Khunryonyrkhak

Privacy Policy

Last updated: 11 March 2025

1. Data controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Khunryonyrkhak
Piazza della Scala, 23
00153 Roma RM
Italy

Email: info@khunryonyrkhak.world
Phone: +39 065 806 217

You may contact us at any time regarding the processing of your personal data, to exercise your rights or to submit a complaint.

2. Scope and purpose of this policy

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website https://khunryonyrkhak.world (the "Website") and related services. It is intended to comply with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and the applicable Italian data protection legislation, including Legislative Decree 196/2003 (Codice Privacy) as amended.

We process personal data only in a lawful, fair and transparent manner. By using our Website or providing your data to us, you acknowledge that you have read and understood this Privacy Policy.

3. Legal basis for processing

We process your personal data only where we have a valid legal basis under the GDPR, in particular:

  • Contract performance (Art. 6(1)(b) GDPR): where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (e.g. processing your order, responding to your enquiries).
  • Legal obligation (Art. 6(1)(c) GDPR): where processing is necessary for compliance with a legal obligation to which we are subject (e.g. tax, accounting, consumer law).
  • Legitimate interests (Art. 6(1)(f) GDPR): where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (e.g. improving our services, security, fraud prevention).
  • Consent (Art. 6(1)(a) GDPR): where you have given clear consent for one or more specific purposes (e.g. marketing communications, non-essential cookies).

4. Categories of personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact data: name, email address, postal address, telephone number, when you place an order, use the contact form or otherwise communicate with us.
  • Transaction and order data: order details, payment-related information (to the extent necessary for processing payments), delivery details.
  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, date and time of access, and similar technical data collected automatically when you use our Website (including via cookies where you have consented or where strictly necessary).
  • Communication data: content of messages you send us (e.g. via contact form or email).

We do not collect special categories of personal data (e.g. health, race, political opinions) unless you voluntarily provide them and we have a lawful basis to process them.

5. Purposes of processing and retention periods

We use your personal data for the following purposes and retain them only for as long as necessary to fulfil these purposes or to comply with legal obligations:

  • Order and contract fulfilment: to process and deliver your orders, manage payments, and handle returns or complaints. Retention: for the duration of the contractual relationship and thereafter as required by law (e.g. Italian civil and tax law, typically up to 10 years for accounting and tax records).
  • Customer support and communication: to respond to your enquiries, provide information about our products and services, and communicate with you in relation to your orders. Retention: for the time necessary to resolve your request and, where relevant, for a reasonable period thereafter for follow-up (e.g. up to 24 months from last contact unless longer retention is required by law).
  • Website operation and security: to ensure the technical operation, security and integrity of our Website, to prevent fraud and abuse, and to improve our services. Retention: as long as necessary for these purposes (e.g. server logs may be retained for a limited period such as 12 months; security-related data may be retained longer where justified).
  • Analytics and improvement: where you have consented or where we rely on legitimate interests, to analyse how our Website is used and to improve content and user experience. Retention: in accordance with our Cookie Policy and your choices (e.g. up to 24 months for analytics cookies unless you withdraw consent earlier).
  • Marketing: where you have given consent, to send you promotional communications about our products and offers. Retention: until you withdraw consent or object, or for a maximum period as specified at the time of consent (e.g. 24 months), after which we will delete or anonymise your data unless we have another lawful basis.
  • Legal and regulatory compliance: to comply with applicable laws, regulations, court orders or requests from public authorities. Retention: as required by the applicable legislation (e.g. tax and accounting data as per Italian law).

After the retention period has expired, we will delete or anonymise your personal data so that it can no longer be associated with you, unless we are required to retain it for legal reasons.

6. Recipients of your data and international transfers

We may share your personal data with:

  • Service providers: such as hosting providers, payment processors, logistics and delivery partners, email and communication services, and IT support, who act as processors on our instructions and are bound by data processing agreements where required by the GDPR.
  • Professional advisers: such as lawyers, accountants or auditors, where necessary for the purposes described in this policy or to comply with the law.
  • Public authorities: where we are required to do so by law or to protect our rights and the rights of others.

We do not sell your personal data to third parties. If we transfer personal data to countries outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place (e.g. adequacy decisions, standard contractual clauses, or other mechanisms approved under the GDPR) and that your rights remain protected.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. These measures include:

  • Use of HTTPS and encryption for data transmitted between your browser and our servers.
  • Restricted access to personal data on a need-to-know basis.
  • Secure storage and access controls for our systems and databases.
  • Regular review and updating of our security practices and staff training on data protection.

Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure. We encourage you to use strong passwords and to protect your account and device.

8. Your rights under the GDPR

Under the GDPR and applicable Italian law, you have the following rights in relation to your personal data:

  • Right of access (Art. 15 GDPR): You may obtain confirmation as to whether we process your personal data and, if so, access to that data and certain information about the processing.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten") (Art. 17 GDPR): You may request the deletion of your personal data in certain circumstances (e.g. where the data is no longer necessary, you withdraw consent, or you object to processing).
  • Right to restriction of processing (Art. 18 GDPR): You may request that we limit the processing of your data in certain situations (e.g. while we verify the accuracy of the data or the lawfulness of processing).
  • Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and is carried out by automated means, you may receive your data in a structured, commonly used and machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests or to processing for direct marketing at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement. In Italy, the supervisory authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

To exercise any of these rights, please contact us using the contact details provided in section 1. We will respond to your request within one month, or inform you of any extension and the reasons for it. We may need to verify your identity before processing your request.

9. Cookies and similar technologies

Our Website uses cookies and similar technologies. For detailed information on the cookies we use, their purposes and how to manage your preferences, please see our Cookie Policy.

10. Children

Our Website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will take steps to delete such data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the nature of our services. The "Last updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a prominent notice on our Website. Continued use of the Website after the effective date of changes constitutes acceptance of the updated policy, where permitted by law.

12. Contact

For any questions about this Privacy Policy or our data practices, please contact us at:

Khunryonyrkhak, Piazza della Scala, 23, 00153 Roma RM, Italy. Email: info@khunryonyrkhak.world. Phone: +39 065 806 217.