Privacy Policy

Last updated: 12 March 2025

This Privacy Policy describes how Shunrynnaezly ("we", "us", "our") collects, uses, stores and protects your personal data when you use our website https://shunrynnaezly.world (the "Website") and our services. We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"), the Swedish Personal Data Act (SFS 2018:218 with amendments), and other applicable data protection laws.

1. Data controller

The data controller responsible for your personal data is:

Shunrynnaezly
Västerlånggatan 16
111 29 Stockholm
Sweden
Email: notifyuse@shunrynnaezly.world
Phone: +46771450450

2. Purposes and legal basis for processing

We process your personal data only for specified, explicit and legitimate purposes. The main purposes and corresponding legal bases are:

• Order and contract performance: To process your orders, deliver products, and communicate about your order (e.g. name, email, phone, address). Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Customer service: To respond to your enquiries and provide support. Legal basis: performance of a contract and/or our legitimate interest in providing good service (Art. 6(1)(b) and (f) GDPR).
• Legal compliance: To comply with accounting, tax and consumer law obligations (e.g. retention of invoices). Legal basis: legal obligation (Art. 6(1)(c) GDPR).
• Website operation and security: To ensure the technical operation and security of the Website (e.g. IP address, logs where necessary). Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
• Cookies and similar technologies: As described in our Cookie Policy. Legal basis: consent where required, otherwise legitimate interest or legal obligation.

3. Categories of personal data we collect

We may collect and process the following categories of data:

• Identity and contact data: name, email address, telephone number, postal address.
• Transaction data: order details, payment-related information (we do not store full payment card numbers; payment processing may be handled by third-party providers).
• Technical and usage data: IP address, browser type, device information, pages visited, date and time of access (including via cookies where applicable).
• Communication data: content of messages you send us (e.g. via contact or order forms).

We do not collect special categories of data (e.g. health data) unless you voluntarily provide them in a message and we need them to respond; in that case we will process them only with your consent or as otherwise permitted by law.

4. Sources of personal data

We obtain personal data directly from you when you place an order, fill in a contact form, subscribe to communications (where offered), or contact us by email or phone. We may also obtain technical data automatically when you use the Website (e.g. from your device or browser).

5. Retention periods

We keep your personal data only for as long as necessary for the purposes set out in this policy or as required by law.

• Order and customer data: For the duration of the contractual relationship and thereafter for the period required by Swedish accounting and tax law (typically 7 years for accounting material).
• Customer service correspondence: Generally for up to 3 years after the last contact, unless longer retention is required for legal claims or obligations.
• Technical and access logs: As long as necessary for security and troubleshooting, usually not more than 12 months, unless a longer period is required for legal or security reasons.
• Cookie-related data: As specified in our Cookie Policy.

After the retention period, we will delete or anonymise your data so that it can no longer identify you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction, including:

• Use of HTTPS (TLS/SSL) for all data transmitted between your browser and our servers to prevent mixed content and to encrypt data in transit.
• Access controls so that only authorised personnel can access personal data where necessary for their role.
• Secure storage and handling of data, including where we use third-party service providers (we require them to apply adequate safeguards).
• Regular review of our security practices and updating them as appropriate.

Despite these measures, no transmission or storage over the internet can be guaranteed to be 100% secure; we encourage you to use strong passwords and keep your login details safe where applicable.

7. Recipients and international transfers

We may share your personal data with:

• Service providers who assist us with hosting, payment processing, email delivery, or analytics (where you have consented or we have another lawful basis). These providers act as processors and are contractually bound to use data only for the purposes we specify and in line with GDPR.
• Public authorities when required by law (e.g. tax, consumer protection, or court orders).

If we transfer personal data to countries outside the European Economic Area (EEA), we will ensure an adequate level of protection, for example through EU Commission adequacy decisions, standard contractual clauses, or other approved mechanisms under GDPR.

8. Your rights under GDPR

You have the following rights in relation to your personal data:

• Right of access (Art. 15 GDPR): You may request a copy of the personal data we hold about you and information about how we process it.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17 GDPR): You may request deletion of your personal data in certain circumstances (e.g. where data are no longer necessary, or you withdraw consent where consent was the basis).
• Right to restriction of processing (Art. 18 GDPR): You may request that we limit how we use your data in certain situations.
• Right to data portability (Art. 20 GDPR): Where processing is based on contract or consent and carried out by automated means, you may request to receive your data in a structured, commonly used format or to have it transmitted to another controller.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests; we will stop unless we demonstrate compelling legitimate grounds. You may also object to processing for direct marketing at any time.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence or place of work. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): www.imy.se.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month as required by GDPR; we may request proof of identity to protect your data.

9. Children

Our Website and services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such data.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the law or the Website. The "Last updated" date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent to any new use of your personal data.

11. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact the data controller:

Shunrynnaezly
Västerlånggatan 16, 111 29 Stockholm, Sweden
Email: notifyuse@shunrynnaezly.world
Phone: +46771450450