Privacy Policy

1. Introduction

Zipharonthral ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website zipharonthral.world and purchase our products, including Cardelenta.

This policy is designed to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Dutch Data Protection Act (Uitvoeringswet AVG), and other applicable data protection laws.

2. Data Controller Information

The data controller responsible for your personal data is:

Where we are legally required to identify our business in public registers, relevant trade register (Kamer van Koophandel, KvK) and VAT (BTW-identificatienummer) details are provided on order confirmations, invoices, and in our Terms of Use where applicable.

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: Name, email address, phone number (optional), postal address
• Order Information: Products purchased, order history, payment details
• Communication Data: Messages, inquiries, and feedback you send us
• Account Information: If you create an account, your login credentials and preferences

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device information
• Usage Data: Pages visited, time spent on pages, navigation paths, click patterns
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and legal bases under GDPR Article 6:

• Contract Performance (Art. 6(1)(b)): Processing orders, delivering products, providing customer support, processing payments
• Legitimate Interests (Art. 6(1)(f)): Improving our website and services, fraud prevention, business analytics, marketing to existing customers
• Consent (Art. 6(1)(a)): Marketing communications, analytics cookies, personalization features
• Legal Obligations (Art. 6(1)(c)): Tax records, regulatory compliance, responding to legal requests

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order Data: 7 years after the transaction (for tax and accounting purposes)
• Marketing Consent: Until you withdraw consent or 3 years of inactivity
• Customer Support Communications: 3 years after the last interaction
• Website Analytics: 26 months maximum
• Cookie Data: Varies by cookie type (see Cookie Policy)

6. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of your personal data we hold
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Art. 18): Request limited processing of your data
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
• Right Related to Automated Decision-Making (Art. 22): Where applicable, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not use such automated decision-making in relation to your purchase or account unless we expressly inform you otherwise and have a lawful basis.

To exercise any of these rights, please contact us at question@zipharonthral.world. Under the GDPR we will respond without undue delay and in any event within one month of receipt (this may be extended by two further months where complex, in which case we will inform you).

Profiling and marketing

We may analyse customer segments or website usage to improve our services or, where you have given consent, to send you marketing. You may withdraw marketing consent at any time. You may object to processing based on legitimate interests, including profiling to the extent it is based on those interests, as described in Article 21 GDPR.

7. Data Sharing and Transfers

We may share your personal data with:

• Service Providers: Payment processors, shipping companies, hosting providers, email services
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for specific countries
• Binding Corporate Rules where applicable

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data transmission
• Secure data storage with access controls
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to implementing industry-standard protections.

If a breach of personal data is likely to result in a risk to your rights and freedoms, we will document the incident and notify the supervisory authority without undue delay and, where required by the GDPR, notify affected individuals.

9. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated version with a new "Last updated" date. Where changes materially affect processing based on consent or require new information under applicable law, we will provide an additional notice or request consent as required.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Dutch Data Protection Authority: