Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for processing your personal data is:

Xibnarexaxae
Rytsebækvej 17, Hjelm, 4780 Stege, Denmark
Phone: +45 40 56 41 98
Email: message@xibnarexaxae.world

Processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Danish Data Protection Act (databeskyttelsesloven), including rules that supplement or specify the GDPR as applicable in Denmark.

2. Data We Collect

We may collect the following categories of personal data:

  • Contact information: Name, email address, and message content when you use our contact form
  • Technical data: IP address, browser type, operating system, referring URLs, and pages visited
  • Cookie data: Information stored through cookies and similar technologies as described in our Cookie Policy

3. Purposes of Processing

We process your personal data for the following purposes:

  • To respond to your inquiries submitted through our contact form
  • To ensure the technical functionality and security of our website
  • To analyze website usage patterns and improve our content (with your consent)
  • To measure or deliver relevant communications where you have consented to marketing or analytics technologies, in line with applicable marketing rules in Denmark (including the Danish Marketing Practices Act, markedsføringsloven)
  • To comply with legal obligations applicable to our operations

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

  • Consent (Article 6(1)(a)): When you submit the contact form or accept optional cookies
  • Legitimate interests (Article 6(1)(f)): For website security and functionality
  • Legal obligation (Article 6(1)(c)): When required by applicable law

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form data: Retained for up to 12 months after responding to your inquiry, then deleted
  • Technical logs: Retained for up to 90 days for security purposes
  • Cookie consent records: Retained for the duration specified in our Cookie Policy

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data under certain conditions
  • Right to restrict processing: Request limitation of how we process your data
  • Right to data portability: Receive your data in a structured, machine-readable format, where processing is based on consent or contract and is carried out by automated means
  • Right to object: Object to processing based on legitimate interests, including profiling on that basis; you also have the right to object at any time to processing for direct marketing purposes
  • Right to withdraw consent: Withdraw your consent at any time without affecting the lawfulness of prior processing
  • Rights related to automated decisions: We do not use automated decision-making, including profiling, that produces legal or similarly significant effects concerning you. If that changes, we will inform you and describe the logic involved and your rights

To exercise any of these rights, please contact us at message@xibnarexaxae.world. We will respond to your request without undue delay and in any event within one month; where requests are complex or numerous, this period may be extended by up to two further months in accordance with Article 12 GDPR, and we will inform you of any such extension.

Where processing is based on consent, you may withdraw consent through the same channel you gave it (for example, by revoking cookie preferences via your browser or our cookie controls as described in the Cookie Policy).

7. Children’s Personal Data

This website is not directed at children, and we do not knowingly collect personal data from anyone under 13 years of age. If you are a parent or guardian and believe we have collected personal data from a child, please contact us so we can take appropriate steps.

8. Sources and Categories of Recipients

We generally receive personal data directly from you (for example, when you use the contact form). Technical data may be collected automatically when you visit the website.

Your personal data may be disclosed to categories of recipients such as IT hosting providers, email or communication infrastructure providers, and analytics or advertising technology partners where you have given the relevant consent. Such recipients act on our documented instructions where they process personal data on our behalf (as processors under Article 28 GDPR), unless they are independent controllers for their own purposes.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS), access controls, and regular security reviews.

10. Third-Party Sharing

We do not sell your personal data. We may share data with trusted service providers who assist us in operating our website, subject to appropriate data processing agreements. These providers are contractually obligated to process data only as instructed and to maintain confidentiality.

11. International Transfers

If your personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or another mechanism recognized under Chapter V GDPR.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or another supervisory authority in your EU or EEA member state of habitual residence, place of work, or place of the alleged infringement.

Datatilsynet publishes up-to-date contact information, including any postal address for complaints, on its official website: https://www.datatilsynet.dk/

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated revision date. We encourage you to review this policy periodically.