Privacy Policy

Last updated: 16 March 2025

1. Controller and contact details

The data controller responsible for your personal data in connection with this website is:

Quorvexxthak
Mannerheimintie 1
00100 Helsinki
Finland

Email: feedback@quorvexxthak.world
Phone: +358 96 229 930

You may contact us at any time with questions about this Privacy Policy or to exercise your data protection rights.

2. Legal basis and purposes of processing

We process your personal data in accordance with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (1050/2018), and other applicable Finnish and European laws.

We process personal data for the following purposes and on the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR): To process and fulfil your orders, deliver products, and provide customer support (e.g. name, email, phone, address, order details).
• Legitimate interests (Art. 6(1)(f) GDPR): To operate and improve our website, prevent fraud, ensure security, and defend legal claims, where our interests are not overridden by your rights.
• Consent (Art. 6(1)(a) GDPR): Where you have given clear consent for specific processing (e.g. marketing, analytics cookies). You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): To comply with tax, accounting, and other legal obligations (e.g. retention of invoices and order data as required by Finnish law).

3. Categories of personal data we collect

We may collect and process the following categories of personal data:

• Identity and contact data: Name, email address, telephone number, postal address.
• Transaction data: Order details, payment-related information (handled by payment providers), delivery information.
• Technical and usage data: IP address, browser type and version, device information, pages visited, time and date of access, referring website (when you have consented to analytics or where strictly necessary for security).
• Communication data: Messages you send to us, correspondence history.
• Consent and preference data: Your cookie and marketing preferences, consent records.

4. Sources of personal data

We obtain personal data directly from you when you place an order, fill in contact or order forms, subscribe to communications, or contact us. We may also receive data from payment and delivery service providers to the extent necessary to perform the contract. Technical data may be collected automatically when you use our website (e.g. via cookies or server logs), in accordance with our Cookie Policy.

5. Recipients and transfers of personal data

We may share your data with:

• Service providers: Hosting, email delivery, payment processors, logistics and shipping partners, and IT support, acting as processors on our instructions and under data processing agreements where required.
• Authorities: When required by Finnish or EU law (e.g. tax, consumer, or law enforcement authorities).
• Professional advisers: Lawyers, auditors, or insurers where necessary for legal or contractual purposes.

We do not sell your personal data. If we use service providers outside the European Economic Area (EEA), we ensure appropriate safeguards (e.g. EU Standard Contractual Clauses or adequacy decisions) in line with Chapter V GDPR.

6. Retention periods

We retain your personal data only for as long as necessary for the purposes described above or as required by law:

• Order and contract data: For the duration of the contractual relationship and thereafter for the period required by Finnish accounting and tax law (typically at least 6 years from the end of the financial year).
• Customer service and correspondence: Generally for up to 3 years after the last contact, unless longer retention is needed for legal claims or obligations.
• Marketing and consent records: Until you withdraw consent or object, and for a short period thereafter to document compliance.
• Analytics and technical data: As specified in our Cookie Policy, generally not more than 26 months for analytics where consent applies.
• Server and security logs: As necessary for security and troubleshooting, typically up to 12 months, unless a longer period is required for legal or regulatory reasons.

After the retention period, we delete or anonymise your data so that you can no longer be identified.

7. Your rights under GDPR

You have the following rights in relation to your personal data:

• Right of access (Art. 15 GDPR): You may obtain confirmation as to whether we process your data and a copy of that data.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR): You may request deletion of your data where the legal grounds for processing no longer apply (e.g. consent withdrawn, data no longer necessary, unlawful processing), subject to exceptions (e.g. legal obligations).
• Right to restriction of processing (Art. 18 GDPR): You may request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20 GDPR): Where processing is based on contract or consent and carried out by automated means, you may receive your data in a structured, commonly used format.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests or to processing for direct marketing at any time.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), tietosuoja.fi.

To exercise any of these rights, contact us using the details in section 1. We will respond without undue delay and in any event within one month, subject to possible extensions where permitted by law. We may need to verify your identity before processing your request.

8. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

• Use of HTTPS and encryption for data in transit.
• Access controls and limited access to personal data on a need-to-know basis.
• Secure storage and handling of data by our staff and processors.
• Regular review of our security practices and, where applicable, contracts with processors that require compliance with data protection and security standards.

Despite our efforts, no transmission or storage over the internet can be guaranteed to be completely secure. We encourage you to use strong passwords and keep your contact details up to date.

9. Children

Our website and services are not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected data relating to a child, please contact us so we can delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The “Last updated” date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on our website.

11. Additional information for Finnish residents

As a Finnish-based controller, we comply with the Finnish Data Protection Act and guidelines issued by the Data Protection Ombudsman. For more information on your rights and how to complain, visit tietosuoja.fi.

Return to homepage