Order Now
Back to Homepage

Privacy Policy

Last updated: 1 January 2026  |  Effective: 1 January 2026

1. Controller Identity and Contact Details

Data Controller: Xivralonoph
Address: Trollsvingen 32, 6511 Kristiansund, Norway
Phone: +47 716 70 977
Email: help-desk-@xivralonoph.world
Website: xivralonoph.world

This Privacy Policy explains how Xivralonoph ("we", "us", "our") collects, uses, stores, and protects personal data you provide when visiting our website or placing an order. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), as incorporated into Norwegian law through the Personal Data Act (Personopplysningsloven) of 2018.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Identity data: First name, last name.
  • Contact data: Email address, phone number.
  • Order data: Delivery address, order details, purchase history.
  • Technical data: IP address, browser type, device identifiers, operating system, pages visited, time of visit (collected via cookies and server logs).
  • Communication data: Messages you send us via forms or email.

We do not collect special category data (such as health, biometric, or financial data beyond what is strictly necessary for payment processing).

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and under the following legal bases (Article 6 GDPR):

  • Order fulfilment: Processing and delivering your order — legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Customer support: Responding to enquiries — legal basis: legitimate interests (Art. 6(1)(f) GDPR).
  • Legal obligations: Compliance with accounting, tax, and consumer protection laws — legal basis: legal obligation (Art. 6(1)(c) GDPR).
  • Marketing communications: Sending promotional emails if you have opted in — legal basis: consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
  • Analytics: Improving website performance using anonymised usage data — legal basis: consent via cookie settings (Art. 6(1)(a) GDPR).

4. Data Retention

We retain personal data for the following periods:

  • Order and transaction data: 5 years from the date of transaction, as required by Norwegian accounting law (Bokføringsloven).
  • Customer support communications: 2 years from the date of last contact.
  • Marketing consent records: Until consent is withdrawn, plus 1 year thereafter for compliance documentation.
  • Technical/log data: Up to 12 months.

After the applicable retention period, data is securely deleted or anonymised.

5. Sharing of Personal Data

We do not sell your personal data. We may share data with the following categories of recipients only to the extent necessary:

  • Delivery partners: Courier and logistics providers for order fulfilment within Norway.
  • Payment processors: Secure payment service providers processing transactions on our behalf.
  • IT service providers: Hosting and technical infrastructure providers bound by data processing agreements.
  • Public authorities: If required by law, regulation, or court order.

All third parties are required to implement appropriate security measures and to process data only on our documented instructions.

6. International Data Transfers

We strive to process personal data within the European Economic Area (EEA). If any transfer outside the EEA is necessary, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data where no legitimate reason for continued processing exists.
  • Right to restriction (Art. 18): Request that we limit how we use your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at the details in Section 1. We will respond within 30 days. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet): datatilsynet.no, Postbox 458 Sentrum, 0105 Oslo, Norway.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These include encryption of data in transit (HTTPS/TLS), access controls, and regular security reviews.

9. Cookies

We use cookies and similar tracking technologies on our website. For full details, including how to manage your cookie preferences, please refer to our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be published on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

11. Contact

For any questions or requests regarding this Privacy Policy, please contact us at:
Xivralonoph, Trollsvingen 32, 6511 Kristiansund, Norway
Email: help-desk-@xivralonoph.world
Phone: +47 716 70 977