Vorquenxkhak.world

Privacy Policy

How Vorquenxkhak.world processes personal data when you browse, inquire, or purchase Yelvora products through our digital channels.

Last reviewed: Format: GDPR & Finland DPA

Quick read: We collect only what we need to run the shop, answer questions, and meet legal duties. You can ask for access, correction, or deletion where the law allows. Full detail appears below. The calendar date shown in the hero reflects when this page was last generated in your browser: .

1. Scope and material applicability

This Privacy Policy applies to personal data processed in connection with the website, related email correspondence, and order fulfilment for the Yelvora product line. It does not govern third-party sites that we may link to for convenience; those services publish their own notices.

If you interact with us only as a representative of a company, some sections may apply differently because corporate contact details are not always personal data under the GDPR. When in doubt, contact us and we will clarify the capacity in which we process information.

2. Data controller and representative details

The controller responsible for processing is Vorquenxkhak.world, with its principal contact address at Runeberginkatu 55, 00260 Helsinki, Finland. For privacy-specific requests, email chat@vorquenxkhak.world using a subject line that mentions “privacy request” so routing remains efficient.

We do not appoint an EU representative outside Finland because our main establishment is in Finland. If that changes due to expansion, this section will name any additional representative and their member state.

3. Categories of personal data

Depending on your journey, we may process the following categories, not all of which will apply to every visitor:

  • Identity data: full name, title, or salutation when you provide them.
  • Contact data: email address, telephone number, delivery address, billing address.
  • Transaction data: order identifiers, products purchased, payment status metadata from payment processors, shipping selections.
  • Communication content: free-text messages in forms, chat transcripts if offered, and attachments you send voluntarily.
  • Technical data: IP address, approximate location derived from IP, browser type, operating system, device identifiers, referral URL, session timestamps.
  • Usage data: aggregated analytics events if you consent to analytics cookies or similar technologies.
  • Preference data: cookie consent logs, newsletter topic preferences, language selections.
  • Compliance data: fraud screening signals, dispute correspondence, regulatory enquiries.

Special categories

We do not aim to collect health data or other special categories. If you disclose health information in an email, we will limit internal access and delete it when retention is no longer necessary unless law requires otherwise.

Children

Our storefront targets adults. If you believe we received data from a person below the age of digital consent in their country without appropriate authority, notify us promptly for review and deletion.

4. Purposes of processing

We process personal data to present product information, authenticate sessions where accounts exist, respond to pre-sales and post-sales questions, conclude and perform purchase contracts, arrange logistics, issue invoices, comply with accounting and tax law, defend legal claims, improve website stability, measure aggregate marketing performance when consented, and document consent itself.

We do not use your data for automated profiling that produces legal effects. Manual review remains part of fraud checks and customer care quality sampling.

5. Legal bases under Articles 6 and 9 GDPR

  • Contract (Art. 6(1)(b)): processing necessary to take steps at your request before contract formation, and to perform the contract, including delivery and warranty handling.
  • Legal obligation (Art. 6(1)(c)): bookkeeping, tax reporting, product traceability where regulation demands retention of transaction records.
  • Legitimate interests (Art. 6(1)(f)): network security, abuse prevention, aggregated analytics without persistent identifiers where possible, internal reporting, and limited direct communication about similar goods where soft opt-in rules permit.
  • Consent (Art. 6(1)(a)): non-essential cookies, optional newsletters, optional surveys, and certain marketing personalisation features.

Where consent is the basis, you may withdraw at any time without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal channels include unsubscribe links and the cookie preference centre.

6. Retention periods and erasure criteria

We keep personal data only as long as necessary for the purposes collected, unless a longer period is required or permitted by law. Indicative periods include:

  • Marketing consent evidence and cookie logs: up to twenty-four months from the last interaction, unless a shorter period is mandated.
  • Customer service tickets and related email threads: up to thirty-six months after closure, extended if a dispute is ongoing.
  • Contracts, invoices, and accounting ledgers: up to ten years aligned with Finnish accounting obligations.
  • Server and application security logs: typically ninety days, longer if an incident investigation requires preservation.
  • Analytics aggregates based on consent: according to vendor configuration, usually between fourteen and twenty-six months, after which identifiers are removed or rolled up.

When retention expires, we delete or irreversibly anonymise data. Backups may persist for a limited technical window before automatic rotation removes redundant copies.

7. Recipients and categories of processors

Personal data is disclosed only to personnel and suppliers who need access to fulfil their tasks. Categories of recipients include hosting providers, transactional email services, customer support platforms, payment institutions, carriers, analytics partners (upon consent), accounting advisers, and professional counsel when disputes arise.

Each processor receives documented instructions through a data processing agreement that mirrors GDPR Article 28 requirements, including confidentiality, subprocessors rules, assistance with data subject rights, deletion or return obligations, and audit cooperation.

8. International transfers outside the EEA

If a processor stores or accesses data from outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplementary technical measures like encryption in transit and at rest where feasible, and transfer impact assessments when jurisprudence recommends them.

You may request a summary of the mechanisms we rely on for a specific service by emailing our privacy inbox; we may redact commercially sensitive annexes while still explaining the legal tool used.

9. Security measures

We maintain administrative, technical, and organisational measures including role-based access control, multi-factor authentication for administrative interfaces, TLS for public endpoints, monitoring for unusual traffic, vendor due diligence questionnaires, and staff confidentiality expectations.

No method of electronic storage is completely invulnerable. If we become aware of a breach likely to risk your rights, we will notify the supervisory authority and, when required, affected individuals without undue delay, describing likely consequences and mitigation steps.

10. Data subject rights and how to exercise them

Subject to applicable law, you may invoke the following rights by contacting us with reasonable identity verification:

  • Right of access to confirm whether we process your data and to obtain a copy.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure when grounds under Article 17 apply.
  • Right to restriction of processing in situations listed in Article 18.
  • Right to data portability for structured, machine-readable data stemming from consent or contract.
  • Right to object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent without retroactive effect.
  • Right to lodge a complaint with a supervisory authority.

We will respond within one month, extendable by two further months where complex, informing you of any extension and the reasons.

11. Supervisory authority

In Finland, the competent authority is the Office of the Data Protection Ombudsman. Contact details and online forms are available at https://tietosuoja.fi/en/. You remain free to contact another EU supervisory authority if you reside or work in another member state.

12. Changes to this Privacy Policy

We may amend this document to reflect new products, legal interpretations, or regulator guidance. The top of the page shows the calendar date when your browser rendered the dynamic stamp. Material changes that require renewed consent will be presented through an additional notice or email where we have a lawful basis to contact you.

Continued use of the website after updates, where permitted, signifies that you acknowledge the revised text. Archived copies may be available upon request for transparency.