Privacy Policy

Data Controller

Pravdomil Toman
Eskildsgade 33, 4. th., 1657 København V
info@pravdomil.com
CVR 45588521

What we collect, why, how long we keep it, and whether it’s required

1) Website operation & security (server logs)

What: IP address, user-agent, timestamp, requested URL, referrer, error details.
Why (legal basis): Legitimate interests in running a secure, reliable service (GDPR Art. 6(1)(f)).
Retention: 30–180 days, longer only if needed for security/investigation.
Required? Automatic/necessary for delivering the website. You can avoid this only by not visiting the site.

2) Orders, invoicing & delivery (e-shop)

What: Name, email, phone, billing address (and shipping address if physical goods), order details, invoice ID, payment reference/transaction ID, VAT no. (if applicable).
Why (legal basis): Contract performance (Art. 6(1)(b)) and legal obligations (accounting/tax) (Art. 6(1)(c)).
Retention: 5 years from the end of the financial year (Danish bookkeeping rules).
Required? Yes—necessary to enter into and fulfil the contract and to meet bookkeeping/tax duties. Without this, we can’t process your order or issue an invoice.

3) Customer support & communications

What: Name, email, message content, related metadata.
Why (legal basis): Legitimate interests in providing support (Art. 6(1)(f)) and/or contract (Art. 6(1)(b)) when related to a purchase.
Retention: Up to 3 years after your last interaction (longer if needed to establish/exercise/defend legal claims).
Required? Only if you contact us. If you don’t provide contact details, we may be unable to respond.

What: Email address, optional name, subscription status, consent record (time, source).
Why (legal basis): Consent (Art. 6(1)(a)).
Retention: Until you unsubscribe/withdraw consent; minimal consent records may be kept for a reasonable period to demonstrate compliance.
Required? No. Without it, you simply won’t receive newsletters.

5) Analytics

What: Page views/events, device info, truncated IP, cookie/ID (if enabled).
Why (legal basis): Consent (Art. 6(1)(a)). For strictly essential, aggregated metrics, we may rely on legitimate interests (Art. 6(1)(f)).
Retention: Kept no longer than necessary per provider settings; anonymised/aggregated statistics may be kept longer.
Required? No. Refusing consent does not affect core site functionality.

Cookies

We only use strictly necessary cookies to make the site work; these do not require consent.

We share data only as needed with:

Hosting & infrastructure (website/email hosting; security and error logging)
Payment processing (e.g., payment service providers; we receive payment references, not full card data)
Email/newsletter service (for subscriber management and delivery)
Accounting & compliance (bookkeeping/tax)
Shipping providers (for physical deliveries)
Public authorities may receive data where required by law.

International transfers

If data are transferred outside the EU/EEA, we rely on EU adequacy decisions or Standard Contractual Clauses (SCCs) with appropriate safeguards.

Security

We apply reasonable technical and organisational measures to protect your data, including access controls, encryption in transit, and limited retention.

Your rights

You have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests), and data portability (where applicable).

If processing is based on consent, you may withdraw consent at any time without affecting lawfulness before withdrawal.

To exercise your rights, contact us. We may need to verify your identity.

Complaints

You can lodge a complaint with:
Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35, 2500 Valby, Denmark
+45 33 19 32 00 dt@datatilsynet.dk

Automated decision-making

We do not use automated decision-making, including profiling, that produces legal or similarly significant effects. If this changes, we’ll update this notice.

Page last updated: 12 August 2025