Privacy Policy

1. Introduction and Data Controller Information

This Privacy Policy explains how Chakrellcrax collects, uses, stores, and protects your personal data when you visit our website or use our services. We are committed to protecting your privacy and ensuring transparency in our data processing activities in accordance with the General Data Protection Regulation (GDPR) and Norwegian data protection laws.

Data Controller:

Chakrellcrax
Drammensveien 852
1383 Asker, Norway
Phone: +47 66 76 45 00
Email: notifyuse@chakrellcrax.world

The data controller is responsible for determining the purposes and means of processing your personal data. If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details provided above.

2. Personal Data We Collect

We collect and process various types of personal data depending on how you interact with our website and services. The categories of personal data we may collect include:

2.1 Information You Provide Directly

Contact and Order Information: When you place an order or contact us through our forms, we collect your full name, email address, phone number, and any message or inquiry you submit. This information is necessary to process your order, respond to your inquiries, and provide customer support.

Delivery Information: If you place an order, we may collect your delivery address, including street address, postal code, city, and country to fulfill your order and arrange delivery.

Payment Information: When you make a purchase, payment information is processed by our secure third-party payment processors. We do not store complete credit card or payment card details on our servers. We may retain transaction identifiers and order summaries for record-keeping purposes.

2.2 Information Collected Automatically

Technical Data: When you visit our website, we automatically collect certain technical information, including your IP address, browser type and version, operating system, device type, time zone setting, browser plug-in types and versions, and other technology on the devices you use to access our website.

Usage Data: We collect information about how you use our website, including the pages you visit, the time and date of your visit, the time spent on pages, unique device identifiers, clickstream data, and other diagnostic data.

Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our website and store certain information. For detailed information about our use of cookies, please refer to our Cookies Policy.

2.3 Information from Third Parties

We may receive information about you from third-party service providers, such as payment processors, delivery services, and analytics providers, to the extent necessary to provide our services and improve our website functionality.

3. Legal Basis for Processing Personal Data

Under GDPR, we must have a legal basis to process your personal data. We process your personal data based on the following legal grounds:

Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This applies when you place an order for our products, and we need to process your data to fulfill that order.

Consent: You have given explicit consent for us to process your personal data for specific purposes, such as sending marketing communications or using certain types of cookies. You have the right to withdraw your consent at any time.

Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests. Our legitimate interests include operating and improving our website, preventing fraud, ensuring network and information security, and conducting business analytics.

Legal Obligations: Processing is necessary to comply with legal obligations to which we are subject, such as tax and accounting requirements, responding to lawful requests from authorities, and maintaining records as required by law.

4. Purposes of Data Processing

We process your personal data for the following specific purposes:

Order Processing and Fulfillment: To process your orders, arrange delivery, handle payments, and provide customer support related to your purchases. This includes communicating with you about your order status and addressing any issues that may arise.

Customer Service: To respond to your inquiries, questions, and requests submitted through our contact forms or other communication channels, and to provide technical support and assistance.

Website Operation and Improvement: To operate, maintain, and improve our website, including analyzing usage patterns, troubleshooting technical issues, testing new features, and enhancing user experience.

Marketing Communications: With your consent, to send you promotional materials, newsletters, special offers, and other marketing communications about our products and services. You can opt out of marketing communications at any time.

Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, including tax and accounting obligations, and to enforce our terms and conditions.

Fraud Prevention and Security: To detect, prevent, and address fraud, security breaches, and other potentially prohibited or illegal activities, and to protect the rights, property, and safety of our business, our customers, and others.

Analytics and Research: To conduct statistical analysis, market research, and business intelligence to understand customer preferences, improve our products and services, and make informed business decisions.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. However, we may share your personal data with the following categories of recipients for the purposes described in this Privacy Policy:

Service Providers: We engage trusted third-party service providers to perform functions on our behalf, such as payment processing, order fulfillment, delivery services, website hosting, data analysis, email delivery, customer service, and marketing assistance. These service providers have access to personal data only as needed to perform their functions and are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.

Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity or successor. We will notify you of any such change in ownership or control of your personal data.

Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities, such as a court order, subpoena, or government investigation. We may also disclose your data to enforce our terms and conditions, protect our rights and property, or protect the safety of our customers and others.

With Your Consent: We may share your personal data with third parties when you have given us explicit consent to do so for a specific purpose.

