Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for processing your personal data is:

Gracefulbrandsto
Østerbrogade 45, 2100 København Ø, Denmark
Email: online@gracefulbrandsto.world
Website: https://gracefulbrandsto.world

2. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number (optional), and message content provided through our order form.
  • Technical Data: IP address, browser type and version, operating system, device type, time zone setting, and browsing actions on our website.
  • Cookie Data: Information collected through cookies and similar tracking technologies, as described in our Cookie Policy.
  • Usage Data: Pages visited, time spent on pages, navigation paths, and interaction with site elements.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds in accordance with Articles 6 and 7 of the General Data Protection Regulation (GDPR):

  • Consent (Art. 6(1)(a) GDPR): When you submit the order form, you explicitly consent to the processing of your personal data for the stated purposes.
  • Contract Performance (Art. 6(1)(b) GDPR): Processing is necessary to fulfil your order and provide the requested products or services.
  • Legitimate Interests (Art. 6(1)(f) GDPR): We may process data for our legitimate interests, such as improving our website and services, provided these interests do not override your fundamental rights.
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing may be necessary to comply with legal obligations, such as tax and accounting requirements.

4. Purposes of Processing

We process your personal data for the following purposes:

  • To process and fulfil your orders.
  • To communicate with you regarding your orders, enquiries, or support requests.
  • To improve our website, products, and services.
  • To comply with legal and regulatory obligations.
  • To analyse website usage and performance (with your consent).
  • To send marketing communications (only with your explicit consent).

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Order data: Retained for up to 5 years after the transaction, as required by Danish bookkeeping legislation (Bogføringsloven).
  • Contact form submissions: Retained for up to 12 months after the last communication, unless a longer retention period is required by law.
  • Cookie consent records: Retained for up to 12 months from the date of consent.
  • Marketing consent: Retained until you withdraw your consent.

After the applicable retention period, your data will be securely deleted or anonymised.

6. Data Recipients and Transfers

We may share your personal data with the following categories of recipients:

  • Service Providers: Hosting providers, payment processors, and email service providers who process data on our behalf under a data processing agreement.
  • Legal Authorities: When required by law, regulation, or legal proceedings.

We do not sell your personal data to third parties. If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): You have the right to obtain confirmation about whether your data is being processed and to access your personal data.
  • Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data.
  • Right to Erasure (Art. 17): You have the right to request deletion of your personal data under certain circumstances.
  • Right to Restriction (Art. 18): You have the right to request restriction of processing under certain circumstances.
  • Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at: online@gracefulbrandsto.world. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted via our website.
  • Access controls limiting data access to authorised personnel only.
  • Regular security assessments and updates.
  • Secure data storage with appropriate backup procedures.

9. Cookies

Our website uses cookies and similar technologies. For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

10. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

11. Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
Phone: +45 33 19 32 00
Website: https://www.datatilsynet.dk

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Gracefulbrandsto
Østerbrogade 45, 2100 København Ø, Denmark
Email: online@gracefulbrandsto.world