication data: the content of messages you send us via the contact form, email or other channels.
  • Consent and preference data: records of your consent to processing (e.g. marketing, cookies, terms and privacy policy), and your preferences regarding communication and cookies.

3.2 Data collected automatically

  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar technical data generated when you use our Website. This data may be collected through cookies and similar technologies as described in our Cookie Policy.

We do not collect special categories of personal data (e.g. health, ethnic origin, political opinions) unless you voluntarily provide such data and we have a lawful basis to process it, or we are required to do so by law.

4. Purposes and legal bases for processing

We process your personal data only for specified, explicit and legitimate purposes. The main purposes and corresponding legal bases are set out below.

4.1 Performance of a contract (Art. 6(1)(b) GDPR)

We process your identity, contact and order data to handle and fulfil your orders, manage delivery, process returns in accordance with our Return Policy, and communicate with you about your order. This processing is necessary for the performance of the contract between you and us.

4.2 Legitimate interests (Art. 6(1)(f) GDPR)

We may process your data where necessary for our legitimate interests, provided that your interests or fundamental rights do not override them. This includes:

  • Improving and securing our Website and services (e.g. analysing usage, detecting and preventing fraud and abuse).
  • Handling and responding to your enquiries sent via the contact form or other channels.
  • Establishing, exercising or defending legal claims.
  • Managing our internal operations and complying with internal policies.

4.3 Consent (Art. 6(1)(a) GDPR)

Where we rely on your consent (e.g. for non-essential cookies, marketing communications, or other optional processing), we will ask for it explicitly. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal can be made via our contact details or, for cookies, via our cookie settings.

4.4 Legal obligation (Art. 6(1)(c) GDPR)

We process your data where necessary to comply with legal obligations, including tax, accounting, and consumer law requirements in Finland and the European Union. This may involve retaining certain data for the periods required by law.

5. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations.

  • Order and customer data: For the duration of the contractual relationship and thereafter for a period required by Finnish and EU law (e.g. accounting and tax: typically 6–10 years from the end of the financial year, depending on the obligation).
  • Contact form and general enquiries: Until your enquiry is resolved and for a reasonable period thereafter (e.g. 1–3 years) for follow-up and potential legal claims, unless a longer retention period is required by law.
  • Marketing and consent records: Until you withdraw consent or object, and for a short period thereafter to document your choice (e.g. up to 3 years).
  • Cookie and technical logs: As specified in our Cookie Policy (e.g. from session-only up to 24 months for analytics, depending on the cookie type and your choices).
  • Legal claims: If data is needed for the establishment, exercise or defence of legal claims, we may retain it until the relevant limitation period has expired under applicable law.

After the retention period has ended, we will delete or anonymise your data so that it can no longer be attributed to you.

6. Recipients and international transfers

We may share your personal data with the following categories of recipients, only where necessary for the purposes described in this Privacy Policy:

  • Service providers: Hosting providers, payment processors, logistics and delivery partners, email and communication services, and analytics providers, who act as processors on our instructions and are bound by data processing agreements where required by GDPR.
  • Authorities: If we are required to do so by law, we may disclose data to courts, law enforcement or other public authorities in Finland or elsewhere in the EU/EEA.

Your data is processed within the European Union and the European Economic Area (EEA). If we ever transfer personal data to a country outside the EEA, we will ensure that appropriate safeguards are in place (e.g. adequacy decision by the European Commission, standard contractual clauses, or other mechanisms approved under GDPR) and that you can obtain a copy of them on request.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. These measures include:

  • Use of HTTPS and encryption (e.g. TLS) for data transmitted between your device and our servers.
  • Restricted access to personal data on a need-to-know basis, with access controls and confidentiality obligations for our staff and processors.
  • Secure storage environments and regular review of our security practices.
  • Procedures to assess and respond to incidents that may affect the security of your data.

Despite our efforts, no method of transmission or storage over the Internet is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the details in section 1.

8. Your rights under GDPR

Under the GDPR, you have the following rights in relation to your personal data. You may exercise them by contacting us at the details given in section 1. We will respond without undue delay and in any event within one month, subject to possible extension where necessary.

  • Right of access (Art. 15): You may request confirmation as to whether we process your personal data and, if so, obtain a copy of the data and information about the processing.
  • Right to rectification (Art. 16): You may request that we correct inaccurate or incomplete personal data concerning you.
  • Right to erasure (Art. 17): You may request that we erase your personal data in certain circumstances (e.g. where the data is no longer necessary, you withdraw consent, or you object and there are no overriding legitimate grounds).
  • Right to restriction of processing (Art. 18): You may request that we restrict processing in certain situations (e.g. while we verify the accuracy of data or the lawfulness of processing).
  • Right to data portability (Art. 20): Where processing is based on consent or contract and is carried out by automated means, you may request to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible.
  • Right to object (Art. 21): You may object at any time to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, or for the establishment, exercise or defence of legal claims. You may also object to processing for direct marketing at any time, in which case we will stop such processing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): tietosuoja.fi.

9. Children

Our Website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will take steps to delete such data.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the nature of our services. The "Last updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a prominent notice on our Website before the changes take effect.

11. Additional information for Finnish users

This Privacy Policy is intended to comply with the GDPR and the Finnish Data Protection Act. Our principal place of business is in Finland, and we process data in accordance with Finnish and EU law. For any questions regarding the processing of your personal data or this Privacy Policy, you may contact us using the details in section 1 or the Finnish contact identifier provided there.

Return to homepage