Chimvlexklixvork

Privacy Policy

Last updated: 23 March 2025. This policy explains how Chimvlexklixvork collects and uses personal data when you visit chimvlexklixvork.world or purchase VitaVascor.

1. Data controller

The data controller responsible for processing personal data relating to this website and related customer care is:

Chimvlexklixvork
Kings Court, King St N, Smithfield, Dublin 7, Ireland
Email: notifyuse@chimvlexklixvork.world
Phone: +353 1 874 7440

References to “we”, “us”, or “our” mean Chimvlexklixvork in its capacity as controller. We sell VitaVascor and related services primarily to consumers in the European Union and European Economic Area, including Finland. This policy aligns with Regulation (EU) 2016/679 (GDPR) and applicable Irish and EU electronic communications rules.

2. Scope and relationship to other documents

This Privacy Policy applies to personal data processed through the website, email, telephone, and any checkout or account flows we operate. It should be read together with our Cookie Policy, Terms of Service, and Return Policy. Where a contract term explicitly addresses processing, the contract applies to the extent of any conflict with general marketing descriptions.

3. Categories of personal data

Depending on how you interact with us, we may process:

  • Identity and contact data: full name, delivery address, billing address, country (for example Finland when you select it at checkout), email address, telephone number if you provide it, and similar identifiers.
  • Order and transaction data: products ordered, price paid, currency (EUR), payment status, shipment references, returns, and customer service tickets.
  • Technical and usage data: IP address, browser type, device identifiers where available, approximate region derived from network information, pages viewed, referring addresses, and timestamps.
  • Communication content: messages you send through forms, email, or chat, including attachments you choose to provide.
  • Preference data: marketing choices, cookie consent records, and subscription settings.
  • Fraud and security signals: risk indicators from payment partners or internal checks used to protect accounts and transactions.

We do not ask you to send special categories of data (such as health information). If you voluntarily include health-related details in a message, we will treat that content carefully and only use it to respond to your request unless a separate legal basis applies.

4. Sources of personal data

We obtain personal data directly from you when you place orders, subscribe to updates, contact us, or browse with cookies enabled. We may also receive limited data from payment service providers, carriers, and analytics partners strictly to perform contracts or improve site reliability.

5. Purposes and legal bases

5.1 Contract performance (Article 6(1)(b) GDPR)

We process identity, contact, payment, and order data to accept your order, take payment where applicable, ship VitaVascor, provide invoices or receipts where required, and manage returns or warranty-style queries described in our Return Policy.

5.2 Legitimate interests (Article 6(1)(f) GDPR)

We rely on legitimate interests to keep our website secure, prevent fraud, analyze aggregated usage to improve navigation, maintain internal business records, train staff on genuine customer examples with identifiers removed where feasible, and assert or defend legal claims. Where required, we balance these interests against your rights; you may object to certain types of processing as described in Section 10.

5.3 Legal obligations (Article 6(1)(c) GDPR)

We process data to comply with tax, accounting, consumer protection, and product safety obligations, including responding to lawful requests from regulators and law enforcement when properly grounded.

5.4 Consent (Article 6(1)(a) GDPR)

Where we send optional marketing messages or activate non-essential cookies, we ask for your consent. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. Cookie choices can be managed through the cookie banner and your browser settings.

6. Automated decision-making and profiling

We do not use automated decision-making that produces legal or similarly significant effects solely by automated means. Basic fraud screening may generate risk scores, but orders are reviewed by humans when flags appear.

7. Marketing communications

If you opt in, we may send product updates or educational content about food supplements and lifestyle topics. You can unsubscribe using the link in each email or by contacting us. We do not sell your personal data to third-party advertisers in exchange for money.

8. Sharing and recipients

We share personal data only when needed:

  • Service providers that host the website, transmit email, process payments, provide analytics with privacy settings aligned to your consent, or deliver parcels.
  • Professional advisers such as lawyers or accountants bound by confidentiality.
  • Authorities when disclosure is required by law or to protect vital interests.

Providers may process data outside the European Economic Area only with appropriate safeguards such as Standard Contractual Clauses and supplementary measures where required by case law.

9. International transfers

Our primary operations are in Ireland and the wider EU. If a sub-processor stores data in countries not covered by an adequacy decision, we implement GDPR-compliant transfer tools and assess residual risks.

10. Your rights

Subject to conditions in the GDPR, you may have the right to access, rectify, erase, restrict processing, object, and data portability. You may withdraw consent at any time. You may lodge a complaint with the Irish Data Protection Commission (DPC) or, if you reside in Finland, with the Office of the Data Protection Ombudsman (Finland), especially where local law allows a choice of supervisory authority for cross-border processing affecting you.

To exercise rights, email notifyuse@chimvlexklixvork.world with enough detail to identify your request. We may need to verify your identity before disclosing information. We respond within one month, extendable where permitted with notice.

11. Retention

We keep order and accounting records for at least seven years where tax law requires. Marketing consents and suppression lists are kept until you withdraw consent or object, after which we store minimal identifiers to honour your choice. Security logs may rotate after a limited period consistent with incident investigation needs. Cookie-related records follow the Cookie Policy timelines.

12. Security measures

We implement appropriate technical and organisational measures, including access controls, encryption in transit for supported connections, patching, backups, and staff training. No method of transmission over the Internet is completely secure; we encourage strong passwords and device protections on your side.

13. Children

Our services are directed to adults who can enter contracts. We do not knowingly collect data from children under 16 without parental authority. If you believe we have collected a child’s data, contact us for deletion.

14. Changes to this policy

We update this Privacy Policy when our practices or legal requirements change. Material changes will be highlighted on the website or communicated where appropriate. Continued use after updates constitutes acknowledgement where permitted by law.

15. Data processors and categories of recipients

We engage processors under Article 28 GDPR for hosting, transactional email, payment acquiring, fraud screening, customer ticketing, analytics (when consented), and parcel delivery. Each relationship is governed by written instructions, confidentiality duties, security expectations, assistance with data subject requests, deletion or return at the end of services, and audit cooperation. We maintain an internal register of processing activities available to supervisory authorities upon request.

16. Data protection impact assessments

Where processing is likely to result in a high risk to rights and freedoms, we assess necessity, proportionality, and mitigation measures. If residual risk remains high, we consult the competent supervisory authority before processing, as Article 35 GDPR may require.

17. Personal data breaches

We maintain incident-response procedures, including containment, evidence preservation, notification to the DPC within seventy-two hours where feasible when likely to affect individuals, and direct communication to affected data subjects when the breach is likely to result in a high risk to their rights unless exceptions apply.

18. Finland-specific notes

Customers in Finland receive the same GDPR rights described above. Marketing addressed to Finnish consumers complies with national implementation of the Privacy and Electronic Communications framework. If Finnish law imposes stricter standards for certain communications, we apply those standards where they protect consumers more effectively.

19. Automated processing logs

Server logs may capture IP addresses, user agents, and timestamps. We minimise retention, use logs for security and troubleshooting, and restrict access to authorised personnel.

20. Contact

For privacy questions, contact notifyuse@chimvlexklixvork.world or write to the postal address above.