6. International Data Transfers

Your personal data may be transferred to and processed in countries other than Norway, including countries outside the European Economic Area (EEA) that may have different data protection laws. When we transfer your personal data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

These safeguards may include:

Standard Contractual Clauses: We use Standard Contractual Clauses approved by the European Commission to ensure that your data receives an adequate level of protection when transferred to countries outside the EEA.

Adequacy Decisions: We may transfer data to countries that have been deemed by the European Commission to provide an adequate level of data protection.

Other Appropriate Safeguards: We may rely on other legally recognized transfer mechanisms, such as binding corporate rules or certification schemes, where applicable.

If you would like more information about the specific safeguards we use for international data transfers, please contact us using the details provided in this Privacy Policy.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal, regulatory, accounting, and reporting obligations. The retention period varies depending on the type of data and the purpose for which it is processed:

Order and Transaction Data: We retain order information, including contact details, delivery addresses, and transaction records, for a period of seven years from the date of the transaction to comply with accounting, tax, and legal requirements.

Customer Service Communications: Records of customer inquiries and support communications are retained for three years to provide ongoing support and resolve any disputes that may arise.

Marketing Consent: If you have consented to receive marketing communications, we will retain your contact information and consent records until you withdraw your consent or we determine that the data is no longer needed for marketing purposes.

Website Usage Data: Technical and usage data collected through cookies and analytics tools are typically retained for a period of 26 months, after which they are anonymized or deleted.

Legal Claims: In some circumstances, we may retain personal data for longer periods if necessary to establish, exercise, or defend legal claims.

After the applicable retention period expires, we will securely delete or anonymize your personal data in accordance with our data retention and deletion procedures.

8. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and Norwegian data protection laws, you have the following rights regarding your personal data:

Right of Access: You have the right to request access to the personal data we hold about you and to receive information about how we process it. You can request a copy of your personal data in a commonly used electronic format.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We will make reasonable efforts to keep your data accurate and up to date.

Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, when you withdraw your consent, or when you object to the processing and there are no overriding legitimate grounds for continued processing.

Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data, when the processing is unlawful but you do not want the data erased, or when you need the data for legal claims.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, where technically feasible.

Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. If you object to marketing communications, we will stop sending them to you immediately.

Right to Withdraw Consent: Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates data protection laws. In Norway, the supervisory authority is the Norwegian Data Protection Authority (Datatilsynet).

To exercise any of these rights, please contact us using the contact details provided in this Privacy Policy. We will respond to your request within one month, although this period may be extended by two additional months in complex cases. We may request additional information to verify your identity before processing your request.

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Encryption: We use industry-standard encryption protocols (HTTPS/TLS) to protect data transmitted between your browser and our servers. Sensitive data stored on our systems is encrypted at rest.

Access Controls: Access to personal data is restricted to authorized personnel who need the information to perform their job functions. We implement role-based access controls and require strong authentication mechanisms.

Regular Security Assessments: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security weaknesses.

Employee Training: Our employees receive regular training on data protection principles, security best practices, and their obligations under applicable data protection laws.

Incident Response: We have established procedures for detecting, responding to, and reporting data security incidents. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

Third-Party Security: We carefully select service providers and require them to implement appropriate security measures to protect your personal data. We enter into data processing agreements with service providers that handle personal data on our behalf.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest standards of data protection.

10. Children's Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information from our servers promptly.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any data analysis we conduct is for internal business purposes, such as improving our services and understanding customer preferences, and does not result in automated decisions that impact your rights or interests.

12. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit. Clicking on third-party links or enabling third-party connections may allow those parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes to this Privacy Policy, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by sending you an email notification or displaying a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data. Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Chakrellcrax
Drammensveien 852
1383 Asker, Norway
Phone: +47 66 76 45 00
Email: notifyuse@chakrellcrax.world

We will respond to your inquiry as promptly as possible, typically within 30 days. If your inquiry is complex or requires additional investigation, we may extend this period and will inform you of the extension and the reasons for it.

15. Supervisory Authority

If you are not satisfied with our response to your privacy concerns or believe that we are processing your personal data in violation of applicable data protection laws, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):

Norwegian Data Protection Authority (Datatilsynet)
Postboks 458 Sentrum
0105 Oslo, Norway
Phone: +47 22 39 69 00
Website: www.datatilsynet.no