Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for your personal data is:

Qualtrexoinrax
Neude 11, 3512 AE Utrecht, Netherlands
Email: write-to-us@qualtrexoinrax.world
Website: https://qualtrexoinrax.world

2. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Contact Information: Full name, email address, and phone number (if provided) when you submit an order or contact form.
  • Communication Data: Messages, inquiries, and any other content you include in the message field of our forms.
  • Technical Data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, and time spent on pages. This data is collected automatically when you visit our website.
  • Cookie Data: Information stored by cookies and similar technologies on your device, as described in our Cookie Policy.
  • Consent Records: Records of the consents you have given, including the date, time, and scope of consent.

3. Purposes and Legal Basis for Processing

We process your personal data for the following purposes and under the corresponding legal bases as defined by the General Data Protection Regulation (GDPR):

3.1 Order Processing and Customer Communication

Purpose: To process your orders, respond to your inquiries, and provide customer support.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR) and your consent (Article 6(1)(a) GDPR).

3.2 Website Functionality

Purpose: To ensure the proper functioning of our website, maintain security, and prevent fraud.

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR).

3.3 Analytics

Purpose: To analyze website usage patterns and improve our services, content, and user experience.

Legal Basis: Your consent (Article 6(1)(a) GDPR), obtained through our cookie consent mechanism.

3.4 Legal Compliance

Purpose: To comply with applicable legal obligations, including tax and accounting requirements.

Legal Basis: Legal obligation (Article 6(1)(c) GDPR).

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order and contact form data: Retained for up to 3 years after the last interaction, or longer if required by applicable law (e.g., tax and accounting obligations may require retention for up to 7 years).
  • Technical and analytics data: Retained for up to 26 months from the date of collection.
  • Consent records: Retained for the duration of your consent and for up to 3 years after withdrawal for compliance documentation purposes.
  • Cookie data: Retention periods for cookies vary by type and are described in our Cookie Policy.

After the applicable retention period expires, your personal data is securely deleted or anonymized.

5. Data Sharing and Recipients

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients when necessary:

  • Service Providers: Trusted third-party service providers who assist us with website hosting, email delivery, payment processing, and analytics. These providers process data only on our behalf and under contractual data processing agreements.
  • Legal Authorities: Government agencies, law enforcement, or regulatory bodies when required by applicable law or legal process.
  • Professional Advisors: Accountants, auditors, and legal counsel when necessary for business operations and compliance.

6. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions by the European Commission for the receiving country.
  • Other appropriate safeguards as required by Chapter V of the GDPR.

7. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of Access (Article 15): You have the right to obtain confirmation as to whether your personal data is being processed and to access a copy of your data.
  • Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data and completion of incomplete data.
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
  • Right to Restriction of Processing (Article 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object (Article 21): You have the right to object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or another competent supervisory authority in the EU Member State of your habitual residence.

To exercise any of these rights, please contact us at write-to-us@qualtrexoinrax.world. We will respond to your request within 30 days, as required by the GDPR.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data transmitted via HTTPS/TLS protocols.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments and monitoring of our systems.
  • Secure data storage with appropriate backup procedures.
  • Staff training on data protection and security best practices.
  • Incident response procedures for potential data breaches, including notification to the supervisory authority and affected individuals within 72 hours where required by Article 33 GDPR.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you as described in Article 22 of the GDPR.

10. Children's Privacy

Our website and products are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such data promptly.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party websites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this Privacy Policy periodically.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Qualtrexoinrax
Neude 11, 3512 AE Utrecht, Netherlands
Email: write-to-us@qualtrexoinrax.world

14. Supervisory Authority

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority. For the Netherlands, the supervisory authority is:

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30, 2594 AV The Hague, Netherlands
Website: https://autoriteitpersoonsgegevens.nl