Privacy Policy

Last updated: March 11, 2025

1. Controller and contact

The controller responsible for the processing of your personal data in connection with this website is:

Nyxarioncrshran
Smb 1251, 506 S Spring St #13308
Los Angeles, CA 90013, United States

Email: message@nyxarioncrshran.world
Phone: +1 657 888 4666

If you have questions about this Privacy Policy or about how we process your data, you may contact us at the above address or email.

2. Scope and legal basis

This Privacy Policy applies to the website nyxarioncrshran.world and any related subpages and services. It describes what personal data we collect, for what purposes we use it, how long we keep it, and what rights you have.

We process personal data in accordance with applicable law, including the General Data Protection Regulation (GDPR) where it applies to you, and with US federal and state privacy laws where we operate. Our processing is based on consent where required, on the performance of a contract, on our legitimate interests where appropriate, or on legal obligation.

3. Personal data we collect

We may collect the following categories of personal data:

• Identification and contact data: name, email address, telephone number (if you provide it), and postal address when you place an order or contact us.
• Order and transaction data: order details, payment-related information (we do not store full card numbers; payment processing may be handled by third-party providers), delivery address, and order history.
• Communication data: content of messages you send us (e.g. via contact form or email) and records of our correspondence.
• Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar data collected automatically when you use our website. This may include data collected via cookies and similar technologies, as described in our Cookie Policy.

4. Purposes of processing

We use your personal data for the following purposes:

• To process and fulfil your orders, including shipping and customer support.
• To communicate with you about your orders, enquiries, or complaints.
• To send you necessary transactional messages (e.g. order and shipping confirmations).
• To manage and improve our website, including analytics (where you have consented or where we have a legitimate interest), security, and troubleshooting.
• To comply with legal obligations (e.g. tax, accounting, responding to lawful requests from authorities).
• To establish, exercise, or defend legal claims.
• Where you have given consent, for marketing communications or other purposes for which we have asked your consent.

5. Legal basis for processing (GDPR)

Where the GDPR applies to our processing of your data:

• Contract: Processing necessary for the performance of a contract with you (e.g. order processing, delivery) or to take steps at your request before entering into a contract.
• Legal obligation: Processing necessary to comply with a legal obligation (e.g. retention for tax or consumer law).
• Legitimate interests: Processing necessary for our legitimate interests (e.g. improving our website, security, fraud prevention), where those interests are not overridden by your rights.
• Consent: Where we rely on consent (e.g. non-essential cookies, marketing), you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. Retention periods

We retain your personal data only for as long as necessary for the purposes set out in this policy or as required by law.

• Order and customer data: Typically for the duration of the contractual relationship and thereafter for a period required by law (e.g. tax and commercial law retention, often 6–10 years depending on jurisdiction) and for the establishment, exercise, or defence of legal claims.
• Contact and communication data: For as long as needed to handle your enquiry and for a reasonable period thereafter, and where applicable for legal or evidentiary purposes.
• Marketing and consent-based processing: Until you withdraw consent or object, or for the period specified when we obtained consent.
• Technical and access logs: For a limited period necessary for security and troubleshooting (e.g. up to 12–24 months unless a longer period is required by law or for legal claims).
• Cookie-related data: As specified in our Cookie Policy.

After the retention period, we delete or anonymise your data so that it can no longer be attributed to you.

7. Recipients and international transfers

We may share your personal data with:

• Service providers who assist us (e.g. hosting, payment processing, shipping, email delivery, analytics). Such providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.
• Professional advisers (e.g. lawyers, accountants) where necessary.
• Public authorities when required by law or to protect our rights.

Some of these recipients may be located outside the European Economic Area (EEA) or your country of residence. Where we transfer data to countries that are not recognised as providing an adequate level of data protection, we implement appropriate safeguards (e.g. standard contractual clauses approved by the European Commission or equivalent mechanisms) as required by applicable law.

8. Security measures

We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Use of HTTPS and encryption for data in transit where appropriate.
• Access controls and restrictions so that only authorised personnel can access personal data on a need-to-know basis.
• Secure storage and handling of data, including where applicable encryption at rest.
• Regular review and updating of our security practices and, where applicable, contracts with processors that require appropriate security measures.
• Procedures to respond to suspected or actual data breaches, including notification to supervisory authorities and affected individuals where required by law.

Despite our efforts, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and to protect your own devices and accounts.

9. Your rights

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

• Access: To obtain confirmation as to whether we process your data and, where that is the case, access to that data and certain information about the processing.
• Rectification: To have inaccurate or incomplete data corrected.
• Erasure: To request deletion of your data in certain circumstances (e.g. where it is no longer necessary, where you withdraw consent, or where you object and we have no overriding legitimate interest).
• Restriction: To request that we restrict processing in certain situations (e.g. while we verify accuracy or while a dispute is pending).
• Data portability: Where processing is based on contract or consent and carried out by automated means, to receive your data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller.
• Objection: To object to processing based on legitimate interests, including profiling. You may also object to processing for direct marketing at any time.
• Withdraw consent: Where we rely on consent, to withdraw it at any time.
• Complaint: To lodge a complaint with a supervisory authority in your country of residence or place of work.

To exercise any of these rights, please contact us using the details in section 1. We will respond within the time limit set by applicable law (e.g. one month under the GDPR, subject to extensions where permitted). We may need to verify your identity before processing your request.

If you are in the European Economic Area, you can find your data protection authority at the website of the European Data Protection Board or your national supervisory authority. If you are in the United States, you may have additional rights under state laws (e.g. California, Virginia, Colorado); we will honour them where applicable.

10. Children

Our website and services are not directed at children under 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated version on this page and indicate the date of the last update. Where required by law, we will seek your consent or give you notice of material changes. We encourage you to review this policy periodically.

12. Additional information for specific regions

United States: We comply with applicable US federal and state privacy laws. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), as amended, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information as defined under the CCPA. To exercise your rights, contact us at the details above.

European Economic Area and UK: Our processing is carried out in accordance with the GDPR and, where applicable, the UK GDPR. You have the rights set out in section 9 and the right to lodge a complaint with a supervisory authority.