Privacy Policy
Last updated: March 13, 2025
1. Controller and contact details
The controller responsible for the processing of your personal data in connection with this website is:
Xolvarynvitghit
1000 Cottman Ave
Philadelphia, PA 19111
United States
Email: hello@xolvarynvitghit.world
Phone: +1 215 770 7869
If you have questions about this Privacy Policy or about the processing of your personal data, you may contact us using the details above.
2. Scope and applicability
This Privacy Policy applies to the website accessible at https://xolvarynvitghit.world (the "Website") and to the processing of personal data carried out by Xolvarynvitghit in connection with the Website and the services offered through it, including the sale and promotion of Coranatura and related customer communications. It describes what personal data we collect, for what purposes we use it, on what legal basis we process it, how long we keep it, and what rights you have under applicable data protection laws, including the General Data Protection Regulation (GDPR) where it applies, and other US and international privacy laws.
3. Personal data we collect
We may collect the following categories of personal data:
- Identity and contact data: name, email address, postal address, telephone number, and similar contact details that you provide when placing an order, filling in a contact or order form, or when you contact us.
- Transaction and order data: information related to your orders, such as products ordered, payment-related information (e.g. payment method, transaction identifiers), and delivery details.
- Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, date and time of access, and similar technical and usage information collected automatically when you use the Website (e.g. via cookies and similar technologies, where you have consented or where such processing is strictly necessary).
- Communication data: content of messages, enquiries or complaints you send to us, and records of our correspondence with you.
We do not collect special categories of personal data (e.g. health data) unless you voluntarily provide such information and we have a lawful basis to process it, or where required by law.
4. Purposes and legal basis for processing
We process your personal data for the following purposes and on the following legal bases:
- Performance of a contract: to process and fulfil your orders, to deliver products, to manage your account and customer relationship, and to communicate with you about your order. Legal basis: performance of a contract to which you are party or steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR where applicable).
- Legitimate interests: to operate, secure and improve the Website; to prevent and detect fraud and abuse; to establish, exercise or defend legal claims; to manage our business operations and internal administration; and, where relevant, to send you service-related communications. Legal basis: our legitimate interests (Art. 6(1)(f) GDPR where applicable), provided they are not overridden by your interests or fundamental rights.
- Legal obligation: to comply with applicable laws, regulations, court orders or requests from public authorities (e.g. tax, customs, consumer protection). Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR where applicable).
- Consent: where we use cookies or similar technologies for non-essential purposes (e.g. analytics, marketing), we do so on the basis of your consent where required by law. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Legal basis: consent (Art. 6(1)(a) GDPR where applicable).
5. Retention periods
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, accounting or reporting requirements.
- Order and customer data: we retain data related to orders and customer communications for the duration of our contractual relationship and thereafter for a period required by applicable law (e.g. for tax and commercial law purposes, typically several years after the end of the calendar year in which the transaction occurred).
- Contact form and enquiry data: we retain data from contact or order enquiries for as long as needed to handle your request and for a reasonable period thereafter for follow-up and legal defence purposes (e.g. up to several years depending on applicable limitation periods).
- Technical and usage data (cookies and similar): retention periods for cookie-related data are described in our Cookie Policy. In general, session data may be deleted when you close your browser; persistent data is kept only for the periods stated in the Cookie Policy or until you withdraw consent or object where applicable.
- Marketing and analytics: where processing is based on consent, we retain the data for the period specified at the time of collection or until you withdraw consent, and thereafter only in anonymised or aggregated form where permitted.
After the relevant retention period, we delete or anonymise your personal data so that it can no longer be associated with you.
6. Recipients and international transfers
We may share your personal data with:
- Service providers who assist us in operating the Website, processing orders, delivering products, processing payments, or providing customer support (e.g. hosting, payment processors, logistics partners). Such providers are contractually bound to use the data only for the purposes we specify and in accordance with applicable data protection law.
- Professional advisers (e.g. lawyers, accountants) where necessary for our legitimate interests or legal obligations.
- Public authorities or law enforcement when required by law or to protect our rights and the rights of others.
Some of these recipients may be located in countries outside the United States or outside the European Economic Area (EEA). Where we transfer personal data to such countries, we ensure appropriate safeguards are in place (e.g. standard contractual clauses approved by the European Commission, or other mechanisms recognised by applicable law) so that your data is protected in line with this Privacy Policy and applicable data protection laws.
7. Security measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. These measures include:
- Use of HTTPS and encryption for data transmitted between your device and our servers.
- Restriction of access to personal data to authorised personnel and service providers on a need-to-know basis.
- Regular review and updating of our security practices and, where applicable, contracts with processors that require adequate security and confidentiality.
- Procedures to handle suspected data breaches and to notify you and relevant authorities where required by law.
Despite these measures, no method of transmission or storage over the Internet is completely secure. We encourage you to use strong passwords and to protect your account and device from unauthorised access.
8. Your rights
Depending on your location and applicable law (including the GDPR if you are in the EEA or the UK), you may have the following rights in relation to your personal data:
- Access: to obtain confirmation as to whether we process your personal data and, where that is the case, to access the data and receive certain information about the processing.
- Rectification: to have inaccurate personal data corrected or completed.
- Erasure: to request deletion of your personal data in certain circumstances (e.g. where the data is no longer necessary, where you withdraw consent, or where you object and there are no overriding legitimate grounds).
- Restriction: to request that we restrict the processing of your personal data in certain situations (e.g. while we verify accuracy or while we consider an objection).
- Data portability: where processing is based on contract or consent and is carried out by automated means, to receive the personal data you provided in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller.
- Objection: to object to processing based on legitimate interests, including profiling. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, or for the establishment, exercise or defence of legal claims. You may also object at any time to processing for direct marketing.
- Withdraw consent: where processing is based on consent, to withdraw that consent at any time.
- Lodge a complaint: to lodge a complaint with a supervisory authority in your country of residence or place of work, or where an alleged infringement of data protection law occurred.
To exercise any of these rights, please contact us using the contact details given in section 1. We will respond within the time limits set by applicable law (e.g. one month under the GDPR, subject to possible extensions). We may need to verify your identity before processing your request.
9. Children
Our Website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete such information.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Website, or legal requirements. We will post the updated version on this page and indicate the date of the last update. Where required by law, we will notify you of material changes (e.g. by email or a notice on the Website) or ask for your consent to new processing.
11. Additional information for certain jurisdictions
If you are in the European Economic Area or the United Kingdom, the GDPR and UK GDPR may apply to the processing of your personal data. This Privacy Policy is intended to be consistent with those laws. If you are in the United States, state privacy laws may grant you additional rights (e.g. right to know, delete, correct, opt out of sale or sharing). We do not sell your personal data as defined under such laws. For any such requests, please use the contact details in section 1.