Privacy Policy

Last updated: March 2026

1. Controller and contact details

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

Ghivexoncrax
Henriette-Herz-Platz 3
10178 Berlin
Germany

Email: community@ghivexoncrax.world
Phone: +49 30 330 26156

You may contact us at any time with questions about data protection or to exercise your rights.

2. Scope and purpose of this policy

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website https://ghivexoncrax.world (the "Website") and our services. We process your data in accordance with the GDPR, the German Federal Data Protection Act (BDSG), and other applicable data protection laws. We are committed to transparency and to protecting your privacy.

3. Definitions

Personal data means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).

Processing means any operation performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction (Art. 4(2) GDPR).

Controller means the natural or legal person that determines the purposes and means of the processing (Art. 4(7) GDPR).

Recipient means a natural or legal person to whom personal data are disclosed (Art. 4(9) GDPR).

4. Legal basis for processing

We process personal data only where we have a valid legal basis:

• Consent (Art. 6(1)(a) GDPR): Where you have given clear consent for one or more specific purposes.
• Contract (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract or pre-contractual steps.
• Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary to comply with a legal obligation.
• Legitimate interests (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, except where overridden by your interests or fundamental rights.

5. Data we collect and how we use it

5.1 Visiting the website

When you access our Website, our servers automatically record technical access data (e.g. IP address, date and time of access, browser type and version, operating system, referrer URL, pages viewed). This is necessary to enable use of the Website, to ensure security and stability, and to detect and prevent abuse. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing and securing the service). This data is stored in server log files for a limited period; the exact retention period is set out in section 8 below.

5.2 Contact and order form

When you use our contact or order form, we collect the data you provide (e.g. name, email address, telephone number if given, message content). We use this data solely to process your enquiry or order, to communicate with you, and to fulfil any contractual or pre-contractual obligations. The legal basis is Art. 6(1)(b) GDPR (contract or pre-contractual measures) and, where applicable, Art. 6(1)(a) GDPR (consent where you have agreed to further processing). We do not use your data for unsolicited marketing unless you have given separate consent.

5.3 Email contact

If you contact us by email (e.g. at community@ghivexoncrax.world), we process the content of your message and your email address to handle your request. The legal basis is Art. 6(1)(b) or (f) GDPR. We retain correspondence as long as necessary for the purpose and for any legal retention requirements.

5.4 Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Strictly necessary cookies are used to operate the Website (legal basis: Art. 6(1)(f) GDPR). Analytics and marketing cookies are used only with your consent (legal basis: Art. 6(1)(a) GDPR). You can withdraw or adjust your consent at any time via our cookie settings.

6. Recipients and international transfers

We may share your data with:

• Service providers who process data on our behalf (e.g. hosting, email delivery, payment or shipping partners), under strict contractual obligations and only for the purposes we specify.
• Public authorities where we are legally obliged to do so (e.g. tax, law enforcement).

We do not sell your personal data. If we use processors outside the European Economic Area (EEA), we ensure appropriate safeguards (e.g. standard contractual clauses approved by the European Commission or an adequacy decision) in accordance with Art. 44 et seq. GDPR.

7. Retention periods

We retain your data only for as long as necessary for the purposes for which it was collected or as required by law:

• Server logs: Typically up to 7 to 30 days, unless a longer period is required for security or legal reasons.
• Contact and order data: For the duration of the business relationship and thereafter for the statutory retention period (e.g. 6 or 10 years for tax and commercial law in Germany), unless you request erasure and we have no overriding obligation to retain.
• Marketing and analytics data (where consent was given): Until you withdraw consent or for the period stated in our Cookie Policy.

After the retention period, we delete or anonymise your data so that it can no longer be attributed to you.

8. Your rights under the GDPR

You have the following rights in relation to your personal data:

• Right of access (Art. 15 GDPR): You may request confirmation as to whether we process your data and, if so, a copy of the data and information about the processing.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or completion of incomplete data.
• Right to erasure (Art. 17 GDPR): You may request erasure of your data where the legal conditions are met (e.g. data no longer necessary, consent withdrawn, unlawful processing).
• Right to restriction of processing (Art. 18 GDPR): You may request that we restrict processing in certain situations (e.g. while accuracy is verified or you need the data for legal claims).
• Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format or have it transmitted to another controller.
• Right to object (Art. 21 GDPR): Where we process on the basis of legitimate interests, you may object on grounds relating to your situation; we will then cease processing unless we demonstrate compelling legitimate grounds. You may object at any time to processing for direct marketing.
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or place of the alleged infringement. In Germany, the competent authority is the data protection supervisory authority of the federal state in which we are established (Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit).

To exercise any of these rights, please contact us using the details in section 1. We will respond without undue delay and in any event within one month, subject to any extension where permitted by law.

9. Security measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:

• Use of HTTPS (TLS/SSL) for all pages to encrypt data in transit.
• Restricted access to personal data on a need-to-know basis.
• Secure hosting and regular security updates.
• Contractual obligations with processors to ensure confidentiality and security.

No transmission over the internet can be guaranteed to be completely secure; we encourage you to use secure connections and to keep your access data confidential.

10. Children

Our Website and services are not directed at individuals under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The current version is always available on this page. We will indicate the date of the last update at the top. Where changes are material, we may notify you by email or by a prominent notice on the Website.

12. Additional information

For details on cookies and similar technologies, please see our Cookie Policy. For terms governing the use of our Website and services, see our Terms of Service. For legal information about our business, see our Legal Information page.

If you have any questions about this Privacy Policy or our data practices, please contact us at community@ghivexoncrax.world or by post at the address above.