Tlexironphor

Privacy Policy

Last updated: 23 March 2025

1. Data Controller and Contact Details

The data controller responsible for the processing of your personal data in connection with this website and our services is:

Tlexironphor
Amagerbrogade 158
2300 København S
Denmark

Email: info@tlexironphor.world
Phone: +45 32 58 01 40

As the data controller, we determine the purposes and means of the processing of your personal data. We are established in Denmark and are subject to the supervisory authority of the Danish Data Protection Agency (Datatilsynet).

2. Introduction and Scope

This Privacy Policy provides a comprehensive description of how Tlexironphor ("we", "us", "our") collects, uses, stores, discloses, and protects your personal data when you access or use our website tlexironphor.world, place orders for our products (including Pureviora), contact our customer service, or otherwise interact with our business.

We process personal data in strict accordance with:

  • The General Data Protection Regulation (GDPR) (EU) 2016/679
  • The Danish Data Protection Act (Databeskyttelsesloven), Act No. 502 of 23 May 2018
  • The Danish Marketing Practices Act (Markedsføringsloven)
  • Relevant sector-specific legislation applicable to food supplements and e-commerce

This policy applies to all visitors of our website, customers who purchase our products, and individuals who communicate with us through any channel. It does not apply to third-party websites that may be linked from our site.

3. Legal Basis for Processing

Under the GDPR, we process personal data only when we have a valid legal basis. The legal bases we rely on are:

  • Contract performance (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes processing orders, delivering products, providing customer support, and handling returns or refunds.
  • Legitimate interests (Article 6(1)(f) GDPR): Processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Our legitimate interests include: improving our website and services, preventing fraud and abuse, ensuring network and information security, managing and administering our business, and defending legal claims.
  • Consent (Article 6(1)(a) GDPR): You have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications or the use of non-essential cookies. Consent can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legal obligation (Article 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which we are subject, including obligations under the Danish Bookkeeping Act (Bogføringsloven), tax legislation, and consumer protection laws.

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

4. Categories of Personal Data We Collect

4.1 Data You Provide Directly to Us

  • Contact and identification data: Full name, email address, telephone number (where voluntarily provided), postal address, and any other contact details you provide when placing an order or contacting us.
  • Order and transaction data: Products ordered, quantities, prices, payment method (we do not store full payment card details; these are handled by our payment processor), delivery address, billing address if different, order history, and any special instructions or messages accompanying your order.
  • Communication and correspondence data: The content of emails, contact form submissions, live chat messages, letters, or other communications you send to us, including customer service enquiries, complaints, feedback, and product reviews.
  • Account data (if applicable): If you create an account with us, we may store login credentials (in encrypted form), account preferences, and saved delivery addresses.

4.2 Data Collected Automatically When You Use Our Website

  • Technical and device data: IP address, browser type and version, operating system, device type and model, screen resolution, language settings, and time zone.
  • Usage and interaction data: Pages visited, time spent on pages, click patterns, navigation paths, scroll depth, search terms used on our site, and the referring website or source from which you arrived.
  • Cookie and similar technology data: Information stored in or accessed through cookies, local storage, session storage, and similar technologies as described in our Cookie Policy.

4.3 Special Categories of Personal Data

We do not intentionally collect special categories of personal data (such as health data, genetic data, biometric data, or data concerning religious or philosophical beliefs) unless you voluntarily provide such information in the context of a customer service enquiry (for example, when asking about product suitability). Any such data will be processed only with your explicit consent or where otherwise permitted by law, and will be minimised and protected accordingly.

5. Purposes of Processing and How We Use Your Data

We use your personal data for the following purposes:

  • Order fulfilment: To process, validate, and fulfil your orders for Pureviora and other products; to communicate with you regarding your order status; to arrange shipping and delivery; and to handle any post-delivery issues.
  • Customer service: To respond to your enquiries, requests, and complaints; to provide product information and support; and to maintain records of our communications for quality assurance and legal purposes.
  • Transactional communications: To send you order confirmations, shipping notifications, delivery updates, invoices, and other communications necessary for the performance of our contract with you.
  • Website operation and improvement: To ensure our website functions correctly; to analyse how visitors use our site; to identify technical issues; and to improve our website design, content, and user experience.
  • Security and fraud prevention: To protect our website and systems from unauthorised access, abuse, or attack; to detect and prevent fraud; and to comply with our security obligations.
  • Legal and regulatory compliance: To comply with our legal obligations, including accounting, tax, and consumer protection requirements; to respond to lawful requests from authorities; and to establish, exercise, or defend legal claims.
  • Marketing (with consent): To send you promotional communications about our products, special offers, or news, only where you have given us your prior consent. You may opt out at any time.

6. Data Minimisation and Accuracy

We adhere to the principle of data minimisation and collect only the personal data that is necessary for the purposes described above. We take reasonable steps to ensure that the personal data we hold about you is accurate, complete, and up to date. If you believe any data we hold is incorrect, please contact us and we will correct it promptly.

