This Privacy Policy describes how the operator of qualtrexcraxylon.world, presenting the Frenico supplement line (“we”, “us”, “our”), collects, uses, discloses, stores, and protects personal data when you visit our website, create an account if available, place an order, subscribe to communications, or otherwise interact with us. We process personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Danish Data Protection Act (databeskyttelsesloven), and, where applicable, the UK GDPR and Data Protection Act 2018 for visitors from the United Kingdom.
Controller: Qualtrexcraxylon.world, Strandbygade 27, 6700 Esbjerg, Denmark. Email: chat@qualtrexcraxylon.world
1. Scope and relationship to other notices
This Policy applies to processing carried out through qualtrexcraxylon.world and related customer service channels unless a separate agreement states otherwise. It should be read together with our Cookie Policy, which explains how we use cookies and similar technologies, and with checkout terms presented at purchase. If you apply for employment, a dedicated applicant privacy notice may apply instead.
2. Categories of personal data we process
Depending on your interaction, we may process the following categories:
- Identity and contact data: full name, billing and delivery addresses, email address, telephone number, company name if you shop as a business.
- Transaction data: order contents, payment status references, delivery tracking identifiers, refunds, and customer service notes linked to your case.
- Financial data: limited payment metadata processed by certified payment service providers; we do not store full card numbers on our servers when modern tokenization is used.
- Account and profile data: password hashes, preferences, wish lists, and marketing consents if such features are enabled.
- Technical and usage data: IP address, device type, browser version, operating system, approximate location derived from IP, referring URL, pages viewed, session duration, and interaction events.
- Communications: free-text messages you send through forms, email, chat widgets, or social channels that we monitor for support.
- Compliance data: fraud scores, verification outcomes, export screening results where mandatory, and records demonstrating consent or contract performance.
- Photographic or document data: only if you voluntarily upload proof of delivery damage or identity documents when we request them for security.
3. Sources of personal data
We obtain data directly from you when you browse, register, purchase, or contact us. We also receive technical data automatically through server logs, analytics tools (when permitted), and security monitoring. Occasionally we receive updated address information from carriers or payment partners to complete delivery. We do not purchase marketing lists that contain personal data without verified consent.
4. Purposes and legal bases
We process personal data only when a lawful basis under Article 6 GDPR applies. The table below summarizes common scenarios.
| Purpose | Legal basis | Illustrative detail |
|---|---|---|
| Order fulfilment and contract administration | Performance of a contract | Processing payment instructions, shipping, returns, warranties. |
| Customer support and complaint handling | Contract; legitimate interests | Responding to inquiries, documenting resolutions. |
| Website security and fraud prevention | Legitimate interests | Rate limiting, bot detection, investigating suspicious orders. |
| Analytics and product improvement | Consent (non-essential cookies); legitimate interests (aggregated) | Understanding navigation patterns when you opt in. |
| Direct marketing by electronic mail | Consent; soft opt-in where permitted | Newsletters, early access invitations. |
| Legal compliance and regulatory requests | Legal obligation | Tax, consumer, customs, or court demands. |
| Establishing or defending legal claims | Legitimate interests | Preserving evidence during disputes. |
Where we rely on legitimate interests, we balance our interests against your rights and offer opt-out mechanisms where appropriate. You may contact us for additional information on the balancing test for a specific activity.
For online advertising in Denmark and the EU, we instruct partners to process data in line with consent signals and platform policies. Food supplement promotions are framed as non-medicinal product information; we do not use personal data to circumvent your cookie preferences.
5. Automated decision-making
We do not make decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Fraud checks may flag transactions for human review but do not automatically decline purchases without manual oversight except where payment networks require it.
6. Recipients and categories of processors
Personal data is accessed only by authorized personnel on a need-to-know basis. We engage processors to provide hosting, content delivery, email delivery, payment acquisition, customer relationship management, analytics (if consented), advertising measurement (if consented), logistics, and IT support. Each processor receives documented instructions and must implement appropriate technical and organizational measures. A list of main processor categories is available upon request.
7. International transfers
Your data is primarily processed within the European Economic Area. If we transfer personal data to countries without an adequacy decision, we implement Standard Contractual Clauses approved by the European Commission, supplementary measures where required by case law, or other approved mechanisms. Copies of relevant safeguards may be requested subject to confidentiality.
8. Retention periods
We retain personal data no longer than necessary for the purposes collected:
- Order and accounting records: up to seven years from the end of the financial year to satisfy Danish bookkeeping and tax rules.
- Marketing consents and unsubscribe logs: up to three years after withdrawal unless a longer period is needed to prove compliance.
- Customer service tickets: up to thirty-six months after closure unless a dispute extends the need.
- Web server logs: up to ninety days unless security investigations require longer isolated retention.
- Cookie and analytics identifiers: as described in the Cookie Policy, typically between six and twenty-four months depending on the vendor.
- Pending cart reminders: deleted within twelve months of inactivity if such features exist.
After retention expires, we delete or irreversibly anonymize data unless a narrow statutory exception applies.
9. Security measures
We implement encryption in transit (HTTPS), access controls, segregation of environments, logging, vulnerability monitoring, incident response procedures, and contractual security assurances from vendors. Staff receive periodic training on confidentiality and phishing awareness. No system is perfectly secure; please protect your credentials and report suspected unauthorized access immediately.
10. Your rights under GDPR
Subject to conditions and exemptions, you may exercise the following rights by emailing chat@qualtrexcraxylon.world or writing to our postal address:
- Right of access to copies of your personal data.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) where grounds apply.
- Right to restriction of processing in defined circumstances.
- Right to data portability for data processed by automated means based on consent or contract.
- Right to object to processing based on legitimate interests or to direct marketing.
- Right to withdraw consent at any time without affecting prior lawful processing.
- Right to lodge a complaint with Datatilsynet or another EU supervisory authority.
We may request proof of identity before fulfilling requests to prevent unauthorized disclosure. We will respond within one month, extendable by two further months where complex, and inform you of any extension.
11. Children
Our website and products are directed to adults. We do not knowingly collect personal data from children below sixteen without verifiable parental consent. If you believe we have collected a minor’s data inadvertently, contact us for prompt deletion.
12. Third-party websites
Our site may contain links to external resources. This Policy does not govern those sites. Review their privacy statements before submitting personal data.
13. Changes to this Policy
We may update this Policy to reflect legal, technical, or organizational changes. Material updates will be highlighted on this page with a revised “as of” date rendered dynamically at the top for transparency. Continued use after notification where permitted constitutes acknowledgment.
14. Contact and supervisory authority
For privacy questions: chat@qualtrexcraxylon.world, Strandbygade 27, 6700 Esbjerg, Denmark. Datatilsynet may be reached at Carl Jacobsens Vej 35, 2500 Valby, Denmark, or via datatilsynet.dk.