Privacy Policy

Last updated: 18 March 2025

1. Controller and contact details

The controller responsible for the processing of your personal data in connection with this website is:

Wlixaruneph
Address: Torggata 1, 0181 Oslo, Norway
Email: help@wlixaruneph.world
Phone: +47 24 15 50 50

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us using the details above.

2. Legal basis and applicable law

We process personal data in accordance with the EU General Data Protection Regulation (GDPR), which applies in the European Economic Area (EEA), and with the Norwegian Personal Data Act (personopplysningsloven) and related regulations. Where we operate from Norway, we also comply with guidelines issued by the Norwegian Data Protection Authority (Datatilsynet).

3. What personal data we collect and for what purposes

We collect and process the following categories of personal data for the purposes stated below.

3.1 Data you provide when ordering or contacting us

When you place an order or send a message via our contact or order forms, we collect:

• Name (so we can address you and process your order or enquiry)
• Email address (so we can send confirmations, shipping information and replies)
• Phone number (optional; if provided, we use it only to contact you regarding your order or enquiry)
• Message content (to understand and respond to your request)

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) for order processing, or our legitimate interest in responding to enquiries (Art. 6(1)(f) GDPR). Your consent, where requested (e.g. for marketing), is the legal basis under Art. 6(1)(a) GDPR.

3.2 Technical and usage data

When you visit our website, we may automatically collect:

• IP address (anonymised where possible)
• Browser type and version
• Operating system
• Date and time of access
• Pages visited and referring URL

This data is used to ensure security, correct operation of the website, and to analyse usage in a way that does not identify you personally, where we have a legitimate interest or use analytics cookies with your consent. See our Cookie Policy for details.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for security and operation; consent (Art. 6(1)(a) GDPR) where required for non-essential cookies or analytics.

3.3 Cookie data

We use cookies and similar technologies as described in our Cookie Policy. Strictly necessary cookies do not require consent. For analytics and marketing cookies we rely on your consent.

4. How long we keep your data (retention)

We retain your data only for as long as necessary for the purposes for which it was collected, or as required by law.

• Order and contact data: We keep order-related data (name, email, phone, message) for the duration of the business relationship and for a period of up to five (5) years after the last order or contact for accounting, warranty and legal claims. After that, data is deleted or anonymised unless a longer retention is required by law.
• Marketing and consent records: If you have given consent for marketing, we keep evidence of your consent and your contact data until you withdraw consent or object. We may retain a record that you opted out to honour your preference.
• Technical and access logs: Server and access logs are typically retained for a period of up to twelve (12) months for security and troubleshooting, unless a shorter or longer period is required by law.
• Cookie-related data: As set out in our Cookie Policy; session data is deleted when the session ends; persistent cookie data is kept only for the duration stated in the Cookie Policy.

After the retention period, we delete or anonymise your personal data so that you can no longer be identified.

5. Who we share your data with (recipients and transfers)

We may share your personal data with the following categories of recipients only where necessary:

• Service providers: Hosting, email delivery, payment processing and logistics partners who process data on our behalf (processors). We ensure that such processors are bound by contract to process data only according to our instructions and in line with GDPR.
• Authorities: If required by Norwegian or EEA law, we may disclose data to courts, police or other public authorities.

We do not sell your personal data. If we use service providers outside the EEA, we ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) in accordance with Chapter V GDPR.

6. Security measures

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or destruction, including:

• Use of HTTPS (TLS/SSL) for all pages to encrypt data in transit
• Access controls and restrictions so that only authorised personnel can access personal data
• Secure storage and handling of data by our processors
• Regular review of our security practices and, where applicable, adherence to industry standards

Despite these measures, no transmission or storage over the internet can be guaranteed to be completely secure. We encourage you to use a secure connection and to keep your login and contact details confidential.

7. Your rights under GDPR

Under the GDPR and Norwegian law, you have the following rights in relation to your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you and information about how we process it.
• Right to rectification (Art. 16): You may request that we correct inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request that we delete your personal data in certain circumstances (e.g. where it is no longer necessary, you withdraw consent, or you object and there are no overriding grounds).
• Right to restriction of processing (Art. 18): You may request that we limit how we use your data in certain situations (e.g. while we verify accuracy or while a dispute is ongoing).
• Right to data portability (Art. 20): Where processing is based on contract or consent and carried out by automated means, you may request to receive your data in a structured, commonly used format and to have it transmitted to another controller where technically feasible.
• Right to object (Art. 21): You may object to processing based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Norway, the relevant authority is the Norwegian Data Protection Authority (Datatilsynet), www.datatilsynet.no. In other EEA countries, you may contact the supervisory authority in your country of residence or place of work.

To exercise any of these rights, please contact us using the contact details in section 1. We will respond without undue delay and in any event within one month, unless the request is complex or numerous, in which case we may extend by a further two months and inform you. We may need to verify your identity before processing your request.

8. Children

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us and we will delete it without delay.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The "Last updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on our website.

10. Additional information for Norway

As we are based in Norway, the Norwegian Data Protection Authority (Datatilsynet) is our lead supervisory authority for cross-border processing within the EEA. You may contact Datatilsynet at Postboks 458 Sentrum, 0105 Oslo, Norway, or via their website. This Privacy Policy is provided in English; in case of conflict with a Norwegian version, the Norwegian version shall prevail for users in Norway to the extent permitted by law.