Privacy Policy

Borevia ("we," "us," or "our") is committed to protecting your privacy with the highest standards of care and transparency. This Privacy Policy provides a comprehensive explanation of how we collect, use, disclose, store, and safeguard your personal data. We have designed our practices to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws worldwide.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to the practices described in this policy. We encourage you to review this document periodically, as we may update it to reflect changes in our practices or legal requirements.

Data Controller & Contact Information

The entity responsible for processing your personal data is Borevia. For any questions, concerns, or requests regarding your personal data, please contact us using the details below:

We aim to respond to all inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Purposes of Data Processing

We process personal data for specific, legitimate purposes. Below is a detailed overview of why we collect and use your information:

Order Fulfillment

To process, validate, and fulfill your orders for our dietary supplement products. This includes verifying payment information, preparing shipments, and coordinating with our logistics partners to ensure timely delivery to your specified address.

Customer Communication

To communicate with you about your orders, including order confirmations, shipping updates, delivery notifications, and responses to your inquiries. We may also contact you regarding product information or quality-related matters.

Transactional Emails

To send essential transactional communications such as order receipts, shipping confirmations, and account-related notifications. These communications are necessary for the performance of our contract with you.

Service Improvement

To analyze how visitors interact with our website, identify areas for improvement, and enhance the overall user experience. This includes understanding navigation patterns, page views, and feature usage.

Legal Compliance

To comply with applicable laws, regulations, and legal processes, including tax reporting, anti-fraud measures, and responding to lawful requests from authorities.

Security & Fraud Prevention

To protect the security of our website, prevent fraudulent transactions, detect and prevent abuse, and ensure the integrity of our systems and data.

Types of Data We Collect

We may collect the following categories of personal data, depending on your interactions with us:

Identity Data

Includes your full name, which we collect when you place an order or create an account. This information is essential for order processing and customer identification.

Contact Data

Includes your email address, postal address, and telephone number. We use this information to deliver your orders, send confirmations, and respond to your inquiries.

Transaction Data

Includes details about purchases you have made, including order numbers, product quantities, payment method information (processed securely by our payment providers), and transaction history. We retain this data for accounting and legal compliance purposes.

Technical Data

Includes your IP address, browser type and version, operating system, device information, and referring URLs. This data helps us ensure compatibility, troubleshoot technical issues, and maintain security.

Usage Data

Includes information about how you use our website, such as pages visited, time spent on pages, click patterns, and interaction with features. This data is typically aggregated and anonymized for analytics purposes.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract: Processing necessary to perform our contract with you, including order fulfillment, delivery, and customer support.
• Consent: Where you have given explicit consent, such as for marketing communications, optional cookies, or other voluntary activities.
• Legitimate Interests: To improve our services, prevent fraud, ensure security, and conduct analytics that does not override your rights.
• Legal Obligation: To comply with laws and regulations, including tax, anti-money laundering, and consumer protection requirements.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are as follows:

• Order and Transaction Data: Retained for 7 years for legal, accounting, and tax compliance purposes.
• Customer Contact Data: Retained until you request deletion or for 3 years after your last interaction, whichever occurs first.
• Marketing Consent Records: Retained until you withdraw consent.
• Technical and Access Logs: Retained for up to 12 months for security and troubleshooting purposes.

Upon expiry of the retention period, we securely delete or anonymize your data in accordance with our data protection procedures.

Your Rights

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten") in certain circumstances.
• Right to Restriction: Request that we limit the processing of your data in specific situations.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests, including profiling.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at question@quunthalthod.world. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority in your country of residence.

Data Sharing & Third Parties

We may share your personal data with trusted third-party service providers who assist us in operating our business. These parties are bound by contractual obligations to handle your data securely and only for the purposes we specify. We may share data with:

• Payment processors to complete transactions securely.
• Shipping and logistics partners to deliver your orders.
• IT and hosting providers who maintain our systems.
• Analytics providers (where you have given consent) to help us understand website usage.

We do not sell your personal data to third parties. We do not engage in the sale of personal information as defined under the CCPA or similar laws.

International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other mechanisms recognized by applicable law.

Security Measures

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• HTTPS encryption (TLS/SSL) for all data transmitted between your browser and our servers.
• Secure, access-controlled servers and databases.
• Regular security assessments and penetration testing.
• Employee training on data protection and confidentiality.
• Incident response procedures for potential data breaches.