Bryxemaryriz.world

Privacy · EU & UK alignment

Privacy Policy

This document explains how Bryxemaryriz.world collects, uses, stores, and protects personal data when you browse, order Softyn, or communicate with us. We design flows to be transparent, minimal, and respectful of your choices.

Current as of · Malmö, Sweden

Summary. We process data to run the shop, deliver orders, comply with law, and—only with consent—send optional marketing or enable analytics. You can exercise GDPR rights by emailing us; we respond within statutory timelines.

1. Scope and commitment

This Privacy Policy applies to visitors of bryxemaryriz.world, customers who purchase Softyn, and anyone who emails or messages us. It should be read together with the Cookie Policy, Terms of Service, and Refund Policy.

We apply the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR and Data Protection Act 2018 where UK residents are concerned, and supplementary Swedish national rules including the Data Protection Act (2018:218) where they add specificity.

2. Data controller

Legal name: Bryxemaryriz.world
Address: Södra Förstadsgatan 41, 211 43 Malmö, Sweden
Email: ask@bryxemaryriz.world
Country: Sweden (EU/EEA)

We have not appointed a Data Protection Officer because our processing does not meet the statutory thresholds requiring one under Swedish law. You may address all privacy requests to the contact details above. If you are in the UK, you may also contact the ICO; if you are in the EU, you may contact your local supervisory authority.

3. Categories of personal data

Depending on how you interact with us, we may process the following categories:

  • Identity and contact: name, title, delivery address, billing address if different, phone number if provided.
  • Account and order: order identifiers, basket contents, payment status flags, shipment tracking references, returns history.
  • Communications: free-text messages from web forms, email threads, support tickets, recorded call notes if you phone us.
  • Technical and usage: IP address, approximate location derived from IP, browser type, operating system, device identifiers, timestamps, pages viewed, referring URLs, crash diagnostics.
  • Marketing: newsletter preferences, campaign identifiers, consent logs with timestamps.
  • Cookies: as described in the Cookie Policy, including identifiers stored on your device when you consent.
  • Payment metadata: we do not store full card numbers; our payment partners provide tokens and confirmation codes.

4. Purposes of processing

We use personal data to:

  • Operate and secure the website, including HTTPS, rate limiting, and bot mitigation.
  • Process orders, take payment, arrange shipping, and provide customer care.
  • Handle returns, chargebacks, and warranty-style questions under our policies.
  • Meet accounting, tax, and customs obligations.
  • Improve product information and site usability, including aggregated analytics when you consent.
  • Send service emails such as order confirmations and policy updates.
  • Send optional newsletters or product news when you opt in.
  • Establish, exercise, or defend legal claims when necessary.

5. Legal bases (GDPR Article 6)

  • Contract (Art. 6(1)(b)): order fulfilment, payments, delivery, essential account services.
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, network security, product improvement based on aggregated analytics, documenting commercial relationships, and limited direct marketing to existing customers where permitted by ePrivacy rules and you have not objected.
  • Consent (Art. 6(1)(a)): non-essential cookies, newsletters beyond soft opt-in where required, certain surveys or beta invites.
  • Legal obligation (Art. 6(1)(c)): bookkeeping, responding to lawful requests from authorities, product safety reporting if applicable.

Where special categories of data might rarely appear in free-text messages, we rely on explicit consent or legal claims as applicable and minimise such processing.

6. Recipients and subprocessors

We share personal data with:

  • Hosting and infrastructure providers within the EU/EEA or otherwise bound by SCCs.
  • Payment service providers and fraud screening tools.
  • Carriers and logistics partners for delivery.
  • Email delivery and ticketing systems.
  • Professional advisers (lawyers, accountants) under confidentiality.

Each provider receives only the data required for its task and is contractually required to follow GDPR Article 28 style terms.

7. International transfers

Where data leaves the EEA or UK, we implement Standard Contractual Clauses (2021 versions), supplementary measures such as encryption in transit, and, where available, adequacy decisions. Copies of transfer mechanisms may be requested in summary form by email.

8. Retention periods

  • Orders and invoices: up to seven years to satisfy Swedish accounting law.
  • Marketing consents and evidence: until withdrawal plus three years for disputes unless longer retention is justified.
  • Support records: typically three years after the last substantive message unless litigation is ongoing.
  • Web logs: rolling thirty to ninety days depending on security needs.
  • Cookie data: per durations listed in the Cookie Policy.

9. Your rights

You may request access, rectification, erasure, restriction, portability, and object to certain processing. You may withdraw consent at any time without affecting prior lawful processing. Requests are free unless manifestly excessive. We respond within one month, extendable where complex.

You may complain to the Swedish Authority for Privacy Protection via the IMY website or to your local authority if you live elsewhere in the EEA or UK.

10. Security measures

We apply TLS for data in transit, role-based access, least-privilege credentials, backups, vulnerability monitoring, and incident response playbooks. No system is perfectly secure; we mitigate residual risk through layered controls and vendor reviews.

11. Automated decision-making

We do not make decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.

12. Children

Softyn is marketed to adults. We do not knowingly collect data from children under sixteen without parental authority. If you believe we received a child’s data, contact us and we will delete it promptly where appropriate.

13. Advertising and online measurement

When you consent to marketing or analytics cookies, we may use tags from providers such as Google (for example Google Ads conversion measurement or Google Analytics) to understand whether ads led to visits or purchases. Those providers may process pseudonymous identifiers, IP-derived location, device data, and event data. You can withdraw consent via our cookie banner or your Google ad settings. Google’s terms and privacy materials describe how they operate as an independent controller or processor in different contexts. We do not use sensitive categories of personal data for ad targeting on this site.

14. Cookies and similar technologies

Detailed information appears in the Cookie Policy, including how to manage preferences through our banner and browser settings.

15. Changes to this policy

We update this Privacy Policy when our practices or legal requirements evolve. Material changes will be highlighted on the site or communicated by email where appropriate. Continued use after notice constitutes acceptance of non-material updates where permitted.

16. Contact

For privacy questions or to exercise rights: ask@bryxemaryriz.world, Bryxemaryriz.world, Södra Förstadsgatan 41, 211 43 Malmö, Sweden.