Privacy Policy

Ravico ("we," "us," "our") operates tholmareeiphul.world (the "Site"). This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your information when you visit our Site. We are committed to transparency and compliance with the General Data Protection Regulation (GDPR), the Swedish Personal Data Act, and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Ravico
Krukmakargatan 13
118 51 Stockholm
Sweden

Email: admin@tholmareeiphul.world

For any inquiries regarding your personal data or this policy, please contact us using the details above. We aim to respond to all requests within 30 days.

2. Data We Collect

We may collect the following categories of personal data:

Identity data: Your name when you submit an order or contact form.
Contact data: Your email address, used to respond to inquiries and process orders.
Technical data: IP address, browser type and version, operating system, device information, and time zone.
Usage data: Information about how you use our Site, including pages visited and time spent.
Communications data: Messages you send to us via our contact form or email.

We do not collect sensitive personal data (such as health information) unless you voluntarily provide it in a message. We advise against including sensitive details unless necessary.

3. Legal Basis and Purposes

We process your data for the following purposes and legal bases under GDPR:

Contract performance: Processing your name and email to respond to order inquiries, fulfill requests, and communicate about your purchases.
Legitimate interests: Site security, fraud prevention, analytics to improve our services, and handling customer support.
Consent: Marketing communications, non-essential cookies, and promotional offers (where you have given explicit consent).
Legal obligation: Retaining records as required by tax and consumer protection laws.

You may withdraw consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Order and inquiry data: 3 years from last contact, in accordance with consumer rights and accounting requirements.
Cookie data: As specified in our Cookie Policy.
Marketing consent: Until you withdraw consent or request deletion.
Legal obligation data: As required by applicable law (e.g., 7 years for accounting records in Sweden).

After the retention period, we securely delete or anonymize your data.

5. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your data ("right to be forgotten") in certain circumstances.
Right to restriction: Request that we limit processing in specific situations.
Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at admin@tholmareeiphul.world. We will respond within 30 days.

You have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY). You may also complain to the authority in your country of residence.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption in transit (HTTPS/TLS) for all data transmitted between your device and our servers.
Access controls limiting who can access personal data to authorized personnel only.
Secure storage with industry-standard practices.
Regular reviews of our security measures.

We do not sell your personal data to third parties. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by law.

We may share your data with trusted service providers who assist us in operating our Site and business:

Hosting providers: To host our website and store data securely.
Analytics providers: To understand how visitors use our Site (only with your consent where required).
Payment processors: To process transactions (if applicable).
Email services: To send transactional and marketing communications.

All third parties are bound by data processing agreements and must comply with applicable data protection laws.

8. International Transfers

Your data is primarily stored and processed within the European Union and European Economic Area. If we transfer data outside the EU/EEA, we ensure adequate safeguards are in place, such as standard contractual clauses approved by the European Commission or adequacy decisions.

9. Children's Privacy

Our Site is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information.

10. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

11. Contact

For questions about this Privacy Policy or your personal data, please contact us: