Xolvarynyzei

Data protection · Rødovre, Denmark

Privacy policy and your personal data

This file explains which categories of data we are likely to process when you browse this static site, use the form, or exchange email with the office. It is written in everyday language, but the obligations behind it come from the GDPR, the UK GDPR where relevant, and other laws that may apply to you depending on your location.

Controller and how to reach us

The data controller is Xolvarynyzei, Rødovre Centrum 1, 2610 Rødovre, Denmark. The fastest route for a formal request is the mailbox ask@xolvarynyzei.world with a subject line that contains “Data request” and your name, so a colleague can find the thread. For telephone contact use +45 70 20 85 05 during the hours we publish, bearing in mind that we may still need written confirmation of certain requests. If you send post, include a return address or email so we can reply without an extra round of logistics.

Categories of personal data we process

Through the contact form we can receive your name, email address, the content of a message, and the fact that a submission occurred at a given time. On the web server, technical logs can include the IP address of the device, protocol version, a rough result code, a user-agent string, a timestamp, and the path you requested, which in combination may be personal data. If you only read pages, we may still have those technical logs, even when we do not know your name. The cookie policy names optional labels stored in the browser. We do not ask for identity documents through this public site, and we ask you not to place national identity numbers, health details, or other sensitive data in a free-text field.

Data you provide directly

Anything you type, attach when we offer attachments, or read out in a call that the team then records in a note system if you are told at the time.

Data created by systems

Server, mail, and backup events that are automatically generated, plus derived fields such as approximate region from IP when we do not have a more precise address from you.

Purposes and legal bases in outline

We answer enquiries under Article 6(1)(b) GDPR (steps at your request) or, where no contract is close, (1)(f) in respect of a legitimate interest in helping visitors and in securing our infrastructure, balanced with your rights. We send strictly operational mail about an ongoing matter under the same line. We rely on consent where a communication channel or cookie category requires it under the ePrivacy layer or national rules. We process data where a legal obligation compels us, for example certain accounting or order records. We do not use the contact list on this project for general profiling unrelated to the question you asked.

A short note in your first email telling us the country you are writing from can help us route any transfer or consumer question correctly, but it is not mandatory for a simple information request.

Retention in practice

We keep a correspondence file until the matter is complete and, unless law requires longer, for a follow-up period that is regularly reviewed, currently up to about three years from the last message that actually moves the file forward, not from every automated “read receipt” event. Log files in production systems are rotated in days or a small number of weeks, while aggregated statistics may be kept longer in depersonalised form. Backup media can retain older snapshots until the backup cycle overwrites them; a deletion on the live system may take one more full cycle to disappear from every tape or object bucket.

Recipients, processors, and cross-border flows

Our hosting, email, ticket, and optional analytics or marketing products act as processors under a written agreement. We choose suppliers who accept standard contractual clauses or are located in the EEA or a country the EU has assessed as offering adequate protection. If a transfer tool changes after a political decision, we re-document the path and may switch provider when proportionate. A copy of the main safeguards, where they are not secret for security reasons, can be provided with a subject access request.

Security measures at a high level

We separate roles so that a single person cannot silently export every mailbox. Transport encryption is used for modern mail and HTTPS for the site. Terminated accounts for internal tools are de-provisioned, and we patch components we control on a regular cadence. No measure is perfect; if a breach is likely to affect you, we will follow notification rules that apply in Denmark and, where required, in your member state or the UK, and we will post an honest summary in the contact channel you used when we can do so without helping an attacker further.

Rights and how to exercise them

Where the GDPR applies, you can ask for access to the personal data we still hold, rectification of something wrong, erasure in cases provided by law, restriction while a dispute is checked, and portability for data you gave us in a machine-readable format when processing is based on contract or consent and automated. You may object to certain legitimate-interest processing, and you may withdraw consent for consent-based activities at any time. You may lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or, if you are in another EEA state, with your local authority, without giving up a judicial remedy. We will answer within a month in ordinary cases, or tell you if we need more time in complex file pulls.

Online advertising and campaign measurement

When we use online advertising (for example search or display campaigns through Google Ads in the EEA, where Google Ireland Limited often provides the interface), a click may be measured with tags or similar tools on this site. Depending on the product and on whether you have allowed optional cookies or the vendor reads only aggregated technical signals, data may be processed to show you relevant ads elsewhere, to limit how often you see a placement, and to count conversions such as a visit to a thank-you state after a form. We choose settings that support transparency: landing pages on this domain match what the ad describes, and we do not sell contact-form contents to ad networks. Details of how a large platform processes data for advertising appear in that provider’s policy; where they act as our processor, we have an agreement. You can use the cookie settings on this site to limit optional storage that exists mainly for measurement, where our implementation supports that.

Automated decisions

We do not use fully automated individual decision-making, including profiling, with legal or similarly significant effects in connection with the present website and mailbox pipeline described in this file.

Children and vulnerable adults

Public information here is for a general adult audience. If you are responsible for a young person, please use your own address when you write on their behalf, or ask us to delete an accidental self-submission. If a court-appointed representative contacts us, we will verify the scope of the mandate in a way that fits the case.

Changes to this policy

When the substance changes, we will replace this page, adjust the cookie policy if the storage story changes, and, where a consent refresh is required, re-open the banner. The day shown in the green strip at the top of this view is the calendar day in your own browser, which helps you align any printed copy you keep with a later visit you make from another device.