Who is responsible
The data controller for processing described in this Privacy Policy is Khorlynnphakao.world, with its registered contact point at Marknadsgatan 1, 754 60 Uppsala, Sweden. For privacy-specific correspondence, email ask@khorlynnphakao.world. We will verify requests that concern personal data before we disclose information or take action.
When we say “we,” “us,” or “our,” we mean Khorlynnphakao.world in its capacity as operator of the website at khorlynnphakao.world and related communication channels about the Mellowra product line.
Scope and audience
This policy applies to visitors who browse informational pages, read legal documents, adjust cookie preferences, and submit contact or order-related forms. It also applies when you email us directly using addresses published on the site.
The website is intended for adults. We do not design our content for children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe we have received data from a child, contact us and we will delete it where we have no overriding legal obligation to retain it.
Categories of personal data
Depending on how you interact with us, we may process some or all of the following categories:
- Identity and contact details: name, email address, and any identifiers you include voluntarily in messages.
- Communication content: the text of forms, attachments if you send them by email, and metadata such as timestamps.
- Technical data: IP address, browser type and version, device type, operating system, approximate geographic area derived from IP, referral URL, and HTTP status data useful for security monitoring.
- Usage data: aggregated or pseudonymous analytics about page views and navigation paths if you consent to analytics cookies.
- Preference data: cookie consent selections stored locally in your browser or in a minimal consent log if we operate one server-side.
We do not require you to provide special categories of personal data (such as health data). If you voluntarily include health information in a message, we will treat it with additional care and limit access to personnel who need it to respond.
Purposes and legal bases
We process personal data only for specific purposes and where a legal basis under Article 6 GDPR applies. The table below summarizes common situations.
Contractual steps or legitimate interests in communicating with prospective customers.
Legitimate interests in detecting abuse, fraud, and technical incidents.
Consent, where required by law, for non-essential measurement cookies.
Legal obligation for accounting, tax, or regulatory retention where applicable.
Where we rely on legitimate interests, we balance our interests against your rights and offer a right to object where applicable. Where we rely on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Retention periods
We keep personal data only as long as necessary for the purposes above, plus any period required by law:
- Contact and support messages: typically up to twenty-four months after the last message in a thread, unless a dispute or warranty topic requires longer retention.
- Server and security logs: usually between thirty and one hundred eighty days, unless an investigation requires a limited extension.
- Financial and invoicing records: as required under Swedish bookkeeping and tax rules, often seven years for certain categories.
- Consent records: evidence of cookie choices for a period aligned with regulatory guidance in the jurisdictions we serve.
When retention ends, we delete or irreversibly anonymize data where deletion is technically feasible.
Recipients and processors
We may share personal data with service providers that help us host the website, deliver email, store backups, or provide fraud screening. These providers process data only on our instructions and under agreements that require confidentiality and security measures.
We may disclose information when required by law, court order, or a competent authority, or when necessary to establish or defend legal claims. We may also share data in connection with a merger, acquisition, or asset transfer, subject to continued protection consistent with this Privacy Policy.
We do not sell personal data in the conventional sense of exchanging lists for money. If we ever use advertising partners that qualify as “sale” or “sharing” under U.S. state laws, we will provide appropriate notices and choices.
International transfers
If we transfer personal data outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplementary measures where required by case law, or reliance on adequacy decisions. Copies of relevant safeguards may be requested by contacting us.
Security measures
We implement administrative, technical, and organizational measures appropriate to the risk, including access controls on systems, encryption of data in transit where supported by our providers, separation of environments, logging of administrative actions, and confidentiality commitments for staff and contractors.
No method of transmission over the Internet is completely secure. We encourage you to use strong passwords on your own devices, keep software updated, and avoid sending sensitive information through unsecured channels.
Your rights
Depending on your location and circumstances, you may have the right to access, rectify, erase, restrict processing, object to processing, port your data, and withdraw consent. You may also lodge a complaint with a supervisory authority. In Sweden, the supervisory authority is the Integritetsskyddsmyndigheten (IMY).
To exercise rights, email ask@khorlynnphakao.world with a description of your request. We may ask you to verify your identity before responding. We will answer within one month in ordinary cases, with a possible extension where permitted by law.
Changes to this policy
We may update this Privacy Policy to reflect changes in our practices, products, or legal requirements. The “Current as of” date at the top is generated dynamically when you load the page for quick reference, while substantive edits are tracked in the document history we maintain internally.
If we make material changes, we will provide additional notice where required, such as a banner on the website or an email if we have your address and the change affects you directly.