Xiphrannvor

Privacy Policy

Last updated:

1. Introduction

Xiphrannvor ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://xiphrannvor.world (the "Website") and purchase our products.

This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, and other applicable data protection laws.

2. Data Controller Information

The data controller responsible for your personal data is:

Xiphrannvor
666 Burrard St, Vancouver, BC V6C 2X8, Canada
Email: office@xiphrannvor.world

For any privacy-related inquiries or to exercise your data protection rights, please contact us at the email address above.

3. Information We Collect

3.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

  • Contact Information: Full name, email address, phone number (optional), and mailing address
  • Order Information: Products purchased, order history, and delivery preferences
  • Communication Data: Messages, inquiries, and feedback you send to us
  • Account Information: If you create an account, your login credentials and preferences

3.2 Information Collected Automatically

When you visit our Website, we may automatically collect certain information, including:

  • Device Information: IP address, browser type and version, operating system, device type
  • Usage Data: Pages visited, time spent on pages, click patterns, referring URLs
  • Location Data: General geographic location based on IP address
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

3.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Payment processors (transaction confirmation, not full payment details)
  • Analytics providers
  • Marketing partners (if you consented to data sharing)

4. Legal Bases for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill your order and provide our services
  • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and security
  • Legal Obligations: Processing necessary to comply with legal requirements, such as tax and accounting obligations

5. How We Use Your Information

We use the information we collect for the following purposes:

  • Order Processing: To process and fulfill your orders, including shipping, payment processing, and customer communication
  • Customer Service: To respond to your inquiries, provide support, and address complaints
  • Communication: To send order confirmations, shipping updates, and service-related notices
  • Marketing: With your consent, to send promotional materials, newsletters, and special offers
  • Website Improvement: To analyze usage patterns and improve our Website functionality and user experience
  • Security: To detect, prevent, and address fraud, unauthorized access, and other illegal activities
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Third parties who perform services on our behalf, such as payment processing, shipping, email delivery, and hosting. These providers are contractually bound to protect your data.
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to you
  • With Your Consent: When you have given explicit permission for specific sharing

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with adequate protection guarantees
  • Transfers to countries with adequacy decisions

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order Data: Retained for 7 years after the last purchase for tax and legal compliance
  • Account Data: Retained until you request deletion or close your account
  • Marketing Data: Retained until you withdraw consent or opt out
  • Analytics Data: Retained for up to 26 months in aggregated form
  • Communication Records: Retained for 3 years after the last interaction

After the retention period, data is securely deleted or anonymized.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise any of these rights, please contact us at office@xiphrannvor.world. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit using SSL/TLS protocols
  • Secure storage with access controls and authentication
  • Regular security assessments and updates
  • Employee training on data protection practices
  • Incident response procedures for potential data breaches

While we strive to protect your data, no method of transmission over the Internet is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

11. Children's Privacy

Our Website and products are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Third-Party Links

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our Website with a new effective date. Your continued use of our Website after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Xiphrannvor
666 Burrard St, Vancouver, BC V6C 2X8, Canada
Email: office@xiphrannvor.world

We are committed to working with you to resolve any complaints or concerns about your privacy.