Last updated: 25 March 2026
1. Introduction and Data Controller Identity
This Privacy Policy describes how Chelvareglix ("we", "us", "our") collects, processes, stores, and protects personal data when you visit our website at https://chelvareglix.world or interact with our services.
We are committed to protecting your privacy and processing your personal data in accordance with:
- Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR)
- Swedish Data Protection Act (Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning)
- The Swedish Electronic Communications Act (LEK)
- Any other applicable national and EU data protection legislation
Data Controller
Business name: Chelvareglix
Registered address: Klarabergsgatan 64, 111 21 Stockholm, Sweden
Email: touch@chelvareglix.world
Phone: +46 771 450 450
Website: https://chelvareglix.world
2. Personal Data We Collect
We collect the following categories of personal data, depending on how you interact with us:
2.1 Data You Provide Directly
- Identity data: Full name
- Contact data: Email address, telephone number (optional)
- Order data: Delivery address, order details, payment reference
- Communication data: Messages, enquiries, and correspondence you send us
- Consent records: Records of your consent to our terms and privacy policy
2.2 Data Collected Automatically
- Technical data: IP address, browser type and version, operating system, device type
- Usage data: Pages visited, time spent on pages, referring URLs, click behaviour
- Cookie data: Cookie identifiers and preferences (see our Cookie Policy)
2.3 Data We Do Not Collect
We do not collect or process special categories of personal data (sensitive data) such as health information, racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, or data concerning criminal convictions.
3. Purposes and Legal Bases for Processing
We process your personal data only where we have a valid legal basis under Article 6 GDPR. The table below sets out our processing activities:
| Purpose | Data Used | Legal Basis (Art. 6 GDPR) | Retention Period |
|---|---|---|---|
| Processing and fulfilling orders | Name, email, phone, address, order details | Contract performance (Art. 6(1)(b)) | 7 years (accounting obligations) |
| Responding to enquiries and customer support | Name, email, message content | Legitimate interests (Art. 6(1)(f)) | 3 years from last contact |
| Sending order confirmation and shipping updates | Name, email, order details | Contract performance (Art. 6(1)(b)) | 7 years (accounting obligations) |
| Compliance with legal obligations (tax, accounting) | Order and payment data | Legal obligation (Art. 6(1)(c)) | 7 years (Swedish Bookkeeping Act) |
| Website analytics and improvement | IP address, usage data, cookies | Consent (Art. 6(1)(a)) | Up to 26 months |
| Marketing communications (if opted in) | Name, email | Consent (Art. 6(1)(a)) | Until consent withdrawn |
| Fraud prevention and security | IP address, technical data | Legitimate interests (Art. 6(1)(f)) | 12 months |
4. Data Sharing and Recipients
We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients only to the extent necessary:
4.1 Service Providers (Data Processors)
- Payment processors: To process card payments securely (e.g., Stripe, PayPal). These providers are PCI DSS certified.
- Logistics and shipping partners: To deliver your order (e.g., PostNord, DHL). Only name and delivery address are shared.
- Email service providers: To send transactional emails (order confirmations, shipping notifications).
- Web hosting providers: To host and maintain our website infrastructure.
- Analytics providers: To analyse website usage (only if you have consented to analytics cookies).
All data processors are bound by data processing agreements (DPA) in accordance with Article 28 GDPR.
4.2 Legal Authorities
We may disclose personal data to competent authorities (e.g., Swedish Tax Agency, law enforcement) where required by law or in response to a valid legal request.
4.3 International Transfers
Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers only to countries with an adequacy decision by the European Commission
5. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Specific retention periods are set out in the table in Section 3 above.
When data is no longer needed, it is securely deleted or anonymised. Order and financial records are retained for 7 years in compliance with the Swedish Bookkeeping Act (Bokföringslagen 1999:1078).
6. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR, which you may exercise free of charge:
6.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data and information about how it is processed.
6.2 Right to Rectification (Art. 16 GDPR)
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
6.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing. This right is subject to certain exceptions, including our legal obligations to retain financial records.
6.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while the accuracy of the data is being contested.
6.5 Right to Data Portability (Art. 20 GDPR)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
6.6 Right to Object (Art. 21 GDPR)
You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
6.7 Right to Withdraw Consent (Art. 7(3) GDPR)
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
6.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the Swedish supervisory authority:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
Website: www.imy.se
Email: imy@imy.se
Phone: +46 8 657 61 00
Exercising Your Rights
To exercise any of your rights, please contact us at:
Email: touch@chelvareglix.world
Post: Chelvareglix, Klarabergsgatan 64, 111 21 Stockholm, Sweden
We will respond to your request within 30 days. In complex cases, we may extend this period by a further 60 days, in which case we will inform you of the extension and the reasons for it.
We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests; however, we may charge a reasonable fee or refuse manifestly unfounded or excessive requests.
7. Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
- HTTPS encryption for all data transmitted to and from our website
- SSL/TLS encryption for all communications
- Access controls and authentication requirements for staff accessing personal data
- Regular security assessments and updates
- Data minimisation — we only collect data that is necessary
- Pseudonymisation and encryption of stored data where appropriate
- Procedures for detecting, reporting, and investigating personal data breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify you directly.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website. For full details about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.
9. Children's Privacy
Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from persons under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such data.
10. Links to Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal data.
11. Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.
For material changes, we will provide more prominent notice, such as a notification on our website or by email where we hold your contact details.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
Chelvareglix
Klarabergsgatan 64, 111 21 Stockholm, Sweden
Email: touch@chelvareglix.world
Phone: +46 771 450 450