Privacy Policy
This Privacy Policy describes how Tloxorelchit (“we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit https://tloxorelchit.world (the “Site”), purchase or inquire about Bioventra Vital and related products, or communicate with us. We operate from 1441 Wazee St Ste 103, Denver, CO 80202, United States. Contact: support@tloxorelchit.world, phone +1 (303) 223-2502.
We describe practices in plain language and provide additional detail where regulations require specificity. If you do not agree with this Policy, please discontinue use of the Site and do not submit personal information.
1. Scope and roles
This Policy applies to personal information processed in connection with the Site, email, telephone, postal correspondence, and related sales or support channels that reference this Policy. For purposes of the EU and UK General Data Protection Regulation and the UK GDPR, we generally act as a controller for personal information we determine the purposes and means of processing. Where we process personal information solely on behalf of another business under a written agreement, we act as a processor as described in that agreement.
Children: The Site and Bioventra Vital are directed to adults. We do not knowingly collect personal information from children under 16 (or the higher age required in your jurisdiction). If you believe we received information from a child, contact us and we will take appropriate steps.
2. Categories of personal information we collect
Depending on how you interact with us, we may collect the following categories. Not every category applies to every visitor.
- Identifiers such as name, postal address, email address, telephone number, and online identifiers (for example, cookie IDs or device identifiers when used).
- Customer records such as purchase history, product interests, and communications preferences when you transact or create an account.
- Commercial information such as products considered, order details, payment confirmation references (we may use payment processors who collect card data directly), shipping preferences, and returns data.
- Internet or other electronic network activity such as browsing data, referring URL, approximate location derived from IP address, browser type, operating system, and interaction events (for example, pages viewed and approximate time on page) when our analytics tools are active and permitted by your cookie choices.
- Geolocation data at a coarse level (such as region or city inferred from IP address) unless you provide a precise address for shipping.
- Audio, electronic, visual, or similar information if you send images or upload files we request, or if you leave voicemail.
- Professional or employment-related information if you represent an organization and provide a business title or purchasing capacity.
- Inferences drawn from the above to tailor communications, improve product assortment, or detect fraud, within lawful bounds.
- Sensitive personal information only if you voluntarily include health-related details in a message. We do not require health data to place routine orders and we discourage including it in web forms.
3. Sources of personal information
We collect personal information directly from you (for example, forms, email, phone calls), automatically through cookies and similar technologies as described in our Cookie Policy, from service providers who assist with hosting, analytics, payment, fraud prevention, shipping, and customer support, and from public sources where permitted (for example, address standardization services).
4. Purposes of processing and legal bases (GDPR and UK GDPR)
Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:
- Contract (Article 6(1)(b)): to process orders, deliver products, provide support, and manage returns.
- Legitimate interests (Article 6(1)(f)): to secure the Site, prevent fraud, improve our services, measure permitted analytics, maintain internal records, and assert or defend legal claims, balanced against your rights.
- Consent (Article 6(1)(a)): where required for non-essential cookies, certain marketing messages, or optional surveys. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Legal obligation (Article 6(1)(c)): to comply with tax, customs, consumer protection, or court orders.
For processing that requires a different basis under local law, we will identify that basis at the point of collection when feasible.
5. Purposes of processing (United States)
For United States residents, we use personal information to operate the Site, fulfill orders, communicate about transactions, provide customer service, improve our products and content, conduct analytics where allowed, maintain security, comply with law, and exercise our legal rights. We do not sell personal information for money. We may share information with advertising or analytics partners as described in our Cookie Policy when you opt in to marketing or analytics cookies, which may be considered “sharing” or “targeted advertising” under certain state laws.
6. Disclosure of personal information
We disclose personal information to:
- Service providers bound by contractual obligations, including hosting, email delivery, payment processing, fraud screening, shipping carriers, customer support tools, and IT security vendors.
- Professional advisers such as lawyers and accountants where confidentiality obligations apply.
- Authorities when required by law, subpoena, or lawful request, or to protect rights, safety, and security.
- Corporate transactions such as a merger or asset sale, subject to appropriate safeguards.
We do not disclose personal information to third parties for their independent marketing without appropriate consent or as otherwise permitted by law.
7. International transfers
We are located in the United States. If you access the Site from outside the United States, your information will be processed in the United States and potentially in other countries where our service providers operate. Where the GDPR or UK GDPR applies, we use appropriate safeguards such as Standard Contractual Clauses or supplementary measures as required for international transfers.
8. Retention
We retain personal information only as long as necessary for the purposes described, unless a longer period is required or permitted by law. Illustrative periods:
- Order and transaction records: generally seven years from the date of the last transaction for tax, accounting, and consumer protection compliance, unless a shorter or longer period applies in a specific jurisdiction.
- Customer service correspondence: up to three years after the last substantive message unless a dispute requires longer retention.
