Data Controller: Klexironvormyrex | 91 Rylander Blvd #7, Scarborough, ON M1B 5M5, Canada | office@klexironvormyrex.world | +1 888 372 2252
1. Introduction and Scope
Klexironvormyrex ("we", "us", "our") is committed to protecting the privacy and personal data of all individuals who interact with our website at klexironvormyrex.world (the "Website") and who purchase or enquire about our product, Holivitae.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we retain it, with whom we share it, and what rights you have in relation to your personal data. This policy applies to all visitors, customers, and enquirers who interact with our Website or contact us directly.
We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), and applicable provincial privacy legislation including the Freedom of Information and Protection of Privacy Act (FIPPA) of Ontario.
Please read this Privacy Policy carefully. By using our Website or submitting your personal data to us, you acknowledge that you have read and understood this policy.
2. Data Controller Details
The data controller responsible for your personal data is:
- Business Name: Klexironvormyrex
- Address: 91 Rylander Blvd #7, Scarborough, ON M1B 5M5, Canada
- Email: office@klexironvormyrex.world
- Phone: +1 888 372 2252
- Website: klexironvormyrex.world
If you have any questions about how we handle your personal data, or wish to exercise any of your rights, please contact us using the details above.
3. Personal Data We Collect
We collect personal data that you provide directly to us, as well as certain data collected automatically when you use our Website.
3.1 Data You Provide Directly
- Order information: Full name, email address, phone number (optional), delivery address, and any notes provided when placing an order for Holivitae.
- Contact form submissions: Full name, email address, phone number (optional), and the content of your message when you use our contact form.
- Newsletter / CTA sign-up: Email address when you subscribe to receive information about our products.
- Consent records: Records of your consent to our Terms of Service and Privacy Policy at the time of form submission.
3.2 Data Collected Automatically
- Technical data: IP address, browser type and version, operating system, device type, time zone, and language settings.
- Usage data: Pages visited, time spent on pages, links clicked, referring URLs, and navigation paths through the Website.
- Cookie data: Data collected via cookies and similar technologies as described in our Cookie Policy.
3.3 Special Categories of Data
We do not intentionally collect any special categories of personal data (such as health data, racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data) through our Website or forms. Please do not submit such information to us.
4. Purposes and Legal Bases for Processing
We process your personal data only where we have a lawful basis to do so. The table below sets out the purposes for which we process your data and the corresponding legal basis under GDPR and PIPEDA.
| Purpose | Data Used | Legal Basis (GDPR) | Legal Basis (PIPEDA) |
|---|---|---|---|
| Processing and fulfilling your order | Name, email, phone, address, order details | Performance of a contract (Art. 6(1)(b)) | Contractual necessity / consent |
| Sending order confirmation and shipping updates | Name, email, order details | Performance of a contract (Art. 6(1)(b)) | Contractual necessity |
| Responding to your enquiries and contact form messages | Name, email, phone, message content | Legitimate interests (Art. 6(1)(f)) | Consent / legitimate business purposes |
| Sending marketing communications (newsletter) | Email address | Consent (Art. 6(1)(a)) | Express consent (CASL) |
| Complying with legal and regulatory obligations | Name, address, order records | Legal obligation (Art. 6(1)(c)) | Legal requirement |
| Improving our Website and services (analytics) | Usage data, technical data, cookie data | Legitimate interests (Art. 6(1)(f)) / Consent | Consent / legitimate business purposes |
| Fraud prevention and security | IP address, technical data | Legitimate interests (Art. 6(1)(f)) | Legitimate business purposes |
| Maintaining consent and preference records | Consent timestamps, preferences | Legal obligation / Legitimate interests | Accountability requirement |
5. Marketing Communications and CASL
We comply with Canada's Anti-Spam Legislation (CASL). We will only send you commercial electronic messages (including marketing emails) if you have provided express consent to receive them, or where a valid implied consent exists under CASL.
You may withdraw your consent to receive marketing communications at any time by:
- Clicking the "unsubscribe" link in any marketing email we send you;
- Contacting us at office@klexironvormyrex.world.
Withdrawal of consent to marketing will not affect the lawfulness of any processing carried out before your withdrawal, nor will it affect the processing of your data for order fulfilment or other non-marketing purposes.
