Who this is for. This Privacy Policy explains how Altrixa, operating in connection with the domain Draxylonghap.world (“we”, “us”, “our”), processes personal data when you browse our website, submit forms, purchase food supplements, or otherwise interact with us digitally. It is written for visitors and customers in the European Economic Area, the United Kingdom, Switzerland, and any other territory where comparable transparency is expected.
We describe our practices in plain language while referencing the EU General Data Protection Regulation (GDPR) where helpful. If local law grants you stronger protections, those protections still apply.
Marketing integrity (Finland / EU). Personal data used for advertising or measurement is processed lawfully and transparently. We do not rely on misleading profiling for food-supplement promotion; health-related ad personalisation is avoided where it would conflict with platform rules or consumer law.
1. Data controller and representative
The controller responsible for personal data processing is:
Altrixa
Hämeenkatu 10
33100 Tampere
Finland
Email: chat@draxylonghap.world
Website: https://draxylonghap.world
We do not appoint a separate EU representative because our main establishment is in Finland. Finnish residents may contact the Office of the Data Protection Ombudsman (tietosuoja.fi) if they believe processing infringes the GDPR. Residents of other Member States may contact their local supervisory authority instead.
2. Categories of personal data we collect
We aim to collect only what we need for clear purposes. Depending on how you use the site, we may process:
Contact and identity
Name, email address, shipping address, billing address, phone number if you provide it, and free-text messages you type into forms or emails.
Transaction data
Order identifiers, product selections, payment status (processed by payment partners), delivery confirmations, and customer service correspondence linked to an order.
Technical identifiers
IP address, approximate region derived from IP, browser type, operating system, device model, screen size hints, referring URL, and timestamps of server requests.
Usage and diagnostics
Aggregated analytics events such as scroll depth, click paths, and error logs when you consent to analytics cookies or similar technologies.
We do not ask you to upload medical records through this website. If you voluntarily disclose health-related information in a message, we treat it as highly sensitive and limit access accordingly, but we encourage you to avoid sharing clinical details with a supplement retailer unless necessary.
3. Purposes and legal bases
| Purpose | Typical legal basis (GDPR) |
|---|---|
| Delivering products, processing payments, and providing customer support tied to a contract | Article 6(1)(b) performance of a contract |
| Answering pre-contract questions submitted through contact forms | Article 6(1)(b) steps prior to contract or Article 6(1)(f) legitimate interests in responding to inquiries |
| Operating the website securely, preventing fraud, enforcing terms, defending legal claims | Article 6(1)(f) legitimate interests and Article 6(1)(c) legal obligations where applicable |
| Optional analytics and marketing measurement | Article 6(1)(a) consent |
| Accounting, tax filings, and regulatory record-keeping | Article 6(1)(c) legal obligation |
Where we rely on legitimate interests, we balance our needs against your rights. You may object to certain processing as described in the rights section below.
4. How long we keep data
Retention depends on why we hold the data:
- Marketing and analytics logs tied to consent are deleted or anonymized within the timeframe specified by each vendor, usually not longer than twenty-five months unless a shorter period is technically enforced.
- Contact form messages that do not lead to a contract are generally deleted within twenty-four months after the last meaningful exchange.
- Order and invoice records may be kept for six to ten years to satisfy Finnish and EU accounting and tax obligations.
- Security logs rotate on a rolling basis, typically between thirty and ninety days, unless isolated for incident investigation.
- Cookie consent strings are stored for up to thirty-six months to demonstrate compliance with ePrivacy expectations.
When retention periods end, we delete or irreversibly anonymize data so it can no longer identify you.
5. Recipients and categories of processors
We share personal data only with service providers who help us run the business, including:
- Hosting providers and content delivery networks that store or transmit website files.
- Payment service providers and fraud-screening tools that process card or wallet transactions.
- Email delivery services for transactional messages and optional newsletters where opted in.
- Logistics partners that print shipping labels and deliver parcels.
- Analytics or advertising partners when you have granted the relevant consent.
Each processor signs a data processing agreement or equivalent contractual language requiring confidentiality, security measures, and deletion at the end of service.
6. Security measures
We implement administrative, technical, and organizational measures appropriate to the risk, including:
- HTTPS/TLS encryption between your browser and our servers for standard browsing and form submission.
- Role-based access so only trained staff access personal data needed for their function.
- Segregation between live commerce systems and internal testing environments where feasible.
- Monitoring for unusual login or API activity and documented steps for breach notification where the law requires informing you or regulators.
No method of storage or transmission is perfectly secure. Please use unique passwords for your email account because password resets often flow through email.
7. International transfers
Some processors may process data in countries outside the EEA. When we transfer personal data internationally, we use mechanisms recognized by the European Commission such as adequacy decisions or the standard contractual clauses (2021 versions), supplemented by technical measures like encryption in transit. Copies of relevant transfer documentation may be requested subject to confidentiality constraints.
8. Your privacy rights
Subject to applicable law, you may:
- Request access to the personal data we hold and receive a copy in a structured format.
- Ask us to correct inaccurate information or complete incomplete fields.
- Request deletion when processing is no longer necessary or when you withdraw consent and no other ground applies.
- Request restriction of processing in specific scenarios, such as pending verification of accuracy.
- Receive personal data you provided in a machine-readable format where processing is automated and based on consent or contract.
- Object to processing based on legitimate interests, including profiling that produces legal or similar effects (we currently do not perform such profiling).
- Withdraw consent for optional cookies or marketing at any time via the cookie banner or by contacting us.
To exercise any right, email chat@draxylonghap.world with a description of your request. We may ask for reasonable identity verification before disclosing information. You may lodge a complaint with a supervisory authority if you disagree with our response.
9. Automated decisions, children, and updates
Automated decision-making. We do not make decisions based solely on automated processing that significantly affects you.
Children. Our products target adults. We do not knowingly collect data from anyone under sixteen without verifiable parental consent. If you believe we collected a minor’s data, contact us and we will delete it promptly.
Updates. We revise this Privacy Policy when our practices, technology, or legal obligations change. The date at the top reflects the latest substantive review. Continued use of the site after updates means you acknowledge the revised notice where permitted by law.
Questions. For anything not covered here, including data protection impact summaries for corporate buyers, reach us at the postal address or email listed under the controller section.