Privacy Policy

Last updated: 5 March 2026

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website and our services is:

• Name: Lyxtherofriz
• Address: Pasilan asema-aukio 1 Mall of Tripla, 4. kerros, 00520 Helsinki, Finland
• Email: team@lyxtherofriz.world
• Phone: +35898689240

For any questions regarding this Privacy Policy or the processing of your personal data, or to exercise your rights, please contact us using the details above.

2. Scope and applicable law

This Privacy Policy applies to the website lyxtherofriz.world and to all services offered through it, including the ordering of StabiliVita and any other interaction with us. It describes how we collect, use, store, and protect your personal data.

Our processing of personal data is governed by:

• Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR)
• Finnish data protection legislation, including the Finnish Data Protection Act (1050/2018)
• Applicable Finnish and European laws on electronic communications and consumer protection

If you are located outside the European Economic Area (EEA), please note that we are based in Finland and that your data will be processed in the EEA. By using our website or services you acknowledge such transfer and processing.

3. Personal data we collect and purposes of processing

3.1 Data you provide directly

When you place an order, contact us, or use our contact or order forms, we may collect:

• Name – to identify you and fulfil your order and for communication.
• Email address – to send order confirmations, shipping information, and to respond to your enquiries.
• Phone number – to contact you regarding your order or enquiries when necessary.
• Message content – any message or comment you send us, to process your request and improve our service.

Legal basis: Performance of a contract (order fulfilment), your consent where applicable, and our legitimate interest in responding to enquiries and improving our services.

3.2 Data collected automatically

When you visit our website, we may automatically collect technical data such as:

• IP address
• Browser type and version
• Operating system
• Date and time of access
• Pages visited and referring URL

This data is used to ensure the security and proper functioning of the website, to analyse usage (where you have consented to analytics cookies), and to comply with legal obligations. For more detail on cookies and similar technologies, see our Cookie Policy.

Legal basis: Legitimate interest (security, operation of the website), consent (analytics), and legal obligation where applicable.

3.3 Data from third parties

We may receive limited data from payment or logistics partners strictly necessary to process your order (e.g. delivery address if you provide it to them). We process such data only in accordance with our contract with you and with the partner’s privacy policy.

4. How we use your data

We use your personal data only for the following purposes:

• Processing and fulfilling your orders and sending order and shipping confirmations.
• Communicating with you about your order or your enquiries.
• Managing customer relationships and providing customer support.
• Improving our website, services, and user experience (e.g. via analytics, where you have consented).
• Complying with legal obligations (e.g. accounting, tax, consumer law).
• Establishing, exercising, or defending legal claims where necessary.

We do not use your data for automated decision-making or profiling that produces legal effects or similarly significantly affects you.

5. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy or as required by law.

• Order and customer data: For the duration of the contractual relationship and thereafter for a period required by Finnish law (e.g. accounting and tax: typically 6–10 years from the end of the financial year).
• Contact and enquiry data: Until your request is resolved and for a reasonable period thereafter for follow-up and quality purposes (e.g. up to 2 years), unless a longer period is required by law.
• Technical and access logs: As long as necessary for security and troubleshooting, generally not more than 12 months, unless a longer period is required for legal or security reasons.
• Marketing and analytics (where consent applies): Until you withdraw consent or for the period stated in our Cookie Policy.

After the retention period, your data is securely deleted or anonymised so that it can no longer identify you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, and to ensure a level of security appropriate to the risk. These measures include:

• Use of HTTPS and encryption (e.g. TLS) for data transmitted between your device and our servers.
• Access controls so that only authorised personnel can access personal data on a need-to-know basis.
• Secure storage of data and regular review of our security practices.
• Where we use service providers (e.g. hosting, payment, shipping), we choose providers that offer adequate guarantees and, where required, conclude data processing agreements in line with GDPR Article 28.

Despite our efforts, no method of transmission or storage over the Internet is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

7. Sharing and disclosure of data

We may share your personal data only in the following circumstances:

• Service providers: With processors that assist us in operating the website, processing orders, payments, or deliveries (e.g. hosting, payment gateways, logistics). Such processors act only on our instructions and are bound by contract to protect your data.
• Legal obligation: When required by applicable law, court order, or authority (e.g. tax, police).
• Legal rights: When necessary to establish, exercise, or defend our legal rights or to protect the rights and safety of our users or others.

We do not sell your personal data to third parties. We do not transfer your data outside the EEA unless we have put in place appropriate safeguards (e.g. standard contractual clauses approved by the European Commission) and informed you where required by law.

8. Your rights under the GDPR

Under the GDPR and Finnish law, you have the following rights in relation to your personal data:

• Right of access (Article 15): You may request a copy of the personal data we hold about you and information on how we process it.
• Right to rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Article 17): You may request deletion of your personal data where the legal grounds for processing no longer apply (e.g. you withdraw consent, data are no longer necessary, or you object and there are no overriding grounds).
• Right to restriction of processing (Article 18): You may request that we restrict processing in certain situations (e.g. while we verify accuracy or while a dispute is ongoing).
• Right to data portability (Article 20): Where processing is based on consent or contract and is carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format or to have it transmitted to another controller where technically feasible.
• Right to object (Article 21): You may object to processing based on legitimate interests or to processing for direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us using the contact details in section 1. We will respond without undue delay and in any event within one month, subject to possible extension where permitted by law. We may ask you to verify your identity.

You also have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): tietosuoja.fi. If you are in another EEA country, you may lodge a complaint with the supervisory authority of your place of residence or work.

9. Children

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete such data.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the website. The updated version will be posted on this page with a new "Last updated" date. We encourage you to review this policy periodically. Where changes are material, we may notify you by email or by a notice on the website where appropriate.

11. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact us at:

Lyxtherofriz
Pasilan asema-aukio 1 Mall of Tripla, 4. kerros, 00520 Helsinki, Finland
Email: team@lyxtherofriz.world
Phone: +35898689240