Privacy Policy

Last updated: 8 March 2025

1. Introduction

Xephylarthythron ("we", "our" or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store and otherwise process your personal data when you use our website https://xephylarthythron.world (the "Website") and our services. This policy is provided in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018 (Ireland) and applicable Irish and European data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Xephylarthythron
Kings Court, King St N
Smithfield, Dublin 7
Ireland

Email: touch@xephylarthythron.world
Phone: +353 1 874 7440

3. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity data: First name, last name, full name
• Contact data: Email address, telephone number, postal address
• Transaction data: Details of products you have ordered, payment information
• Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device identifiers
• Usage data: Information about how you use our Website, including pages visited, time spent on pages, navigation paths
• Communication data: Messages you send to us via contact forms or email
• Cookie data: Data collected through cookies and similar technologies as described in our Cookie Policy

4. How We Collect Your Data

We collect personal data through:

• Direct interactions when you fill in forms on our Website (order form, contact form)
• Direct interactions when you contact us by email, phone or post
• Automated technologies when you browse our Website (cookies, server logs)
• Third parties such as payment processors and delivery services

5. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases:

• Performance of a contract: Processing necessary to fulfil orders and provide our services to you
• Legitimate interests: Processing necessary for our legitimate interests (e.g. improving our services, fraud prevention, network security) where these interests are not overridden by your rights
• Consent: Where you have given clear consent for specific processing (e.g. marketing communications, non-essential cookies)
• Legal obligation: Processing necessary to comply with legal obligations (e.g. tax records, consumer rights)

6. Purposes of Processing

We use your personal data for the following purposes:

• To process and fulfil your orders
• To communicate with you about your orders and enquiries
• To send order confirmations, shipping notifications and invoices
• To respond to your enquiries and provide customer support
• To manage our relationship with you
• To improve our Website, products and services
• To prevent fraud and ensure security
• To comply with legal and regulatory obligations
• To send marketing communications where you have consented

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Order and transaction data: 7 years from the end of the financial year in which the transaction occurred (for tax and legal compliance)
• Customer contact data: For the duration of our business relationship plus 3 years
• Enquiry and communication data: 3 years from the date of the last communication
• Technical and usage data: Up to 26 months for analytics; session data may be retained for shorter periods
• Marketing consent: Until you withdraw consent or object to processing

After the retention period, we securely delete or anonymise your data.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:

• SSL/TLS encryption for data transmitted via our Website (HTTPS)
• Secure storage with access controls
• Regular security assessments
• Staff training on data protection
• Limited access to personal data on a need-to-know basis

While we strive to protect your data, no method of transmission over the Internet is completely secure. We cannot guarantee absolute security.

9. Data Sharing and Recipients

We may share your personal data with:

• Service providers: Payment processors, shipping and logistics providers, IT and hosting providers, email service providers
• Professional advisers: Lawyers, accountants, auditors
• Authorities: When required by law or to protect our rights

We require all third parties to respect the security of your data and process it only for specified purposes in accordance with our instructions and applicable law. We do not sell your personal data.

10. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). Where we transfer data to countries not deemed to provide adequate protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

11. Your Rights Under GDPR

You have the following rights in relation to your personal data:

• Right of access (Article 15): Request a copy of your personal data
• Right to rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to erasure (Article 17): Request deletion of your data in certain circumstances
• Right to restrict processing (Article 18): Request limitation of processing in certain circumstances
• Right to data portability (Article 20): Receive your data in a structured, commonly used format
• Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
• Right to lodge a complaint: You may complain to the Data Protection Commission (Ireland)

To exercise any of these rights, contact us at touch@xephylarthythron.world. We will respond within one month.

Data Protection Commission (Ireland): www.dataprotection.ie

12. Children

Our Website is not intended for children under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Contact

For questions about this Privacy Policy or our data practices, contact us:

Xephylarthythron
Kings Court, King St N, Smithfield, Dublin 7, Ireland
Email: touch@xephylarthythron.world
Phone: +353 1 874 7440