6. Data Retention
We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The table below sets out our standard retention periods.
| Data Category | Retention Period | Reason |
|---|---|---|
| Order and transaction records | 7 years from the date of transaction | Canadian tax and accounting law requirements |
| Customer correspondence and support records | 3 years from the date of last contact | Legitimate business interests; limitation periods |
| Marketing consent records | 3 years after consent withdrawal or last interaction | CASL compliance – proof of consent |
| Website analytics data | 26 months (aggregated/anonymised thereafter) | Website improvement and performance analysis |
| Cookie consent records | 13 months | GDPR / ePrivacy compliance |
| Technical / security logs | 12 months | Security monitoring and fraud prevention |
When personal data is no longer required, we securely delete or anonymise it. Where anonymisation is used, the resulting data cannot be used to identify you and is no longer considered personal data.
7. Data Sharing and Third-Party Recipients
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients where necessary:
7.1 Service Providers (Data Processors)
- Payment processors: To securely process your payment. Payment data is processed directly by our payment provider and is not stored on our servers.
- Logistics and shipping partners: Your name and delivery address are shared with our shipping partner to fulfil and deliver your order.
- Email service providers: To send you order confirmations, shipping notifications, and (where consented) marketing communications.
- Website hosting and IT infrastructure providers: Who host and maintain our Website and related systems.
- Analytics providers: Where you have consented to analytics cookies, anonymised usage data may be shared with analytics platforms.
All service providers acting as data processors are bound by data processing agreements and are required to process your data only on our instructions and in accordance with applicable privacy law.
7.2 Legal and Regulatory Disclosure
We may disclose your personal data to law enforcement agencies, regulatory authorities, or courts where we are required to do so by law, or where such disclosure is necessary to protect our legal rights, prevent fraud, or ensure the safety of individuals.
7.3 Business Transfers
In the event of a merger, acquisition, sale of assets, or other business transfer, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and the applicable privacy policy that will govern your data.
8. International Data Transfers
Our primary operations are based in Canada. If any of our service providers are located outside Canada or the European Economic Area (EEA), we ensure that appropriate safeguards are in place for any international transfer of personal data, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Transfers to countries recognised as providing an adequate level of data protection;
- Other legally recognised transfer mechanisms under GDPR and PIPEDA.
9. Data Security
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our security measures include:
- HTTPS / SSL encryption: All data transmitted between your browser and our Website is encrypted using TLS (Transport Layer Security).
- Access controls: Personal data is accessible only to authorised personnel who require it to perform their duties.
- Data minimisation: We collect only the personal data that is necessary for the stated purposes.
- Secure payment processing: Payment card data is processed directly by our PCI-DSS compliant payment processor and is not stored on our systems.
- Regular security reviews: We periodically review our security practices and update them as necessary.
- Incident response: We have procedures in place to detect, report, and investigate personal data breaches.
While we take all reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
10. Your Rights Under GDPR
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights in relation to your personal data under the GDPR:
- Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you and information about how we process it.
- Right to rectification (Art. 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure / "right to be forgotten" (Art. 17): You have the right to request that we delete your personal data in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected.
- Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
- Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with your national data protection supervisory authority if you believe we have processed your personal data in breach of applicable law.
11. Your Rights Under PIPEDA
If you are located in Canada, you have the following rights under PIPEDA:
- Right of access: You have the right to request access to the personal information we hold about you and to be informed of how it has been used and to whom it has been disclosed.
- Right to correction: You have the right to challenge the accuracy and completeness of your personal information and to have it amended where appropriate.
- Right to withdraw consent: Subject to legal or contractual restrictions, you may withdraw consent to the collection, use, or disclosure of your personal information at any time, with reasonable notice.
- Right to complain: You have the right to complain to the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca if you believe your privacy rights have been violated.
12. How to Exercise Your Rights
To exercise any of the rights described above, please contact us by:
- Email: office@klexironvormyrex.world
- Post: Klexironvormyrex, 91 Rylander Blvd #7, Scarborough, ON M1B 5M5, Canada
- Phone: +1 888 372 2252
We will respond to your request within 30 days of receipt. We may ask you to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances; however, we may charge a reasonable fee if a request is manifestly unfounded or excessive.
13. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies. For detailed information about the cookies we use, their purposes, and how you can manage your preferences, please see our Cookie Policy.
14. Children's Privacy
Our Website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe that we have inadvertently collected personal data from a child, please contact us immediately at office@klexironvormyrex.world and we will take steps to delete such data promptly.
15. Links to Third-Party Websites
Our Website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party websites you visit.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of our Website after any changes constitutes your acceptance of the updated policy.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
- Klexironvormyrex
- 91 Rylander Blvd #7, Scarborough, ON M1B 5M5, Canada
- Email: office@klexironvormyrex.world
- Phone: +1 888 372 2252