Privacy Policy | Quimnarrvar – Data Protection and Your Rights

Last updated: March 5, 2025

1. Introduction and data controller

Quimnarrvar (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our website located at https://quimnarrvar.world (the “Site”) and related services.

The data controller responsible for your personal data in connection with this Site is:

Quimnarrvar
47315 Van Dyke Ave
Shelby Township, MI 48317
United States

For privacy-related questions or to exercise your rights, you may contact us at the address above or using the contact details provided on our Contact page. We will respond to your request in accordance with applicable law.

2. Scope and applicability

This Privacy Policy applies to personal data we process when you visit our Site, place orders, contact us, subscribe to communications, or otherwise interact with us. It does not apply to third-party websites or services linked from our Site, which have their own privacy practices.

We process personal data in accordance with applicable data protection laws, including where relevant the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA) and the United Kingdom, and applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) where applicable.

3. Types of personal data we collect

3.1 Data you provide to us

We may collect the following categories of personal data that you provide directly:

Identity and contact data: name, email address, telephone number, and shipping/billing address when you place an order or contact us.
Transaction data: order details, payment-related information (e.g. payment method; we do not store full card numbers), and communication history related to orders and support.
Communication data: content of messages, inquiries, or feedback you send us via contact forms, email, or other channels.
Marketing and preferences: if you opt in to receive marketing communications, we may store your email and preferences (e.g. product interests).

3.2 Data collected automatically

When you access our Site, we or our service providers may automatically collect certain technical and usage data, such as:

IP address, browser type and version, device type, operating system, and approximate geographic location (e.g. country or region).
Pages visited, time and date of access, referring URL, and other usage and click data.
Information collected via cookies and similar technologies, as described in our Cookie Policy.

4. Purposes and legal bases for processing (GDPR)

We use your personal data for the following purposes. Where the GDPR applies, we rely on the legal bases indicated.

Fulfilment of orders and contracts: to process and deliver orders, manage payments, and communicate about your order. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
Customer support and communication: to respond to your inquiries, complaints, or requests. Legal basis: performance of a contract and/or our legitimate interest in providing good service (Art. 6(1)(b), (f) GDPR).
Website operation and security: to operate, maintain, and secure the Site, prevent fraud and abuse, and ensure technical functionality. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
Analytics and improvement: to understand how the Site is used and to improve content, design, and user experience. Where we use non-essential cookies or analytics, we do so with your consent where required (Art. 6(1)(a) GDPR) or on the basis of legitimate interest where permitted.
Marketing: to send you promotional communications only where you have given consent or where permitted by law. Legal basis: consent (Art. 6(1)(a) GDPR) or legitimate interest where applicable.
Legal and regulatory compliance: to comply with legal obligations (e.g. tax, consumer law) and to establish, exercise, or defend legal claims. Legal basis: legal obligation or legitimate interest (Art. 6(1)(c), (f) GDPR).

5. How we share your data

We may share your personal data with:

Service providers: payment processors, shipping and logistics partners, hosting and IT providers, email and customer support tools, and analytics providers, who act on our instructions and are bound by contractual obligations to protect your data.
Professional advisers: lawyers, accountants, or auditors where necessary for compliance or legal advice.
Authorities: law enforcement or other public bodies when required by law or to protect our rights and safety.

We do not sell your personal data. We do not share your data with third parties for their own marketing purposes without your consent.

If we transfer personal data outside the EEA or the UK, we ensure appropriate safeguards are in place (e.g. standard contractual clauses or adequacy decisions) in line with applicable law.

6. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, including:

Order and transaction data: for the duration of the contractual relationship and for a period required by tax and commercial law (typically several years after the end of the calendar year in which the transaction occurred).
Contact and support communications: for the time needed to resolve your request and for a reasonable period thereafter for quality and legal purposes (e.g. up to several years where justified).
Marketing data: until you withdraw consent or object, and for a short period thereafter to record your preference.
Technical and access logs: for a limited period necessary for security and troubleshooting (e.g. months to a few years depending on the type of data).
Cookie-related data: as set out in our Cookie Policy.

After the retention period, we delete or anonymise your data so it no longer identifies you, unless we must keep it for legal reasons.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

Use of HTTPS and encryption for data in transit where applicable.
Access controls and authentication so that only authorised personnel can access personal data.
Secure hosting and regular review of our systems and practices.
Contractual and training requirements for staff and processors who handle personal data.

While we strive to protect your data, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and to keep your account and contact details secure.

8. Your rights (GDPR and similar laws)

If you are in the EEA, the UK, or another jurisdiction that grants similar rights, you may have the following rights in relation to your personal data:

Access: to obtain confirmation as to whether we process your data and a copy of your data (Art. 15 GDPR).
Rectification: to have inaccurate personal data corrected (Art. 16 GDPR).
Erasure: to request deletion of your data in certain circumstances (Art. 17 GDPR).
Restriction: to request that we limit processing in certain situations (Art. 18 GDPR).
Data portability: to receive your data in a structured, commonly used format where the processing is based on contract or consent (Art. 20 GDPR).
Objection: to object to processing based on legitimate interest, including profiling, and to object to direct marketing at any time (Art. 21 GDPR).
Withdraw consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Complaint: to lodge a complaint with a supervisory authority in your country of residence (e.g. in the UK, the ICO; in the EU, the relevant data protection authority).

To exercise any of these rights, please contact us using the details in section 1. We will respond within the time limits required by applicable law (e.g. one month under the GDPR, subject to extensions where permitted). We may need to verify your identity before processing your request.

9. United States and other jurisdictions

If you are located in the United States, we also comply with applicable federal and state privacy laws. Depending on your state of residence, you may have additional rights (e.g. under the CCPA: right to know, delete, correct, opt out of sale, and non-discrimination). We do not sell personal information as defined under the CCPA. For California residents, you may contact us using the details above to exercise your rights.

We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us so we can delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Site, or legal requirements. We will post the updated policy on this page and update the “Last updated” date. For material changes, we may provide additional notice (e.g. by email or a notice on the Site). We encourage you to review this policy periodically.

11. Contact

For any questions about this Privacy Policy or our data practices, please contact us:

Quimnarrvar
47315 Van Dyke Ave, Shelby Township, MI 48317, United States

info@quimnarrvar.world

Phone: +15863260006