Vraxylonvordflix

Privacy Policy

Last updated: March 5, 2025

1. Controller and contact details

The controller responsible for the processing of your personal data in connection with this website is:

Vraxylonvordflix
1000 Cottman Ave
Philadelphia, PA 19111
United States

For questions regarding data protection or to exercise your rights, you may contact us at the address above, or by phone at +1 215 770 7869, or by writing to: help@vraxylonvordflix.world (contact identifier for correspondence). We respond to data subject requests in accordance with applicable law, typically within 30 days.

2. Scope and purpose of this policy

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website at vraxylonvordflix.world (the "Website") and related services. It applies to visitors, customers, and any individual whose data we process. We process personal data in compliance with the General Data Protection Regulation (GDPR) where applicable, the California Consumer Privacy Act (CCPA), and other United States federal and state privacy laws, as well as international standards where relevant.

By using our Website or providing your data, you acknowledge that you have read and understood this policy. If you do not agree, please do not use our Website or provide your personal data.

3. Types of personal data we collect

3.1 Data you provide directly

  • Contact and identification data: name, email address, telephone number, and postal address when you place an order, contact us, or subscribe to communications.
  • Order and transaction data: order details, payment-related information (processed by secure third-party payment providers), delivery address, and order history.
  • Communications: content of messages, inquiries, or feedback you send to us.
  • Consent and preferences: your choices regarding marketing, cookies, and data processing, including records of consent where required by law.

3.2 Data collected automatically

  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar technical identifiers. This data may be collected through cookies and similar technologies as described in our Cookie Policy.
  • Log data: server logs that record access to our systems for security and operational purposes.

3.3 Data from third parties

We may receive limited data from payment processors, delivery services, or analytics providers to fulfil orders and improve our services. We ensure that such third parties comply with applicable data protection laws.

4. Legal basis and purposes of processing

We process your personal data only where we have a valid legal basis and for specified purposes.

  • Contract performance: to process and deliver your orders, manage your account, handle returns, and communicate with you about your orders. Legal basis: performance of a contract (Art. 6(1)(b) GDPR where applicable) or equivalent under US law.
  • Legitimate interests: to improve our Website, prevent fraud, ensure security, analyse usage patterns, and defend our legal rights. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) or equivalent, provided your interests do not override ours.
  • Consent: for marketing communications, non-essential cookies, and other processing where we ask for your explicit consent. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Legal basis: consent (Art. 6(1)(a) GDPR).
  • Legal obligation: to comply with tax, accounting, consumer protection, and other legal obligations. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

5. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy or as required by law.

  • Order and customer data: for the duration of the contractual relationship and thereafter for a period of up to 7 years for tax, legal, and dispute resolution purposes, unless a longer retention is required by law.
  • Marketing and consent records: until you withdraw consent or object, and for a short period thereafter to document compliance (typically up to 3 years).
  • Technical and log data: typically up to 12 months for security and analytics, unless a longer period is required for legal or security reasons.
  • Correspondence: for the time necessary to resolve your inquiry and for a reasonable period for quality and legal purposes (e.g. up to 3 years).

After the retention period, we securely delete or anonymise your data so that it can no longer identify you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Use of HTTPS and encryption (e.g. TLS/SSL) for data transmitted between your device and our servers.
  • Restricted access to personal data on a need-to-know basis and role-based access controls.
  • Secure storage and processing environments, with regular security assessments.
  • Policies and training for staff handling personal data.
  • Procedures to detect, respond to, and report data breaches in accordance with applicable law.

While we strive to protect your data, no method of transmission or storage over the Internet is completely secure. We encourage you to use strong passwords and keep your contact details up to date.

7. Sharing and international transfers

We may share your personal data with:

  • Service providers: payment processors, shipping and logistics partners, hosting and IT providers, email and customer support tools, and analytics providers. These parties act on our instructions and are bound by data processing agreements where required.
  • Legal and regulatory bodies: when required by law, court order, or to protect our rights, safety, or property.

If we transfer data to countries outside the United States or the European Economic Area, we ensure appropriate safeguards are in place (e.g. standard contractual clauses, adequacy decisions, or other mechanisms recognised by applicable law). Details can be provided on request.

8. Your rights

Depending on your location, you may have the following rights in relation to your personal data:

  • Access: to obtain confirmation as to whether we process your data and a copy of that data.
  • Rectification: to have inaccurate or incomplete data corrected.
  • Erasure: to request deletion of your data in certain circumstances (e.g. where it is no longer necessary or you withdraw consent).
  • Restriction: to request that we limit processing in certain situations.
  • Data portability: to receive your data in a structured, commonly used format where the processing is based on consent or contract and carried out by automated means.
  • Objection: to object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.
  • Complaint: to lodge a complaint with a supervisory authority (e.g. in the EU, your local data protection authority).

To exercise these rights, contact us using the details in section 1. We will respond within the timeframe required by applicable law (e.g. one month under GDPR). You may also have the right to non-discrimination for exercising your privacy rights under laws such as the CCPA.

9. Children

Our Website and services are not directed at individuals under the age of 16 (or higher where local law requires). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Material changes may be communicated by a notice on our Website or by email where appropriate.

11. Additional information for specific regions

European Economic Area (EEA) and UK

Where GDPR applies, the legal bases and rights set out above apply. Our representative in the EEA (if appointed) will be indicated here or on request.

California, USA

If you are a California resident, you may have additional rights under the CCPA, including the right to know what personal information we collect and how it is used, the right to delete, the right to opt out of the "sale" or "sharing" of personal information (we do not sell personal information as defined under the CCPA), and the right to non-discrimination. We do not sell or share personal information for cross-context behavioural advertising in a way that qualifies as a "sale" or "sharing" under the CCPA.