Privacy Policy
Controller: Vrexalonoph, trading in connection with the VitaVasc Digest product line, with registered address at 21 Grafton Street, Dublin 2, D02 FW29, Ireland.
Contact (data protection): reply@vrexalonoph.world · Telephone: +353 1 679 0467
Last updated: 23 March 2025. This Policy explains how we collect, use, store, and protect personal data when you visit https://vrexalonoph.world/ (the “Site”), submit forms, purchase goods, or otherwise interact with us. It is written to align with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Irish Data Protection Act 2018, and applicable ePrivacy rules as they relate to our operations.
1. Scope and commitment
We process personal data fairly, lawfully, and transparently. We collect only what we need for specified purposes, keep it accurate, limit retention, and apply appropriate security measures. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. This Policy should be read together with our Cookie Policy, Terms of Service, and Return Policy.
2. Categories of personal data
Depending on how you interact with us, we may process the following categories:
- Identity and contact data: name, delivery address, billing address, email address, telephone number.
- Transaction data: order details, payment references (card data is handled by payment processors where applicable; we do not store full card numbers on our servers).
- Communication data: messages you send through forms or email, records of enquiries, and support tickets.
- Technical data: IP address, browser type, device identifiers, approximate location derived from IP, pages viewed, and timestamps.
- Preference and consent records: cookie choices, marketing preferences, and records of consent timestamps.
- Compliance data: information required for fraud prevention, accounting, tax, and regulatory reporting.
3. Sources of data
We obtain personal data directly from you when you place an order, complete a contact form, subscribe to updates (where available), or communicate with us. We may receive limited technical data automatically through cookies and similar technologies as described in our Cookie Policy. We may also receive data from payment service providers (for example, payment status) and logistics partners (for example, delivery confirmations).
4. Purposes and lawful bases
We process personal data for the purposes and on the lawful bases summarised below:
| Purpose | Lawful basis (GDPR) |
|---|---|
| Providing the Site, processing orders, delivering products, managing payments and refunds | Performance of a contract (Art. 6(1)(b)); legal obligations for invoicing and tax (Art. 6(1)(c)) |
| Responding to enquiries submitted via forms or email | Steps prior to a contract or legitimate interests in responding to requests (Art. 6(1)(b) / 6(1)(f)) |
| Operating customer service, handling complaints and warranty-related communications | Legitimate interests in customer support (Art. 6(1)(f)); contractual necessity where applicable |
| Security monitoring, fraud prevention, and abuse detection | Legitimate interests (Art. 6(1)(f)); legal obligations where applicable |
| Analytics to understand Site usage and improve content (non-essential cookies only with consent) | Consent (Art. 6(1)(a)) |
| Marketing communications where we use optional marketing cookies or send promotional emails | Consent (Art. 6(1)(a)) where required; soft opt-in may apply only where permitted by law |
| Compliance with legal requests, court orders, and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we balance our interests against your rights and offer you the right to object where applicable, in particular to processing based on Art. 6(1)(f) that relates to your particular situation.
5. Special categories of data
We do not ask you to provide health data through the Site. If you voluntarily include sensitive information in a free-text message, we will process it only to handle your enquiry and on the basis of your explicit consent or, where appropriate, substantial public interest in accordance with Article 9 GDPR. We recommend avoiding unnecessary health details in routine order messages.
6. Cookies and similar technologies
We use cookies and similar tools as described in our Cookie Policy. You can manage preferences through the cookie banner and browser settings. Strictly necessary cookies do not require consent under ePrivacy implementation; analytics and marketing cookies are deployed only after valid consent where required.
7. Recipients and international transfers
We may share personal data with:
- Service providers that host the Site, send transactional emails, provide analytics (if consented), or support IT security.
- Payment processors that handle card payments in line with PCI DSS expectations.
- Carriers and fulfilment partners to deliver orders.
- Professional advisers such as accountants and lawyers where required.
- Authorities when we are legally compelled to disclose information.
If personal data is transferred outside the European Economic Area, we implement appropriate safeguards under Chapter V GDPR, such as Standard Contractual Clauses approved by the European Commission, supplemented by technical and organisational measures where needed.
8. Retention
We retain personal data only as long as necessary for the purposes described:
- Order and accounting records: generally up to seven years from the end of the financial year in which the transaction occurred, unless a longer period is required by Irish tax or commercial law.
- Marketing consents and related profiles: until you withdraw consent or object, and for a short period thereafter to evidence consent.
- Enquiry messages: typically up to twenty-four months after the last contact, unless a dispute or legal hold requires longer retention.
- Security logs: for a limited period necessary to investigate incidents, usually not exceeding twelve months unless an investigation requires longer storage.
- Cookie data: as stated in the Cookie Policy, often between a few months and twenty-four months depending on the tool.
When retention periods expire, we delete or anonymise data unless a limited statutory exception applies.
9. Security measures
We implement technical and organisational measures appropriate to the risk, including TLS encryption for data in transit where the Site is served over HTTPS, access controls for internal systems, pseudonymisation where feasible, regular review of service providers, and staff awareness of confidentiality obligations. No method of transmission or storage is completely secure; we encourage you to use strong passwords where accounts exist and to contact us if you suspect unauthorised access.
10. Automated decision-making and profiling
We do not use automated decision-making that produces legal or similarly significant effects solely based on automated processing. Limited analytics may profile aggregated audiences for Site improvement; such processing related to optional cookies occurs only with consent.
11. Your rights
Under GDPR, you may have the following rights in relation to your personal data:
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure (“right to be forgotten”) in certain circumstances (Art. 17)
- Restriction of processing (Art. 18)
- Data portability for data you provided, where processing is based on consent or contract and carried out by automated means (Art. 20)
- Objection to processing based on legitimate interests (Art. 21)
- Withdraw consent at any time for consent-based processing (Art. 7(3))
- Lodge a complaint with the Data Protection Commission in Ireland (https://www.dataprotection.ie/) or, if you reside elsewhere in the EEA, with your local supervisory authority.
To exercise rights, email reply@vrexalonoph.world with your name, contact details, and a description of your request. We may need to verify identity before responding. We will reply within one month, extendable by two further months where complex, as permitted by Art. 12 GDPR.
12. Children
Our Site and products are directed at adults. We do not knowingly collect data from children under sixteen without parental authority. If you believe a child has provided data, contact us so we can delete it.
13. Changes to this Policy
We may update this Policy to reflect legal, technical, or business developments. The “Last updated” date will change, and for material changes we will provide additional notice where appropriate, such as a banner on the Site or an email where we have your address.
14. Contact
For privacy questions: reply@vrexalonoph.world · Vrexalonoph, 21 Grafton Street, Dublin 2, D02 FW29, Ireland · Phone: +353 1 679 0467