Privacy Policy | Thythronshran – Data Protection & Your Rights

Last updated: March 13, 2025

1. Controller and contact details

The controller responsible for the processing of your personal data in connection with this website is:

Thythronshran
7107 Industrial Rd, Florence, KY 41042, United States
Email: service@thythronshran.world
Phone: +18007487001

If you have questions about this Privacy Policy or the processing of your data, you may contact us at the above address or email.

2. Scope and purpose of this policy

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website https://thythronshran.world (the "Website") and related services. It also explains your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) where it applies, and U.S. federal and state privacy laws.

We process personal data in accordance with applicable law and only to the extent necessary for the purposes set out in this policy. We do not sell your personal data to third parties for marketing purposes.

3. Legal basis for processing (GDPR)

Where the GDPR applies, we process personal data on the following bases:

Contract (Art. 6(1)(b) GDPR): Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g. order processing, customer support).
Legal obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with a legal obligation (e.g. tax, accounting, responding to lawful requests by authorities).
Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests (e.g. website security, fraud prevention, analytics to improve our services), where not overridden by your interests or fundamental rights.
Consent (Art. 6(1)(a) GDPR): Where we have obtained your clear consent for specific processing (e.g. optional cookies, marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Types of data we collect and purposes

4.1 Data you provide to us

Name, email address, telephone number (optional), and message content when you submit the contact or order form.
Purpose: To process your orders, respond to your enquiries, and communicate with you about your orders or requests.
Retention: We retain this data for as long as necessary to fulfil the purpose (e.g. order fulfilment, customer support) and thereafter for the period required by law (e.g. tax and commercial law retention periods, typically up to 7 years where applicable). After that, data is deleted or anonymised.

4.2 Automatically collected data (technical and usage data)

IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar technical and usage information.
Purpose: To operate and secure the website, prevent abuse, analyse usage to improve our services (where based on consent or legitimate interest), and comply with legal obligations.
Retention: Server logs are typically retained for a limited period (e.g. 30 to 90 days) unless a longer period is required for security or legal reasons. Analytics data may be retained in aggregated or anonymised form.

4.3 Cookie data

We use cookies and similar technologies as described in our Cookie Policy. Strictly necessary cookies do not require consent. For analytics and marketing cookies we rely on your consent where required by law.

5. Recipients and international transfers

We may share your data with:

Service providers who process data on our behalf (e.g. hosting, email delivery, payment processing, shipping) under strict contractual obligations to protect your data and use it only as instructed.
Public authorities when required by law or to protect our rights.

Our business is located in the United States. If you are in the European Economic Area (EEA), UK or another jurisdiction with restricted international transfers, your data may be transferred to and processed in the U.S. or other countries. We ensure appropriate safeguards where required, such as standard contractual clauses approved by the European Commission or equivalent mechanisms, and we will provide further details upon request.

6. Your rights

Depending on your location, you may have the following rights:

Access (GDPR Art. 15): Request a copy of the personal data we hold about you.
Rectification (GDPR Art. 16): Request correction of inaccurate or incomplete data.
Erasure (GDPR Art. 17): Request deletion of your data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent).
Restriction (GDPR Art. 18): Request that we restrict processing in certain situations.
Data portability (GDPR Art. 20): Request a copy of your data in a structured, commonly used format where the processing is based on consent or contract and carried out by automated means.
Objection (GDPR Art. 21): Object to processing based on legitimate interests, including profiling. You may also object to processing for direct marketing at any time.
Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence or place of work.

To exercise any of these rights, contact us at the email or address above. We will respond within the time limit set by applicable law (e.g. one month under the GDPR, subject to extensions where permitted). We may need to verify your identity before processing your request.

In the United States, you may also have rights under state laws (e.g. California, Virginia, Colorado). We will honour those rights where applicable.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

Use of HTTPS (TLS/SSL) for all pages to encrypt data in transit.
Secure hosting and access controls to our systems and databases.
Limiting access to personal data to authorised personnel who need it for the purposes described in this policy.
Regular review of our security practices and, where appropriate, use of encryption, firewalls and monitoring.

No method of transmission or storage is completely secure. We cannot guarantee absolute security but we are committed to protecting your data in line with industry standards and legal requirements.

8. Children

Our website and services are not directed at individuals under the age of 16 (or higher where required by local law). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent or provide additional notice for material changes.

10. Additional information for specific regions

European Economic Area and UK: Our processing is described in this policy. Where we act as controller, we process data in accordance with the GDPR and UK GDPR. You may contact us or your local supervisory authority to exercise your rights.

United States: We comply with applicable federal and state privacy laws. If you are a California resident, you may have additional rights under the CCPA/CPRA (e.g. right to know, delete, correct, opt out of sale/sharing, limit use of sensitive data, non-discrimination). We do not sell personal information as defined under the CCPA. To exercise California rights, contact us at the details above.