Privacy Policy

1. Introduction

Tholmarevol ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website tholmarevol.world and use our services.

We process your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide

• Contact Information: Name, email address, phone number (optional)
• Order Information: Shipping address, billing information, order details
• Communication Data: Messages, inquiries, and correspondence with us
• Account Information: If you create an account, login credentials and preferences

3.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent, referring website
• Cookie Data: Information collected through cookies and similar technologies

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

4.1 Contract Performance (Article 6(1)(b) GDPR)

• Processing and fulfilling your orders
• Communicating about your orders and deliveries
• Providing customer support

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

• Improving our website and services
• Ensuring website security
• Analyzing website usage patterns
• Preventing fraud and abuse
• Responding to customer inquiries and managing non-marketing communication

4.3 Consent (Article 6(1)(a) GDPR)

• Sending marketing communications (with your explicit consent)
• Using non-essential cookies (analytics, marketing)

4.4 Legal Obligation and Consumer Protection Duties (Article 6(1)(c) GDPR)

• Handling requests under consumer law, including withdrawal and complaint handling
• Meeting record-keeping obligations under applicable accounting and tax rules

4.5 Legal Obligations (Article 6(1)(c) GDPR)

• Complying with tax and accounting requirements
• Responding to legal requests from authorities

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order Data: 7 years (for accounting and tax purposes)
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months from the date of collection
• Communication Records: 3 years after the last interaction

After these periods, your data will be securely deleted or anonymized.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Correct inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data
• Right to Restriction (Article 18): Restrict processing of your data
• Right to Data Portability (Article 20): Receive your data in a portable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Article 7): Withdraw consent at any time

You can also object at any time to processing for direct marketing purposes, including related profiling.

To exercise these rights, please contact us at relations@tholmarevol.world. We will respond without undue delay and within one month in accordance with GDPR.

7. Data Sharing and Recipients

We may share your personal data with:

• Service Providers: Companies that help us operate our business (payment processors, shipping carriers, email service providers)
• Professional Advisers: Lawyers, accountants, and auditors when necessary
• Legal Authorities: When required by law or to protect our rights

We require all third parties to respect the security of your data and process it in accordance with applicable law.

8. International Data Transfers

Your personal data may be transferred to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Secure servers and databases
• Access controls and authentication
• Regular security assessments
• Employee training on data protection

10. Cookies

Our website uses cookies and similar technologies. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

11. Children's Privacy

Our website and services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is:

If your issue concerns consumer rights related to an order, you may also contact the Swedish National Board for Consumer Disputes (ARN): www.arn.se.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: