Ghomryonzolvorx

Privacy & data protection

Privacy Policy

This document explains what we collect, why we process it, how long we keep it, and what you can do about it. It is written for visitors, clients, and partners who interact with our website and email channels from the European Economic Area and beyond.

Last updated: 31 March 2026 · Version 2.1

This Privacy Policy explains how Ghomryonzolvorx (“we”, “us”, “our”) processes personal data when you visit https://ghomryonzolvorx.world (the “Site”), email us, or otherwise engage with our organization. We act as a controller for the processing described here unless we explicitly state that we process data solely as a processor on behalf of a client under a separate agreement.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG), together with applicable sector guidance from the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Summary. We collect only what we need to run the Site, reply to you, and—if you consent—to measure usage or campaigns. You can exercise GDPR rights by emailing us. We do not sell personal data in the sense of disclosing it for monetary consideration to unknown buyers.

1. Data controller and scope

The controller responsible for the processing activities in this Policy is:

Ghomryonzolvorx
NDSM-Straat 7
1033 SN Amsterdam
Netherlands

Email: touch@ghomryonzolvorx.world
Phone: +31 20 765 7555

We have not appointed a mandatory Data Protection Officer under Article 37 GDPR. Privacy requests may be sent to the email address above with the subject line “Privacy request”. We respond within one month unless the request is complex, in which case we may extend by up to two further months and explain why.

This Policy applies to visitors of the public Site, individuals who submit forms, and business contacts who correspond with us. It does not govern processing that is exclusively described in a signed contract; in case of conflict, the contract prevails for that processing.

2. Categories of personal data

Depending on your interaction, we may process:

  • Identity and contact data: full name, job title, organization, email, telephone, postal address when provided.
  • Communication data: message body, attachments metadata (file names, sizes), and thread history.
  • Technical data: IP address, user agent, device type, browser language, referrer, approximate region derived from IP.
  • Usage data: pages viewed, scroll depth where measured with consent, interaction events with consent.
  • Cookie data: identifiers and preference flags as described in our Cookie Policy.
  • Consent records: timestamp, version of banner text, and categories accepted or rejected.

We do not ask you to provide special categories of data (such as health data) through the public Site. If you voluntarily include such information in a message, we will treat it with additional care and delete it when retention allows unless a legal exception applies.

3. Sources of personal data

We obtain personal data from:

  • You directly, when you type into forms, send email, or call us.
  • Automated technologies, such as server logs and, where permitted, analytics or marketing scripts.
  • Third parties, only in limited cases—for example a referrer URL from a partner site, or publicly available business contact details for outreach where permitted by law.

4. Purposes and legal bases

We rely on Article 6 GDPR as follows:

Purpose Legal basis
Operate and secure the Site; deliver pages; prevent abuse Legitimate interests (Article 6(1)(f)); in some cases contract (6(1)(b))
Respond to inquiries and manage pre-contractual discussions Steps prior to contract and, where applicable, contract (6(1)(b))
Comply with tax, accounting, or court obligations Legal obligation (6(1)(c))
Analytics cookies and aggregated reporting Consent (6(1)(a)) where required
Marketing cookies and campaign measurement Consent (6(1)(a))
Establish, exercise, or defend legal claims Legitimate interests (6(1)(f))

Where we rely on legitimate interests, we balance our interests against your rights. You may object to processing based on legitimate interests as described in Section 9.

5. Retention periods

We retain data only as long as necessary for the purposes above, unless a longer period is required by law.

Data category Typical retention
Contact form and general email threads Up to 24 months after last substantive message
Server and application logs 30–90 days unless extended for security review
Consent records Up to 5 years from withdrawal or update
Accounting and invoicing As required by Dutch law (often 7 years)

After retention ends, we delete or irreversibly anonymize data where feasible. Backups may persist for a short technical window before rotation.

6. Recipients and categories of recipients

We may disclose personal data to:

  • Infrastructure providers that host the Site or provide email transport, typically under Article 28 GDPR data processing agreements.
  • Analytics or advertising partners only when you have activated the corresponding cookie categories.
  • Professional advisers (lawyers, accountants) under confidentiality terms.
  • Public authorities when required by lawful order.

We maintain an internal list of sub-processors with service categories and locations. You may request a summary by email; commercial sensitivity may limit the level of detail we can share.

7. International transfers

Where personal data is transferred outside the EEA, we implement appropriate safeguards such as Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and, where required, supplementary measures including encryption and access minimization. Transfers to the United States rely on the EU-US Data Privacy Framework only where the recipient is certified and the transfer meets applicable conditions.

You may request copies of relevant transfer mechanisms where we are not prevented by confidentiality obligations toward our providers.

8. Security measures

We apply technical and organizational measures including TLS for data in transit, role-based access controls, unique credentials for staff, periodic review of access logs, patching timelines for critical vulnerabilities, and secure disposal of hardware when applicable.

No system is perfectly secure. You should protect your own devices and avoid transmitting highly sensitive information through unsecured channels.

Phishing awareness. We will never ask for passwords to your email account or banking details through unsolicited messages claiming to be from this Site. If unsure, contact us using the published phone number.

9. Your rights

Subject to conditions in the GDPR, you may have the right to access, rectify, erase, restrict processing, data portability, and to object. Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.

To exercise rights, email touch@ghomryonzolvorx.world. We may ask you to verify your identity. You may lodge a complaint with the Autoriteit Persoonsgegevens or another EU supervisory authority.

10. Automated decision-making

We do not make decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.

11. Children

The Site is not directed at children under 16. We do not knowingly collect their data. If you believe we have received such data, contact us and we will delete it promptly where appropriate.

12. Marketing communications

We do not send promotional email unless you have opted in or there is another lawful basis. Every marketing email includes a way to withdraw consent or object. Operational messages about security or legal changes may be sent without marketing opt-in where permitted.

13. Complaints

If you disagree with how we handle your data, contact us first. You may also file a complaint with the Dutch DPA: https://www.autoriteitpersoonsgegevens.nl/.

14. Personal data breaches

If we become aware of a personal data breach likely to result in risk to your rights, we will notify the supervisory authority without undue delay where required, and communicate to affected individuals when required by Article 34 GDPR.

15. Records of processing

We maintain internal records of processing activities as required by Article 30 GDPR, including purposes, categories, recipients, and retention. These records are not published in full but support accountability upon request from regulators.

16. Changes to this Policy

We may update this Policy to reflect legal, technical, or business changes. Material updates will be indicated by revising the date and version above. Where required, we will seek renewed consent.

17. Online advertising, Google Ads, and similar technologies (EEA / Netherlands)

We may promote the Site using online advertising platforms, including Google Ads operated by Google Ireland Limited (EU establishment) and, where applicable, Google LLC (United States) under appropriate transfer safeguards. When you consent to marketing cookies through our cookie banner, we or our partners may load tags or pixels that:

  • Measure whether an ad click led to a visit or conversion on this Site (conversion tracking).
  • Build audience lists for remarketing or similar ads on Google services and partner sites, where permitted.
  • Attribute visits to campaigns and limit how often you see the same advertisement.

Such processing is based on your consent (Article 6(1)(a) GDPR) where consent is required under ePrivacy rules for storing or accessing information on your device. If you do not enable marketing cookies, we do not use these advertising technologies on the Site in that manner.

Google’s processing of personal data in connection with Google Ads is described in Google’s Privacy Policy at https://policies.google.com/privacy. You can manage or withdraw consent for cookies on this Site at any time via our Cookie Policy and cookie settings.

You can also control personalised advertising from Google in your Google account: https://adssettings.google.com. Industry tools such as the European Interactive Digital Advertising Alliance (EDAA) provide further choices for interest-based ads in Europe: https://www.youronlinechoices.eu/.

We do not use Google Ads or similar tools to promote health-related claims that would violate Google Ads policies. Our public content is general lifestyle and organisational information only, consistent with our Disclaimer and Advertising disclosure.

18. Contact

For privacy questions: touch@ghomryonzolvorx.world
Postal: NDSM-Straat 7, 1033 SN Amsterdam, Netherlands