1. Who is responsible, and which language to read first
The controller, in the sense of the law, is the business that decides why and how data is used. For this website and the mailboxes behind it, that is Zarvaxenshik, at the address and lines above. A controller can use other companies as “processors” to host a server, to send a newsletter if we add one, or to take a card payment, and those people only act on our instructions, except where a law must command them in a very narrow case, such as a serious crime investigation, which is outside our everyday work.
If a future version of the business uses a new legal form, a merger, or a change of address, the bottom of this file will carry a more formal notice, and, when the law in your case requires it, a short email or letter to the people whose relationship is most affected.
2. What we can receive from you, from a payment firm, and from a machine log
When you write through the form, the fields you fill are a name, a message, an email, and a clear consent. When you use your own client for mail, the headers and any attachment names also arrive. A phone call can add a number that a phone system may store for a time, and we can write a short file from the conversation, but only the parts that you agree are needed to move the work forward, such as a room size and a work schedule, not a full personal history.
We do not run a public comment wall or a private social feed on the site, so we do not collect “likes” or friend graphs. If a comment feature appears one day, it will be described in a new paragraph and in the cookie and consent text if there is a new storage use.
On the side of a machine, a host, a content delivery line, a backup partner, a security scanner, and a possible analytics or marketing product (only when you have turned them on) can all create records that are partly about the network path and the time, not the words you type. Those records are often tied to a short-lived address or a random key, and we ask partners to make their retention and access tight, in writing, in the part of the world where they are based, or through standard contractual language when they are not in the EEA, as discussed later.
3. The legal “why,” without treating you like a case number
We rely on a mix of: the contract when you are in a service with us, the need to look at a message before a contract, the law when we have to file an invoice, the need to find an honest balance of interests to keep the site and the public safe, and, only where a clear, separate, opt-in is required in your case, a consent that you can pull back, except where a tax row must stay even after you have changed your mind about marketing.
“Legitimate interest” in our context means, for example, a short, careful email that answers a line you have already used, a record that a payment reached us, a security event that a partner flags, and a test that a page is not under an attack wave. It does not mean a silent sale of a list, or a hidden score that judges your private life, which we do not build.
We do not try to be your doctor, and if you add highly sensitive or medical-sounding information to a form, we will use the lightest form of use that is still polite: we may only read to suggest that a regulated professional in your own country is the better place, and we may delete a copy in our own mailbox, subject to a legal need to keep a line that says “we said no, here is why,” when that is required.
4. Who can see a fact, and the shape of a processor agreement
Small teams mean that a small number of people can read a work email and a work folder. A processor, such as a host, a payment brand, a backup, or a future accounting cloud, is under a written contract: purpose limit, a duty to help with your rights, a duty to tell us if they think an instruction is outside the law, a duty to return or remove data at the end, and, when the law in your case says so, a data processing agreement. We are not a hospital or a public authority, so we are not a place where large open registers are a normal part of the day, except for the legal books that a tax law may force any firm to show an inspector.
The name on the card and the amount are in the system of a certified provider, not on our public server. A failed payment may still make a line in a log, which we can use to help you, not to build a new product.
If a host moves a part of a service to a new subprocessor, the contract in the real world should say so, and, when you have a right to a list of categories of recipients, you can place that in a subject access file when you are asking for a full file for yourself.
5. How long, and a short table in words instead of a secret code
A first contact is useful for a while, and then, if the thread stops, a period of a couple of years from the last useful exchange is a fair rule for a small firm that may need a record that a person did ask for a thing and that a reply was in good faith, unless a longer time is a direct rule for a type of file in your case. A paid service file can hold design notes, a floor sketch in words, a list of lighting ideas, and a line about a date you have chosen, and, after the work ends, the file can be reduced to a contract history and a tax line for the length that a money law in Denmark or a court case still needs. Server logs, when they are not part of a live incident, are usually shorter in our requests to partners, but the exact time can still be a few weeks if a security look needs it.
