Brexalonyzur.world

Legal charter

Privacy Policy

This extended instrument describes how personal data flows through the Cortena digital estate, which safeguards surround it, and how you may exercise statutory rights across the European Economic Area and the United Kingdom where comparable provisions apply.

1. Data controller and representative capacity

Brexalonyzur.world
Østerbrogade 142
2100 København Ø
Denmark
Email: chat@brexalonyzur.world

The controller is responsible for determining why and how personal data is processed when you visit this domain, subscribe to communications, purchase Cortena products, or correspond with our team. Where we appoint a data protection officer or EU representative for specific processing activities, their coordinates will be published as an amendment to this section.

2. Material scope and territorial reach

This policy applies to processing connected with the Cortena website, related landing experiences, email inboxes operated by the controller, and customer service channels that reference this document. It is drafted to align with Regulation (EU) 2016/679 (GDPR), the UK GDPR as retained in domestic law, and the Danish Data Protection Act (Act No. 502 of 23 May 2018) together with executive orders that supplement Union law.

If you access our services from outside the EEA or UK, we still apply GDPR-standard safeguards when the processing relates to offering goods or monitoring behaviour within those territories.

3. Definitions used throughout this charter

“Personal data” means any information relating to an identified or identifiable natural person. “Processing” encompasses collection, storage, adaptation, disclosure, erasure, or destruction. “Processor” denotes an entity that processes personal data on our instructions. “Pseudonymisation” refers to replacing direct identifiers so that re-linking requires additional information held separately.

4. Categories of personal data we may collect

  • Identity and contact identifiers such as name, email address, telephone number, and delivery address when you voluntarily supply them.
  • Commercial records including order identifiers, basket history, payment confirmation tokens, and refund references.
  • Technical telemetry including IP address, device type, operating system, browser version, language preferences, and coarse geolocation inferred from network data.
  • Engagement analytics describing page paths, scroll depth, and interaction heatmaps when optional analytics cookies are accepted.
  • Communications content within free-text fields, attachments, and email threads.
  • Consent artefacts storing timestamps, version numbers of policies acknowledged, and granular cookie preferences.

5. Purposes of processing and legal bases

We process personal data only when a lawful basis exists. Contractual necessity under Article 6(1)(b) GDPR supports order fulfilment, account maintenance, and direct responses to purchase-related questions. Legitimate interests under Article 6(1)(f) justify network security monitoring, fraud analytics, product improvement research that uses aggregated statistics, and internal reporting, each balanced against your rights through formal assessments.

Optional newsletters, personalised recommendations, and non-essential cookies rely on Article 6(1)(a) consent, which you may withdraw without affecting the lawfulness of earlier processing. Legal obligations under Article 6(1)(c) cover accounting records, tax filings, and cooperation with competent authorities.

6. Consent mechanics and withdrawal

Where consent is required, we present granular choices through the cookie interface or dedicated subscription forms. Withdrawing consent is as straightforward as giving it: use the same interface, email our privacy inbox, or adjust browser controls. Marketing lists are refreshed regularly to honour unsubscribes within seventy-two hours of acknowledgement.

7. Retention schedule and erasure criteria

  • Transactional tax and invoice evidence: up to seven years from the end of the financial year to satisfy Danish bookkeeping statutes.
  • Customer service correspondence: twenty-four months after case closure unless litigation extends the need.
  • Marketing consent evidence: thirty-six months from the last affirmative interaction.
  • Security logs: ninety days in standard configuration, extendable for active investigations.
  • Analytics identifiers tied to cookies: governed by vendor defaults, capped at twenty-six months where configurable.

Upon expiry we delete or irreversibly anonymise data unless a narrow statutory exception applies.

8. Processors and categories of recipients

We engage vetted suppliers for hosting, transactional email, payment acquiring, logistics, customer relationship tooling, and analytics when consented. Each relationship is governed by Article 28 GDPR agreements specifying confidentiality, subprocessors, audit rights, and deletion obligations. A summary list of processor categories is available on written request.

9. International data transfers

Data may transit to countries without an adequacy decision only when appropriate safeguards exist, such as the European Commission Standard Contractual Clauses (2021/914) supplemented by technical measures including TLS 1.2 or higher for data in transit and encryption at rest where feasible.

10. Security measures

Our security programme includes role-based access control, multi-factor authentication for privileged accounts, segregated production environments, vulnerability scanning, incident response playbooks, and periodic staff training. While no system is impervious, we commit to notifying supervisory authorities and affected individuals when mandatory under Articles 33–34 GDPR.

11. Your data subject rights

You may request access, rectification, erasure, restriction, portability, and object to certain processing, including profiling that produces legal effects. We respond within one month, extendable by two further months for complex requests with explanation. Identity verification may be required to prevent disclosure to impersonators.

12. Supervisory authority contact

You may lodge a complaint with Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark, telephone +45 33 19 32 00, website www.datatilsynet.dk, or with the authority in your habitual residence or workplace.

13. Children

Our services target adults. We do not knowingly collect data from children below the age of digital consent in Denmark (currently thirteen) without verifiable parental authority.

14. Automated decision-making

We do not employ solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning individuals in connection with this website.

15. Third-party integrations

Embedded videos, maps, or social widgets may set their own cookies. Their controllers operate independent notices; please review them before interacting.

16. Personal data breach response

We maintain internal escalation paths, forensic preservation steps, and communication templates to meet regulatory timelines should a breach risk your rights and freedoms.

17. Policy evolution

Material updates will be announced through a banner or email when legally required. Continued use after non-material edits constitutes acknowledgement where consent is not the basis.

18. Privacy correspondence

Direct questions to chat@brexalonyzur.world with “Privacy request” in the subject line, or post to the physical address above.