Privacy Policy

1. Introduction

Welcome to Khodraxncroz ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Dutch GDPR Implementation Act (Uitvoeringswet AVG), and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website khodraxncroz.world and use our services. This notice is provided in line with Articles 13 and 14 GDPR (information to be provided where personal data are collected from the data subject or from other sources).

2. Data Controller Information

The data controller responsible for your personal data is:

• Company Name: Khodraxncroz
• Address: Tweede Oosterparkstraat 163A, 1092 BE Amsterdam, Netherlands
• Email: admin@khodraxncroz.world
• Country: Netherlands

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide

• Contact Information: Name, email address, phone number
• Order Information: Billing and shipping addresses, payment details
• Communication Data: Messages, inquiries, and feedback you send us
• Consent Records: Records of permissions and consents you provide

3.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent on pages, click patterns
• Cookies and Tracking: Information collected through cookies and similar technologies

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes and legal bases (Article 6 GDPR):

• Performance of a contract (Art. 6(1)(b)): Processing orders, delivery, payments (as applicable), and customer support
• Consent (Art. 6(1)(a)): Non-essential cookies and similar technologies, and marketing communications where you have opted in
• Legitimate interests (Art. 6(1)(f)): Website security, fraud prevention, and limited analytics that do not require consent under applicable ePrivacy rules, balanced against your rights; you may object to processing based on legitimate interests as described below
• Legal obligation (Art. 6(1)(c)): Tax, accounting, and regulatory compliance (e.g. retaining invoices)

We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. If this changes, we will inform you and explain your rights.

5. Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Payment processors, shipping companies, email service providers, and hosting services that help us operate our business
• Legal Authorities: When required by law or to protect our rights and safety
• Business Transfers: In connection with any merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with adequate data protection
• Other legally recognized transfer mechanisms

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order Data: Retained for 7 years for tax and legal compliance purposes
• Account Data: Retained until you request deletion or account closure
• Marketing Data: Retained until you withdraw consent
• Analytics Data: Retained for up to 26 months

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided in this policy. We will respond without undue delay and in any event within one month of receipt of the request (Article 12 GDPR), unless the law allows an extension in complex cases. Exercising your rights is generally free of charge; we may charge a reasonable fee or refuse manifestly unfounded or excessive requests as permitted by law.

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data in transit
• Secure storage with access controls
• Regular security assessments and updates
• Employee training on data protection

10. Cookies

We use cookies and similar tracking technologies on our website. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (AP). Further information: https://www.autoriteitpersoonsgegevens.nl.

You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence or place of work if applicable.

13. Data Breaches

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the supervisory authority where required by law (including within 72 hours where the GDPR applies) and communicate to affected data subjects when required.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes where required by law, including by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.