Privacy Policy
Controller: Queblornshul, Västerlånggatan 16, 111 29 Stockholm, Sweden.
Contact email: notifyuse@queblornshul.world
Telephone: +46 77 145 04 50
Website: https://queblornshul.world/
Last updated: 25 March 2026
Language: English (information also aligned with Swedish consumer and data-protection expectations)
This Privacy Policy explains how Queblornshul (“we”, “us”) processes personal data when you visit https://queblornshul.world/, submit forms, purchase or request QuinVigor, subscribe to updates, or otherwise interact with our channels. We apply the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Swedish Act (2018:218) with supplementary provisions to the GDPR (“GDPR Act”), and, where relevant, the ePrivacy Directive 2002/58/EC as transposed in Sweden and the EU Member States you access us from.
1. Scope and roles
We act as the controller for personal data described here unless we explicitly state that a partner is an independent controller (for example, your bank for card payments). Processors that assist us—such as hosting providers, email delivery services, analytics vendors if enabled, and logistics partners—process data on documented instructions and may not use it for their own purposes.
2. Categories of personal data
Depending on your interaction, we may process: identity and contact data (name, postal address, email address, optional telephone number); account or order identifiers; communication content you send through forms or email; technical data (IP address, browser type, device identifiers, approximate location derived from IP); usage data (pages viewed, referring URL, timestamps); cookie and similar technology identifiers when you consent; payment-related references (we aim to minimise card data exposure by relying on PCI-DSS compliant payment service providers); and compliance data (records of consents, policy versions accepted, fraud screening outcomes where permitted).
3. Purposes and lawful bases
Website operation and security (Article 6(1)(f) GDPR legitimate interests): Serving pages, preventing abuse, ensuring integrity of forms, and defending legal claims. Balancing test: your rights are considered; you may object where applicable.
Contract performance (Article 6(1)(b)): Processing orders or pre-contractual requests for QuinVigor, delivering products, invoicing, customer support, and handling returns within the scope of our agreement with you.
Legal obligation (Article 6(1)(c)): Accounting records, tax compliance, product-safety traceability, and responses to lawful requests from authorities.
Consent (Article 6(1)(a)): Non-essential cookies, marketing emails where not based on soft opt-in, and certain sensitive categories if you voluntarily provide them and we ask for explicit consent.
Legitimate interests (Article 6(1)(f)): Improving website usability through aggregated statistics when cookies are not required, internal reporting, and direct marketing to existing customers regarding similar products where permitted under marketing law and with easy opt-out.
4. Special categories and children
We do not intend to collect special categories of personal data (health, biometrics, etc.). If you disclose health information in a free-text message, we will use it only to respond to your inquiry unless a separate legal basis applies. Our services target adults. We do not knowingly profile children under 16 for marketing. Parents or guardians may contact us to remove inappropriate submissions.
5. Sources of data
Data comes directly from you, from automated technologies on our site (logs, cookies where consented), from payment and delivery partners to complete transactions, and, in limited cases, from public registers for fraud prevention or address verification.
6. Recipients and transfers
We share data with IT infrastructure providers within the EU/EEA where possible. If a processor is located outside the EU/EEA, we rely on Standard Contractual Clauses, adequacy decisions, or other GDPR Chapter V mechanisms. A copy of relevant safeguards may be requested. Carriers receive name, address, and contact details for delivery. Payment processors receive transaction details under their privacy notices.
7. Retention
Order and accounting records: up to seven years after the end of the financial year as required by Swedish bookkeeping law unless longer retention is mandated. Marketing consents and unsubscribe logs: until withdrawal plus three years for evidence. Cookie consent logs: twenty-four months from last update unless law requires longer. Website security logs: ninety days in routine cases, longer if an incident investigation is ongoing. Contact form messages: twenty-four months after last activity unless a dispute extends the need. Backup systems may retain deleted data for a limited technical period before overwrite.
8. Security measures
We implement TLS encryption for data in transit on pages we control, access controls on a need-to-know basis, pseudonymisation where feasible, logging of administrative actions, vendor due diligence, and incident response procedures. No online transmission is completely risk-free; you should protect your credentials and devices.
9. Automated decision-making
We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects on you. If this changes, we will provide information and safeguards required by Article 22 GDPR.
10. Your rights
Under GDPR you may request: access (Article 15); rectification (Article 16); erasure (Article 17); restriction (Article 18); data portability for data processed by automated means under contract or consent (Article 20); objection to processing based on legitimate interests or direct marketing (Article 21); and withdrawal of consent at any time without affecting prior lawful processing (Article 7(3)). You may lodge a complaint with the Swedish Authority for Privacy Protection (IMY), Box 8114, 104 20 Stockholm, Sweden, or your local supervisory authority if you reside elsewhere in the EEA.
11. Mandatory information for Swedish and EU consumers
Under the Consumer Sales Act and distance-selling rules, you receive pre-contractual information on this site and in order confirmations. The GDPR requires transparent processing; this policy supplements layered notices at collection points such as forms and the cookie banner.
12. Third-party sites
Links to external websites are provided for convenience. Their controllers determine their own privacy practices. Review their policies before submitting data.
13. Updates
We revise this policy when processing operations or laws change. Material changes will be highlighted on the website or communicated when we have your contact details. Continued use after an update may be subject to legal requirements; where consent is the basis, we will seek fresh consent if needed.
14. Contact for privacy requests
To exercise rights or ask questions, email notifyuse@queblornshul.world or write to the postal address above. Include your name, description of the request, and proof of identity if needed to protect your data from unauthorised disclosure. We respond within one month, extendable by two further months where complex, with reasons provided.
15. Personal data breaches
We maintain internal breach-response procedures aligned with Article 33–34 GDPR. Where a breach is likely to result in risk to your rights, we document the incident, mitigate harm, notify IMY within seventy-two hours where feasible, and communicate with affected individuals when the threshold for direct notice is met, unless anonymised statistical risk assessments show no serious likelihood of impact.
16. Records of processing activities
Internally we maintain Article 30 GDPR records describing processing purposes, categories of data subjects, categories of personal data, recipients, transfers, retention, and security measures. Extracts relevant to your relationship are summarised in this Policy; detailed logs are available to supervisory authorities upon request.
17. Corporate and registration information
Statutory business identifiers, VAT numbers, and registration excerpts appear on invoices, order confirmations, and formal correspondence as required by Swedish bookkeeping and consumer-information rules. If you require a registration extract before purchase, request it through notifyuse@queblornshul.world.
18. Data Protection Officer appointment
Where mandatory under Article 37 GDPR due to large-scale special-category processing or systematic monitoring, we will publish a DPO contact channel. Current processing mainly concerns routine e-commerce and customer service; the controller remains reachable through the details in Section 14 for all privacy matters.