Privacy Policy

Last updated: 5 March 2025

1. Controller and contact

The data controller responsible for your personal data is:

Kluzarinzythunie
233, 235 Old Brompton Rd
London SW5 0EA
United Kingdom

For any request relating to your personal data or this policy, you may contact us at the address above, or by phone: +44 20 7373 2798, or by writing to: clients@kluzarinzythunie.world.

2. Scope and legal basis

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website https://kluzarinzythunie.world (the “Site”) and our services, including the sale of HerbaCor Vitalis and related customer support. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), and other applicable UK and international data protection laws where relevant.

We process your data only where we have a lawful basis: performance of a contract (e.g. processing your order), consent (e.g. marketing, non-essential cookies), legal obligation (e.g. tax and accounting), or our legitimate interests (e.g. improving our services, security, fraud prevention), where those interests are not overridden by your rights.

3. Personal data we collect

3.1 Data you provide

• Identity and contact data: name, email address, telephone number, delivery address when you place an order or contact us.
• Transaction data: order details, payment-related information (we do not store full card numbers; payment processing may be handled by third-party providers who have their own privacy notices).
• Communications: content of messages you send us (e.g. via contact/order forms or email).
• Consent records: where you have given consent (e.g. marketing, cookies), we keep a record of what you agreed to and when.

3.2 Data collected automatically

• Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar technical data. This may be collected via cookies and similar technologies as described in our Cookie Policy.

4. Purposes of processing

We use your personal data for the following purposes:

• To perform our contract with you: processing and fulfilling orders, delivery, returns, and customer support.
• To communicate with you about your order, account or enquiries.
• To comply with legal obligations: tax, accounting, responding to lawful requests from authorities.
• To improve our website and services: analysing how the Site is used (where we rely on consent or legitimate interest and in accordance with cookie preferences).
• To send marketing communications only where you have given clear consent; you may withdraw consent at any time.
• To protect our business and users: fraud prevention, security, and enforcement of our terms.

5. Retention periods

We keep your data only for as long as necessary for the purposes above or as required by law.

• Order and customer data: typically up to 6 years after the last transaction for legal, tax and accounting requirements, and for handling potential disputes or returns.
• Marketing and consent records: until you withdraw consent or object, plus a short period to record your choice (e.g. up to 3 years for suppression lists).
• Technical and access logs: up to 12 months unless a shorter period is applied; analytics data may be anonymised or deleted in accordance with our data retention schedule.
• Enquiry and correspondence data: for the duration of the enquiry and a reasonable period thereafter (e.g. up to 3 years) for legal and operational purposes.

After the retention period, we securely delete or anonymise your data so it no longer identifies you.

6. Your rights under UK GDPR

You have the following rights in relation to your personal data:

• Right of access: You may request a copy of the personal data we hold about you (subject to certain exceptions).
• Right to rectification: You may request correction of inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”): You may request deletion of your data where it is no longer necessary, where you withdraw consent, where you object and we have no overriding grounds, or where processing was unlawful (subject to legal exceptions).
• Right to restrict processing: You may ask us to restrict processing in certain situations (e.g. while we verify accuracy or while a dispute is ongoing).
• Right to data portability: Where processing is by automated means and based on contract or consent, you may request a copy of your data in a structured, machine-readable format.
• Right to object: You may object to processing based on legitimate interests or to direct marketing at any time.
• Rights related to automated decision-making: We do not currently use solely automated decision-making that significantly affects you; if we did, we would inform you and respect your rights in that regard.

To exercise any of these rights, contact us using the details in section 1. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK: ico.org.uk.

7. Sharing and international transfers

We may share your data with:

• Service providers who act on our instructions (e.g. hosting, payment processing, delivery, email services). We ensure they are bound by contract to protect your data and use it only for the purposes we specify.
• Professional advisers (e.g. lawyers, accountants) where necessary for our legitimate business purposes.
• Public authorities when required by law or to protect our rights.

Your data is processed primarily in the United Kingdom and the European Economic Area. If we transfer data outside the UK or EEA, we will ensure appropriate safeguards are in place (e.g. UK adequacy decisions, standard contractual clauses, or other approved mechanisms) in line with UK GDPR.

8. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:

• Use of HTTPS and encryption in transit for the Site.
• Access controls and authentication where personal data is stored or processed.
• Regular review of our security practices and, where applicable, reliance on certified or audited service providers.
• Training for staff who handle personal data and policies on data handling and breach response.

Despite these measures, no method of transmission or storage over the internet is completely secure; we cannot guarantee absolute security but we take breaches seriously and will notify you and the ICO where required by law.

9. Children

Our Site and services are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data relating to a child, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will be revised when changes are made. We encourage you to review this page periodically. Where changes materially affect how we use your data, we will notify you where appropriate (e.g. by email or a notice on the Site) or seek your consent where required by law.

11. Additional information

For details on cookies and similar technologies, see our Cookie Policy. For the terms governing use of our Site and services, see our Terms of Service.