Privacy Policy

This Privacy Policy explains how Tloxorelphitvort ("we", "us", or "our"), operating the website at https://tloxorelphitvort.world, collects, uses, stores, and protects your personal data.

We are committed to protecting personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private-sector privacy law, and with applicable provincial privacy laws where they apply. If you are in the European Union, United Kingdom, or European Economic Area, this policy also describes your rights under the General Data Protection Regulation (GDPR) (EU) 2016/679 and, where applicable, the UK GDPR.

By using this website, you confirm that you have read and understood this policy.

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

We may collect the following categories of personal data:

2.1 Data You Provide Directly

• Name: provided when you submit an order or enquiry via the contact form.
• Email address: provided when you submit an order or enquiry.
• Phone number: optionally provided when you submit an order or enquiry.
• Message content: any information you include in the message field of our form.

2.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of visit.
• Cookie data: as described in our Cookie Policy.

We do not collect sensitive personal data (special categories under GDPR Article 9) and do not process personal data of individuals under 18 years of age.

3. How We Use Your Data

We use your personal data for the following purposes:

• Processing and fulfilling your product orders.
• Communicating with you regarding your order or enquiry.
• Responding to questions, feedback, or support requests.
• Analysing website usage to improve content and functionality (where analytics cookies are consented to).
• Complying with applicable laws and legal obligations.

3.1 Commercial Electronic Messages (Canada — CASL)

We do not send unsolicited commercial electronic messages (such as promotional email or SMS marketing) unless you have given express consent or another lawful basis applies under Canada’s Anti-Spam Legislation (CASL). Messages relating to an existing order, enquiry, or customer service (for example, order confirmations or responses to your questions) are sent on a transactional or relationship basis as permitted by law. You may withdraw consent to optional marketing communications at any time using the unsubscribe mechanism provided in those messages, where applicable.

4. Legal Basis for Processing

Canada: Under PIPEDA, we collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances. We rely on consent (express or implied, as appropriate), contractual necessity, our legitimate business interests (where not overridden by your rights), and legal obligation, consistent with the ten principles of PIPEDA.

EU/EEA/UK: Where GDPR applies, we process your personal data on the following legal bases as defined in GDPR Article 6:

• Performance of a contract (Article 6(1)(b)): Processing necessary to fulfil your order or respond to your pre-contractual enquiry.
• Consent (Article 6(1)(a)): Where you have given explicit consent, for example for analytics or marketing cookies, or when you tick the consent checkbox on our order form.
• Legitimate interests (Article 6(1)(f)): For security, fraud prevention, and general website administration, where these interests are not overridden by your rights.
• Legal obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation we are subject to.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Order and enquiry data: retained for up to 3 years from the date of your last interaction, or as required by tax and commercial law.
• Analytics data: retained in anonymised or aggregated form; identifiable data is not stored beyond session level.
• Cookie preferences: stored locally in your browser via localStorage until cleared by you.

When data is no longer needed, it is deleted or anonymised using secure processes.

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share your data with:

• Service providers: trusted third-party processors (e.g., email delivery, hosting) acting under data processing agreements and bound to handle your data only as instructed by us.
• Legal authorities: where required by law, court order, or regulatory obligation.

Any third-party processors are subject to contractual obligations (including under GDPR Article 28, where applicable, and comparable safeguards under PIPEDA) to implement appropriate technical and organisational security measures.

7. International Data Transfers

Our primary operations are based in Canada. If personal data is transferred outside Canada or the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses adopted by the European Commission, or adequacy decisions where applicable. Canada is recognised as providing adequate data protection for most transfers from the EEA under GDPR for commercial organisations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unlawful access, disclosure, alteration, or destruction. These include encrypted HTTPS transmission, access controls, and regular security review of our processes. No method of internet transmission is 100% secure; however, we continuously work to protect data to a high standard.

9. Your Rights — Canada (PIPEDA and Provincial Laws)

If you are in Canada, you have rights regarding your personal information, subject to legal exceptions:

• Access: You may request access to the personal information we hold about you.
• Accuracy: You may request correction of inaccurate or incomplete information.
• Accountability: You may ask how we use your information and with whom we may share it.
• Withdraw consent: Where processing is based on consent, you may withdraw it subject to contractual or legal restrictions.
• Complaint: You may lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe we have not handled your information in accordance with PIPEDA.

Certain provinces and territories have their own private-sector or health privacy laws that may apply instead of or alongside PIPEDA (for example, Alberta and British Columbia’s PIPA, Quebec’s Act respecting the protection of personal information in the private sector as amended by Law 25, and others). If you are in Quebec, you may also contact the Commission d’accès à l’information du Québec regarding applicable provincial rights.

To exercise Canadian privacy rights, contact us using the details in the Contact Us section below. We will respond within a reasonable period (typically within 30 days where feasible, or as required by applicable law).

10. Your Rights Under GDPR (EU/EEA/UK)

If you are located in the EU/EEA or UK, you have the following rights regarding your personal data:

• Right of access (Article 15): Request a copy of the personal data we hold about you.
• Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Article 17): Request deletion of your data ("right to be forgotten"), subject to legal exceptions.
• Right to restriction of processing (Article 18): Request that we limit how we use your data in certain circumstances.
• Right to data portability (Article 20): Receive your data in a structured, machine-readable format where technically feasible.
• Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Article 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority. In the EU, you may contact your national Data Protection Authority (DPA).

To exercise any of these rights, contact us at connectuse@tloxorelphitvort.world. We will respond within 30 calendar days. We may request verification of your identity before fulfilling any request.

11. Cookies

We use cookies and similar tracking technologies on this website. For full details of what cookies we use, their purpose, and how to manage them, please see our Cookie Policy.

12. Children's Privacy

This website is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately so we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will provide prominent notice on our website. Continued use of the website after any changes constitutes acceptance of the revised policy.

14. Contact Us

For any questions or requests regarding this Privacy Policy or your personal data, please contact: