Skyxaronthchun.world

Legal clarity

Privacy Policy for Skyxaronthchun.world and Icorva

This statement is current as of . We refresh it when processing activities, partners, or laws shift materially.

Scope and audience

This Privacy Policy explains how Skyxaronthchun.world, trading the Icorva food supplement line, processes personal data for shoppers, newsletter prospects, and business visitors who interact with https://skyxaronthchun.ddd. It is drafted for adults in the United Kingdom, European Economic Area, and Switzerland, while remaining useful for global readers whose local laws grant similar protections.

We act as a data controller for the activities described here. Where we appoint processors such as payment gateways, they follow Article 28 UK GDPR style clauses with confidentiality, subprocess or limitations, breach assistance, and deletion obligations at contract end.

Controller contact coordinates

Postal correspondence and statutory requests should reference Name: Skyxaronthchun.world, Address: 120 Oxford Street, London W1D 1LT, United Kingdom. Digital correspondence flows through chat@skyxaronthchun.world. We aim to acknowledge access requests within seventy-two hours and deliver substantive answers within one calendar month unless complexity legitimately extends timelines.

Supervisory authority

You may escalate concerns to the UK Information Commissioner’s Office at https://ico.org.uk after attempting good-faith resolution with us first.

EU representatives

If EU law applies and we appoint a representative, their details will appear in this section. Until then, contact the UK address above.

Categories of personal data collected

We strive to minimise collection. Depending on your journey, we may process:

  • Identity and contact artefact: name, email, phone when supplied, billing or shipping addresses, customer reference tokens.
  • Transaction metadata: products ordered, coupon usage, carrier tracking identifiers, refund notes, chargeback references.
  • Communication archive: chat transcripts, voicemail summaries, social mentions you direct to us, consent evidence for marketing.
  • Technical telemetry: IP address, device model, operating system, browser version, approximate geo from IP, referring URL, session duration, click streams when optional analytics cookies receive consent.
  • Financial surrogate data: partial card fingerprints retained by PCI-compliant processors rather than by us directly.
  • Preference matrices: dietary notes you volunteer, language choice, accessibility accommodations requested.

Special category data should not be submitted via order forms. If you disclose health information inadvertently, we delete it when feasible unless a narrow statutory exemption applies.

Purposes and lawful bases in depth

  • Contract performance: processing purchases, issuing confirmations, arranging delivery, honouring warranty style commitments for defective goods.
  • Legal obligation: tax invoicing, product traceability, chemical safety reporting if regulators request ingredient trails, responding to court orders.
  • Legitimate interests: fraud screening, cybersecurity monitoring, server capacity planning, internal reporting, documenting marketing consent, training staff on de-identified case studies, asserting legal claims.
  • Consent: non-essential cookies, marketing emails, optional surveys, beta programme invitations. Withdrawing consent is as easy as granting it and does not undermine prior lawful processing.

Before relying on legitimate interests we complete balancing tests weighing your expectations, the sensitivity of data, and mitigations such as aggregation or retention caps.

Cookies and similar technologies

Strictly necessary cookies power security, load balancing, and consent storage. Optional analytics or marketing cookies described in the Cookie Policy load only after you opt in via the banner or settings modal. Local storage may mirror consent timestamps for auditability.

Recipients and onward disclosure

Processors include payment facilitators, cloud infrastructure vendors with ISO 27001 alignment, email delivery platforms, customer relationship tooling, logistics carriers, translation contractors, and professional advisers. We prohibit partners from repurposing personal data for independent profiling unrelated to delivering services to us.

We may disclose information when required by law, to protect vital interests, or during mergers where the successor inherits obligations documented here.

International transfers mechanics

When data leaves the UK or EEA we implement International Data Transfer Agreements, EU Standard Contractual Clauses, or reliance on adequacy regulations. Transfer impact assessments evaluate surveillance laws in destination countries and whether supplementary measures such as encryption or pseudonymity restore essential equivalence.

Retention schedules explained

  • Order and accounting evidence: up to seven UK financial years unless a shorter window is negotiated with auditors.
  • Marketing consents: until withdrawal plus thirty days for sync across backup clusters.
  • Suppression lists: indefinitely in hashed form to respect unsubscribe choices.
  • Customer support threads: twenty-four months after last substantive reply unless litigation holds apply.
  • Web logs: rolling ninety-day deletion except security investigations extending duration proportionately.
  • Cookie audit logs: twenty-four months demonstrating consent version, channel, and timestamp.

Technical and organisational measures

We operate HTTPS everywhere, segregated production networks, least-privilege IAM roles, hardware security module backed keys for critical secrets, quarterly access reviews, secure development training, vendor SOC reports review, immutable backup snapshots for ransomware resilience, and incident response tabletop exercises. No system is flawless; if we learn of unauthorised access we notify regulators and affected individuals when the UK GDPR risk threshold triggers such duty.

Exercising your data subject rights

You may request access, rectification, erasure, restriction, objection to certain processing, data portability for machine-readable categories you supplied, and explanation regarding solely automated decisions with legal effect, although we rarely perform the latter for supplement shoppers. Email requests should include enough detail to locate records while minimising excessive identifiers.

If unsatisfied with our reply, escalate to the ICO or your local EU supervisory authority. Judicial remedy remains available.

Children and vulnerable adults

Our storefront targets individuals sixteen and older. Guardians should supervise minors; we delete accounts or enquiries that appear child-directed unless parental authority is verified.

Profiling and automated decisions

We do not score shoppers with fully automated outcomes that deny products without human intervention. Risk engines may flag transactions for manual review, but staff make final calls.

Revision history and notices

Major revisions trigger banner announcements where feasible. Continued use after notice periods communicated in such banners constitutes acceptance of non-mandatory commercial terms only where the law permits; privacy changes affecting processing always honour the version active when you provided data unless a fresh lawful basis exists.

Companion documents: Cookie Policy, Terms of Service, Refund Policy.