Privacy Policy

Last updated:

1. Introduction and Data Controller

Ghunexarstnroz.world ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, place orders, or otherwise interact with our services.

We act as the data controller. For any questions regarding your personal data, please contact us:

Ghunexarstnroz.world
22 Page St, London, SW1P 4EN, United Kingdom
Email: admin@ghunexarstnroz.world

2. Purposes of Processing

We process your personal data for the following purposes:

  • Processing and fulfilling your orders, including payment verification and delivery coordination
  • Communicating with you about order status, shipping, and customer support
  • Responding to your enquiries, requests, and feedback
  • Improving our website, products, and services through analytics and user feedback
  • Complying with legal and regulatory obligations, including tax and accounting requirements
  • Marketing communications, including newsletters and promotional offers, only where you have given your consent
  • Preventing fraud, unauthorised access, and ensuring the security of our systems

3. Legal Basis Under GDPR

Under the UK GDPR and EU GDPR, we rely on the following legal bases for processing your data:

  • Contract: Processing necessary to perform our contract with you, including order processing, delivery, and customer service
  • Consent: Where you have given explicit consent, for example for marketing emails or non-essential cookies
  • Legitimate interests: Improving our services, fraud prevention, website analytics (where applicable), and internal administrative purposes, provided these interests do not override your rights
  • Legal obligation: Where we are required to process data to comply with applicable laws, such as tax and consumer rights regulations

4. Categories of Personal Data

We may collect and process the following categories of personal data:

  • Identity data: name, title
  • Contact data: email address, telephone number, postal address
  • Transaction data: order details, payment information, delivery history
  • Technical data: IP address, browser type, device information, operating system
  • Usage data: how you use our website, pages visited, time spent
  • Cookie data: as described in our Cookie Policy

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Order and transaction data: up to 7 years for tax, accounting, and legal compliance purposes
  • Enquiry and correspondence data: until the matter is resolved, plus up to 2 years for record-keeping
  • Marketing consent data: until you withdraw consent or opt out
  • Cookie data: as specified in our Cookie Policy
  • Technical and usage data: typically up to 24 months, unless a shorter or longer period is required by law

6. Your Rights

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data in certain circumstances
  • Restriction: Request that we restrict processing in certain situations
  • Data portability: Receive your data in a structured, commonly used format
  • Object: Object to processing based on legitimate interests or for direct marketing
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

You may lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local supervisory authority. To exercise any of these rights, please contact us using the details provided above.

7. Data Sharing and Recipients

We may share your personal data with:

  • Payment processors to facilitate secure transactions
  • Delivery and logistics partners to fulfil and track your orders
  • Service providers who process data on our behalf under strict contractual safeguards (e.g. hosting, email, analytics)
  • Professional advisers such as lawyers and accountants where required

We do not sell your personal data to third parties. All processors are bound by data processing agreements and required to implement appropriate security measures.

8. Security Measures

We implement robust technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest where appropriate
  • Access controls limiting data access to authorised personnel only
  • Secure hosting infrastructure with regular updates and monitoring
  • Employee training on data protection and confidentiality
  • Incident response procedures to address any data breaches promptly

9. International Transfers

Where we transfer personal data outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission or ICO
  • Adequacy decisions where the destination country has been deemed adequate
  • Binding Corporate Rules where applicable

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via our website or by email where appropriate. We encourage you to review this policy periodically.