Gharvynnywhronul

Privacy Policy

Last updated: March 5, 2025

1. Data controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Gharvynnywhronul
1041 Elkton Dr, Colorado Springs, CO 80907, United States
Email: office@gharvynnywhronul.world
Phone: +1 800 288 0397

If you have questions about this Privacy Policy or wish to exercise your rights, you may contact us using the details above.

2. Scope and applicability

This Privacy Policy applies to the website gharvynnywhronul.world (and any subdomains) and to all services offered through it, including the sale and promotion of HerbaCor Vital and related customer communications. It describes how we collect, use, store, and protect your personal data. It applies to visitors and users located in the United States and, where relevant, to individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions where data protection laws (including the General Data Protection Regulation, GDPR) apply.

3. Legal basis for processing (EEA/UK)

Where GDPR or equivalent laws apply, we process your personal data on one or more of the following bases:

  • Contract: Processing necessary to perform a contract with you (e.g. processing your order and delivering products).
  • Legitimate interests: Processing necessary for our legitimate interests (e.g. improving our website, preventing fraud, defending legal claims), where those interests are not overridden by your rights.
  • Consent: Where you have given clear consent for specific processing (e.g. marketing emails, non-essential cookies).
  • Legal obligation: Processing necessary to comply with applicable law (e.g. tax, consumer, or regulatory requirements).

4. Types of personal data we collect

We may collect the following categories of personal data:

  • Identity and contact data: Name, email address, telephone number, and shipping/billing address when you place an order or contact us.
  • Transaction and order data: Order details, payment-related information (e.g. that a payment was made; we do not store full card numbers), delivery status, and correspondence related to orders.
  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and similar data generated when you use our website. This may be collected via cookies and similar technologies as described in our Cookie Policy.
  • Communication data: Content of messages you send us via contact forms, email, or other channels, and our responses.
  • Marketing and preferences data: If you opt in to marketing, we may store your contact details and preferences (e.g. communication channel, product interests).

5. Purposes of processing

We use your personal data for the following purposes:

  • To process and fulfil your orders, including payment processing, shipping, and returns.
  • To communicate with you about your orders, enquiries, and customer support requests.
  • To send you service-related messages (e.g. order confirmation, shipping updates) where necessary for the performance of the contract.
  • To send you marketing communications only where you have given consent or where permitted by law.
  • To operate, maintain, and improve our website (e.g. analytics, security, usability).
  • To comply with legal and regulatory obligations (e.g. tax, consumer law, responding to lawful requests from authorities).
  • To establish, exercise, or defend legal claims and to prevent or detect fraud and abuse.

6. Retention periods

We retain your personal data only for as long as necessary for the purposes set out in this policy or as required by law.

  • Order and transaction data: Typically retained for the period required by tax and commercial law (e.g. 7 years in many jurisdictions) after the end of the financial year in which the transaction occurred.
  • Customer and contact data: Retained for the duration of the business relationship and for a reasonable period thereafter for support and legal purposes (e.g. up to 3 years after last contact, unless longer retention is required by law).
  • Marketing data: Retained until you withdraw consent or object to marketing, and for a short period thereafter to record your preference (e.g. up to 2 years).
  • Technical and log data: Retained for a limited period necessary for security, analytics, and troubleshooting (e.g. 12–24 months for access logs, unless a shorter period is sufficient).
  • Correspondence: Retained for the period necessary to resolve your enquiry and for a reasonable period for legal and quality purposes (e.g. up to 3 years).

After the retention period, we securely delete or anonymise your data so that it can no longer identify you.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Use of HTTPS (TLS/SSL) for all data transmitted between your browser and our servers to prevent interception.
  • Restriction of access to personal data to authorised personnel who need it for the purposes described in this policy.
  • Secure storage of data on servers with access controls, encryption at rest where appropriate, and regular security assessments.
  • Procedures to handle suspected data breaches, including notification to supervisory authorities and affected individuals where required by law.

While we strive to protect your data, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and to protect your own devices.

8. Sharing and disclosure of personal data

We may share your personal data with:

  • Service providers: Third parties who process data on our behalf (e.g. hosting, payment processors, shipping carriers, email delivery, analytics). Such processors are bound by contract to use your data only for the purposes we specify and in accordance with applicable law.
  • Legal and regulatory bodies: When required by law, court order, or government request, or to protect our rights, safety, or property.
  • Professional advisers: Lawyers, auditors, or insurers where necessary in the context of our operations.

We do not sell your personal data to third parties for their marketing purposes. If our practices change in this regard, we will update this policy and, where required, obtain your consent.

9. International transfers

Your data may be processed in the United States or in other countries where our service providers operate. If you are in the EEA or UK, such transfers may involve countries that are not deemed to provide an adequate level of data protection. In those cases, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or equivalent mechanisms, and we will provide further information on request.

10. Your rights

Depending on your location, you may have the following rights in relation to your personal data:

  • Access: To obtain confirmation as to whether we process your data and to receive a copy of your data.
  • Rectification: To have inaccurate or incomplete data corrected.
  • Erasure: To request deletion of your data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent).
  • Restriction: To request that we limit the processing of your data in certain situations.
  • Data portability: To receive your data in a structured, commonly used, machine-readable format and, where feasible, to have it transmitted to another controller.
  • Objection: To object to processing based on legitimate interests or to processing for direct marketing.
  • Withdraw consent: Where processing is based on consent, to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Complaint: To lodge a complaint with a supervisory authority (e.g. in the EEA, the data protection authority of your country of residence).

To exercise any of these rights, please contact us using the details in section 1. We will respond within the time limits set by applicable law (e.g. one month under GDPR). You may also have the right to opt out of the sale or sharing of personal data in certain US states; we do not currently sell personal data as defined under those laws.

11. Children

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete such information.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top will be revised when changes are made. We encourage you to review this page periodically. Where required by law, we will notify you of material changes or seek your consent.

13. Additional information

For information about cookies and similar technologies used on this website, please see our Cookie Policy. For the terms governing the use of our website and products, please see our Terms of Service and Return Policy.