Privacy Policy

Last updated: March 11, 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Grexalonvorl
11643 Beach Blvd Unit A
Jacksonville, FL 32246
United States

Email: welcome@grexalonvorl.world
Phone: +1 904 551 5870

If you have questions about this Privacy Policy or about how we process your data, you may contact us at the above address or email.

2. Scope and legal basis

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website at grexalonvorl.world (the "Website") and when you interact with us (e.g. orders, contact forms, emails). We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where it applies, and with US federal and state privacy laws where we operate.

We process personal data only where we have a lawful basis: performance of a contract, your consent, our legitimate interests (where they are not overridden by your rights), or compliance with a legal obligation.

3. Personal data we collect and purposes

3.1 Data you provide to us

• Order and contact form data: When you place an order or use the contact form, we collect your name, email address, telephone number (if provided), and message content. Purpose: To process your order, respond to your inquiries, and communicate with you about your order or request. Legal basis: Performance of a contract and/or our legitimate interest in providing customer service.
• Consent and preferences: When you accept or reject cookies or marketing, we record your choices. Purpose: To respect your preferences and comply with consent obligations. Legal basis: Your consent and our legitimate interest in compliance.

3.2 Data collected automatically

• Technical and usage data: When you visit the Website, we may collect your IP address, browser type and version, device type, operating system, referring URL, pages visited, and approximate time spent. Purpose: To operate and secure the Website, analyze usage (if you have consented to analytics cookies), and improve our services. Legal basis: Our legitimate interest in operating and improving the Website, and where applicable your consent for analytics.
• Cookies and similar technologies: We use cookies and similar technologies as described in our Cookie Policy. Purpose: Strictly necessary cookies for the site to function; optional cookies for analytics and marketing only with your consent. Legal basis: Legitimate interest (necessary cookies) or consent (optional cookies).

4. Retention periods

We keep your data only as long as necessary for the purposes for which it was collected or as required by law.

• Order and contact data: We retain order and contact form data for the duration of the business relationship and for a period thereafter necessary for warranty, returns, tax, and legal obligations (typically up to 7 years from the end of the calendar year in which the transaction occurred, or as required by applicable law).
• Marketing and consent records: We retain records of your consent and marketing preferences for as long as we use them and for a period thereafter to demonstrate compliance (typically up to 3 years).
• Technical and access logs: Server and security logs are retained for a limited period necessary for security and troubleshooting (typically up to 12 months), unless a longer period is required for legal or regulatory reasons.
• Cookie-related data: As set out in our Cookie Policy; session data is deleted when you close your browser; persistent cookie data is kept only for the durations stated there.

After the retention period, we delete or anonymize your data so that it can no longer identify you.

5. Recipients and international transfers

We may share your data with:

• Service providers: Hosting, payment processing, email delivery, and analytics providers that assist us in operating the Website and fulfilling orders. Such providers are bound by contract to use your data only for the purposes we specify and in accordance with applicable data protection law.
• Legal and regulatory bodies: Where we are required to do so by law, or to protect our rights, safety, or property.

Our business is located in the United States. If you are in the European Economic Area (EEA), UK, or another jurisdiction with strict transfer rules, we ensure appropriate safeguards (e.g. standard contractual clauses or other mechanisms approved by the relevant authorities) when transferring your data outside your jurisdiction.

6. Your rights

Depending on your location, you may have the following rights in relation to your personal data:

• Access: To obtain confirmation as to whether we process your data and, where that is the case, access to that data and certain information about the processing.
• Rectification: To have inaccurate personal data corrected.
• Erasure: To have your data erased in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent where consent was the basis).
• Restriction: To request that we restrict processing in certain situations (e.g. while we verify accuracy or while a dispute is resolved).
• Data portability: Where processing is based on consent or contract and is carried out by automated means, to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
• Objection: To object to processing based on legitimate interests, including profiling. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, or for the establishment, exercise, or defense of legal claims.
• Withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence or place of work, or where an alleged infringement occurred. In the US, you may also have rights under state laws (e.g. CCPA where applicable).

To exercise any of these rights, contact us using the details in section 1. We will respond within the time limits required by applicable law (e.g. one month under GDPR, subject to extensions where permitted).

7. Security measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Use of HTTPS and encryption in transit for the Website.
• Restricted access to personal data on a need-to-know basis.
• Secure storage and access controls for systems that process personal data.
• Regular review of our security practices and updating of measures as appropriate.

While we take these precautions, no method of transmission or storage over the Internet is completely secure. We encourage you to use strong passwords and to protect your own account and device security.

8. Children

Our Website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Website. The "Last updated" date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent to any material change in how we use your data.

10. Additional information for certain jurisdictions

California residents (CCPA/CPRA): You may have additional rights, including the right to know what personal information we collect and how it is used, the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right to non-discrimination. We do not sell personal information as defined under the CCPA. To exercise these rights, contact us at the details in section 1.

EEA/UK (GDPR): Our processing is conducted in line with the GDPR. The controller details, legal bases, retention periods, and your rights are set out above. For transfers outside the EEA/UK we use appropriate safeguards as indicated in section 5.