Policy sections
Glixarexphim (“we”, “us”) publishes lifestyle pacing guidance through https://glixarexphim.world. This Privacy Policy describes—in depth—how personal data flows through that experience, why each processing activity exists, how long records stay, and how European Union data protection law protects you. Please read it together with our Cookie Policy because browser technologies overlap with some entries below.
1. Scope, commitment, and interpretive notes
This Policy applies to visitors of our public website, individuals who email us, and anyone who submits the contact form. It does not govern third-party websites that we hyperlink to, including analytics or font Content Delivery Networks, except where we explain our role as a joint or independent controller in supplemental notices.
We designed the document for layered reading. Executive summaries appear inside highlighted callouts; statutory detail follows in narrative form so legal teams and curious visitors alike can scan efficiently.
Whenever we refer to “processing”, we mean any operation performed on personal data, including collection, storage, alteration, retrieval, disclosure, erasure, or destruction as defined in Article 4(2) GDPR.
2. Data controller and representative contact
The controller responsible for decisions about your personal data is:
Glixarexphim
De Ruijterkade 24a
1012 AA Amsterdam
Netherlands
Phone: +31 20 235 7822
Email: touch@glixarexphim.world
Because we are established in the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) acts as our lead supervisory authority for cross-border processing where applicable. You may nonetheless contact any EU supervisory authority within your habitual residence.
How to format privacy requests
When exercising rights, include enough detail for us to verify your identity without excessive data collection. A government-issued identifier is rarely necessary; typically we confirm control of the email address used to contact us. Corporate clients may appoint an authorised signatory.
3. Categories of personal data
We process the following clusters depending on how you interact with us:
- Identity & professional context: full name, job title (if volunteered), organisation name, country of residence inferred from free-text, language preference.
- Contact data: email address, telephone numbers when provided, social handles only if you paste them into messages.
- Message payload: unstructured text describing scheduling issues, goals, or attachments if you email files directly rather than using the web form.
- Technical identifiers: IP address, browser user-agent string, device class (desktop/mobile), operating system hints, referring URL, approximate geolocation derived at city-level from IP for log security.
- Usage telemetry: pages viewed, scroll milestones, interaction heatmaps—only when optional analytics cookies are enabled.
- Consent artifacts: timestamps, version numbers of policies acknowledged, granular cookie selections persisted in
localStorage.
Special categories of data (Article 9 GDPR) are out of scope for our contact forms. If you voluntarily disclose such information, we will delete it unless a narrow legal exemption applies and we document the exception.
4. Purposes and Article 6 legal bases
| Purpose | Description | Legal basis |
|---|---|---|
| Answering enquiries | Providing information, scheduling introductory calls, sending follow-up materials you requested. | Art. 6(1)(b) pre-contractual measures Art. 6(1)(f) legitimate interest in professional correspondence |
| Website reliability | Delivering HTML, assets, HTTPS certificates, rate limiting, bot mitigation. | Art. 6(1)(f) legitimate interest in secure operations |
| Optional analytics | Understanding navigation paths in aggregate to refine information architecture. | Art. 6(1)(a) consent via cookie banner |
| Optional marketing | Future measured campaigns should consent frameworks already be in place. | Art. 6(1)(a) consent |
| Legal compliance | Tax, civil procedure, authority requests, bookkeeping of contractual partners. | Art. 6(1)(c) legal obligation |
| Dispute resolution | Preserving evidence if a contractual disagreement arises after commercial discussions. | Art. 6(1)(f) legitimate interest in legal protection |
Where consent is the basis, withdrawal is always available without affecting prior lawful processing. Legitimate-interest activities undergo periodic balancing tests documented internally.
5. How personal data is collected
Direct collection dominates: you type into our form or email us. Indirect collection occurs through server logs generated automatically when your browser requests resources. We may supplement business correspondence with publicly available professional data (for example verifying a company domain) strictly to prevent fraud, never for enrichment vendors’ resale.
Volunteered versus inferred data
Volunteered data includes everything you consciously submit. Inferred data might include coarse device categorisation derived from user-agent parsing. We avoid constructing behavioural profiles beyond what is necessary for security analytics.
