Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for the processing of your personal data is:

Khimreonsruz
Torgallmenningen 10, 5014 Bergen, Norway
Email: managers@khimreonsruz.world
Website: https://khimreonsruz.world

2. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Contact Information: Full name, email address, and phone number (if voluntarily provided) when you submit an order form or contact us.
  • Communication Data: The content of messages you send through our contact or order forms.
  • Technical Data: IP address, browser type, operating system, referring URLs, pages visited, time spent on pages, and other diagnostic data collected through cookies and similar technologies.
  • Cookie Data: Information collected through strictly necessary, analytics, and marketing cookies as described in our Cookie Policy.

3. Purposes of Processing

We process your personal data for the following purposes:

  • Order Processing: To receive and process your order requests, communicate regarding your order status, and provide customer support.
  • Communication: To respond to your inquiries and provide information you have requested.
  • Website Functionality: To ensure the proper functioning of our website, including remembering your cookie preferences.
  • Analytics: To understand how visitors use our website and to improve its content and functionality (only with your consent).
  • Marketing: To deliver relevant content and measure the effectiveness of our communications (only with your consent).
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Consent (Article 6(1)(a) GDPR): When you have given clear consent for us to process your personal data for specific purposes, such as analytics and marketing cookies, and when you submit the order form with GDPR consent.
  • Contractual Necessity (Article 6(1)(b) GDPR): When processing is necessary to fulfill a contract with you or to take steps at your request prior to entering into a contract.
  • Legitimate Interests (Article 6(1)(f) GDPR): When processing is necessary for our legitimate interests, such as improving our website, ensuring security, and preventing fraud, provided these interests are not overridden by your rights.
  • Legal Obligation (Article 6(1)(c) GDPR): When processing is required to comply with a legal obligation to which we are subject.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order Data: Retained for up to 5 years following the completion of the order to comply with accounting and tax regulations under Norwegian law.
  • Communication Data: Retained for up to 2 years after your last communication with us, unless a longer retention period is required by law.
  • Technical/Cookie Data: Session cookies expire when you close your browser. Persistent cookies have varying lifespans as described in our Cookie Policy, generally not exceeding 12 months.
  • Consent Records: Records of your consent are retained for up to 5 years as evidence of compliance with GDPR requirements.

When personal data is no longer needed, it is securely deleted or anonymized.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your data with the following categories of recipients only when necessary:

  • Service Providers: Trusted third-party service providers who assist us in operating our website, processing orders, and delivering services (e.g., hosting providers, email service providers). These providers are contractually obligated to process data only on our behalf and in accordance with our instructions.
  • Legal Authorities: When required by law, regulation, or legal process, or to protect our rights, privacy, safety, or property.
  • Analytics Providers: If you consent to analytics cookies, anonymized or pseudonymized data may be shared with analytics service providers to help us understand website usage patterns.

7. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions by the European Commission recognizing the recipient country's level of data protection.
  • Other legally recognized transfer mechanisms under GDPR.

8. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
  • Right to Restriction (Article 18): You have the right to request restriction of processing of your personal data under certain circumstances.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe your data protection rights have been violated. Contact: www.datatilsynet.no.

To exercise any of these rights, please contact us at managers@khimreonsruz.world. We will respond to your request within 30 days.

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS protocols.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments and updates of our systems.
  • Secure storage of personal data with appropriate backup procedures.
  • Staff training on data protection and security practices.

While we strive to protect your personal data, no method of electronic storage or transmission is completely secure. We encourage you to take steps to protect your personal information online.

10. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Khimreonsruz
Torgallmenningen 10, 5014 Bergen, Norway
Email: managers@khimreonsruz.world