Controller identity & scope
The data controller for personal information processed in connection with Frizeloneixodeu.world, a UK-based operator selling the Vireonix line of food supplements. Registered postal address: 151 Camden High St, London NW1 7JE, United Kingdom. Primary electronic correspondence: chat@frizeloneixodeu.world.
This Privacy Policy applies whenever you browse informational content, purchase goods, submit web forms, email us directly, interact with optional chat widgets, or otherwise disclose identifiable information in a commercial context that references Vireonix or Frizeloneixodeu.world branding. It does not govern third-party marketplaces unless expressly contractually mandated—in those cases the marketplace operator may act as an independent controller for certain checkout data.
Children. Our services target adults aged eighteen and over. We do not knowingly collect data from minors without verifiable parental authority. If you believe we received information from a child, notify us immediately so we can delete records consistent with applicable law.
Categories of personal data
Depending on how you interact with us, we may process some or all of the following categories. The list is illustrative, not exhaustive, and mirrors categories recognised by the ICO guidance on accountability.
| Category | Examples |
|---|
| Identity | First name, surname, salutation, photograph if you voluntarily attach one to support tickets. |
|---|
| Contact | Email address, telephone number, delivery address, invoice address, preferred communication channel. |
|---|
| Financial | Payment authorisation tokens, partial BIN information, chargeback dispute identifiers; full card numbers remain with PCI-DSS partners. |
|---|
| Transaction | SKUs ordered, loyalty credits, refund reasons, shipment tracking numbers. |
|---|
| Technical | IP address, device model, operating system, browser agent string, approximate geolocation derived from IP, cookie identifiers when consented. |
|---|
| Usage & inference | Pages viewed, bounce sequences, A/B cohort labels, inferred language preference. |
|---|
| Communications | Free-text messages, survey responses, call recordings where legally obtained with notice. |
|---|
How data enters our systems
We obtain information directly when you type it into forms, dictate it to call-centre staff, or upload attachments. Automated means include server logs, consent storage keys, optional analytics beacons, fraud-screening APIs, and transport-layer metadata collected to defend against denial-of-service attacks.
Occasionally we augment records using publicly available registers (for example, validating company numbers for wholesale accounts) or receive referrals from logistics partners who provide delivery exception alerts. In every case we document the source in our internal records of processing activities as recommended under Article 30 UK GDPR.
Purposes & lawful bases
- Performance of a contract — processing orders, creating accounts you request, delivering goods, managing subscriptions, issuing invoices.
- Legitimate interests — fraud prevention, cybersecurity hardening, internal analytics in pseudonymous form, brand protection, improving site reliability, sending service announcements about material contract changes. We document balancing tests upon request where required.
- Legal obligation — accounting, tax, product traceability recalls, court orders, regulatory audits from food-safety authorities.
- Consent — newsletter creative, non-essential cookies, some partner referral programmes, optional testimonials. Consent is granular and may be withdrawn without detriment beyond losing the specific feature.
- Vital interests — rare emergencies such as adverse event triage where we must preserve life or serious health evidence; we will document any such processing.
Processors & categories of recipients
We engage specialist suppliers for hosting, transactional email, parcel carriers, payment acquirers, customer-relationship software, analytics (if enabled), translation, and backup storage. Each relationship is governed by Article 28-style data processing agreements specifying purpose limitation, subprocessor notification timelines, deletion expectations, and audit cooperation.
We do not sell personal data in the traditional sense of exchanging lists for cash. Limited disclosures may occur to professional advisers (lawyers, accountants), prospective purchasers during due diligence under confidentiality, or public authorities when a valid legal demand exists.
International transfers
Primary storage resides within the United Kingdom or European Economic Area. When a subprocessors infrastructure extends beyond those regions, we implement transfer tools such as the UK International Data Transfer Agreement, EU Addendum, Standard Contractual Clauses, or rely on adequacy regulations. Transfer impact assessments consider government access laws and supplementary technical measures like at-rest encryption with customer-managed keys where feasible.
Retention overview
We keep data only as long as necessary for the purposes above, following a retention schedule reviewed annually by the management team.
- Contracts, invoices, and VAT evidence: up to seven years to satisfy HMRC requirements.
- Marketing consents and send logs: until withdrawal plus thirty days for propulsion caches, then suppression hashes only.
- Customer support threads: twenty-four months after last substantive message unless linked to unresolved litigation.
- Security logs containing identifiers: ninety rolling days except forensic slices flagged for incident review.
- Cookie identifiers: per durations declared in the Cookie Policy.
- Job applications (if submitted): twelve months unless you consent to a talent pool extension.
Security measures
Organisational controls include role-based access, background checks for elevated privileges, mandatory privacy training, clean-desk policies in Camden HQ, and vendor risk tiers. Technical controls cover TLS 1.2+ in transit, encryption at rest for databases classified as high risk, multifactor authentication for administrators, secrets rotation, annual penetration tests, anomaly detection on authentication gateways, and immutable audit logs for consent changes.
Despite diligent efforts, no internet transmission is impervious; if a breach likely affects your rights, we notify regulators and affected individuals within statutory windows alongside remedial steps.
Individual rights
Subject to applicable law you may request access, rectification, erasure, restriction, portability, object to certain processing, and withdraw consent. Automated decisions with legal effect are not deployed for consumer supplement purchases. To exercise a right, email chat@frizeloneixodeu.world describing the request—we verify identity proportionately and respond within one month, extendable where complexity warrants with an explanation.
Erasure may be limited where transaction records must persist for finance or where freedom of expression balances apply. Portability covers machine-readable subsets you supplied by automated means under contract.
Complaints & policy maintenance
You may lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/ without prejudice to judicial remedies. We welcome the opportunity to resolve issues first internally via the contact details above.
We review this Privacy Policy whenever processing operations, regulatory guidance, or corporate structure changes. Significant revisions trigger homepage banners, email summaries to active account holders, or consent refreshers where legally necessary. The dynamic stamp at the top reflects the calendar date on which your browser last rendered this page for transparency snapshots.