Shrexxonioyxae

Privacy Policy

Last updated: 16 March 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Shrexxonioyxae
Sähkötalon alakerta, Kampinkuja 2
00100 Helsinki
Finland

Email: message@shrexxonioyxae.world
Phone: +358 9 441 919

2. Scope and purpose of this policy

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website https://shrexxonioyxae.world (the "Website") and our services, including the purchase of Digestavita and other products. It also explains your rights under the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection law (Tietosuojalaki).

We process personal data in accordance with the GDPR, the Finnish Data Protection Act (1050/2018), and other applicable local and international laws. By using our Website or providing your data to us, you acknowledge that you have read and understood this policy.

3. Legal basis for processing

We process your personal data only where we have a valid legal basis:

  • Contract: Processing necessary for the performance of a contract with you (e.g. order processing, delivery, customer service).
  • Legitimate interests: Processing necessary for our legitimate interests (e.g. improving our services, security, analytics) where these are not overridden by your rights.
  • Consent: Where you have given clear consent for specific processing (e.g. marketing, non-essential cookies).
  • Legal obligation: Processing required to comply with laws (e.g. tax, consumer, and accounting obligations in Finland).

4. Categories of personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact data: Name, email address, telephone number, delivery address, and other contact details you provide when placing an order or contacting us.
  • Transaction and order data: Order history, payment-related information (we do not store full payment card numbers; payment processing may be handled by third-party providers subject to their own privacy policies), and correspondence related to orders.
  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, time and date of access, and similar technical data collected automatically when you use our Website.
  • Communication data: Content of messages, enquiries, and complaints you send to us via contact forms, email, or phone.
  • Cookie and similar technologies data: Data collected via cookies and similar technologies as described in our Cookie Policy.

5. Purposes of processing

We use your personal data for the following purposes:

  • To process and fulfil your orders for Digestavita and other products, including delivery and customer support.
  • To communicate with you about your orders, enquiries, and complaints.
  • To send order and shipping confirmations and, where applicable, tracking information.
  • To comply with legal obligations (e.g. tax, accounting, consumer rights, and regulatory requirements in Finland and the EU).
  • To improve our Website, services, and user experience (e.g. analytics, troubleshooting).
  • To protect the security and integrity of our systems and to prevent fraud and abuse.
  • Where you have consented, to send you marketing communications about our products and offers.
  • To handle and respond to requests relating to your rights under data protection law.

6. Retention periods

We retain your personal data only for as long as necessary for the purposes set out in this policy or as required by law.

  • Order and customer data: For the duration of the contractual relationship and thereafter for a period required by Finnish and EU law (e.g. accounting and tax: typically 6–10 years from the end of the financial year, depending on the type of record).
  • Contact and enquiry data: Until the enquiry is resolved and for a reasonable period thereafter for quality and legal purposes (e.g. up to 3 years unless longer retention is required by law).
  • Technical and access logs: Generally up to 12 months for security and troubleshooting, unless a longer period is required for legal or regulatory purposes.
  • Marketing and consent-based data: Until you withdraw consent or object, and for a short period thereafter to record your choice.
  • Data related to legal claims: For the duration of any legal proceedings and as required by applicable limitation periods.

After the retention period expires, we securely delete or anonymise your data so that it can no longer identify you.

7. Recipients and international transfers

We may share your personal data with:

  • Service providers: Payment processors, shipping and logistics partners, IT and hosting providers, and analytics or marketing tools that process data on our behalf under strict contractual obligations (data processing agreements).
  • Authorities: When required by law, we may disclose data to courts, law enforcement, tax authorities, or other public bodies in Finland or the EU.

We do not sell your personal data to third parties. Where we transfer data to countries outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g. adequacy decisions, standard contractual clauses, or other mechanisms approved under the GDPR).

8. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • Use of HTTPS and encryption for data in transit.
  • Access controls and authentication so that only authorised personnel can access personal data.
  • Regular review and updating of security practices and, where applicable, reliance on secure, reputable service providers.
  • Training of staff on data protection and confidentiality.
  • Procedures to detect, respond to, and report personal data breaches in accordance with the GDPR.

Despite our efforts, no method of transmission or storage over the Internet is completely secure. We encourage you to use strong passwords and to contact us immediately if you suspect any unauthorised use of your data.

9. Your rights under the GDPR

Under the GDPR and Finnish law, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you and information about how we process it.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to erasure: You may request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary, where you withdraw consent, or where you object and there are no overriding legitimate grounds).
  • Right to restriction: You may request that we restrict processing in certain situations (e.g. while we verify accuracy or while a dispute is being resolved).
  • Right to data portability: Where processing is based on contract or consent and carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format or to have it transmitted to another controller.
  • Right to object: You may object to processing based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month (or within any extended period permitted by law). You also have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): https://tietosuoja.fi.

10. Children

Our Website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the law, or our services. The "Last updated" date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent or notify you of significant changes before they take effect.

12. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact us:

Shrexxonioyxae
Sähkötalon alakerta, Kampinkuja 2, 00100 Helsinki, Finland
Email: message@shrexxonioyxae.world
Phone: +358 9 441 919