Data controller
The controller responsible for processing personal data in connection with this website and related Restora communications is:
Pholnaxxkhik.world (Restora brand)
Marknadsgatan 1, 754 60 Uppsala, Sweden
Sweden (European Union)
We do not require you to appoint a representative in the EU because our establishment is within the EU. If you contact us from outside the EU, the same controller remains responsible for your request unless we inform you otherwise in writing.
Categories of personal data
We only collect data that is adequate, relevant, and limited to what is necessary for the purposes below. Depending on your interaction, categories may include:
Identity and contact
Name, email address, and postal address if you choose to provide them in forms, checkout, or correspondence.
Communication content
Free-text messages, product questions, and attachments you send voluntarily. Please avoid including special categories of data (such as health information) unless you choose to; we will process such content only as needed to respond and based on the legal basis that applies.
Technical and usage data
Internet protocol address, approximate geographic region derived from the IP, browser type and version, device type, operating system, referral URL, pages viewed, timestamps, and error logs. This data supports security, troubleshooting, and aggregated statistics.
Cookies and similar technologies
Identifiers stored on your device when you consent to optional categories, as further described in the Cookie Policy.
Transaction data
If you purchase from us: order identifiers, payment status (processed by payment partners), delivery address, and communications about your order.
Purposes of processing and legal bases
We process personal data only when a legal basis under Article 6 GDPR applies. The following table summarises common situations:
Keeping the service available, preventing abuse, enforcing rate limits, and investigating suspicious activity. Legal basis: legitimate interests (Article 6(1)(f)), supplemented by strictly necessary cookies under ePrivacy rules.
Answering questions submitted via forms or email. Legal basis: legitimate interests in customer support; where your message initiates pre-contractual steps, also Article 6(1)(b).
Processing orders, taking payment, arranging shipment, and issuing invoices where applicable. Legal basis: Article 6(1)(b).
Accounting, tax, product safety traceability, and responding to lawful requests from authorities. Legal basis: Article 6(1)(c).
Understanding aggregate traffic when you enable analytics cookies. Legal basis: consent (Article 6(1)(a)).
Measuring campaigns or personalising offers when you enable marketing cookies or separately subscribe to marketing. Legal basis: consent (Article 6(1)(a)).
Where we rely on legitimate interests, we balance our interests against your rights and offer an objection pathway where required.
Retention periods
We retain personal data only as long as necessary for the purposes collected, unless a longer period is required by law:
- Marketing consents and newsletter lists: until you withdraw consent or unsubscribe, plus a short technical overlap for suppression lists.
- Customer and order records: for the duration of the contractual relationship plus statutory limitation periods and accounting retention (often several years under Swedish commercial and tax law).
- Support tickets and general correspondence: typically up to twenty-four months after the last message, unless the thread relates to an ongoing dispute or order.
- Server and security logs: rotated on a schedule, commonly within ninety days, unless an incident investigation requires longer retention.
- Cookie-based identifiers: as stated in the Cookie Policy, often up to twelve months per category unless you delete them earlier.
Recipients and categories of recipients
We may share personal data with categories of recipients who assist us under written agreements:
- Infrastructure and hosting providers that store website files and databases.
- Email delivery and customer communication platforms.
- Payment service providers and fraud screening tools.
- Shipping carriers and logistics partners.
- Professional advisers such as accountants and lawyers, bound by confidentiality.
We do not sell your personal data. We do not profile children for marketing.
Online advertising and measurement tools may process pseudonymous data when you consent to marketing or analytics cookies. Those providers operate under their own policies and, where they act as processors, under our instructions to the extent contractually required.
International transfers
Where we transfer personal data outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplementary technical measures where appropriate, and assessments of local laws that may affect data subjects’ rights.
Security measures
We apply administrative, technical, and organisational measures proportionate to the risk, including access control on a need-to-know basis, encryption of data in transit where supported by our services, secure configuration of servers, logging and monitoring, and periodic review of vendors. No online transmission is completely risk-free; we work to reduce risks in line with industry practice.
Your rights
Subject to conditions in the GDPR, you may have the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
You may lodge a complaint with a supervisory authority. In Sweden, the lead authority is the Integritetsskyddsmyndigheten (IMY).
To exercise rights, email ask@pholnaxxkhik.world. We may ask for reasonable information to verify your identity before responding within one month, extendable in complex cases as permitted by law.
Children
Our website and Restora products are intended for adults. We do not knowingly solicit data from children without parental authority. If you believe a child has provided data, contact us and we will take appropriate steps.
Changes to this policy
We may update this Privacy Policy to reflect legal, technical, or business developments. The effective date at the top is updated when revisions are published. Material changes may be highlighted on the website or, where appropriate, communicated by email.
For cookie-specific details, see the Cookie Policy. For contractual terms, see the Terms of Service.