Legal

Privacy Policy

How we collect, use and protect your personal data

Last updated: 6 March 2026

Data Controller: Chraxellhlix
Fridtjof Nansens gate 4, 6509 Kristiansund, Norway
Email: mail-us-@chraxellhlix.world
Phone: +47 94 44 41 00

1. Introduction

Chraxellhlix ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website at chraxellhlix.world or contact us.

We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and the Norwegian Personal Data Act (Personopplysningsloven).

2. Data We Collect

We may collect the following categories of personal data:

  • Identification data: Full name, as provided in the order form.
  • Contact data: Email address, phone number (if provided), and postal address (if provided for delivery).
  • Order data: Details of the products you have ordered and correspondence related to your order.
  • Technical data: IP address, browser type and version, time zone, operating system, device identifiers, and pages visited on our website.
  • Cookie data: Data collected via cookies and similar tracking technologies, subject to your consent. Please refer to our Cookie Policy for details.

We do not collect sensitive personal data (special categories under Article 9 GDPR) such as health data, biometric data, or data concerning racial or ethnic origin.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases:

3.1 Order Fulfilment

Purpose: Processing your order enquiry, confirming your order, arranging delivery, and providing customer service.
Legal basis: Article 6(1)(b) GDPR – performance of a contract or steps taken prior to entering into a contract.

3.2 Legal Obligations

Purpose: Compliance with applicable Norwegian and EU laws, including accounting, tax, and consumer protection obligations.
Legal basis: Article 6(1)(c) GDPR – compliance with a legal obligation.

3.3 Legitimate Interests

Purpose: Improving our website, preventing fraud, ensuring network and information security, and conducting analytics to understand how visitors use our site.
Legal basis: Article 6(1)(f) GDPR – legitimate interests pursued by us, provided they are not overridden by your interests or fundamental rights.

3.4 Consent

Purpose: Sending marketing communications and placing non-essential cookies, where you have given your explicit consent.
Legal basis: Article 6(1)(a) GDPR. You may withdraw your consent at any time by contacting us or adjusting your cookie preferences.

4. Data Sharing and Recipients

We do not sell your personal data to third parties. We may share your data with the following categories of recipients solely where necessary:

  • Delivery partners: Courier and postal services to fulfil your order delivery.
  • Payment processors: Secure payment service providers operating under their own privacy policies and applicable data protection law.
  • IT service providers: Hosting, website maintenance, and analytics providers acting as data processors under GDPR-compliant contracts.
  • Public authorities: Where we are required to do so by law or regulation, including Skatteetaten (Norwegian Tax Administration) and other competent authorities.

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

5. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

  • Order and contract data: Retained for 5 years following the completion of the order, in accordance with Norwegian accounting law (Bokføringsloven).
  • Customer service correspondence: Retained for up to 3 years from the last interaction.
  • Marketing consent records: Retained until you withdraw your consent, plus 1 year thereafter for evidential purposes.
  • Website technical logs: Retained for up to 12 months.
  • Cookie data: Retained for the duration specified in our Cookie Policy.

After the applicable retention period, data is securely deleted or anonymised.

6. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access (Article 15): You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of it.
  • Right to rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances.
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Article 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at mail-us-@chraxellhlix.world. We will respond within 30 days. We may need to verify your identity before processing your request.

7. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with the Norwegian Data Protection Authority:

Datatilsynet
Postboks 458 Sentrum, 0105 Oslo, Norway
Website: www.datatilsynet.no
Phone: +47 22 39 69 00

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • HTTPS encryption for all data transmitted via our website.
  • Access controls limiting data access to authorised personnel only.
  • Regular security reviews of our systems and processes.
  • Data processor agreements with all third-party service providers.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify Datatilsynet within 72 hours as required by Article 33 GDPR, and will inform you directly where required by Article 34 GDPR.

9. Cookies

Our website uses cookies and similar technologies. For full details of the cookies we use and how to manage them, please refer to our Cookie Policy.

10. Children's Privacy

Our website and products are intended for adults (18 years and over). We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The date at the top of this page will be updated accordingly. For significant changes, we will provide a prominent notice on our website. We encourage you to review this policy periodically.

12. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us:

Chraxellhlix
Fridtjof Nansens gate 4, 6509 Kristiansund, Norway
Email: mail-us-@chraxellhlix.world
Phone: +47 94 44 41 00