Phaltronshor.world

Privacy policy

How we respect personal data

Live reference date in your browser: . Download or print this page for your records; the timestamp helps auditors align versions.

Wien-based controller Phaltronshor.world operates Nuvia and this website from Austria. Favoritenstraße 86, 1100 Wien is the postal address for formal notices, and ask@phaltronshor.world is the primary channel for privacy questions.

Introduction

This Privacy Policy describes the processing of personal data when you visit https://phaltronshor.world, submit forms, receive customer care, or interact with optional cookies. It is written to align with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and, where relevant, the ePrivacy framework.

We explain categories of data, purposes, legal bases, retention, safeguards, and your rights so you can make informed choices. Nothing here limits mandatory statutory protections for consumers or employees where those regimes add stricter rules.

Controller identity

The controller responsible for processing is Phaltronshor.world, reachable at Favoritenstraße 86, 1100 Wien, Austria, and electronically at ask@phaltronshor.world. We do not require a separate data protection officer designation for every Austrian SME, but we maintain internal ownership for privacy tasks and escalation paths.

If you interact with Nuvia branding materials, the same controller remains accountable for site-level processing unless a distinct legal entity is expressly named in a signed contract.

Principles we apply

We aim for lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. Practically, that means we collect only what we need for stated tasks, we document decisions internally, and we delete or anonymise data when the retention period ends.

Minimisation

Forms ask for contact identifiers and contextual notes instead of broad profiling fields unless a law mandates more detail.

Transparency

Layered notices (this policy, cookie banner, checkout clauses) reinforce the same narrative in different depths.

Categories of personal data

Depending on your interaction, we may process identifiers (name, email address, phone if supplied), commercial information (order history, billing references), internet activity (IP address, browser characteristics, referral URL), cookie and device identifiers where consented, correspondence content you send, and internal notes required for dispute resolution or logistics.

We do not seek special categories of data (such as health data) through the public website. If you voluntarily disclose health-related information in a message, we treat it cautiously, restrict access, and delete it when the inquiry closes unless a longer retention duty applies.

Purposes of processing

  • Providing the website over HTTPS, including load balancing and abuse detection.
  • Responding to product inquiries, order requests, and after-sales messages.
  • Performing contracts, issuing invoices, coordinating shipping partners, and documenting returns.
  • Complying with Austrian commercial, consumer, and tax record-keeping rules.
  • Maintaining IT security, backups, and incident logs with appropriate rotation.
  • Optional analytics or marketing activities you approve in the cookie layer.

Legal bases

Website delivery and security rely on legitimate interests (GDPR Article 6(1)(f)), balanced against your rights. Contractual and pre-contractual activities use Article 6(1)(b). Legal obligations use Article 6(1)(c). Optional cookies and certain marketing communications rely on Article 6(1)(a) consent, which you may withdraw without affecting prior lawful processing.

Where we rely on legitimate interests, we document a short balancing test describing why the processing is necessary and how you can object when Article 21 grounds exist.

Recipients and processors

We share data with infrastructure providers (hosting, email delivery, payment service providers if enabled), logistics carriers, professional advisers bound by confidentiality, and public authorities when compulsory legal requests arrive with proper jurisdiction.

Processors sign Article 28 agreements specifying subject matter, duration, nature of processing, confidentiality, subprocessors, and assist us with Article 32 security measures. A current list of categories is available on request and is reviewed when vendors change.

International transfers

When a vendor processes data outside the European Economic Area, we rely on Commission-approved standard contractual clauses, supplementary technical measures such as TLS in transit, and, where available, EU data residency options. We monitor regulatory developments including the EU-US Data Privacy Framework applicability to specific vendors.

Retention schedule

Website logs with personal identifiers follow a rolling deletion policy typically capped at ninety days unless a security investigation extends a subset. Marketing inquiries without purchases may be archived up to twenty-four months unless you ask earlier deletion. Tax and accounting records follow statutory periods, frequently seven years in Austria for relevant documents.

Cookie identifiers follow lifetimes described in the Cookie Policy and browser storage entries tied to consent may expire after twelve months unless renewed.

Security measures

We implement transport encryption, access controls, multi-factor authentication for administrative interfaces where supported, patching routines, segregation of production and test environments, and periodic review of vendor SOC reports where offered.

No online system is risk-free. If a breach likely threatens your rights, we notify the Austrian Data Protection Authority and, when required, affected individuals without undue delay, describing impact and mitigation.

Your GDPR rights

You may request access, rectification, erasure, restriction, data portability (for automated processing under contract or consent), and object to certain processing based on legitimate interests. You may lodge a complaint with the Österreichische Datenschutzbehörde. We verify identity proportionately before fulfilling requests and respond within statutory timelines, extendable where complexity warrants with an explanation.

Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects concerning you based solely on automated processing.

Children

The website and Nuvia offers target adults. We do not knowingly process children’s data without appropriate authority. Parents or guardians may contact us to delete information believed to have been submitted by a minor without consent.

Online advertising and measurement

If we use paid campaigns (for example Google Ads in Austria or other EU markets), we align ad creative and keywords with this website’s content, disclose the commercial operator clearly (see the Legal disclosure (Impressum) and site footer), and avoid prohibited health claims in copy and on the landing page. Conversion or remarketing technologies load only when you accept marketing cookies in our banner, except where a provider relies on strictly necessary exemptions we document in the Cookie Policy.

Where Google or similar vendors process personal data as processors, we select settings and agreements that support GDPR and, where relevant, standard contractual clauses for transfers. You may withdraw marketing consent at any time without affecting the lawfulness of earlier processing; ad platforms may require a separate cookie or device reset to clear legacy identifiers.

Policy updates

We revise this document when processing activities, laws, or guidance change. Material updates appear with a refreshed live date at the top once you reload the page. archived PDF snapshots may be supplied for enterprise customers under contract.

Contact

Privacy enquiries: ask@phaltronshor.world · Favoritenstraße 86, 1100 Wien, Austria. For broader legal matters, see the Legal disclosure (Impressum), Terms of Service, and Cookie Policy.