Elarvo · Data stewardship

Srexalonkholvexx.world

Privacy Policy

This document is maintained for transparency under the General Data Protection Regulation (EU) 2016/679 and applicable Danish implementation acts. It is current as of . For archival copies, contact the controller below.

Controller: Srexalonkholvexx.world, a trading identity operating Elarvo-branded dietary supplements, with registered correspondence address at Store Torv 5, 8000 Aarhus C, Denmark. Electronic contact: chat@srexalonkholvexx.world. Response objective: we aim to acknowledge substantive privacy requests within five business days and complete them within statutory timelines, subject to complexity and identity verification.

This Policy applies to visitors of srexalonkholvexx.world, individuals who submit forms, purchasers where checkout is available, and anyone whose personal data we otherwise receive in connection with Elarvo. It does not apply to third-party websites that we may link to; their policies govern their processing.

1. Definitions and interpretation

“Personal data” means any information relating to an identified or identifiable natural person. “Processing” includes collection, storage, adaptation, disclosure, erasure, and destruction. “We”, “us”, and “our” refer to the controller named above. “You” refers to the data subject interacting with our services.

2. Scope, age limits, and sensitive categories

Our website and Elarvo products are intended for adults aged eighteen and older. We do not knowingly collect personal data from children under sixteen. If you believe we have received a minor’s data in error, notify us immediately and we will take steps to delete it where the law requires.

We do not ask you to submit special categories of data (such as detailed health records) through standard forms. If you voluntarily include health-related details in a free-text message, we treat that content strictly for the purpose of responding to your inquiry or referring you to an appropriate professional, and we do not use it for automated profiling or marketing unless you separately consent.

3. Categories of personal data we collect

  • Identity and contact identifiers: full name, email address, telephone number if provided, billing or delivery address when you supply it, company name for B2B correspondence.
  • Transaction and account records: order references, product selections, payment status flags (payment card data is handled by certified payment processors where applicable, not stored on our servers as full card numbers).
  • Communications content: text of messages, attachments you choose to send, channel metadata such as timestamps.
  • Technical and device data: IP address, browser type and version, operating system, device type, approximate geographic region derived from IP, referring URL, session duration, and error logs.
  • Usage and analytics data: aggregated or pseudonymised statistics on page views, funnels, and campaign identifiers when you enable optional analytics cookies or tracking pixels described in the Cookie Policy.
  • Consent artefacts: records of cookie preferences, marketing opt-ins, and withdrawal timestamps where we are required to demonstrate consent.
  • Support and dispute files: correspondence, refund notes, and delivery confirmations retained for customer care and legal defence.

4. Purposes of processing and legal bases

We process personal data only when a valid legal basis exists under Article 6 GDPR (and Article 9 where special categories exceptionally apply). The matrix below summarises typical processing.

  • Website operation and security (legitimate interests, Article 6(1)(f)): hosting configuration, TLS encryption, rate limiting, bot mitigation, fraud screening, and integrity monitoring. We balance these interests against your rights and offer contact channels for objections where appropriate.
  • Contractual performance (Article 6(1)(b)): processing orders, delivering products, invoicing, and providing post-sale support tied to a purchase you initiated.
  • Pre-contractual steps (Article 6(1)(b)): responding to product enquiries, preparing quotations for corporate buyers, and scheduling callbacks you request.
  • Legal obligation (Article 6(1)(c)): tax and accounting retention, consumer law documentation, cooperation with competent authorities, and court orders.
  • Consent (Article 6(1)(a)): non-essential cookies, marketing email beyond transactional notices, and optional surveys. You may withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legitimate interests in business development (Article 6(1)(f)): aggregated analytics to improve content clarity, A/B testing on anonymised cohorts where configured, and internal training using redacted examples. We document balancing tests for high-impact activities.

5. Automated decision-making and profiling

We do not make decisions producing legal or similarly significant effects based solely on automated processing, including profiling, within the meaning of Article 22 GDPR. If this posture changes, we will update this Policy, provide meaningful information about the logic involved, and offer human review where required.

6. Recipients and categories of processors

Personal data is accessed only by personnel and contractors bound by confidentiality. We engage processors for infrastructure, email delivery, customer relationship tooling, payment acquiring, logistics, analytics (when enabled), and professional advisers. Each processor receives the minimum data necessary and is subject to written terms compliant with Article 28 GDPR.

We may disclose data to public authorities when compelled by law, or to private parties when necessary to enforce our Terms, recover debts, or protect the rights and safety of individuals.

7. International transfers

Where data leaves the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplementary measures where required by case law, or reliance on adequacy decisions. You may request a summary of transfer mechanisms by emailing our contact address.

8. Retention periods

  • Marketing and general enquiries: up to twenty-four months after the last substantive interaction unless a live matter extends the need.
  • Contracts and accounting: up to seven years aligned with Danish bookkeeping and tax rules, unless a longer period is mandated for a specific dispute.
  • Technical logs: typically ninety days to twelve months depending on subsystem, unless investigation requires extension.
  • Cookie and consent logs (server-side): up to twelve months from collection unless regulations require longer evidence.
  • Legal holds: data subject to litigation or regulatory inquiry may be retained beyond standard schedules until matters conclude.

After retention expires, we delete or irreversibly anonymise data where feasible.

9. Security measures

We implement organisational and technical measures including role-based access, multi-factor authentication for administrative consoles where supported, encryption in transit via HTTPS, encrypted volumes where appropriate at rest, vulnerability monitoring, backup encryption with restricted keys, incident response playbooks, and periodic reviews of vendor security attestations. No system is perfectly secure; you should protect your credentials and devices.

10. Your rights

Subject to applicable law, you may request access, rectification, erasure, restriction of processing, objection to processing based on legitimate interests, data portability for data processed by automated means under contract or consent, and withdrawal of consent. You may also lodge a complaint with Datatilsynet or another EU supervisory authority.

To exercise rights, email chat@srexalonkholvexx.world or write to Store Torv 5, 8000 Aarhus C, Denmark. We may request proportionate verification. We will respond within one month, extendable by two further months where complex, with reasons provided.

11. Third-party links and embedded content

Our pages may reference external resources. Those operators process data under their own policies. Review their notices before submitting personal data.

12. Changes to this Policy

We may revise this Policy to reflect legal, technical, or organisational developments. Material changes will be highlighted on this page and, where appropriate, communicated through a notice on the website or by email to active customers. Continued use after the effective date constitutes acknowledgement of reasonable updates, without prejudice to rights that require explicit consent.

13. Contact summary

Postal: Store Torv 5, 8000 Aarhus C, Denmark. Email: chat@srexalonkholvexx.world. Brand: Elarvo, offered by Srexalonkholvexx.ddd.