Home

Privacy Policy

Last updated:

This Privacy Policy explains how Xaldryonepheu (“we”, “us”) processes personal data when you use https://xaldryonepheu.world (the “Site”), contact us, or place an order. We process data in line with the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Finnish law.

Data controller

Xaldryonepheu
Eerikinkatu 22b
20100 Turku
Finland

Contact emails (plain text): info@xaldryonepheu.world, contact@xaldryonepheu.world, support@xaldryonepheu.world, help@xaldryonepheu.world

Geographic scope and language

The Site is operated from Finland and is intended for adults in the European Economic Area and the United Kingdom where the product may lawfully be offered. The interface is in English. If you access the Site from another region, you are responsible for checking whether importing or using the product is allowed where you live.

Advertising, measurement, and online platforms

We may promote the Site through online advertising platforms (for example search or display networks). Campaigns are configured to describe food supplements in line with applicable platform rules and regional product requirements. We do not use special categories of personal data such as health data for ad targeting.

When you arrive from an advertising link, a platform may attach technical parameters to the landing page. We process such data only as described here, in the Cookie Policy, and in the consent choices you set in the cookie banner.

What data we collect

• Identity and contact data: name, email address, postal address if you provide it, phone number if you choose to share it.
• Order and communication data: messages you send via forms, correspondence, and transaction references needed to fulfil a request.
• Technical data: IP address, browser type, device information, and similar data collected through cookies or server logs when you browse the Site.
• Preference data: cookie choices you save in the cookie banner.

Purposes and legal bases

• Providing the Site, forms, and customer support: performance of a contract or steps prior to a contract (Art. 6(1)(b) GDPR), and legitimate interests in operating a secure service (Art. 6(1)(f) GDPR).
• Compliance with legal obligations such as accounting or tax rules where applicable: legal obligation (Art. 6(1)(c) GDPR).
• Analytics or marketing cookies: consent (Art. 6(1)(a) GDPR) where you opt in via the cookie settings.
• Security, fraud prevention, and service improvement: legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights.

Retention

We keep personal data only as long as needed for the purposes above. Indicative periods: enquiry messages for up to twenty-four months unless a longer period is required to resolve a dispute; order records according to applicable bookkeeping rules; technical logs on a rolling basis for up to twelve months unless security needs require longer retention in isolated cases.

Sharing and processors

We may share data with hosting providers, email delivery services, and payment or logistics partners who process data on our instructions. We use written agreements where required by law and assess that partners provide appropriate safeguards.

International transfers

If data is transferred outside the European Economic Area, we rely on adequacy decisions or appropriate safeguards such as Standard Contractual Clauses, supplemented by technical and organisational measures where needed.

Security

We apply access controls, encryption where appropriate, separation of environments, and staff instructions aimed at protecting personal data against unauthorised access, loss, or alteration.

Your rights

Depending on the situation, you may have the right to access, rectify, erase, restrict processing, object, and data portability. You may withdraw consent for consent-based processing at any time. You may lodge a complaint with a supervisory authority. In Finland, the Office of the Data Protection Ombudsman is a relevant contact point.

Children

The Site is not directed at children. We do not knowingly collect data from children without parental authority where required by law.

Updates

We may update this policy to reflect legal or service changes. The “Last updated” date at the top reflects the latest revision. Material changes may be highlighted on the Site when reasonable.