Privacy Policy

Last updated: 12 March 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Tharlonnothal
Krukmakargatan 13
118 51 Stockholm
Sweden

Email: managers@tharlonnothal.world
Phone: +46771405405

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us using the details above.

2. Scope and legal basis

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website https://tharlonnothal.world (the "Website") and our services, including the purchase of Enercorex and related customer communication. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Swedish Personal Data Act (SFS 2018:218), and other applicable data protection laws.

We process your data only where we have a legal basis: performance of a contract, your consent, our legitimate interests (where they are not overridden by your rights), or compliance with a legal obligation.

3. Personal data we collect

3.1 Data you provide to us

When you place an order, contact us, or use our contact form, we may collect: name, email address, telephone number (if you provide it), postal address, and the content of your message or order. We use this data to process your order, communicate with you, and fulfil our contractual and legal obligations.

3.2 Data collected automatically

When you visit our Website, we may automatically collect technical data such as your IP address, browser type and version, device type, operating system, referring URL, pages visited, and date and time of access. This data may be processed for the operation and security of the Website, to improve our services, and, where applicable, with your consent for analytics. For details on cookies and similar technologies, see our Cookie Policy.

3.3 Data from third parties

We may receive limited data from payment or logistics partners necessary to complete your order (e.g. delivery status). We do not buy or sell personal data for marketing purposes.

4. Purposes of processing

We use your personal data for the following purposes:

• Order processing and fulfilment: to take and process orders, arrange payment and delivery, and handle returns or complaints.
• Customer communication: to respond to enquiries, send order and shipping confirmations, and provide customer support.
• Legal and regulatory compliance: to comply with accounting, tax, and consumer law obligations (e.g. in Sweden and the EU).
• Website operation and security: to ensure the Website functions correctly, prevent fraud and abuse, and protect our systems.
• Analytics and improvement (where consent is given): to understand how the Website is used and to improve content and usability.
• Marketing (only with your consent): to send newsletters or promotional communications if you have opted in.

5. Legal basis for processing (GDPR)

We process your data on the following legal bases:

• Contract (Art. 6(1)(b) GDPR): processing necessary for the performance of a contract with you (e.g. order processing, delivery).
• Legal obligation (Art. 6(1)(c) GDPR): processing required by law (e.g. retention for tax or consumer rights).
• Legitimate interests (Art. 6(1)(f) GDPR): where we have a legitimate interest (e.g. fraud prevention, security, improving our services) and your interests do not override ours.
• Consent (Art. 6(1)(a) GDPR): where you have given clear consent (e.g. non-essential cookies, marketing). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. Retention periods

We keep your personal data only for as long as necessary for the purposes described above or as required by law:

• Order and customer data: for the duration of the customer relationship and thereafter for a period required by Swedish and EU law (e.g. bookkeeping and tax typically 7 years from the end of the financial year).
• Contact form and correspondence: until the matter is closed and any follow-up period has ended; thereafter as needed for legal or complaint handling (typically up to 2 years, unless longer retention is required by law).
• Technical and access logs: as needed for security and troubleshooting, typically up to 12 months, unless a shorter or longer period is required for legal or security reasons.
• Cookie and analytics data: as specified in our Cookie Policy and in accordance with your choices.
• Marketing data (where consent was given): until you withdraw consent or object, and then only as needed to record your preference (e.g. suppression list).

After the retention period, we delete or anonymise your data so that it can no longer be attributed to you.

7. Your rights under GDPR

Under the GDPR and Swedish law, you have the following rights in relation to your personal data:

• Right of access (Art. 15): you may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): you may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): you may request deletion of your data where there is no overriding reason for us to keep it (e.g. where processing was based on consent and you withdraw it, or where data is no longer necessary).
• Right to restriction of processing (Art. 18): you may request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): where processing is based on contract or consent and is carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): you may object to processing based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing.
• Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time.
• Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. In Sweden, the authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten), www.imy.se. In other EU/EEA countries, you may contact the supervisory authority in your country of residence.

To exercise any of these rights, please contact us using the contact details in section 1. We will respond without undue delay and in any event within one month, subject to possible extensions where permitted by law. We may ask you to verify your identity before processing your request.

8. Data security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include: use of HTTPS and encryption where applicable; secure handling of order and contact data; access controls and staff training; and regular review of our practices. Despite our efforts, no method of transmission or storage over the Internet is completely secure; we encourage you to use strong passwords and to contact us if you suspect any unauthorised use of your data.

9. International transfers

Your data is primarily processed within the European Union and the European Economic Area (EEA). If we transfer data to a country outside the EEA, we will ensure that appropriate safeguards are in place (e.g. adequacy decision by the European Commission, standard contractual clauses, or other mechanisms approved under GDPR) and that you can obtain a copy of such safeguards upon request.

10. Children

Our Website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Website, or legal requirements. The "Last updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on the Website where appropriate.

12. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact:

Tharlonnothal
Krukmakargatan 13, 118 51 Stockholm, Sweden
Email: managers@tharlonnothal.world
Phone: +46771405405