Privacy Policy

Last Updated: January 2024

1. Introduction

This Privacy Policy describes how Trozeloneth ("we," "us," or "our") collects, uses, stores, and protects your personal information when you visit our website at trozeloneth.world (the "Website") or use our services. We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller Information

Company Name: Trozeloneth

Registered Address: Råsundavägen 2, 169 67 Solna, Sweden

Contact Email: message@trozeloneth.world

Contact Phone: +46 8 734 00 00

We are the data controller responsible for your personal data. If you have any questions about this Privacy Policy or how we handle your personal information, please contact us using the details above.

3. What Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

Contact Information: Name, email address, phone number, and postal address when you place an order or contact us
Order Information: Details about products you purchase, order history, and preferences
Communication Data: Messages, inquiries, and feedback you send to us through contact forms or email
Account Information: If you create an account, we collect username, password (encrypted), and account preferences
Payment Information: Billing address and payment method details (payment card information is processed securely by our payment processor and not stored on our servers)

3.2 Information Collected Automatically

Technical Data: IP address, browser type and version, operating system, device information, time zone setting, and location data
Usage Data: Information about how you use our Website, including pages visited, time spent on pages, links clicked, and navigation paths
Cookie Data: Information collected through cookies and similar tracking technologies (see our Cookies Policy for details)
Log Data: Server logs that record technical information about your visit, including date and time stamps, referring URLs, and error messages

3.3 Information from Third Parties

Analytics Providers: We receive aggregated statistical data about website traffic and user behavior from analytics services
Payment Processors: Transaction confirmation and payment status information
Fraud Prevention Services: Information to help us detect and prevent fraudulent transactions

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

4.1 Contractual Necessity

Processing is necessary to fulfill our contract with you, including processing orders, delivering products, and providing customer support.

4.2 Consent

Where you have given explicit consent for specific processing activities, such as marketing communications or non-essential cookies.

4.3 Legitimate Interests

Processing is necessary for our legitimate business interests, such as:

Improving our products and services
Detecting and preventing fraud
Ensuring network and information security
Analyzing website usage and performance
Internal business administration

4.4 Legal Obligations

Processing is necessary to comply with legal obligations, such as tax and accounting requirements, responding to legal requests, and maintaining records as required by law.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

5.1 Order Processing and Fulfillment

Processing and fulfilling your orders
Communicating with you about your orders
Arranging delivery and shipping
Processing payments and refunds
Managing returns and exchanges

5.2 Customer Service

Responding to your inquiries and requests
Providing customer support
Resolving complaints and disputes
Sending service-related notifications

5.3 Website Improvement and Personalization

Analyzing how visitors use our Website
Improving website functionality and user experience
Personalizing content and recommendations
Testing new features and services

5.4 Marketing and Communications

Sending promotional emails about new products, special offers, and updates (only with your consent)
Conducting surveys and market research
Displaying targeted advertisements (only with your consent)

5.5 Security and Fraud Prevention

Detecting and preventing fraudulent transactions
Protecting against security threats and abuse
Enforcing our terms and conditions
Investigating suspicious activity

5.6 Legal Compliance

Complying with legal obligations and regulations
Responding to legal requests and court orders
Maintaining records as required by law
Protecting our legal rights and interests

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information with the following categories of recipients:

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our business:

Payment Processors: To process payments securely
Shipping Companies: To deliver your orders
Email Service Providers: To send transactional and marketing emails
Web Hosting Providers: To host our Website and databases
Analytics Providers: To analyze website usage and performance
Customer Support Tools: To manage customer inquiries and support tickets

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your personal data if required by law or in response to:

Court orders, subpoenas, or legal processes
Requests from law enforcement or government authorities
Legal obligations to disclose information
Protection of our rights, property, or safety, or that of others

6.3 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity. We will notify you of any such change and the choices you may have regarding your data.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions recognizing equivalent data protection standards
Binding Corporate Rules for intra-group transfers
Your explicit consent where required

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

Order and Transaction Data: 7 years from the date of transaction (for accounting and tax purposes)
Customer Account Data: Until you request deletion or 3 years after your last activity
Marketing Consent: Until you withdraw consent or 2 years of inactivity
Website Usage Data: 26 months from collection
Customer Support Records: 3 years from the last interaction
Legal Claims Data: Duration of the legal claim plus applicable statute of limitations

8.2 Deletion

After the retention period expires, we securely delete or anonymize your personal data. Anonymized data may be retained indefinitely for statistical and analytical purposes.

9. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, such as when:

The data is no longer necessary for the purposes it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Deletion is required to comply with a legal obligation

9.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

9.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred.

Swedish Data Protection Authority (Integritetsskyddsmyndigheten):

Website: www.imy.se

Email: imy@imy.se

Phone: +46 8 657 61 00

9.9 Exercising Your Rights

To exercise any of these rights, please contact us at message@trozeloneth.world or +46 8 734 00 00. We will respond to your request within one month, though this may be extended by two additional months for complex requests. We may request verification of your identity before processing your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

10.1 Technical Measures

SSL/TLS encryption for data transmission
Encrypted storage of sensitive data
Regular security assessments and penetration testing
Firewalls and intrusion detection systems
Secure authentication and access controls
Regular software updates and security patches

10.2 Organizational Measures

Access to personal data limited to authorized personnel only
Confidentiality agreements with employees and contractors
Regular staff training on data protection and security
Data protection impact assessments for high-risk processing
Incident response and breach notification procedures
Regular audits and compliance reviews

10.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

11. Children's Privacy

Our Website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our Website. For detailed information about the cookies we use and your choices regarding cookies, please see our Cookies Policy.

13. Third-Party Links

Our Website may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

14. Marketing Communications

With your consent, we may send you marketing communications about our products, services, and special offers. You can opt out of marketing communications at any time by:

Clicking the unsubscribe link in any marketing email
Contacting us at message@trozeloneth.world
Updating your communication preferences in your account settings

Please note that even if you opt out of marketing communications, we will still send you transactional emails related to your orders and account.

15. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automated processing we conduct is limited to basic analytics and does not involve decisions that significantly impact your rights.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated Privacy Policy on our Website with a new "Last Updated" date
Sending you an email notification if you have an account with us
Displaying a prominent notice on our Website

We encourage you to review this Privacy Policy periodically. Your continued use of our Website after changes are posted constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Trozeloneth

Address: Råsundavägen 2, 169 67 Solna, Sweden

Email: message@trozeloneth.world

Phone: +46 8 734 00 00

We will respond to your inquiry as soon as possible, typically within 5 business days.

18. Specific Information for EU/EEA Residents

If you are located in the European Union or European Economic Area, you have additional rights under GDPR as outlined in Section 9 of this Privacy Policy. We are committed to complying with all applicable EU data protection laws and regulations.

19. California Privacy Rights (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). While our primary operations are in the EU, we respect the privacy rights of all users. California residents may request information about the categories of personal information we collect, the purposes for collection, and the categories of third parties with whom we share information.

20. Data Protection Officer

For any data protection concerns or to exercise your rights, you may contact our Data Protection Officer at:

Email: message@trozeloneth.world

Subject Line: Data Protection Inquiry