Data protection

ARTICLE 1 – COLLECTION OF PERSONAL INFORMATION

When you make a purchase in our online store, we collect certain personal information that you provide to us as part of the purchase process, including your name, address, and email address.

Even simply visiting our store automatically detects your device's IP address. This helps us learn more about your browser and operating system.

If you expressly agree, we may inform you by email about new products, offers or general updates to our shop.

SECTION 2 – YOUR CONSENT

How do we obtain your consent?

If you provide us with personal information, for example for payment processing, when ordering, for deliveries or returns, we will consider this as consent to use this data exclusively for the respective purpose.

If we would like to use your data for other purposes – for example, marketing activities – we will obtain your express consent beforehand or give you the opportunity to refuse.

How do you withdraw your consent?

If you decide to withdraw your consent, you can contact us at any time at: info@xelvanixo.com .

ARTICLE 3 – SHARING OF INFORMATION

Your data will only be disclosed if required by law or if you violate our terms and conditions.

ARTICLE 4 – SHOPIFY AS A PLATFORM

Our online store uses Shopify Inc. as our e-commerce platform. Your data is stored by Shopify—either in its data storage or in one of its databases. These databases are located on a secure server protected by a firewall.

Regarding payments: If your payment is made through a direct payment gateway, Shopify stores your credit card information encrypted in accordance with PCI-DSS guidelines. This information is retained only for as long as necessary to process the transaction. Once the purchase is complete, this data is deleted.

All direct payment providers adhere to the PCI-DSS standards issued by the PCI Security Standards Council, a collaboration of major credit card companies such as Visa, MasterCard, American Express, and Discover. The goal is to ensure the highest security standards for handling card data.

Shopify's full terms of service and privacy policy can be found directly on their website.

ARTICLE 5 – EXTERNAL SERVICE PROVIDERS

As a rule, third parties only access your data to the extent necessary for their respective service.

However, certain providers – such as payment processors – have their own privacy policies for the data we share as part of a transaction. We therefore recommend that you carefully read the respective privacy policies of these providers.

Some of these service providers may be located in countries other than yours or ours. In such cases, your data will be subject to the laws of that jurisdiction. For example, if a provider is based in the United States, data may be subject to disclosure under, for example, the Patriot Act.

If you leave our website or follow an external link, our policies no longer apply; instead, those of the target site apply.

Regarding links, clicking on such a link may redirect you to a site that is no longer under our control. We recommend that you always inform yourself about the privacy practices of such third parties.

Regarding marketing messages: If you provide us with your telephone number, for example, as part of a purchase or subscription, you thereby consent to send you SMS notifications about orders or marketing campaigns. The number of these messages is limited. You can unsubscribe at any time using the link in the message. For analysis purposes, we may forward telephone numbers to our technical providers, whereby only evaluation data such as delivery status or link clicks will be collected.

SECTION 6 – DATA SECURITY

To protect your personal information, we use proven security measures and follow established industry standards to prevent misuse, loss, unauthorized access, or tampering.

Credit card information is encrypted using SSL technology and stored using AES-256 encryption. Despite all security measures, no system is 100% secure. However, we comply with all PCI-DSS requirements and implement additional safeguards that are standard in the industry.

COOKIES

Below you will find an overview of the cookies we use so that you can decide for yourself whether you wish to accept them.

_session_id – a unique ID that Shopify uses to store session information, such as referrers or landing pages
_shopify_visit – no stored data, expires 30 minutes after the last access, used for internal statistics
_shopify_uniq – does not store any data, expires at the end of the day, counts customer visits to the shop
cart – saves shopping cart contents, is valid for two weeks
_secure_session_id – unique session ID
storefront_digest – determines whether a visitor has access to the password-protected store

ARTICLE 7 – AGE RESTRICTION

By using this website, you represent that you are of legal age in your state or province of residence. If not, you represent that you are a parent or legal guardian of such minor.

SECTION 8 – CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this privacy policy at any time. Please check it regularly for updates. Changes will take effect immediately as soon as they are published. If there are significant changes, we will notify you here so that you know which data is affected and how it is used.

If our company is sold or merged with another, your information may be transferred to the new owners so that we can continue to operate as usual.

CONTACT

If you would like to access, change, or delete your personal data, or have any questions about this privacy policy, please contact our data protection officer directly at the contact address provided.