Privacy Policy

1. Controller and contact details

The controller responsible for the processing of your personal data in relation to this website and our services is:

Phrexxonvorkan
Marnixstraat 168
1016 TG Amsterdam
Netherlands

Email: support@phrexxonvorkan.world
Phone: +31 20 623 1051

If you have questions about this Privacy Policy or about the processing of your personal data, you may contact us at the above address or email.

2. Scope and applicability

This Privacy Policy applies to the website phrexxonvorkan.world (and any subdomains) and to the processing of personal data in the context of our product Vasovitalis, orders, customer support and marketing communications. It describes what data we collect, for what purposes, on what legal basis, for how long we retain it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable Dutch law.

3. Personal data we collect

We may collect the following categories of personal data:

• Identification and contact data: name, email address, telephone number, delivery address, and similar data that you provide when placing an order, using the contact form, or subscribing to communications.
• Order and transaction data: order details, payment-related information (to the extent necessary for processing payments and refunds), and correspondence related to your orders.
• Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar data generated when you use our website. This may include data collected via cookies and similar technologies, as further described in our Cookie Policy.
• Communication data: content of messages you send us (e.g. via contact form or email) and our replies.

We do not collect special categories of data (e.g. health data) unless you voluntarily provide them in a message and we need them to answer your request. In that case we will use them only for the purpose you provided them and in accordance with applicable law.

4. Purposes and legal basis for processing

We process your personal data for the following purposes and on the following legal bases:

• Performance of a contract: to process and fulfil your orders, manage deliveries, handle returns and refunds, and communicate with you about your order. Legal basis: performance of the contract (Art. 6(1)(b) GDPR).
• Legitimate interests: to operate and improve our website, prevent fraud and abuse, enforce our terms, and defend our rights. Legal basis: legitimate interests (Art. 6(1)(f) GDPR), where we have balanced our interests against your rights.
• Legal obligation: to comply with tax, accounting, and other legal obligations (e.g. retention of invoices). Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).
• Consent: where we use non-essential cookies, send marketing emails, or process data for other purposes that we have explicitly asked your consent for. Legal basis: consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Retention periods

We retain your data only as long as necessary for the purposes described above or as required by law:

• Order and customer data: for the duration of the contractual relationship and thereafter for a period necessary to handle complaints, returns, and legal claims (typically up to 7 years for accounting and tax purposes where applicable).
• Contact form and support correspondence: for the time needed to handle your request and any follow-up; thereafter we may retain anonymised or summarised information for quality and training purposes where permitted.
• Marketing and consent-based processing: until you withdraw consent or object, or for the period stated at the time of collection.
• Technical and access logs: for a limited period necessary for security and troubleshooting (e.g. up to 12 months), unless a longer period is required by law.
• Cookie-related data: as specified in our Cookie Policy.

After the retention period, we delete or anonymise your data so that it can no longer be attributed to you.

6. Recipients and transfers

We may share your data with:

• Service providers: payment processors, shipping and logistics partners, IT and hosting providers, and email or customer support tools, to the extent necessary for the purposes above. We choose providers that offer adequate safeguards and, where required, we use standard contractual clauses or other mechanisms approved by the European Commission for transfers outside the EEA.
• Authorities: when we are legally obliged to do so (e.g. tax, law enforcement).

We do not sell your personal data to third parties. Any transfer of data outside the European Economic Area (EEA) is done in accordance with Chapter V of the GDPR.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include: use of HTTPS and encryption where appropriate; access controls and authentication; secure handling of payment data in line with industry standards; regular review of our processes and, where applicable, confidentiality obligations for staff and processors. Despite our efforts, no transmission over the internet or electronic storage is completely secure; we encourage you to use strong passwords and to contact us if you suspect any misuse of your data.

8. Your rights under the GDPR

Subject to applicable law, you have the following rights:

• Right of access (Art. 15): you may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): you may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): you may request deletion of your data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent where consent was the basis).
• Right to restriction of processing (Art. 18): you may request that we only store your data and process it in limited ways in certain situations.
• Right to data portability (Art. 20): where processing is based on contract or consent and carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): you may object to processing based on legitimate interests, including profiling; and you may object at any time to processing for direct marketing.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us using the details in section 1. We will respond within the time limits set by the GDPR (generally one month). We may need to verify your identity before processing your request.

9. Children

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the website. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on the website.

11. Additional information for Dutch law

Where Dutch law imposes additional obligations or grants additional rights regarding the processing of personal data, we comply with such provisions. For example, we respect the Dutch implementation of the GDPR and any guidelines issued by the Autoriteit Persoonsgegevens.