Quolrixxlyux

Privacy Policy

Last updated: 12 March 2025

This Privacy Policy describes how Quolrixxlyux (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use our website at quolrixxlyux.world (the “Website”) and our services. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Dutch implementation law (Uitvoeringswet Algemene verordening gegevensbescherming, “UAVG”), and other applicable Dutch and European data protection laws.

1. Data controller

Controller identity and contact details:

Quolrixxlyux
Address: De Ruijterkade 24a, 1012 AA Amsterdam, Netherlands
Email: info@quolrixxlyux.world
Phone: +31202357822

For any request related to your personal data or this policy, please contact us using the details above.

2. Personal data we collect

We may collect and process the following categories of personal data:

2.1 Data you provide directly

  • Contact and identification data: name, email address, telephone number (if provided), and postal address when you place an order or contact us.
  • Communication data: content of messages you send us via contact forms, email, or other channels.
  • Transaction data: order details, payment-related information (e.g. payment method; we do not store full card numbers), and delivery information.
  • Consent and preferences: your consent to our Privacy Policy, Terms of Service, marketing communications, and cookie preferences where applicable.

2.2 Data collected automatically

  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar technical data necessary for the operation and security of the Website.
  • Cookie and similar technologies data: information stored or read via cookies and similar technologies, in accordance with your cookie choices and our Cookie Policy.

We do not collect special categories of data (e.g. health, race, religion) unless you voluntarily provide such data and we have a lawful basis to process it.

3. Purposes and legal bases for processing

We process your personal data only for specified, explicit, and legitimate purposes. The main purposes and corresponding legal bases under the GDPR are:

  • Performance of a contract (Art. 6(1)(b) GDPR): processing necessary to perform our contract with you (e.g. processing orders, delivering products, handling returns, and communicating about your order).
  • Legitimate interests (Art. 6(1)(f) GDPR): where we have a legitimate interest that is not overridden by your rights, including: improving the Website and our services, ensuring security and preventing fraud, managing and defending legal claims, and conducting internal analytics (where not based on consent).
  • Consent (Art. 6(1)(a) GDPR): where you have given clear consent for specific processing (e.g. marketing emails, non-essential cookies, or other optional processing). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legal obligation (Art. 6(1)(c) GDPR): processing necessary to comply with laws (e.g. tax, accounting, and consumer law obligations in the Netherlands and the EU).

We will not use your personal data for purposes incompatible with the above without informing you and, where required by law, obtaining your consent.

4. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations.

  • Order and customer data: for the duration of the contractual relationship and thereafter for a period required by Dutch law (e.g. tax and accounting: generally 7 years) and for handling disputes or legal claims.
  • Contact and support communications: for the time needed to resolve your request and, where relevant, for a limited period for quality and legal purposes, in line with our retention policy.
  • Marketing and consent-based processing: until you withdraw consent or object, or until we no longer use the data for the consented purpose, subject to any longer retention required by law.
  • Technical and access logs: for a limited period necessary for security, debugging, and legitimate operational needs (e.g. up to 12–24 months unless a longer period is required by law or for legal claims).
  • Cookie-related data: as set out in our Cookie Policy, depending on the type of cookie.

After the retention period, we will delete or anonymise your data so that it no longer identifies you.

5. Recipients and international transfers

We may share your personal data with:

  • Service providers: processors that help us run the Website and our business (e.g. hosting, payment processing, shipping, email delivery, and analytics). We ensure that such processors are bound by contract to protect your data and use it only as instructed.
  • Legal and public authorities: where required by law or to protect our rights (e.g. courts, tax authorities, or law enforcement in the Netherlands or the EU).

Your data is processed within the European Economic Area (EEA). If we transfer data outside the EEA, we will ensure appropriate safeguards are in place (e.g. adequacy decision, Standard Contractual Clauses, or other mechanisms approved under the GDPR).

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, and to ensure a level of security appropriate to the risk. These measures include:

  • Use of HTTPS and encryption where appropriate for data in transit.
  • Access controls and authentication so that only authorised personnel can access personal data.
  • Regular review and updating of security practices and, where applicable, reliance on secure and compliant service providers.
  • Procedures to detect, respond to, and report personal data breaches in accordance with the GDPR.

Despite our efforts, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and to protect your account and device.

7. Your rights under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): you may obtain confirmation as to whether we process your data and, where that is the case, access to your data and certain information about the processing.
  • Right to rectification (Art. 16): you may request correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”) (Art. 17): you may request erasure of your data in certain circumstances (e.g. where the data is no longer necessary, you withdraw consent, or you object and there are no overriding legitimate grounds).
  • Right to restriction of processing (Art. 18): you may request that we restrict processing in certain situations (e.g. while we verify accuracy or while you contest the lawfulness of processing).
  • Right to data portability (Art. 20): where processing is based on contract or consent and is carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Right to object (Art. 21): you may object to processing based on legitimate interests or to processing for direct marketing. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests or the processing is for the establishment, exercise, or defence of legal claims.
  • Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. In the Netherlands, the competent authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), PO Box 93374, 2509 AJ The Hague, Netherlands; website: autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us using the contact details in section 1. We will respond within the time limits set by the GDPR (generally one month, extendable where necessary). We may ask you to verify your identity before processing your request.

8. Children

Our Website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us and we will take steps to delete such data.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the law, or the Website. The “Last updated” date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where required by law, we will notify you of material changes (e.g. by email or a notice on the Website) and, where necessary, obtain your consent.

10. Contact

For questions about this Privacy Policy or our processing of your personal data, please contact us:

Quolrixxlyux
De Ruijterkade 24a, 1012 AA Amsterdam, Netherlands
Email: info@quolrixxlyux.world
Phone: +31202357822