Xogvalenaz.world

Legal excellence

Privacy Policy

Document current as of

Introduction and scope

This Privacy Policy describes how Xogvalenaz.world (“we,” “us,” or “our”) collects, uses, discloses, retains, and safeguards personal data when you visit https://xogvalenaz.world, submit forms, correspond with us, or interact with optional analytics or marketing technologies after consent. We designed this statement to align with the EU General Data Protection Regulation (“GDPR”), the UK GDPR, the California Consumer Privacy Act as amended (“CCPA/CPRA”), and comparable frameworks where they apply to our operations.

By using the website you acknowledge that you have read this policy. If you disagree with our practices, please discontinue use and contact us so we may close any open requests tied to your identity.

Identity and contact details of the controller

Under GDPR Article 13, we identify the controller responsible for processing as follows:

Xogvalenaz.world
3204 Williams Dr
Georgetown, TX 78628
United States of America
Email:

Categories of personal data we process

Depending on how you engage with us, we may process the following categories of data:

  • Identity and contact data: full name, email address, postal address when provided voluntarily, and similar identifiers.
  • Communication content: free-text messages you include in order or inquiry forms, attachments if we enable them in the future, and email threads with our team.
  • Technical and usage data: Internet Protocol address, approximate geographic region derived from IP, browser type and version, device category, operating system, referring URL, pages viewed, timestamps, and diagnostic error logs.
  • Consent records: timestamps, consent text version, and channel through which you accepted or refused optional cookies.
  • Transactional records: order references, refund tickets, and payment metadata processed by our payment partners (we do not store full payment card numbers on our servers).
  • Marketing preferences: mailing-list choices, unsubscribe events, and suppression flags.

We do not intentionally collect special categories of data under GDPR Article 9 (such as health diagnoses) through standard forms. If you voluntarily disclose health information in a message, we treat it with heightened care and limit access to personnel who require it to answer your inquiry.

Sources of personal data

We obtain data directly from you when you type into forms, send email, or call published numbers. We also generate technical data automatically through server logs, content delivery networks, and security tools. If we integrate optional analytics or advertising partners in the future, those processors may provide aggregated reports that do not identify you personally unless you have opted in.

Purposes of processing and legal bases

Contractual necessity and pre-contractual steps

When you request a quote, place an order, or ask fulfillment questions, we process identity and contact details to perform the transaction or prepare to enter an agreement.

Legitimate interests

We rely on legitimate interests—balanced against your rights—for website security, fraud monitoring, product improvement analytics that do not require consent, documenting commercial correspondence, and enforcing our Terms of Service. You may object to processing based on legitimate interests where GDPR grants that right; we will honor objections unless compelling grounds exist.

Consent

Optional analytics cookies, marketing pixels, paid advertising measurement (including platforms such as Google Ads in the United States), and certain newsletter programs operate only after you provide clear affirmative consent through our cookie interface or dedicated signup forms where required. Advertising use follows each platform’s policies and this Privacy Policy. You may withdraw consent at any time without affecting prior lawful processing.

Legal obligations

We process data when tax, customs, consumer protection, or court orders require retention or disclosure.

Automated decision-making and profiling

We do not make decisions that produce legal or similarly significant effects about you solely through automated processing. If that changes, we will update this policy and provide a meaningful explanation together with human review options where required.

Recipients and categories of recipients

Personal data may be shared with:

  • Hosting, email delivery, and infrastructure vendors bound by data processing agreements.
  • Payment service providers who tokenize card data.
  • Customer support ticketing platforms that store message history.
  • Professional advisers such as attorneys or accountants under confidentiality duties.
  • Public authorities when lawfully compelled.

We prohibit vendors from selling your data or using it for unrelated profiling.

International transfers

Our primary operations are in the United States. When we transfer personal data from the EEA, UK, or Switzerland, we implement appropriate safeguards such as the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum, or other mechanisms recognized under applicable law. Copies of relevant transfer documentation are available upon request.

Retention periods

  • Marketing consents and suppression lists: retained until you withdraw consent or request deletion, then stored only as necessary to prove compliance.
  • Order and accounting records: up to seven years where tax or commercial law mandates.
  • General inquiry emails: thirty-six months after the last message unless litigation is pending.
  • Security logs: ninety days in rotation unless isolated for incident investigation.
  • Cookie consent logs: twenty-four months to demonstrate valid consent.

When retention periods expire, we delete or irreversibly anonymize data.

Security measures

We implement administrative, technical, and organizational measures including role-based access control, multi-factor authentication for administrative consoles, encryption in transit via TLS 1.2 or higher, encrypted backups, vulnerability monitoring, and staff training. No system is perfectly secure; if a breach risks your rights, we notify regulators and affected individuals as required by law.

Your rights

Depending on jurisdiction, you may have rights to access, rectify, erase, restrict processing, data portability, object to certain processing, and withdraw consent. Residents of California may request disclosure of categories and specific pieces of personal information collected, deletion subject to exceptions, and correction of inaccurate data. EU and UK residents may lodge complaints with a supervisory authority.

To exercise rights, email

Children

Our services are not directed to individuals under sixteen. If you believe we collected a child’s data, contact us immediately so we can delete it.

Third-party websites

Links to external sites are provided for convenience. Their privacy practices are independent from ours; review their policies before submitting data.

Changes to this policy

We revise this Privacy Policy when our processing activities evolve. Material updates will be posted on this page with a refreshed effective date shown below. Where consent is the legal basis and changes are substantial, we will seek renewed consent when legally required.

Effective and last reviewed: