Privacy Policy

Last updated: 12 March 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Shrexxonbriz
Sveavägen 94, 113 50 Stockholm, Sweden
Email: community@shrexxonbriz.world
Phone: +46850022251

If you have questions about this Privacy Policy or the processing of your personal data, or if you wish to exercise your rights, please contact us using the details above.

2. Scope and legal basis

This Privacy Policy applies to the website https://shrexxonbriz.world and to all personal data that we collect, use, store, or otherwise process when you visit our website, place an order, contact us, or interact with our services. We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), the Swedish Personal Data Act (SFS 2018:218), and other applicable Swedish and European data protection laws.

We process personal data only where we have a lawful basis, including: performance of a contract (e.g. processing your order); compliance with a legal obligation; our legitimate interests (e.g. improving our services, security, fraud prevention), where such interests are not overridden by your rights; and, where required, your consent.

3. Personal data we collect and purposes

We may collect and process the following categories of personal data for the purposes stated below.

3.1 Data you provide when ordering or contacting us

When you submit an order or contact form, we may collect: name, email address, telephone number (if provided), and the content of your message. We use this data to process your order, communicate with you, send order and shipping confirmations, respond to enquiries, and fulfil our contractual and pre-contractual obligations. The legal basis is performance of a contract or steps at your request prior to entering into a contract, and where applicable our legitimate interest in handling customer communications.

3.2 Automatically collected data (usage and technical data)

When you access our website, we may automatically collect technical and usage data such as your IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and similar information. This data is used to ensure the security and proper functioning of our website, to analyse how our site is used (e.g. in aggregated form), to detect and prevent abuse, and to improve our services. The legal basis is our legitimate interest in operating a secure and efficient website, and where we use cookies or similar technologies that require consent, the legal basis is your consent in accordance with our Cookie Policy.

3.3 Cookie data

We use cookies and similar technologies as described in our Cookie Policy. Depending on your choices, we may collect identifiers and usage data linked to cookies for strictly necessary, analytics, and marketing purposes as set out in that policy.

4. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

• Order and contact data: We retain data relating to orders and customer communications for the duration of the contractual relationship and thereafter for a period necessary to comply with legal obligations (e.g. tax and consumer law in Sweden, typically up to 7 years for accounting and warranty-related data), and for the establishment, exercise, or defence of legal claims.
• Technical and access logs: Server and security logs are typically retained for a limited period necessary for security and troubleshooting (e.g. up to 12 months), unless a longer retention is required for legal or regulatory reasons.
• Cookie and analytics data: Retention for cookie-related data is described in our Cookie Policy and depends on the type of cookie and your preferences.
• Marketing and consent records: Where we process data based on consent (e.g. marketing), we retain the data until you withdraw consent or object, and we retain a record of your consent for as long as necessary to demonstrate compliance with the law.

After the retention period has ended, we will delete or anonymise your personal data so that it can no longer be attributed to you.

5. Recipients and international transfers

We may share your personal data with:

• Service providers who act on our behalf (e.g. hosting, payment processing, shipping, email delivery), under strict contractual obligations to process data only for the purposes we specify and in accordance with applicable data protection law.
• Public authorities where we are legally obliged to do so (e.g. tax authorities, law enforcement).
• Professional advisers (e.g. lawyers, auditors) when necessary for legal or compliance purposes.

When we use service providers outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or an adequacy decision by the European Commission. You may request further information about these safeguards by contacting us.

6. Your rights under the GDPR and Swedish law

Under the GDPR and Swedish data protection law, you have the following rights in relation to your personal data:

• Right of access (Article 15 GDPR): You may obtain confirmation as to whether we process your personal data and, where that is the case, access to the data and certain information about the processing.
• Right to rectification (Article 16 GDPR): You may request the correction of inaccurate or incomplete personal data.
• Right to erasure (Article 17 GDPR): You may request the deletion of your personal data in certain circumstances (e.g. where the data is no longer necessary, you withdraw consent, or you object and there are no overriding legitimate grounds).
• Right to restriction of processing (Article 18 GDPR): You may request that we restrict the processing of your data in certain situations (e.g. while we verify the accuracy of data or the legitimacy of processing).
• Right to data portability (Article 20 GDPR): Where processing is based on contract or consent and carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format, or to have it transmitted to another controller where technically feasible.
• Right to object (Article 21 GDPR): You may object to processing based on legitimate interests, including profiling. Where we process your data for direct marketing, you have an unconditional right to object at any time.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY), www.imy.se. You may also lodge a complaint in the EU member state of your residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us using the contact details provided in section 1. We will respond without undue delay and in any event within one month, subject to possible extensions where permitted by law. We may need to verify your identity before processing your request.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include: use of HTTPS and encryption where appropriate; secure hosting and access controls; limitation of access to personal data on a need-to-know basis; and regular review of our security practices. Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure; we encourage you to use strong passwords and to contact us immediately if you suspect any unauthorised use of your data.

8. Children

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will take steps to delete such data.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the nature of our services. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically. Where changes materially affect how we process your personal data, we may also notify you by email or through a notice on our website, or seek your consent where required by law.

10. Additional information for users in Sweden

As a data controller established in Sweden, we comply with the GDPR as applied in Swedish law, including the Swedish Personal Data Act and any supplementary national provisions. For questions regarding your rights or our processing activities, you may contact us at the address, email, or phone number provided in section 1, or contact the Swedish Authority for Privacy Protection (IMY) for guidance or to lodge a complaint.