Dlixanaraoxitao.world

Legal

Privacy Policy

This document explains how we collect, use, store, and protect personal data when you interact with Fluxa and Dlixanaraoxitao.ddd. It is written to align with the EU General Data Protection Regulation and Austrian national law.

Last updated:

Data uses linked to advertising

If you consent to marketing cookies or similar tools, identifiers may be processed to measure ad delivery, attribute traffic to campaigns, and build privacy-compliant audience segments. Such processing supports lawful promotion of food supplements under EU and Austrian law and is limited to what you approve in the Cookie Policy.

We do not sell personal data to data brokers for unrelated profiling. Conversions shared with ad platforms follow contractual and statutory safeguards.

Overview and scope

This Privacy Policy applies to personal data processed in connection with the website at dlixanaraoxitao.world, incoming email correspondence, optional telephone contacts you initiate, and any order, quote, or sample request workflow we operate for Fluxa branded dietary supplements. It does not govern third-party websites that may link to us or analytics tools configured solely by a browser manufacturer.

We strive to describe processing in plain language while preserving enough specificity for supervisory authorities, corporate customers, and individual shoppers to understand what happens to identifiable information at each stage of the relationship.

Data controller identity

The controller responsible under the GDPR together with the Austrian Data Protection Act (DSG) is:

Dlixanaraoxitao.world
Schwedenplatz 2
1010 Wien
Austria

Email for privacy requests: ask@dlixanaraoxitao.world

Further legal disclosures for the operator of this site, including register and tax placeholders, are collected on the Impressum page.

We do not require a statutory data protection officer appointment for our current processing profile; nonetheless, the above channel is monitored by personnel instructed on confidentiality and escalation procedures.

Categories of personal data

Depending on how you engage with us, we may process:

  • Identity and contact data such as your name, billing or delivery address when you provide it, telephone number if you choose to share it, and email address.
  • Transaction data including ordered items, delivery amounts, payment confirmation references supplied by payment processors, and communication history relating to fulfilment.
  • Technical data generated when you load our pages: IP address, approximate geographic area derived at city or regional level, device model hints, operating system version signals, browser type and language preferences, timestamps, and diagnostic HTTP status codes where logged for security.
  • Usage data capturing pages opened, approximate dwell time when analytics cookies are accepted, referral URL when transmitted by the browser, and aggregated heatmaps produced from permitted tracking tools.
  • Marketing preference indicators when you opt in to newsletters or campaigns, including proof of consent records with time stamp and, where applicable, the specific form version you acknowledged.
  • Cookie identifiers and similar local storage keys further elaborated in the Cookie Policy.

We do not seek special categories of data under Article 9 GDPR; if you volunteer such information in free-text messages we isolate it where feasible and delete it when retention is not legally required.

Purposes and legal bases

  • Delivering goods, performing contracts, and answering pre-contractual questions where you initiate an inquiry: Article 6(1)(b) GDPR.
  • Operating customer care queues, authenticating legitimate order amendments, internal quality reviews of correspondence, and fraud pattern detection proportionate to risk: Article 6(1)(f) GDPR with balancing tests documented internally.
  • Sending service messages strictly necessary to fulfil an order or address a security event: Article 6(1)(b) or (f) depending on context.
  • Optional marketing communications, non-essential analytics, audience measurement beyond minimal server logs, and preference-based content: Article 6(1)(a) GDPR where we obtain prior consent you can withdraw without detriment to completed purchases except where messaging is still legally required.
  • Bookkeeping, responding to regulator or court orders, cooperating with law enforcement under mandatory local procedure, and defending legal claims: Article 6(1)(c) and Article 9(2)(f) if applicable alongside substantive law.

Where legitimate interests are cited, you may object under Article 21 GDPR; we will cease processing unless we demonstrate compelling grounds overriding your interests or need the data for legal claims.

Recipients and processors

We engage processors bound by Article 28 GDPR written terms. Categories include hosting and edge security vendors, transactional email delivery services, customer ticketing platforms, accounting suites, and payment service providers who act as independent controllers for their own fraud prevention where their terms disclose that role.

Corporate clients requesting aggregated fulfilment statistics may receive anonymised metrics that cannot reasonably be re-identified. Otherwise we do not sell lists of individuals or monetise personal data to data brokers.

If ownership of Dlixanaraoxitao.world changes due to merger or asset transfer, personal data may be disclosed to the successor under safeguards ensuring continuity of protection and notice when legally permissible.

Retention periods

Accounting records and tax-related documentation may be retained for up to seven years where Austrian commercial and tax laws require. General marketing consent logs remain for twenty-four months after the last affirmative interaction unless a longer period is justified for disputes.

Prospective customer inquiries that never convert are typically deleted twenty-four months after the last message unless minor redacted excerpts remain aggregated for training quality metrics without identifiers.

Server security logs rotate automatically after a short technical window not exceeding ninety days except where an incident investigation freezes specific entries.

Cookie retention is governed by the Cookie Policy annex. Backup tapes may contain older copies overwritten according to provider-specific rotation schedules we review annually.

Security measures

We implement TLS for public web properties, access control with individual accounts for staff, hashed password storage, least-privilege database roles, periodic patch management, malware scanning on endpoints handling order exports, and contractual confidentiality obligations for consultants.

Physical archives, if any, are segregated with restricted keys. Incident response steps include notifying the Austrian Data Protection Authority and affected data subjects where Article 33 and 34 thresholds are met without undue delay.

No security architecture eliminates all risk; we review controls when launching new features or onboarding subprocessors.

Your GDPR rights

Subject to conditions in Chapter III GDPR you may request access to data we hold about you, rectification of inaccurate fields, erasure where no overriding retention duty exists, restriction when accuracy is contested, portability for data you supplied processed by automated means under contract or consent, and objection where processing rests on legitimate interests including profiling that produces legal effects in the narrow cases where that applies to our operations.

To exercise rights email ask@dlixanaraoxitao.world with enough information to verify identity without excessive documentation. We respond within one month extensible by two further months in complex situations with justification.

You may lodge a complaint with the Austrian Data Protection Authority at dsb.gv.at or another EU supervisory authority where habitual residence or place of work lies.

International transfers

Data may transit to countries outside the EEA when a subprocessor maintains infrastructure there. We rely on adequacy decisions under Article 45 GDPR or appropriate safeguards such as the European Commission approved Standard Contractual Clauses supplemented by technical measures like encryption in transit and, where offered, encryption at rest for certain object types.

Upon request we can summarise onward transfer mechanisms relevant to your specific categories of data, excluding confidential commercial terms that do not affect the protection standard.

Children

Our storefront targets adults capable of forming contracts. We do not market to children and will delete profiles that appear to belong to minors once we obtain actual knowledge absent parental authorisation required by Member State law.

Automated decision-making

We do not conduct automated decisions producing legal or similarly significant effects within the meaning of Article 22 GDPR. Fraud scoring performed by payment processors operates under their privacy notices.

Policy updates

Material changes will be signalled by revising the date above, highlighting sections in our repository changelog, and, where legally necessary, refreshing consents or sending concise email notices to registered accounts.

Continued use after notice periods communicated in those emails constitutes acknowledgement except where fresh consent is mandatory.

Further contact

For questions that do not contain personal data you may also write to the postal address listed under the controller section. Including a subject line such as GDPR Request helps us route messages efficiently. We do not charge fees for manifestly unfounded or excessive requests; where volume spikes we may apply a reasonable administrative surcharge in line with Article 12(5) GDPR after warning.

We use strictly necessary cookies to run this site and optional analytics or marketing cookies only with your permission. Read the Cookie Policy for detail.