6. A transfer outside the EEA, and the list of real-world tools for it
We prefer European hosting for European readers. A global mail or payment tool may use the United States or other states. The mechanisms can include: standard contractual clauses, the UK’s international data transfer addendum, the EU and US data privacy framework, when it applies to a certified firm, a derogation for a one-off, necessary contract, in the narrow case the law still allows, and, for a public interest or a life-and-death line, a clear rule that is not at play in a normal day at a room-design studio. We are ready to add a more concrete list in the mailbox when you are not a bot and you are not fishing for a whole secret file about every vendor in the world for a hobby, but a serious review after a data protection impact thought.
7. Rights, tone, and a fair way to use them without delay games
Access, rectification, erasure, restriction, portability, objection, and, when only machines make a very serious, legal decision about you, a human in the loop, are the usual names. You are not a machine, and a short email in your own language is a fine way to start, as long as you help us to know it is you, and not a stranger, with a line that a bank could also use for a name check, not a wild scan of a whole house. A month to answer, or up to three for a complex case, with a line about why, is a fair outer guide. If you are not happy, a complaint to the Datatilsynet in Denmark is one path, and, for some of you, a path at home, when the place-of-business rules in the GDPR and in local law work that way, can be a second, not a race for the heaviest fine for a tiny firm that was trying in good faith.
“Port” does not need to be a new art project; a structured file, when it exists, is enough, and, when a tool does not have a one-click export, a careful copy in a form you can use is a fair answer for a one-person or few-person business that does not have a data warehouse. “Erasure” can still meet a “no, we must keep a tax line, but we can remove the long story, at least in our own row,” in the way a court in your case would also treat as a real erasure in spirit.
8. Children, and the border where we have to look away and signpost
Our work is for adults who plan a room, not for a system that is aimed at a child. If a message seems to be from a person who is not able to make a data choice, we can answer the adult who can show a link to the case, in line with a family rule in your case, and we can reduce the part of a story that is not needed for a simple, practical answer, such as a safe angle for a desk lamp, not a life story, unless you say that is still important for your context and you have the right to say so.
9. A practical set of security steps, and a simple breach line
We use a modern transport layer, we ask people who work to use a long password, we keep live systems behind a need-to-know, we review who still needs access when a work relationship ends, and we follow the guide of a host when a patch is required. If a real risk to your rights and your freedom is present after a break, a note to a lead data authority and, when a law in your case says a direct line to the person, a clear note to the person, are not a marketing trick; they are a duty, and, when we are also a victim, we are still a responsible voice for you, not a wall.
On your own side, a lost phone with an old form message is not something we can pull back from a distance, so a lock, a two-step layer on mail, and a short habit of not leaving a work note on a public desk are still a good pair to our work here.
10. Change in the work, a path for a good-faith request, and the same email as a line for both privacy and life
When a part of the real service changes, this page, the cookie text, the terms, the return and cancellation paper, and a short, honest note on a news line if we add it, are the set that should move in the same week, or as soon as a serious legal review is done, and not a year of silence, unless a part is only a very small, honest grammar fix, which can still be written in a small log, not a fake “big release” to hide a big use that was already wrong.
For a privacy question that is not a new client brief, a subject in the form of Privacy request or Data rights in your first line, at ask@zarvaxenshik.world, and a very short set of what you need, is the kindest for a very small in-box. A letter to the same address, with a return line on the outside, is still a path that a law in your case may also treat as a real file for a time limit, but an email, when a server works, is fast for a good-faith, human, careful reply.
Map of the legal suite. This policy works together with the cookie policy (what your browser can store), the terms of use (how the public site is offered), the return and refund policy (paid services and goods), and the contact page for everyday questions. If a sentence in two documents points in a different direction, the more specific, dated, or signed text usually wins, and, where the law in your case requires a stricter standard for a consumer, that standard still limits how far a general sentence can go.