Privacy Policy
Last updated: March 2025
1. Controller and contact details
The controller responsible for the processing of your personal data in relation to this website is:
ZephyroxdhorMarnixstraat 168
1016 TG Amsterdam
Netherlands
Email: community@zephyroxdhor.world
Phone: +31206231051
If you have questions about this Privacy Policy or about how we process your data, you can contact us using the details above.
2. Scope and applicable law
This Privacy Policy applies to the website zephyroxdhor.world and to all personal data we collect when you use our site, place orders, contact us or interact with our services. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Dutch implementation law (UAVG), and other applicable Dutch and European data protection laws.
3. Personal data we collect
We may collect and process the following categories of personal data:
- Identity and contact data: name, email address, phone number (if you provide it), and delivery or billing address when you place an order or contact us.
- Transaction and order data: order details, payment-related information (we do not store full card numbers; payment processing may be handled by third-party providers), and communication related to your order.
- Technical and usage data: IP address, browser type and version, device type, time zone, pages visited, and how you use our website. This may include data collected via cookies and similar technologies as described in our Cookie Policy.
- Communication data: content of messages you send us via contact forms, email or other channels.
4. Purposes and legal bases for processing
We process your personal data only for specified, explicit and legitimate purposes. The main purposes and legal bases are:
- Performance of a contract: to process and deliver your orders, manage your account (if applicable), and communicate with you about your order (Art. 6(1)(b) GDPR).
- Legitimate interests: to improve our website, prevent fraud, ensure security, and defend our legal rights, where our interests are not overridden by your rights (Art. 6(1)(f) GDPR).
- Consent: where we use non-essential cookies or send marketing communications, we do so only with your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
- Legal obligation: to comply with tax, accounting and other legal obligations (Art. 6(1)(c) GDPR).
5. Retention periods
We keep your personal data only for as long as necessary for the purposes for which it was collected or as required by law:
- Order and customer data: for the duration of the contractual relationship and thereafter for up to 7 years for tax and legal compliance purposes.
- Contact and enquiry data: until your enquiry is resolved and for a reasonable period thereafter (typically up to 2 years) unless you consent to longer retention.
- Cookie and analytics data: as set out in our Cookie Policy (e.g. session cookies until you close the browser; preference cookies up to 12 months or as indicated).
- Marketing data: until you withdraw consent or object, and then only as needed to document that withdrawal.
After the retention period, we delete or anonymise your data so that you can no longer be identified.
6. Recipients and international transfers
We may share your data with:
- Service providers who assist us (e.g. hosting, payment processing, email delivery, analytics). We choose providers that offer adequate safeguards and, where required, we use standard contractual clauses or other approved mechanisms for transfers outside the EEA.
- Public authorities when we are legally obliged to do so.
We do not sell your personal data to third parties. Any transfer of data outside the European Economic Area (EEA) is done in accordance with Chapter V of the GDPR (e.g. adequacy decisions, standard contractual clauses).
7. Your rights under the GDPR
You have the following rights in relation to your personal data:
- Right of access (Art. 15): you may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): you may ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17): in certain circumstances you may ask us to delete your data (e.g. where it is no longer necessary or you withdraw consent).
- Right to restriction of processing (Art. 18): you may ask us to restrict processing in certain situations (e.g. while we verify accuracy or you object).
- Right to data portability (Art. 20): where processing is based on contract or consent and is carried out by automated means, you may receive your data in a structured, commonly used format.
- Right to object (Art. 21): you may object to processing based on legitimate interests or to processing for direct marketing at any time.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
- Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP): autoriteitpersoonsgevens.nl.
To exercise any of these rights, please contact us using the contact details in section 1. We will respond within one month, unless the request is complex or we have received many requests, in which case we may extend by two further months and will inform you.
8. Security measures
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include:
- Use of HTTPS and encryption (e.g. TLS) for data in transit.
- Access controls and limited access to personal data on a need-to-know basis.
- Secure storage and, where applicable, encryption of sensitive data.
- Regular review of our security practices and contracts with processors to ensure they provide sufficient guarantees.
Despite these measures, no transmission or storage over the internet can be guaranteed to be completely secure. We encourage you to use strong passwords and to keep your login details confidential.
9. Children
Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The “Last updated” date at the top will be revised when we make changes. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on our website.
11. Additional information
For information about cookies and similar technologies we use on this website, please see our Cookie Policy. For the terms governing the use of our website and the purchase of products, see our Terms of Service and Return Policy.