Shimvorndhit.world

Privacy Policy

This instrument describes how Shimvorndhit.world, operating the Belvoro brand experience, collects, uses, stores, and protects personal data when you browse our digital properties, correspond with us, or purchase goods governed by Danish and European Union law.

Effective · Frederiksberg · EU GDPR
Controller identity Shimvorndhit.world, Falkoner Allé 21, 2000 Frederiksberg, Denmark. Email: chat@shimvorndhit.world. We determine the purposes and means of processing for the activities described below unless another entity is identified as joint controller in a specific notice.

1. Scope, language, and materiality

This Policy applies to visitors of Shimvorndhit.world, subscribers to operational or marketing communications where permitted, purchasers of Belvoro products, and anyone who submits enquiries through forms or email. It should be read together with our Cookie Policy, Terms of Service, and Refund Policy.

We publish this text in English for clarity across the European market. If a translated summary is provided elsewhere, the English version prevails for contractual interpretation unless mandatory local law requires otherwise.

2. Categories of personal data

Depending on how you interact with us, we may process the following categories, always limited to what is adequate, relevant, and necessary:

  • Identity and contact identifiers: full name, billing and delivery addresses, email address, telephone number, company name for B2B counterparties.
  • Account and transaction records: order history, SKU selections, payment status, refund notes, delivery confirmations, and communications about those transactions.
  • Financial routing data: payment tokens or references generated by PCI-DSS compliant processors; we do not store complete payment card numbers on our servers.
  • Technical and usage telemetry: IP address, device identifiers, browser type, operating system, referring URLs, approximate location derived from IP, timestamps, and on-page events when analytics cookies are enabled.
  • Content you supply: free-text messages, survey answers, attachments, and social handles if you choose to share them.
  • Compliance artefacts: records demonstrating consent, marketing suppression lists, fraud screening outcomes subject to law, and correspondence with regulators.

3. How we obtain data

Data originates directly from you when you place orders, subscribe, or write to us. We also receive technical data automatically through server logs and, where consented, analytics or marketing pixels. Occasionally logistics partners return delivery exception files that contain your name and address strictly for fulfilment reconciliation.

4. Purposes, legal bases, and balancing tests

4.1 Contract and pre-contract (Art. 6(1)(b) GDPR)

We process identity, contact, transaction, and payment routing data to conclude sales, arrange shipment, provide invoices, and answer product questions that precede a purchase.

4.2 Legal obligation (Art. 6(1)(c) GDPR)

Danish bookkeeping, VAT, consumer protection, and product traceability rules require us to retain certain order and accounting records, communicate mandatory product information, and cooperate with supervisory authorities or courts when lawfully compelled.

4.3 Legitimate interests (Art. 6(1)(f) GDPR)

We rely on legitimate interests for network and information security, abuse detection, merchandise planning analytics based on aggregated sales, documenting consent evidence, internal reporting, and limited business continuity testing. Where required, we balance these interests against your rights and offer opt-outs where the law expects them, particularly for direct marketing.

4.4 Consent (Art. 6(1)(a) GDPR)

Non-essential cookies, marketing email beyond soft opt-in where applicable, and certain optional research invitations are gated behind granular consent that you may withdraw at any time via the same channel or by emailing us.

4.5 Special categories

We do not aim to collect health data. If you voluntarily disclose health-related information in an email, we will use it solely to respond and will not profile you on that basis; we may suggest deleting unnecessary detail from future messages.

5. Recipients and subprocessors

Personal data is disclosed only to personnel with role-based access and to external processors bound by Article 28 agreements, including hosting providers, transactional email services, payment service providers, carriers, customs brokers, customer support tooling vendors, and analytics or advertising partners when you enable those cookies. A written register of primary processors is available upon request and updated as relationships change.

6. International transfers

Data is stored primarily within the European Economic Area. If a processor operates outside the EEA, we implement Standard Contractual Clauses, supplementary technical measures such as TLS 1.2 or higher, and transfer impact assessments where required by Schrems II guidance. Copies of relevant safeguards may be requested subject to confidentiality obligations.

7. Retention schedule overview

  • Marketing consents and preference centres: life of the consent plus twenty-four months for evidentiary logs.
  • Transactional records: up to seven years aligned with Danish accounting obligations unless a shorter period is mandatory for specific data points.
  • Support tickets and web forms: twenty-four months after closure unless linked to an active dispute.
  • Security logs: ninety days by default, extended on a legal hold where investigations require preservation.
  • Cookie identifiers: per durations listed in the Cookie Policy and refreshed upon renewed consent.

8. Security measures

We implement administrative, technical, and organisational measures including least-privilege access reviews, multi-factor authentication for administrative consoles where supported, encryption in transit, segregated production environments, vulnerability monitoring, and contractual security exhibits with vendors. No method of electronic storage is infallible; please use strong passwords and report suspected incidents immediately.

9. Data subject rights and supervisory authority

You may request access, rectification, erasure, restriction, objection to certain processing, and data portability where applicable. You may also lodge a complaint with Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark, or your local EU authority. To exercise rights, email chat@shimvorndhit.world with a description of the request; we may verify identity before disclosing information.

10. Automated decision-making

We do not make decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.

11. Updates to this Policy

We revise this Policy when processing operations, partners, or legal interpretations change. The effective date at the top reflects the latest substantive review. Continued use of the website after notice, where consent is not required, may constitute acknowledgement of reasonable changes; material changes affecting consent-based processing will be communicated through an additional channel such as email when we have your address.

12. Contact

For privacy questions, data protection requests, or processor due diligence questionnaires, write to chat@shimvorndhit.world or post to the Frederiksberg address above, marking the envelope “Data Protection.”

Return to homepage