Privacy Policy
Effective date: 19 March 2026 · Version: 1.0 · Jurisdiction: Sweden / European Economic Area
This Privacy Policy explains how Vorzelynwloxarix (“we”, “us”, “our”) processes personal data when you visit https://vorzelynwloxarix.world, purchase Floravascor, or contact us. We apply the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Swedish Data Protection Act (2018:218) supplementing the GDPR, and ePrivacy rules where relevant to electronic communications.
1. Data controller and contact
The controller responsible for processing is:
- Trading name: Vorzelynwloxarix
- Registered address: Västerlånggatan 16, 111 29 Stockholm, Sweden
- Email: info@vorzelynwloxarix.world
- Telephone: +46771450450
We do not appoint a Data Protection Officer unless required by law. For GDPR matters you may contact us using the details above. You may also contact the Swedish Authority for Privacy Protection (IMY) if you consider that processing infringes applicable law.
2. Scope and material scope
This policy covers processing carried out via our website, email, telephone, postal correspondence, payment service providers, logistics partners, and any CRM or ticketing tools we operate. It does not govern third-party sites that we link to; their policies apply separately.
3. Categories of personal data
Depending on your interaction, we may process:
- Identity and contact data: name, delivery address, billing address, email address, telephone number, customer reference numbers.
- Transaction data: order contents, prices, payment status, delivery status, returns, refund data, communications about your order.
- Financial data: limited payment metadata processed by PCI-DSS compliant payment processors (we do not store full card numbers on our servers when a processor tokenises them).
- Technical data: IP address, device type, browser, approximate location derived from IP, referring URL, pages viewed, timestamps.
- Cookie and similar data: consent records, session identifiers, analytics or marketing identifiers if you opt in (see our Cookie Policy).
- Communication content: free-text messages you submit through forms, email threads, or recorded calls where legally permitted and notified.
- Compliance data: age confirmation where required, fraud screening signals, export control checks if applicable.
We do not intentionally collect special categories of personal data (Article 9 GDPR). If you voluntarily disclose health information, we will restrict access and delete it unless a legal exception applies.
4. Purposes and legal bases
| Purpose | Legal basis (GDPR) | Further detail |
|---|---|---|
| Website delivery, security, fraud prevention | Article 6(1)(f) legitimate interests; Article 6(1)(b) steps prior to contract where relevant | Keeping the site available, enforcing rate limits, protecting against abuse. |
| Processing orders and delivering Floravascor | Article 6(1)(b) performance of a contract | Fulfilment, carrier integration, invoicing where applicable. |
| Customer support | Article 6(1)(b) contract; Article 6(1)(f) legitimate interests | Responding to questions, handling complaints, documenting resolutions. |
| Accounting, tax, and corporate records | Article 6(1)(c) legal obligation | Swedish bookkeeping act and tax rules prescribe retention of transaction evidence. |
| Direct marketing by electronic mail to existing customers about similar products | Article 6(1)(f) legitimate interests, assessed against your rights; soft opt-in where permitted under national ePrivacy implementation | You may opt out at any time; we honour unsubscribe promptly. |
| Newsletters or profiling-based marketing | Article 6(1)(a) consent | Only where you opt in; withdrawal does not affect prior lawful processing. |
| Analytics cookies or pixels | Article 6(1)(a) consent where required | Activated only after consent via our cookie banner where mandated. |
| Product safety and regulatory correspondence | Article 6(1)(c) legal obligation; Article 6(1)(f) legitimate interests | Cooperation with food safety authorities, recalls, market surveillance. |
5. Sources of data
We obtain data directly from you, from payment service providers, carriers, identity verification tools you choose, public registers where permitted, and, in limited cases, from fraud intelligence networks subject to strict necessity.
6. Automated decision-making and profiling
We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Basic fraud scoring may occur at payment stage under provider rules; you may obtain meaningful information about the logic by contacting the relevant payment provider.
7. Recipients and processors
We share personal data with categories of recipients bound by written agreements where required:
- Hosting, email delivery, and backup providers within the EU/EEA or covered by appropriate safeguards.
- Payment institutions and acquirers processing card or wallet payments.
- Logistics partners transporting goods and providing tracking portals.
- Professional advisers (lawyers, accountants) under confidentiality duties.
- Authorities when compelled by lawful requests.
An up-to-date list of key processors is available on request. Sub-processors must meet equivalent protection standards.
8. International transfers
Primary processing occurs within the EEA. If we transfer personal data to countries without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses (2021/914) supplemented by transfer impact assessments and technical measures including encryption in transit and at rest where feasible.
9. Retention periods
- Order and invoice records: seven years from the end of the financial year, aligned with Swedish bookkeeping requirements, unless a longer period is mandated for a specific dispute.
- Marketing consents and suppression lists: until withdrawal plus a short overlap to evidence consent status.
- Support tickets: up to thirty-six months after closure unless linked to ongoing legal claims.
- Web server logs: up to ninety days unless extended narrowly for security investigations.
- Cookie consent logs: up to twenty-four months from last update.
When retention expires, we delete or irreversibly anonymise data.
10. Security measures
We implement administrative, technical, and organisational measures including role-based access, least-privilege accounts, TLS encryption for public endpoints, patching cadence, vendor due diligence, staff confidentiality commitments, and incident response procedures. No method of transmission is completely secure; we encourage strong passwords and device protections on your side.
11. Your rights
Subject to conditions in the GDPR, you may:
- Request access to your personal data and certain information about processing (Article 15).
- Request rectification of inaccurate data (Article 16).
- Request erasure (“right to be forgotten”) where grounds apply (Article 17).
- Request restriction of processing (Article 18).
- Receive data in a structured, machine-readable format and transmit it to another controller where processing is based on consent or contract and automated (Article 20).
- Object to processing based on legitimate interests, including profiling (Article 21).
- Withdraw consent at any time where processing relies on consent, without affecting the lawfulness of processing before withdrawal (Article 7(3)).
- Lodge a complaint with IMY or another EU supervisory authority (Article 77).
To exercise rights, email info@vorzelynwloxarix.world with enough detail to identify you. We may request proof of identity. We respond within one month, extendable by two further months where complex, notifying you of reasons.
12. Children
Floravascor is intended for adults. We do not knowingly collect data from children under 16 without parental authority. If you believe we have collected such data, contact us for prompt deletion.
13. Marketing preferences
You may opt out of promotional emails through the unsubscribe link or by writing to us. Non-promotional messages about transactions, security, or legal notices may still be sent.
14. Changes to this policy
We update this policy when practices or laws change. Material changes will be highlighted on the website with an updated effective date. Continued use after notice where appropriate may constitute acknowledgement; where consent is required, we will seek fresh consent.
15. Regulatory references
Helpful public resources include the GDPR text, the Swedish Data Protection Act, and IMY guidance for consumers and organisations. This policy is informational and does not waive any mandatory rights or obligations.