Privacy Policy

Last updated:

1. Introduction

Phaltronbroz ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website phaltronbroz.world and use our services.

We process personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Norwegian Personal Data Act (personopplysningsloven), which implements the GDPR in Norway.

Where national rules apply alongside the GDPR (for example in relation to cookies and electronic marketing), we also follow applicable Norwegian legislation, including the Marketing Control Act (markedsføringsloven) and the Electronic Communications Act (ekomloven) where relevant.

2. Data Controller

The data controller responsible for your personal data is:

Phaltronbroz
Gjørasmoen 7
6613 Gjora
Norway
Email: partnership@phaltronbroz.world

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide

  • Name and contact information (email address, phone number)
  • Delivery address for order fulfillment
  • Order details and purchase history
  • Payment-related information: payments are processed by certified payment service providers. We do not store full payment card numbers on our servers; we may receive limited transaction metadata (such as payment status, last four digits of a card, or payment method type) as needed to administer your order.
  • Communications with our customer service
  • Any other information you voluntarily provide

3.2 Automatically Collected Information

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Pages visited and time spent on our website
  • Referral source
  • Cookie data (see our Cookie Policy)

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

4.1 Contract Performance (Article 6(1)(b) GDPR)

  • Processing and fulfilling your orders
  • Managing your account
  • Communicating about your orders and deliveries
  • Providing customer support

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

  • Improving our website and services
  • Analyzing website usage and trends
  • Preventing fraud and ensuring security
  • Protecting our legal rights

4.3 Consent (Article 6(1)(a) GDPR)

  • Sending marketing communications (where applicable), including email marketing where you have opted in
  • Using non-essential cookies and similar technologies (see our Cookie Policy)

You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Where we send marketing by email, each message will include a simple way to unsubscribe (or you may contact us using the details below).

4.4 Legal Obligations (Article 6(1)(c) GDPR)

  • Complying with tax and accounting requirements
  • Responding to legal requests from authorities

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order data: 5 years from the date of the transaction (for accounting and tax purposes)
  • Customer support communications: 3 years from the last interaction
  • Marketing consent records: Until consent is withdrawn, plus 3 years for documentation
  • Website analytics data: 26 months

6. Data Sharing and Recipients

We may share your personal data with:

  • Service providers: Payment processors, shipping companies, email service providers, and hosting services that assist us in operating our business
  • Professional advisors: Lawyers, accountants, and auditors when necessary
  • Authorities: Government bodies and law enforcement when required by law

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not sell your personal data to third parties.

7. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restriction: Request limitation of processing
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided below. We will respond to your request without undue delay and in any event within one month of receipt. That period may be extended by up to two further months where necessary, taking into account the complexity and number of requests; if so, we will inform you of the extension and reasons within one month of receipt.

We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data transmission
  • Secure server infrastructure
  • Access controls and authentication procedures
  • Regular security assessments
  • Employee training on data protection

10. Cookies

Our website uses cookies and similar technologies. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

11. Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet), which is the supervisory authority for Norway:

Datatilsynet
P.O. Box 458 Sentrum
0105 Oslo, Norway
Website: www.datatilsynet.no

This is without prejudice to your right to seek a judicial remedy before the courts.

Contact Us

partnership@phaltronbroz.world

Gjørasmoen 7, 6613 Gjora, Norway