7. Data Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Order and transaction data: Retained for 5 years from the end of the financial year in which the transaction occurred, in accordance with Section 10 of the Danish Bookkeeping Act (Bogføringsloven) and applicable tax legislation.
  • Customer service and correspondence records: Retained for 3 years from the date of the last contact, unless a longer retention period is required for legal or regulatory purposes.
  • Marketing consent records: Retained until you withdraw consent, plus a reasonable period (typically 3 years) to demonstrate compliance with our legal obligations.
  • Website analytics and technical logs: Retained for up to 26 months for analytics purposes, or as configured for the specific tools we use. Server access logs may be retained for a shorter period for security purposes.
  • Cookie data: Retention periods vary by cookie type; please refer to our Cookie Policy for detailed information.
  • Legal and regulatory data: Where we are required to retain data for longer periods by law (for example, in connection with ongoing litigation or regulatory investigations), we will retain it for the duration of that requirement.

After the applicable retention period has expired, your personal data will be securely deleted or anonymised in a manner that prevents identification. Anonymised data may be retained for statistical or analytical purposes.

8. Data Security Measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with Article 32 GDPR. These measures include:

  • Encryption: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher. Our website is served over HTTPS.
  • Access controls: Access to personal data is restricted to authorised personnel who have a legitimate need to access it for the performance of their duties. Access is granted on a need-to-know basis and is reviewed regularly.
  • Secure storage: Personal data is stored on secure servers with appropriate access controls, firewalls, and intrusion detection systems. We use reputable hosting providers that comply with industry security standards.
  • Procedures and training: We maintain internal policies and procedures for the handling of personal data and provide training to our staff on data protection and security.
  • Incident response: We have procedures in place for the detection, reporting, and investigation of personal data breaches. In the event of a breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, as required by Articles 33 and 34 GDPR.

While we take all reasonable precautions, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

9. Data Sharing, Recipients, and International Transfers

9.1 Categories of Recipients

We may share your personal data with the following categories of recipients:

  • Payment service providers: To process payments securely. We do not store your full payment card details on our servers; these are handled directly by our payment processor in accordance with PCI DSS standards.
  • Shipping and logistics partners: To fulfil deliveries. We provide your name, delivery address, and contact details (where necessary for delivery) to our carriers.
  • Email and communication service providers: To send transactional and (where consented) marketing emails.
  • Hosting and infrastructure providers: Our website and associated systems may be hosted on servers operated by third-party providers.
  • Analytics and website performance providers: To analyse website usage and improve our services, where you have consented to such cookies.
  • Legal and regulatory authorities: Where we are required to do so by law, court order, or to protect our legal rights, or where necessary to prevent fraud or other unlawful activity.

All processors acting on our behalf are bound by data processing agreements that require them to process personal data only in accordance with our instructions and to implement appropriate security measures. We do not sell your personal data to third parties.

9.2 International Transfers

Your personal data is primarily processed within the European Economic Area (EEA). Where we transfer data to countries outside the EEA, we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries that have been recognised by the European Commission as providing an adequate level of data protection
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules, where applicable

You may request a copy of the safeguards we use for international transfers by contacting us.

10. Your Rights Under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Article 15): You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data and receive a copy. You also have the right to receive certain additional information about our processing.
  • Right to rectification (Article 16): You have the right to obtain the rectification of inaccurate personal data and to have incomplete data completed.
  • Right to erasure (Article 17): You have the right to request the deletion of your personal data in certain circumstances, such as where the data is no longer necessary, where you withdraw consent, or where the data has been unlawfully processed.
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain situations, for example where you contest the accuracy of the data or where the processing is unlawful but you prefer restriction to erasure.
  • Right to data portability (Article 20): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
  • Right to object (Article 21): You have the right to object to processing based on legitimate interests. You also have an absolute right to object to processing for direct marketing purposes at any time.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint (Article 77): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement. In Denmark, the supervisory authority is the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark, www.datatilsynet.dk.

To exercise any of these rights, please contact us using the details provided in Section 14. We will respond to your request without undue delay and in any event within one month of receipt. That period may be extended by a further two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension.

We may need to verify your identity before processing your request. If we refuse your request, we will explain the reasons and inform you of your right to lodge a complaint with the supervisory authority.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately. We will take steps to delete such information from our systems as soon as reasonably practicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page and may provide additional notice (for example, by email or a prominent notice on our website) where appropriate.

We encourage you to review this Privacy Policy periodically. Your continued use of our website and services after the posting of changes constitutes your acceptance of the revised policy. If you do not agree with the changes, you should discontinue use of our services and contact us regarding the deletion of your personal data, where applicable.

13. Third-Party Links

Our website may contain links to third-party websites, including social media platforms. This Privacy Policy does not apply to those websites. We are not responsible for the privacy practices or content of third-party sites. We encourage you to read the privacy policies of any third-party sites you visit.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please contact us:

Tlexironphor
Amagerbrogade 158
2300 København S
Denmark

Email: info@tlexironphor.world
Phone: +45 32 58 01 40

Our customer service team is available Monday to Friday, 9:00–17:00 (CET/CEST). We aim to respond to all enquiries within 48 hours.