- Marketing consents and suppression lists: for the duration of the consent plus a reasonable period to demonstrate compliance.
- Security logs: typically 12 months, unless investigation requires extension.
- Cookie-related data: as described in the Cookie Policy, often between session end and 24 months depending on the tool and your choices.
When retention ends, we delete or de-identify information using reasonable technical and organizational measures.
9. Security measures
We implement administrative, technical, and physical safeguards appropriate to the risk, including access controls on a need-to-know basis, encryption in transit for the Site using HTTPS, secure development practices for our web properties, vendor assessments, and staff training on confidentiality. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
10. Your rights under the GDPR and UK GDPR
If you are in the European Economic Area, Switzerland, or the United Kingdom, you may have the right to:
- Request access to your personal information.
- Request rectification of inaccurate information.
- Request erasure in certain circumstances.
- Request restriction of processing in certain circumstances.
- Receive a copy of information you provided in a portable format where technically feasible.
- Object to processing based on legitimate interests or to direct marketing.
- Withdraw consent where processing is consent-based.
- Lodge a complaint with a supervisory authority.
To exercise these rights, email support@tloxorelchit.world with “GDPR Request” in the subject line. We may need to verify your identity before responding. You may designate an authorized agent under applicable rules.
11. United States state privacy rights
Residents of certain states (including California, Colorado, Connecticut, Virginia, Utah, and others with comprehensive privacy laws) may have rights to access, delete, correct, opt out of certain processing, appeal denials, and obtain information about disclosures. Requests can be submitted to the email above with “US Privacy Request” in the subject line. We will not discriminate against you for exercising rights granted by law. Financial incentives, if any, will be described separately with opt-in consent.
12. Automated decision-making
We do not use fully automated decision-making that produces legal or similarly significant effects solely based on automated processing. Fraud screening may involve automated risk scores with human review.
13. Third-party sites
The Site may link to third-party websites or services. We are not responsible for their privacy practices. Review their policies before providing information.
14. Changes to this Policy
We may update this Policy to reflect operational, legal, or regulatory changes. We will post the updated Policy on the Site with a new effective date. Material changes may require additional notice where required by law.
15. Records of processing and accountability
We maintain internal records describing processing activities, purposes, categories of data subjects and data, recipients, international transfers, retention schedules, and security measures, as required by Article 30 GDPR where applicable. These records support accountability and are available to supervisory authorities upon lawful request.
16. Subprocessors and vendor oversight
We engage vetted service providers for hosting, communications, payment facilitation, logistics, analytics when permitted, and customer support tooling. Contracts include data protection terms requiring confidentiality, security safeguards, assistance with data subject requests, deletion or return of data at termination, and, where required, Standard Contractual Clauses for international transfers. We assess vendors before onboarding and review them periodically.
17. Data breach notification
We maintain incident response procedures. If a breach affects personal information and requires notification, we will notify supervisory authorities and affected individuals within timeframes required by applicable law, describing the nature of the incident, likely consequences, and measures taken or proposed.
18. Profiling and automated decisions
We do not conduct profiling that produces legal or similarly significant effects solely by automated means. Marketing segmentation, if used, relies on basic purchase or interest categories with human oversight where appropriate.
19. California residents
California residents may have rights under the California Consumer Privacy Act as amended by the CPRA, including to know, delete, correct, and opt out of certain processing. We describe categories of personal information in Section 2 and purposes in Sections 4–5. We do not “sell” personal information for money. “Sharing” for cross-context behavioral advertising may occur only where permitted and with appropriate opt-out mechanisms. You may submit requests via the contact email above. We will verify your request and respond within statutory timelines. You may use an authorized agent with proper authorization.
20. Colorado, Connecticut, Virginia, and Utah residents
Residents of states with comprehensive privacy laws may exercise access, deletion, correction, and opt-out rights, and may appeal denials as provided by statute. We honor applicable timelines and requirements for universal opt-out mechanisms where mandated.
21. Nevada residents
Nevada residents may submit requests to opt out of certain sales of covered information as defined under Nevada law. We currently do not sell such information as defined in Nevada statutes; if our practices change, we will provide a designated request address.
22. Response timelines and verification
Where the GDPR applies, we generally respond within one month, extendable by two further months in complex cases with notice. For U.S. state rights, we follow applicable deadlines, typically 45 days with a possible extension and explanation. We verify identity using reasonable methods proportionate to risk, which may include confirming email ownership or order details.
23. Contact details and supervisory authority
Controller: Tloxorelchit, 1441 Wazee St Ste 103, Denver, CO 80202, United States. Email: support@tloxorelchit.world. Phone: +1 (303) 223-2502.
If you are in the EU or UK and wish to contact a supervisory authority, you may reach the authority in your country of residence.
For privacy inquiries unrelated to data subject rights, include enough context for us to assist without unnecessary personal data.