Paid traffic and referrer parameters
If you open this website from an online advertisement, the link may include campaign or click identifiers (for example parameters commonly used by Google Ads). Our hosting logs may record those query strings together with technical data such as IP address and timestamp for security, troubleshooting, and—where you have consented to analytics or marketing cookies—limited measurement. Advertising platforms process interactions with the ad itself under their own privacy policies (e.g. Google: policies.google.com/privacy).
6. Recipients, processors, and confidentiality
Personal data is disclosed only on a need-to-know matrix. Typical recipients include:
- Infrastructure & edge security partners hosting static files, DNS, Distributed Denial-of-Service protection.
- Collaboration suites where messages land in shared inboxes with role-based access control.
- Email providers transmitting outbound replies under Transport Layer Security.
- Professional advisers bound by confidentiality (lawyers, accountants) during corporate events.
- Advertising and analytics vendors only when you have activated the matching optional cookie categories, and only for the purposes described in our Cookie Policy.
Each processor signs Article 28 GDPR terms specifying instructions, subprocessors, assistance with data subject rights, deletion expectations, and audit cooperation.
7. International transfers outside the EEA
Whenever a subprocessor stores data in the United Kingdom, United States, or other third countries, we implement measures from Chapter V GDPR: adequacy decisions, Standard Contractual Clauses (2021 versions), Transfer Impact Assessments, and supplementary technical measures like encryption at rest where offered.
We monitor regulatory developments such as the EU-U.S. Data Privacy Framework and adjust contracts to align with authoritative guidance from the European Data Protection Board.
8. Retention & deletion rhythm
- Operational correspondence: twenty-four months after last substantive message unless an active negotiation extends necessity.
- Contractual artifacts: seven years where Dutch commercial law mandates retention of invoices or similar records.
- Security logs: ninety days rolling; extended only for incident forensics with restricted access.
- Cookie consent receipts: up to twenty-four months to demonstrate accountability.
- Anonymised analytics: indefinite in aggregate form once identifiers are stripped beyond re-identification feasibility.
Routine deletion jobs run quarterly; manual purges occur earlier upon verified erasure requests that qualify under Article 17 GDPR.
9. Security measures & incident ethos
We implement defence-in-depth: encrypted transport (TLS 1.2+), hardened admin devices, unique passphrases stored in reputable secret managers, multi-factor authentication on collaborative tools, segregated environments for static site publishing, and logging of privileged account usage.
If a personal data breach likely risks your rights, we notify the Autoriteit Persoonsgegevens within seventy-two hours where feasible and communicate with affected individuals when Article 34 GDPR requires direct notice.
10. Exercising your GDPR rights
You may invoke:
- Right of access (Article 15) including confirmation of processing and copy of personal data.
- Right to rectification (Article 16) for inaccurate or incomplete records.
- Right to erasure (Article 17) when grounds such as withdrawal of consent or unlawfulness apply.
- Right to restriction (Article 18) while disputes resolve.
- Right to data portability (Article 20) for structured machine-readable data where processing is automated and based on contract or consent.
- Right to object (Article 21) including objection to direct marketing at any time.
- Right to withdraw consent (Article 7(3)) without retroactive invalidation.
Submit requests to touch@glixarexphim.world. We respond within one month, extendable by two further months where complex, notifying you of reasons. You may lodge a complaint with your supervisory authority without prejudice to administrative or judicial remedies.
11. Automated decision-making & profiling
We do not operate solely automated decision-making producing legal or similarly significant effects. Personalisation on the website is limited to remembering cookie preferences in your browser.
12. Children’s privacy
Our content targets adults managing professional schedules. We do not knowingly collect data from individuals under sixteen. Guardians may contact us to remove inadvertent submissions.
13. Policy evolution & version control
Material changes receive updated “Last updated” dates, banner notes where appropriate, and refreshed consent captures when legal bases shift. Archival PDF snapshots remain available upon authenticated request for corporate procurement records.
14. Regulatory contact & supervisory escalation
Primary technical contact: touch@glixarexphim.world. Postal duplicates should be sent to De Ruijterkade 24a, 1012 AA Amsterdam, Netherlands. For formal complaints, reference the Dutch DPA at autoriteitpersoonsgegevens.nl.