Home/Legal

Privacy Policy

Effective date: 1 January 2024 · GDPR compliant

Data controller: [Legal entity — pending] · hello@decivax.com · Last updated: January 2024

1. Who we are

[Legal entity — pending] ("we", "us", "our") is the data controller responsible for personal data collected through this website. We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national privacy laws. Contact: hello@decivax.com.

2. Data we collect

We collect the following categories of personal data:

  • Identity data: name, email address, postal address, phone number (provided when placing an order or contacting us).
  • Transaction data: details of products ordered, payment reference (we do not store full card numbers), delivery information.
  • Communication data: content of emails, contact form submissions, and support requests.
  • Technical data: IP address, browser type, operating system, pages visited, referral source (collected via server logs and, if applicable, analytics tools).
  • Preference data: language preference stored in localStorage (sig_lang), shopping cart contents stored in localStorage (sig_cart). These are stored locally on your device and are not transmitted to us.

3. How and why we use your data

We process personal data on the following legal bases:

  • Contract performance: to process and fulfil orders, handle returns, and provide after-sales support.
  • Legal obligation: to comply with tax, accounting, and consumer protection law.
  • Legitimate interest: to operate and improve this website, prevent fraud, and respond to enquiries.
  • Consent: to send marketing communications, where you have opted in. You may withdraw consent at any time by emailing hello@decivax.com.

4. Data sharing

We do not sell personal data. We share data only with:

  • Payment processors, solely to complete financial transactions.
  • Shipping and logistics providers, solely to arrange delivery.
  • IT service providers who host or maintain our systems, bound by data processing agreements.
  • Law enforcement or regulatory authorities, when required by law.

All third-party processors are contractually required to handle your data only as instructed and with appropriate security measures.

5. International transfers

Personal data is processed and stored within the European Economic Area (EEA). If any transfer outside the EEA becomes necessary, we will ensure it is protected by appropriate safeguards (e.g. Standard Contractual Clauses approved by the European Commission).

6. Data retention

We retain personal data for as long as necessary to fulfil the purposes described above, or as required by law. Specifically:

  • Order and transaction data: 7 years (accounting obligations).
  • Support correspondence: 3 years after resolution.
  • Marketing consent records: until consent is withdrawn, plus 1 year.
  • Technical logs: 90 days.

7. Cookies and localStorage

This website uses browser localStorage (not cookies) to store your language preference and shopping cart. These values remain on your device and are not sent to our servers. We do not use advertising cookies or third-party tracking cookies. If we implement analytics in the future, we will update this policy and seek consent where required.

8. Your rights

Under GDPR you have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Rectification: request correction of inaccurate data.
  • Erasure: request deletion of your data, subject to legal obligations.
  • Restriction: request that we restrict processing while a dispute is resolved.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdrawal of consent: withdraw consent for marketing at any time.

To exercise any right, contact hello@decivax.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. These include encrypted connections (HTTPS), access controls, and regular security reviews. No transmission over the internet is 100% secure; we cannot guarantee absolute security but we take our obligations seriously.

10. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. For significant changes affecting your rights, we will notify you by email if we hold your address. Continued use of this website after a policy update constitutes acceptance of the revised policy.

11. Contact the data controller

[Legal entity — pending] · [address — pending] · hello@decivax.com

For data protection enquiries, please use the subject line "Data protection enquiry" when emailing us.