Vordaloncholmare.world

Privacy Policy

Document reference date:

Introduction

This Privacy Policy describes how Comfora, presented through the domain vordaloncholmare.world (the “Site”), processes personal data in connection with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR where applicable, and related Swedish implementation including the Data Protection Act (2018:218) and supplementary regulations, where they apply to our activities.

We describe what we collect, why we use it, how long we keep it, who may receive it, and what choices you have. If anything here conflicts with a specific contract you signed with us, the contract may prevail where the law allows.

Plain summary: we use your data to respond to requests, run the Site securely, meet legal duties, and—only with consent—support optional analytics or marketing. You can contact us to exercise GDPR rights.

Data controller

The data controller responsible for processing personal data collected through this Site is:

Comfora (operating identity: Vordaloncholmare.world)
Transportgatan 19
422 46 Hisings Backa
Sweden
Email: ask@vordaloncholmare.world

For supervisory matters, you may contact the Swedish Authority for Privacy Protection (Imy) at https://www.imy.se/ if you are in Sweden, or your local competent authority if you reside elsewhere in the EEA or UK.

Categories of personal data

Depending on how you interact with us, we may process:

  • Identity and contact data: name, email address, postal address if you provide it, phone number if given, and similar identifiers.
  • Communication content: messages you send through forms or email, including order or product inquiries, attachments you choose to upload, and follow-up correspondence.
  • Technical data: IP address, browser type and version, device type, operating system, approximate region derived from network information, timestamps, session identifiers, and referring URLs.
  • Cookie and similar technologies data: as described in our Cookie Policy, including preferences you store in your browser and records of consent choices.
  • Order and transaction data: if a purchase occurs, payment references (not full card numbers when handled by a payment processor), delivery details, and return communications.
  • Support and complaint records: notes from customer interactions where needed to resolve an issue or demonstrate compliance.

Purposes and legal bases

We process personal data only where a valid legal basis exists under GDPR Article 6 (and Article 9 where special categories apply; we do not seek to collect special categories through this Site).

  • Responding to inquiries and performing pre-contractual steps (Article 6(1)(b)): when you request information or place an order, we process your contact details and message content.
  • Performing a contract (Article 6(1)(b)): when you purchase goods, we process data needed to deliver, invoice, and provide support.
  • Compliance with legal obligations (Article 6(1)(c)): accounting, tax, product traceability, and consumer law records where applicable.
  • Legitimate interests (Article 6(1)(f)): securing the Site, preventing fraud, analyzing aggregated usage to improve clarity and performance, internal reporting, and documenting communications, balanced against your rights. You may object where applicable.
  • Consent (Article 6(1)(a)): where we rely on consent for non-essential cookies (analytics and marketing) or certain marketing email, you may withdraw consent at any time without affecting prior processing that was lawful.

Retention

We retain personal data only as long as necessary for the purposes above, including statutory limitation periods:

  • Form and email inquiries: typically up to twenty-four months after the last substantive contact unless a longer period is needed for an unresolved dispute or legal claim.
  • Contract and accounting records: up to seven years where Swedish bookkeeping and tax rules require retention, unless a longer period applies to specific product categories.
  • Technical logs: rotated on a short cycle (often a few weeks to a few months) unless longer retention is necessary for security investigations.
  • Cookie-related records: as described in the Cookie Policy.
  • Legal hold: where we must preserve data because of litigation, regulatory requests, or internal investigations, retention may extend until the matter concludes.

Recipients and processors

We use trusted service providers (processors) for hosting, email delivery, analytics, customer relationship tools, and payment processing where applicable. We enter into data processing agreements under GDPR Article 28 and require appropriate safeguards. Categories of recipients may include infrastructure providers, communications services, and professional advisers where confidential.

International transfers

Some processors may be located outside the EEA or UK. Where required, we rely on Standard Contractual Clauses, adequacy decisions, or other mechanisms permitted under Chapter V GDPR, and we assess supplementary measures where appropriate.

Your rights

Subject to applicable law, you may:

  • Request access to your personal data (Article 15).
  • Request rectification of inaccurate data (Article 16).
  • Request erasure (Article 17) where grounds apply.
  • Request restriction of processing (Article 18).
  • Receive data you provided in a structured, machine-readable format and transmit it where technically feasible (Article 20).
  • Object to processing based on legitimate interests (Article 21) on grounds relating to your situation.
  • Withdraw consent where processing was consent-based, without affecting prior lawful processing.
  • Lodge a complaint with a supervisory authority.

To exercise rights, email ask@vordaloncholmare.world. We may request identity verification before disclosing information. We respond within one month where GDPR requires, subject to extensions for complex requests.

Security measures

We apply appropriate technical and organizational measures, including encryption in transit (HTTPS), access controls, least-privilege administration, vendor review, logging aligned with risk, and backups. No system is fully immune; we respond to incidents where required by law and notify authorities or individuals when mandatory.

Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects solely through this Site.

Children

This Site is not directed at children under sixteen years of age for marketing purposes. If you believe we have collected data from a child without appropriate authority, contact us and we will delete it where required.

Advertising and campaign measurement

If we use online advertising platforms (for example Google Ads), we may process technical data and—where you consent in the cookie banner—cookie or similar identifiers to measure ad effectiveness, limit irrelevant impressions, and respect your choices. We do not sell your personal data. Advertising partners act as independent controllers or processors according to their terms; we configure tags to minimise unnecessary data collection.

Opt out of non-essential cookies through our Cookie Policy controls, and use industry opt-out tools where available for personalised ads.

Changes

We may update this Privacy Policy to reflect legal or operational changes. The reference date at the top is generated when you load the page for orientation; substantive edits may also be recorded in version notes where we maintain them internally.