Shexlyonighimil.world

Legal suite

Privacy Policy

Current as of

Controller and scope

Shexlyonighimil.world, with its principal contact point at Vesterbrogade 34, 1620 København V, Denmark, acts as the data controller for personal data processed through this website, the Arixen product catalogue, customer service channels, and related logistics communications. This Privacy Policy applies whether you browse anonymously, create an account, submit an order form, subscribe to updates, or correspond with us by email at chat@shexlyonighimil.world.

We describe our practices in plain language while aligning terminology with the EU General Data Protection Regulation (GDPR), the UK GDPR where it applies to UK residents, and the Danish Data Protection Act. If any provision of national law grants you stronger protection, that provision prevails for consumers located in that country.

Processing tied exclusively to cookies and similar identifiers is summarized in the Cookie Policy, which should be read together with this document. Employees and contractors who access personal data on our behalf are bound by confidentiality and instructions documented in data processing agreements.

Personal data categories

Depending on how you interact with us, we may process the following categories of personal data, always limited to what is adequate and relevant:

  • Identity and contact data: name, delivery address, billing address, telephone number, email address, and language preference.
  • Transaction data: order identifiers, basket contents, payment references generated by payment service providers, shipping labels, and return case numbers.
  • Financial data: we do not store full payment card numbers on our servers; tokenized references and partial digits may appear in dashboards operated by certified payment partners.
  • Technical and usage data: IP address, device type, browser version, operating system, approximate location derived from IP, pages viewed, time on page, referral URL, and diagnostic logs needed to maintain security.
  • Marketing and communications data: consent records, unsubscribe timestamps, campaign identifiers, and the content of emails or chat messages you initiate.
  • Compliance data: fraud signals, dispute correspondence, and regulatory filings where we are legally obliged to retain them.

Special categories of data under Article 9 GDPR are not part of our standard catalogue offering. If you voluntarily disclose health-related information, we will restrict internal access and delete it when the conversation concludes unless a separate legal basis requires retention.

Purposes and lawful bases

We process personal data only when a lawful basis applies. The table below reflects the most common scenarios for Arixen customers and website visitors.

  • Contract and pre-contract: responding to order inquiries, processing purchases, arranging delivery, issuing invoices, and providing warranty-related support (GDPR Article 6(1)(b)).
  • Legal obligation: bookkeeping, tax reporting, product traceability, cooperation with supervisory authorities, and responding to lawful requests from courts (Article 6(1)(c)).
  • Legitimate interests: securing our infrastructure, analyzing aggregated traffic to improve usability, enforcing our Terms of Service, and defending legal claims, balanced against your rights (Article 6(1)(f)).
  • Consent: optional analytics cookies, marketing emails, personalized advertising pixels, and certain surveys (Article 6(1)(a)). You may withdraw consent without affecting the lawfulness of earlier processing.

Where we rely on legitimate interests, we document a balancing test and offer an easy way to object when the right to object applies under Article 21 GDPR.

Recipients and processors

Personal data is disclosed only to recipients who need it to perform services for us or to comply with law. Categories include hosting and content delivery providers, email and SMS gateways, payment acquirers, fraud screening tools, warehousing and courier partners, customer relationship platforms, professional advisers, and insurers. Each processor receives written instructions prohibiting use for unrelated purposes.

We do not sell personal data in the sense of exchanging lists for monetary consideration. If we ever participate in a corporate transaction such as a merger, personal data may transfer to the successor entity under safeguards described in transaction documents and updated privacy notices.

International transfers

Our primary operations and storage are located within the European Economic Area. Some subprocessors maintain facilities or support staff in the United States or other third countries. When such transfers occur, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplementary measures where required by case law, or adequacy decisions. Copies of relevant transfer mechanisms are available upon request subject to confidentiality.

Retention

We keep personal data only as long as necessary for the purposes collected:

  • Marketing consents and preference centers: until withdrawal plus a short audit trail, typically not exceeding twenty-four months after the last interaction.
  • Transactional and accounting records: up to seven years from the end of the financial year to satisfy Danish bookkeeping legislation.
  • Customer service tickets: twenty-four months after closure unless a dispute extends the period.
  • Server and security logs containing IP addresses: rolling ninety-day deletion unless an active investigation requires isolation of specific entries.
  • Newsletter analytics: aggregated within thirty days where possible; raw events may persist up to thirteen months depending on vendor defaults.

After retention periods expire, we delete or irreversibly anonymize data. Backup systems may retain encrypted copies for a limited technical window before automatic overwrite.

Security measures

We maintain a proportionate security programme that includes TLS encryption for data in transit, encryption at rest for databases where supported, role-based access controls, multi-factor authentication for administrative accounts, periodic vulnerability scanning, incident response playbooks, and staff training on phishing awareness. Physical documents, if any, are stored in locked facilities with restricted keys.

No method of transmission or storage is completely secure. If we become aware of a breach likely to affect your rights, we will notify the supervisory authority and, when required, affected individuals without undue delay.

Your rights

Subject to applicable law, you may exercise the following rights by emailing chat@shexlyonighimil.world or writing to our postal address:

  • Access to the personal data we hold about you and information about processing.
  • Rectification of inaccurate or incomplete data.
  • Erasure where processing is no longer necessary or where you withdraw consent and no other ground applies.
  • Restriction of processing in specific situations such as contested accuracy.
  • Data portability for data processed by automated means under contract or consent, provided technically feasible.
  • Objection to processing based on legitimate interests or to direct marketing, including profiling related to marketing.
  • Lodge a complaint with Datatilsynet in Denmark or another EU supervisory authority in your habitual residence or workplace.

We may request reasonable evidence of identity before fulfilling requests. If we decline, we will explain the reason and remind you of your right to complain.

Automated decisions

We do not make decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR. Payment providers may apply automated fraud scores; those decisions are governed by their own privacy policies and subject to your rights vis-à-vis those providers.

Children

Arixen products and this website are intended for adults who can enter binding contracts. We do not knowingly collect personal data from children under sixteen without verifiable parental authority. If you believe a minor has provided data, contact us and we will delete it promptly.

Changes and contact

We may update this Privacy Policy to reflect operational, technical, or legal developments. The date at the top adjusts automatically when you load the page so you can see the current publication moment. Material changes may also be announced by banner or email where appropriate.

For all privacy questions, including data subject requests, contact Shexlyonighimil.world, Vesterbrogade 34, 1620 København V, Denmark, email chat@shexlyonighimil.world. We aim to respond within one month, extendable by two further months in complex cases as permitted by Article 12 GDPR.

Controller contact

Shexlyonighimil.world, Vesterbrogade 34, 1620 København V, Denmark. Email: chat@shexlyonighimil.world