Privacy Policy

Last updated: 11 March 2025

1. Controller and Contact Details

The data controller responsible for the processing of your personal data is:

Vorxenorphim
Sähkötalon alakerta, Kampinkuja 2
00100 Helsinki
Finland

Email: community@vorxenorphim.world
Phone: +3589441919

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.

2. Scope and Applicability

This Privacy Policy applies to the website vorxenorphim.world and all related services, including the CardioBalance Natur product ordering and customer support. This policy describes how we collect, use, disclose, store and protect your personal data. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (1050/2018), and other applicable Finnish and European data protection legislation.

3. Legal Basis for Processing

We process your personal data only when we have a lawful basis. The legal bases we rely on include:

• Contract performance: Processing necessary for the performance of a contract with you (e.g. order fulfilment, delivery).
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring website security, where such interests are not overridden by your rights.
• Consent: Processing based on your explicit consent, which you may withdraw at any time (e.g. marketing communications, non-essential cookies).
• Legal obligation: Processing necessary to comply with legal obligations (e.g. tax, accounting, consumer law).

4. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity data: Full name.
• Contact data: Email address, phone number (when voluntarily provided), postal address for delivery.
• Transaction data: Order details, payment information (processed by third-party payment providers), delivery status.
• Technical data: IP address, browser type, device type, operating system, referring URLs, pages visited, date and time of access.
• Usage data: How you use our website, including interactions with forms and content.
• Marketing and communications data: Preferences regarding marketing, records of correspondence with us.

5. Purposes of Processing

We process your personal data for the following purposes:

• Processing and fulfilling orders for CardioBalance Natur and related products.
• Communicating with you about your order, including order confirmation, shipping updates and customer support.
• Responding to your enquiries and requests submitted via contact forms or email.
• Ensuring the security and proper functioning of our website.
• Complying with legal obligations, including tax, accounting and consumer protection requirements.
• Improving our website, products and services based on aggregated and anonymised usage data.
• Where you have consented, sending marketing communications about our products and offers.

6. Data Sources

We obtain your personal data directly from you when you:

• Submit an order or contact form.
• Contact us by email or phone.
• Subscribe to our newsletter or marketing communications (where applicable).
• Interact with our website (e.g. through cookies and similar technologies, where permitted).

7. Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Order and transaction data: Retained for 7 years from the end of the calendar year in which the transaction occurred, in accordance with Finnish accounting and tax law.
• Customer support and correspondence: Retained for up to 3 years from the last contact, unless a longer retention period is required for legal claims.
• Marketing data (where consent applies): Retained until you withdraw consent or object to processing, after which we delete or anonymise the data within 30 days.
• Technical and usage data (logs): Retained for up to 12 months for security and operational purposes, unless a longer period is required for investigating incidents.
• Cookie data: As specified in our Cookie Policy.

After the retention period expires, we securely delete or anonymise your personal data so that it can no longer identify you.

8. Recipients of Personal Data

We may share your personal data with the following categories of recipients:

• Service providers: Third parties who process data on our behalf (e.g. hosting, email delivery, payment processing, logistics). Such processors act only on our instructions and are bound by data processing agreements.
• Authorities: Public authorities when required by law (e.g. tax, law enforcement).
• Legal advisors: When necessary for the establishment, exercise or defence of legal claims.

We do not sell your personal data to third parties.

9. International Transfers

We primarily store and process your data within the European Economic Area (EEA). If we transfer personal data to countries outside the EEA, we ensure appropriate safeguards are in place, such as:

• adequacy decisions by the European Commission; or
• standard contractual clauses (SCCs) approved by the European Commission; or
• binding corporate rules or other mechanisms recognised under applicable law.

10. Security Measures

We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:

• Use of HTTPS and TLS/SSL encryption for data transmitted between your device and our servers.
• Access controls restricting access to personal data to authorised personnel only.
• Regular security assessments and updates of systems and software.
• Secure storage and backup procedures.
• Staff training on data protection and confidentiality.
• Contracts with processors requiring appropriate security and compliance with data protection law.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is fully secure. We encourage you to use strong passwords and keep your login credentials confidential.

11. Your Rights Under GDPR

Under the GDPR, you have the following rights in relation to your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary, where you withdraw consent, or where you object to processing).
• Right to restriction of processing (Art. 18): You may request that we limit how we use your data in certain situations.
• Right to data portability (Art. 20): You may request that we provide your data in a structured, commonly used and machine-readable format, where the processing is based on consent or contract and is carried out by automated means.
• Right to object (Art. 21): You may object to processing based on legitimate interests or to processing for direct marketing. We will cease such processing unless we demonstrate compelling legitimate grounds.
• Right to withdraw consent (Art. 7): Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), available at tietosuoja.fi.

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one month. If your request is complex or we receive many requests, we may extend the response period by up to two further months and will inform you accordingly.

12. Children

Our website and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact

For any questions about this Privacy Policy or our data processing practices, please contact:

Vorxenorphim
Sähkötalon alakerta, Kampinkuja 2, 00100 Helsinki, Finland
Email: community@vorxenorphim.world
Phone: +3589441919