Personal data

Privacy Policy

This Privacy Policy describes how Lyxtherohriz collects, uses, stores, and shares personal data when you visit lyxtherohriz.world, correspond with us, or purchase goods and services. We align our practices with the GDPR and internationally recognised privacy principles.

Viewed on

Who is responsible

The data controller is Lyxtherohriz, having its studio at Hämeenkatu 4, 33100 Tampere, Finland. For privacy correspondence, email assist@lyxtherohriz.world or telephone +358 8 556 5858. We do not require a separate web form for rights requests, but including your name and a description of the request helps us respond faster.

Categories of personal data

Depending on how you interact with us, we may process identifiers (name, username), contact details (email, phone, postal address), account or order references, payment status (handled by payment processors; we do not store full card numbers), communication content, technical data such as IP address, browser type, device category, and approximate location derived from network information, as well as cookie and consent records described in the Cookies Policy.

Website visitors

Server logs, consent logs, analytics events if enabled, and optional marketing identifiers when you opt in.

Customers

Shipping details, purchase history, service bookings, returns, and warranty communications tied to your orders.

Legal bases under Article 6 GDPR

  • Contract: processing necessary to deliver goods or services you requested, including pre-contract steps such as quotes.
  • Legitimate interests: securing our network, improving the website, and managing routine business correspondence, balanced against your rights.
  • Legal obligation: accounting, tax, and regulatory retention where Finnish or EU law requires.
  • Consent: optional analytics, marketing communications, and certain cookies where consent is the appropriate basis.

Retention periods

Contact form messages and general email: up to twenty-four months after the last substantive reply unless a dispute or legal hold requires longer. Contractual records: up to ten years where accounting rules demand. Marketing consent evidence: until withdrawal plus a short grace period for sync across systems. Security logs: typically ninety days unless an investigation extends storage.

When retention ends, we delete or irreversibly anonymise data so it can no longer be linked to you, except where aggregate statistics do not identify individuals.

Security measures

We apply role-based access, least-privilege accounts, encryption for data in transit where protocols support it, segmentation between environments, and periodic review of subprocessors. No security architecture is perfect; if we detect a personal data breach likely to affect your rights, we will notify supervisory authorities and, when required, affected individuals without undue delay.

Advertising and measurement

If we use advertising or conversion measurement services (for example Google Ads), we process only the categories of data described in this policy and in our Cookies Policy, and only where we have a valid legal basis such as consent for non-essential cookies. You can change optional analytics or marketing cookies at any time through the cookie banner. We do not sell personal data as defined under applicable Finnish and EU law.

International transfers

When data leaves the European Economic Area, we rely on adequacy decisions or appropriate safeguards such as the EU Standard Contractual Clauses, supplemented by technical measures including encryption and pseudonymisation where feasible.

Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects concerning you. If that changes, we will update this policy and provide meaningful information about the logic involved.

Your rights

You may request access, rectification, erasure, restriction, data portability, and object to processing based on legitimate interests where grounds exist. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You may lodge a complaint with the Finnish Office of the Data Protection Ombudsman or another EU supervisory authority.

Children

Our services are aimed at adults making household or workplace purchases. We do not knowingly collect data from children without appropriate parental authority where such obligations apply.

Updates

We revise this Privacy Policy when our processing activities or legal requirements evolve. The calendar date shown in the hero records when you opened this page in your browser; consult our internal change log or contact us for the version identifier attached to a specific contract.