Home

Privacy Policy

Last updated:

This Privacy Policy explains how Volkranncrshakar (“we”, “us”) collects and processes personal data when you use https://volkranncrshakar.world and related services in line with the EU General Data Protection Regulation (GDPR), Swedish data protection law, and applicable e-privacy rules.

1. Data controller

The controller responsible for your personal data is:

• Legal trading name: Volkranncrshakar
• Address: Fleminggatan 3, 112 26 Stockholm, Sweden
• General contact strings (no telephone published on this static site): info@volkranncrshakar.world, contact@volkranncrshakar.world, support@volkranncrshakar.world, help@volkranncrshakar.world

You may contact us using any of the strings above for privacy requests; please include your full name, country, and a clear description of the request.

2. Categories of personal data

Depending on how you interact with us, we may process:

• Identity and contact data: name, email address, postal address when provided, optional phone number if you supply it.
• Transaction data: order references, delivery preferences, payment confirmation metadata processed through our payment partners.
• Communication data: messages you send via forms, email headers, and support history.
• Technical data: IP address, browser type, device type, coarse geographic area derived from network data, pages viewed, and time stamps.
• Cookie and similar technology data: as described in our Cookie Policy.

3. Purposes and lawful bases

We process data only when a lawful basis under GDPR Article 6 applies:

• Contract (Art. 6(1)(b)): to process orders, deliver products, and respond to pre-contract enquiries.
• Legitimate interests (Art. 6(1)(f)): to secure the site, prevent fraud, improve usability, measure aggregated performance, and document compliance, balanced against your rights.
• Consent (Art. 6(1)(a)): for optional analytics or marketing cookies and for certain marketing messages where required. You may withdraw consent at any time without affecting earlier lawful processing.
• Legal obligation (Art. 6(1)(c)): to meet accounting, tax, or regulatory duties.

4. Recipients and processors

We share data with carefully selected processors who act on our instructions (hosting providers, email delivery, payment service providers, logistics partners, and IT security vendors). Contracts governed by Article 28 GDPR require confidentiality and appropriate safeguards.

5. International transfers

Where data leaves the European Economic Area, we rely on European Commission adequacy decisions or standard contractual clauses, supplemental measures where required, and transfer impact assessments when appropriate.

6. Retention

• Order and invoice records: retained for the duration required by Swedish bookkeeping law (typically seven years) unless a longer period is mandated.
• Marketing consents and related logs: retained until you withdraw consent and for a short cooling period to prove compliance.
• Support tickets: retained up to twenty-four months after the last reply unless a dispute requires longer storage.
• Server logs: retained on a rolling basis, generally not longer than ninety days unless needed for security investigations.

7. Security measures

We apply HTTPS encryption for data in transit, restrict staff access on a need-to-know basis, pseudonymise analytics where feasible, maintain patching routines, and review subprocessors regularly. No online transmission is risk-free; please use strong passwords and protect your devices.

8. Your rights

Under GDPR you may request:

• Access to your personal data;
• Rectification of inaccurate data;
• Erasure (“right to be forgotten”) where applicable;
• Restriction of processing;
• Data portability for data you provided where processing is automated and based on consent or contract;
• Objection to processing based on legitimate interests;
• Withdrawal of consent at any time;
• Information about automated decision-making (we do not use solely automated decisions with legal effects).

You may lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local supervisory authority.

9. Children

Our shop targets adults. We do not knowingly collect data from children under sixteen without parental authority.

10. Territories, language, and applicable law

The controller is established in Sweden (EEA). The website is published in English for convenience; statutory consumer information may also be supplied in Swedish or other languages where required at purchase. Visitors outside the EEA should note that local law may add or limit rights, and cross-border delivery may not be available to every country.

11. Advertising measurement, supplements, and sensitive topics

Where we run or measure online advertising, we aim to comply with platform rules (including Google Ads policies) as well as EU and national requirements for food supplements. We do not build segments that depend on perceived medical conditions, and we instruct partners to avoid personalised messaging that exploits chronic disease states. Technical data from campaigns may include aggregated performance metrics, coarse geographic areas, and conversion events, processed on the lawful bases set out in section 3.

12. Updates

When we materially change this policy, we revise the “Last updated” date and, where appropriate, notify active customers by email or a site notice.