Privacy Policy

Effective date: February 20, 2025

Last updated: February 20, 2025

1. Introduction and data controller

Extraordinaryser (“we,” “us,” or “our”) operates the website https://extraordinaryser.world (the “Site”). We are the data controller responsible for your personal data under applicable data protection laws, including the General Data Protection Regulation (GDPR) (EU 2016/679), the California Consumer Privacy Act (CCPA), and other United States state privacy laws.

Contact details:

• Company: Extraordinaryser
• Address: 1041 Elkton Dr, Colorado Springs, CO 80907, United States
• Email: office@extraordinaryser.world
• Phone: +18002880397

2. Definitions

In this Privacy Policy, the following terms have the meanings set out below:

• Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
• Data subject means the identified or identifiable natural person to whom personal data relates.
• Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
• Consent means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

3. Scope and applicability

This Privacy Policy applies to all personal data collected through our Site, including when you browse our pages, place orders, complete contact or order forms, subscribe to communications, interact with our content, or otherwise engage with our services. It applies to visitors, customers, prospective customers, and any individual who communicates with us. This policy does not apply to information collected by third-party websites you access through links on our Site, or to information collected offline. By accessing or using our Site, you acknowledge that you have read, understood, and agree to the practices described in this policy.

4. Personal data we collect

4.1 Data you provide directly

• Identity data: Full name, title
• Contact data: Email address, telephone number, postal address
• Transaction data: Order details, billing and shipping information, payment details
• Communication data: Messages you send via contact forms, email, or other channels
• Consent records: Records of your consent for marketing, cookies, or data processing
• Account data: If you create an account, we may collect username, password (stored in encrypted form), and account preferences

4.2 Data collected automatically

• Technical data: IP address, browser type and version, time zone, operating system, device identifiers
• Usage data: Pages visited, time spent on pages, navigation paths, referral source
• Cookie data: Information stored in cookies and similar technologies (see our Cookie Policy)

4.3 Data from third-party sources

We may receive personal data about you from third-party sources, including payment processors who confirm transaction status, shipping carriers who provide delivery status, analytics providers, and public registers or publicly available sources where permitted by law.

5. Legal basis for processing (GDPR and UK GDPR)

Where the GDPR applies, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to perform our contract with you (e.g., fulfilling orders, delivering products)
• Legitimate interests: Processing necessary for our legitimate interests (e.g., improving our services, fraud prevention, site security), where such interests are not overridden by your rights
• Consent: Processing based on your consent (e.g., marketing communications, non-essential cookies). You may withdraw consent at any time
• Legal obligation: Processing necessary to comply with applicable laws (e.g., tax, accounting, consumer protection)
• Vital interests: Processing necessary to protect your vital interests or those of another natural person (e.g., in emergency situations)

6. Purposes of processing

We use your personal data for the following purposes:

• To process and fulfill orders, including payment processing and delivery
• To communicate with you regarding orders, inquiries, and support requests
• To send administrative communications (e.g., order confirmations, policy updates)
• To improve our Site, products, and services
• To analyze usage patterns and trends
• To prevent fraud and ensure the security of our Site
• To comply with legal obligations and enforce our agreements
• To send marketing communications (only where you have consented or where permitted by law)
• To establish, exercise, or defend legal claims

7. Data retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods include:

• Account and order data: Retained for the duration of our business relationship plus 7 years for legal, tax, and accounting purposes
• Marketing data: Retained until you withdraw consent or object, or for up to 3 years from last engagement
• Contact form submissions: Retained for up to 2 years unless a longer period is required for legal or operational purposes
• Technical and log data: Retained for up to 12 months
• Cookie data: As specified in our Cookie Policy
• Data relating to legal claims: Retained until the relevant limitation period has expired plus a reasonable period for litigation

When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use, and applicable legal requirements. At the end of the retention period, we securely delete or anonymise your data.

8. Data sharing and disclosure

We may share your personal data with:

• Service providers: Third parties who perform services on our behalf (e.g., payment processors, shipping carriers, hosting providers, analytics providers). We ensure they process data only in accordance with our instructions and applicable law
• Legal authorities: When required by law, court order, or government request, or to protect our rights, property, or safety
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change

We do not sell your personal data to third parties. We do not share your personal data for cross-context behavioural advertising or for monetary consideration as defined under the CCPA.

9. International data transfers

Your data may be processed in the United States or other countries where our service providers operate. If you are in the EEA, UK, Switzerland, or another jurisdiction with data transfer restrictions, we ensure appropriate safeguards including transfers to adequate countries, Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Agreement. You may obtain a copy of the safeguards by contacting us.

10. Your rights (GDPR, UK GDPR, and similar laws)

Depending on your location, you may have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your data in certain circumstances
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent
• Right to lodge a complaint: File a complaint with a supervisory authority. In the UK, contact the Information Commissioner's Office (ICO) at ico.org.uk

To exercise these rights, contact us using the details in Section 1. We will respond within thirty (30) days and may verify your identity before processing your request. You may also manage cookie preferences via our Cookie Policy.

11. California privacy rights (CCPA and CPRA)

If you are a California resident, you have additional rights under the CCPA and CPRA:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights
• Right to limit use of sensitive personal information

To submit a request, contact us as provided in Section 1. We will verify your identity (which may require additional information) and respond within forty-five (45) days. You may designate an authorised agent to submit requests; we may require proof of the agent's authorization.

12. Other United States state privacy rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have additional rights, including rights to access, correct, delete, port, and opt out of certain processing. We do not sell personal data. To exercise your rights, contact us using the details in Section 1.

13. Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Use of HTTPS and encryption for data in transit
• Secure storage and access controls for data at rest
• Regular security assessments and updates
• Employee training on data protection
• Limited access to personal data on a need-to-know basis
• Incident response procedures for detecting, reporting, and responding to data breaches

Despite our efforts, no method of transmission over the Internet is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any account credentials.

14. Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within seventy-two (72) hours. Where the breach is likely to result in a high risk to you, we will also notify you without undue delay.

15. Children’s privacy

Our Site is not intended for individuals under the age of sixteen (16). We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us. We will take steps to delete such information.

16. Third-party links

Our Site may contain links to third-party websites, including social media platforms. We are not responsible for the privacy practices, content, or security of such sites. We encourage you to read the privacy policies of any third-party sites you visit.

17. Do Not Track and similar signals

Some browsers offer a "Do Not Track" (DNT) or similar signal. Our Site does not currently respond to DNT signals. We adhere to the practices described in this policy regardless of any DNT signal.

18. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Site after such changes constitutes acceptance of the updated policy.

19. Contact us

For questions about this Privacy Policy or to exercise your rights, contact us:

• Extraordinaryser
• 1041 Elkton Dr, Colorado Springs, CO 80907, United States
• office@extraordinaryser.world
• +18002880397

EEA and UK residents may also contact their local data protection supervisory authority with complaints. A list of EEA supervisory authorities is available at edpb.europa.eu.