GDPR Compliance Statement for Xylvra

At Xylvra, located at 40 Abbey Street Upper, North City, Dublin D01 F9N3, IE, we are committed to protecting your privacy and handling your personal data with the utmost care and transparency. As a business operating within Ireland and the European Union, we fully comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, which provides robust data protection rights for all individuals.

This statement outlines our commitment to GDPR principles and how we ensure your data protection rights are upheld when you visit https://xylvra.com/.

1. Data Controller Xylvra acts as the data controller for the personal data you provide to us, meaning we determine the purposes and means of processing your personal data.

2. Principles of Data Processing We process your personal data in accordance with the following GDPR principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: We collect your personal data for specified, explicit, and legitimate purposes and do not process it further in a manner incompatible with those purposes.
  • Data Minimisation: We collect only personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accuracy: We take every reasonable step to ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage Limitation: We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
  • Accountability: We are responsible for, and are able to demonstrate compliance with, the above principles.

3. Lawful Basis for Processing Your Data We rely on one or more of the following lawful bases for processing your personal data:

  • Contract: Processing is necessary for the performance of a contract to which you are party (e.g., fulfilling your order, providing customer service).
  • Legal Obligation: Processing is necessary for compliance with a legal obligation (e.g., tax and accounting requirements).
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by Xylvra or by a third party (e.g., preventing fraud, improving our services), provided your fundamental rights and freedoms do not override these interests.
  • Consent: Where we have obtained your explicit consent for specific processing activities (e.g., sending marketing newsletters). You have the right to withdraw your consent at any time.

4. What Personal Data We Collect We collect personal data that is essential for operating our online store and providing you with our products and services. This may include:

  • Contact Information: Name, shipping address, billing address, email address, phone number.
  • Order Information: Details of the products you purchase, order history.
  • Payment Information: Payment card details (processed securely by third-party payment processors; we do not store full payment card numbers on our servers).
  • Technical Data: IP address, browser type, operating system, and website usage data collected through cookies and similar technologies (as detailed in our Cookie Policy).

5. Your Data Protection Rights Under the GDPR, you have the following rights regarding your personal data:

  • The Right to Access: You have the right to request copies of your personal data held by Xylvra.
  • The Right to Rectification: You have the right to request that Xylvra correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (Right to be Forgotten): You have the right to request that Xylvra erase your personal data, under certain conditions.
  • The Right to Restrict Processing: You have the right to request that Xylvra restrict the processing of your personal data, under certain conditions.
  • The Right to Object to Processing: You have the right to object to Xylvra’s processing of your personal data, under certain conditions.
  • The Right to Data Portability: You have the right to request that Xylvra transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
  • The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

6. Data Security Xylvra employs appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. This includes using secure servers, encryption (SSL) for data transmission, and regular security audits. Our e-commerce platform, WooCommerce, also adheres to high security standards.

7. Data Retention We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. This typically includes the duration of our relationship with you and a reasonable period thereafter to address any queries or complaints.

8. Sharing Your Data We do not sell your personal data to third parties. We may share your data with trusted third-party service providers who assist us in operating our website, conducting our business, or serving our customers (e.g., payment processors, shipping carriers). These third parties are contractually bound to keep your information confidential and to use it only for the purposes for which we disclose it to them, in compliance with GDPR.

9. Complaints If you have any concerns about our use of your personal data, you can contact us directly using the details below. You also have the right to lodge a complaint with the Data Protection Commission (DPC), the supervisory authority for data protection in Ireland, if you believe your rights under GDPR have been infringed. Data Protection Commission (DPC) Ireland: Website: www.dataprotection.ie Address: 21 Fitzwilliam Square South, Dublin 2, D02 R2Y5, Ireland

10. Contact Us If you have any questions about this GDPR Compliance Statement or wish to exercise any of your data protection rights, please contact us:

Company Name: Xylvra Address: 40 Abbey Street Upper, North City, Dublin D01 F9N3, IE 

Email: contact@xylvra.com

 Phone: +35318747687 

Website: https://xylvra.com/

This GDPR Compliance Statement was last updated on [Insert Date – e.g., 26th October 2023]. We may update this statement from time to time to reflect changes in our practices or legal requirements.