Privacy Policy

1. Purpose and scope

This Privacy Policy explains how Zefrylonozhrex (“we”, “us”, “our”) processes personal data when you visit the Website, submit an order or contact request, interact with cookies, or exercise your data protection rights. We process personal data in accordance with Regulation (EU) 2016/679 (“GDPR”), applicable Irish law, and, where relevant, the national laws of Finland and other EU or EEA countries from which you access our services.

This Policy applies to consumers and business visitors. It does not apply to third-party websites linked from the Website; those services have their own policies.

2. Categories of personal data

Depending on how you interact with us, we may process the following categories of data:

• Identity and contact data: full name, delivery address (if collected at a later stage), email address, telephone number where provided.
• Order and communication data: messages you send through forms, product interests, correspondence records, and complaint details.
• Technical and usage data: IP address, browser type and version, time zone, device identifiers, operating system, referral URL, pages viewed, and approximate location derived from IP processing.
• Cookie and similar technologies data: as described in our Cookie Policy, including consent records.
• Payment data: where payments are processed, card or account identifiers are handled directly by payment service providers; we receive limited confirmation metadata (for example transaction status) where necessary for accounting.

We do not seek to collect special categories of personal data (such as health data). If you voluntarily disclose health information in a message, we will treat it with additional care and only retain what is needed to respond, unless a separate legal basis applies.

3. Sources of data

We obtain personal data directly from you when you complete forms, create or pursue an order, email us, or call our published number. We may receive technical data automatically through server logs and cookies. We may receive data from payment providers, carriers, or fraud-prevention partners where necessary to perform a contract or protect our legitimate interests.

4. Purposes and legal bases

We process personal data only where a legal basis under Article 6 GDPR applies. The table below summarises typical processing activities.

• Website delivery and security (legitimate interests, Article 6(1)(f)): hosting, diagnostics, abuse prevention, HTTPS encryption, and maintaining service availability.
• Responding to enquiries (contract steps or legitimate interests): answering questions about Purevitala and related products where you initiate contact.
• Order handling (contract, Article 6(1)(b)): confirming requests, arranging shipment where applicable, invoicing, and customer support.
• Legal compliance (legal obligation, Article 6(1)(c)): tax, accounting, product safety, and responding to lawful requests from authorities.
• Non-essential cookies and marketing (consent, Article 6(1)(a)): where you opt in through the cookie banner or separate signup flows.
• Dispute resolution and enforcement (legitimate interests): defending legal claims and enforcing our terms.

Where we rely on legitimate interests, we balance our interests against your rights; you may object to certain processing as described below.

5. Retention

We retain personal data only as long as necessary for the purposes collected, unless a longer period is required by law.

• Marketing consents and cookie logs: typically up to twenty-four months after collection or until you withdraw consent, unless a longer period is needed to demonstrate compliance.
• Contract and order records: for the duration of the relationship plus seven years where Irish tax and commercial record-keeping rules apply, unless a different statutory period applies to specific transactions.
• Server logs: rotated or anonymised on a rolling basis, generally not exceeding ninety days unless security investigations require limited extensions.
• Complaints and legal matters: until resolution plus a reasonable buffer, often up to seven years for contractual disputes.

When retention ends, we delete or irreversibly anonymise data.

6. Recipients and processors

We share personal data with service providers that process data on our instructions (“processors”), such as hosting providers, email delivery services, analytics vendors (only if you consent), payment processors, and logistics partners. We use written agreements that meet GDPR Article 28 requirements.

We may disclose data to professional advisers (lawyers, accountants), to competent authorities when required by law, or to third parties in connection with a merger or asset transfer subject to confidentiality safeguards.

7. International transfers

Where data is transferred outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplemented measures where required by case law, or reliance on adequacy decisions. Copies of relevant safeguards may be requested using the contact details above.

8. Security measures

We implement technical and organisational measures appropriate to the risk, including access controls on a need-to-know basis, encryption in transit via HTTPS for the Website, secure configuration of servers, malware protection where applicable, and staff training on confidentiality. No online transmission is completely secure; you should protect your devices and credentials.

9. Your rights

Subject to GDPR conditions, you may have the following rights:

• Access to your personal data and certain information about processing.
• Rectification of inaccurate data.
• Erasure (“right to be forgotten”) where grounds apply.
• Restriction of processing in defined circumstances.
• Data portability for data you provided where processing is based on consent or contract and carried out by automated means.
• Objection to processing based on legitimate interests, including profiling related to direct marketing.
• Withdraw consent at any time where processing is consent-based, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority. In Ireland, the Data Protection Commission (https://www.dataprotection.ie/). In Finland, the Office of the Data Protection Ombudsman (https://tietosuoja.fi/en/).

To exercise rights, email touch@zefrylonozhrex.world with your name, contact details, and a description of your request. We may need to verify your identity before proceeding.

10. Automated decision-making

We do not use solely automated decision-making, including profiling, which produces legal or similarly significant effects concerning you, unless we inform you otherwise and provide a legal basis.

11. Children

Our Website and Purevitala marketing are directed at adults. We do not knowingly collect data from children under sixteen without parental authority. If you believe a child has provided data, contact us and we will delete it where appropriate.

12. Data minimisation and accuracy

We collect only personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes set out in this Policy. Forms are designed to request the minimum fields needed to respond or fulfil an order. We take reasonable steps to keep personal data accurate and to erase or rectify inaccurate data without undue delay when notified.

13. Records of processing and accountability

We maintain internal records describing processing activities, categories of data, purposes, recipients, retention, and security measures, as required by Article 30 GDPR where applicable to our organisation. These records are not published in full but may be shared with supervisory authorities on request.

14. Customers in Finland and the wider EU

While our registered office is in Ireland, we offer Purevitala and related information to individuals in Finland and other Member States. Processing may involve delivery partners and payment providers established in your country or elsewhere in the EEA. Your rights under the GDPR apply without prejudice to mandatory national consumer laws that provide stronger protection.

15. Breach notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where required, communicate to affected data subjects in accordance with Articles 33 and 34 GDPR, describing the nature of the breach, likely consequences, and measures taken or proposed.

16. Changes

We may update this Policy to reflect legal, technical, or business changes. Material updates will be indicated by revising the date above. Where required, we will provide additional notice.

17. Contact

For privacy questions or requests: touch@zefrylonozhrex.world, or write to the postal address listed at the top of this page.