Privacy Policy

1. Data controller and contact

The data controller responsible for your personal data is:

Phogrynzaran
Unit A, 31 North Road, Market Estate, London N7 9GL, United Kingdom

Phone: +44 207 700 7585

Email: chat@phogrynzaran.world

If you have questions about this policy or your data, please contact us using the details above.

2. Scope and applicable law

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website https://phogrynzaran.world and related services. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), and other applicable UK and international data protection laws where relevant.

3. Personal data we collect

We may collect and process the following categories of personal data:

• Identity and contact data: name, email address, telephone number, and postal address when you place an order or contact us.
• Transaction and order data: order details, payment-related information (processed by secure third-party payment providers), delivery preferences and order history.
• Technical and usage data: IP address, browser type and version, device type, time zone, pages visited, time spent on pages and navigation paths. This may be collected via cookies and similar technologies as described in our Cookie Policy.
• Communication data: content of messages you send to us (e.g. via contact form or email) and records of our correspondence.

We do not knowingly collect special category data (e.g. health, race, religion) unless you voluntarily provide it in a message. Where you do so, we will use it only to respond to your enquiry and in line with this policy.

4. Purposes and legal bases for processing

We use your personal data for the following purposes and on the following legal bases:

• Performance of a contract: to process and fulfil orders, manage delivery, handle returns and refunds, and communicate about your order (UK GDPR Article 6(1)(b)).
• Legitimate interests: to improve our website, prevent fraud, ensure security, manage complaints and defend our legal rights, where our interests are not overridden by your rights (UK GDPR Article 6(1)(f)).
• Consent: where we use non-essential cookies or send marketing communications, we rely on your consent (UK GDPR Article 6(1)(a)). You may withdraw consent at any time.
• Legal obligation: to comply with tax, accounting, and other legal obligations (UK GDPR Article 6(1)(c)).

5. Retention periods

We keep your personal data only for as long as necessary for the purposes set out in this policy:

• Order and customer data: typically 6 years after the last transaction or as required by UK law for tax and accounting.
• Contact form and correspondence: up to 3 years from the last meaningful contact, unless a longer period is required for legal or complaint handling.
• Marketing and consent-based data: until you withdraw consent or object, after which we retain only the minimum needed to record your preference.
• Technical and access logs: up to 12 months unless a shorter period is applied.

After the retention period, we securely delete or anonymise your data.

6. Sharing and international transfers

We may share your data with:

• Payment and fraud-prevention service providers necessary to process payments.
• Courier and logistics partners to deliver your order.
• IT and hosting providers that support our website and systems (under data processing agreements).
• Professional advisers (e.g. lawyers, accountants) when required by law or to protect our rights.

Where we transfer data outside the UK, we ensure appropriate safeguards are in place (e.g. UK adequacy decisions, standard contractual clauses, or other approved mechanisms) in line with UK data protection law.

7. Security measures

We implement technical and organisational measures to protect your personal data, including:

• Use of HTTPS and encryption for data in transit.
• Access controls and staff training on data protection.
• Secure storage and limited retention in line with this policy.
• Selection of service providers that meet appropriate security and compliance standards.

While we take reasonable steps to protect your data, no transmission over the internet is completely secure; we encourage you to use secure connections and keep your account details safe.

8. Your rights under UK GDPR

You have the following rights in relation to your personal data:

• Right of access: to receive a copy of your personal data and information about how we use it.
• Right to rectification: to have inaccurate or incomplete data corrected.
• Right to erasure: to request deletion of your data in certain circumstances (e.g. where it is no longer necessary or you withdraw consent).
• Right to restrict processing: to ask us to limit how we use your data in certain situations.
• Right to data portability: to receive your data in a structured, machine-readable format where the processing is based on consent or contract.
• Right to object: to object to processing based on legitimate interests or to direct marketing.
• Right to withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us using the details in section 1. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK: ico.org.uk.

9. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on this page with an updated “Last updated” date. We encourage you to review it periodically. Where changes are material, we may notify you by email or a notice on the website.