Xiphrannshimvorn.world

Privacy Policy

This Privacy Policy describes how Xiphrannshimvorn.world ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit our website or interact with our services. We are committed to transparency and compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

1. Data Controller

Xiphrannshimvorn.world is the data controller responsible for the processing of your personal data in connection with our website and services.

Contact Details

Xiphrannshimvorn.world
62 Lower Dorset Street Lower, Phibsborough, Dublin, D01 P5V9, Ireland
Email: admin@xiphrannshimvorn.world

2. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data

Includes your first name, last name, or other identifiers you provide when contacting us or placing an order.

Contact Data

Includes your email address, postal address, telephone number, and other contact details you voluntarily provide.

Technical Data

Includes your IP address, browser type and version, time zone, browser plug-ins, operating system, device information, and unique device identifiers.

Usage Data

Includes information about how you use our website, including pages visited, time spent on pages, navigation paths, click patterns, and referral sources.

Communication Data

Includes the content of messages you send to us via contact forms, email, or other means.

3. Purposes and Legal Basis for Processing

We process your personal data for the following purposes, with the legal basis indicated:

  • Fulfilment of orders and contracts: To process and fulfil your purchases, communicate about orders, and provide customer support. Legal basis: Performance of a contract.
  • Responding to enquiries: To reply to your questions, complaints, or requests. Legal basis: Legitimate interest (efficient customer service) or performance of a contract.
  • Website operation and security: To ensure the proper functioning, security, and integrity of our website. Legal basis: Legitimate interest.
  • Analytics and improvement: To analyse how our website is used and improve our services, where you have given consent. Legal basis: Consent.
  • Marketing communications: To send you promotional content, where you have given consent. Legal basis: Consent.
  • Legal compliance: To comply with legal obligations, such as tax or regulatory requirements. Legal basis: Legal obligation.

4. Data Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include:

  • Order and transaction data: Up to 7 years for accounting and legal compliance purposes.
  • Contact form and enquiry data: Up to 3 years from the date of last contact, unless a longer retention period is required by law.
  • Technical and usage data: Up to 24 months, unless a shorter period is required by applicable law.
  • Marketing consent records: Until you withdraw consent, after which we will cease processing for that purpose within a reasonable period.
  • Cookie data: As specified in our Cookie Policy, typically between session length and 24 months.

5. Your Rights Under GDPR

Under the General Data Protection Regulation (EU 2016/679) and Irish data protection law, you have the following rights:

Right of Access

You may request a copy of the personal data we hold about you. We will respond within one month of receiving a valid request.

Right to Rectification

You may request that we correct any inaccurate or incomplete personal data.

Right to Erasure

You may request that we delete your personal data in certain circumstances, such as where the data is no longer necessary, you withdraw consent, or the processing is unlawful.

Right to Restriction of Processing

You may request that we restrict the processing of your data in certain situations, for example while we verify the accuracy of data or where you have objected to processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format.

Right to Object

You may object to processing based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, or freedoms.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

To exercise any of these rights, please contact us at admin@xiphrannshimvorn.world. We will respond without undue delay, and in any event within one month.

6. Data Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/HTTPS
  • Access controls limiting data access to authorised personnel on a need-to-know basis
  • Regular security assessments and updates
  • Secure storage of sensitive data with appropriate safeguards
  • Staff training on data protection and confidentiality

7. Data Sharing and Recipients

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Service providers: Hosting providers, email service providers, analytics providers, and payment processors who process data on our behalf under strict data processing agreements
  • Legal and regulatory authorities: Where required by law or to protect our legal rights

All processors are bound by contractual obligations to ensure the same level of data protection.

8. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or adequacy decisions. You may request details of such safeguards by contacting us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.