Privacy Policy
Controller: Chraxellaz, trading under the brand Chraxellaz, with its principal contact address at Marnixstraat 168, 1016 TG Amsterdam, Netherlands.
Contact (privacy): community@chraxellaz.world · Phone: +31 20 623 1051
Last updated: 24 March 2026 · Language: English · Primary audience: visitors and customers in the Netherlands and the wider European Economic Area.
1. Purpose and scope of this Policy
This Privacy Policy explains how Chraxellaz (“we”, “us”, “our”) processes personal data when you visit (the “Website”), create an order request, send a message through our forms, subscribe to optional marketing where available, or otherwise interact with our services related to the AlphaVirex food supplement and adjacent logistics.
The Policy is designed to meet the transparency requirements of Regulation (EU) 2016/679 (“GDPR”), the Dutch Implementation Act (Uitvoeringswet AVG), and, where relevant, the UK GDPR and the Swiss Federal Act on Data Protection for visitors from those jurisdictions. It also reflects common expectations under the ePrivacy Directive as implemented in the Netherlands regarding electronic communications data.
Food supplement information on the Website is not medical advice. Personal data you share for product questions may be combined with order data only where this Policy allows and where a clear purpose exists.
2. Categories of personal data we process
Depending on your interaction, we may process the following categories:
- Identity and contact data: full name, email address, optional telephone number, delivery address when you provide it, company name if supplied.
- Transaction data: product selection (such as AlphaVirex), quantity, price tier, payment references generated by payment service providers, shipping status updates, return requests.
- Communication data: free-text messages, consent records, customer service tickets, call logs if you phone us.
- Technical data: IP address, approximate location derived from IP, browser type, device category, operating system, referring URL, pages viewed, timestamps.
- Cookie and similar technologies data: consent choices, session identifiers, analytics identifiers if you opt in, marketing pixels if you opt in.
- Fraud and security data: device fingerprints or risk scores produced by anti-fraud tools we may deploy.
- Special categories: we do not aim to collect health data. If you voluntarily disclose health information in a message, we will restrict access and delete it when retention is no longer necessary unless a law obliges us to keep it.
3. Sources of personal data
We obtain personal data directly from you when you complete forms, email us, call us, or place an order. We may receive updates from payment service providers, carriers, and warehouse partners. Technical data are collected automatically through server logs and, when you consent, through analytics or marketing scripts described in our Cookie Policy.
4. Purposes, legal bases, and retention
The table below summarises typical processing. Retention periods are default maximums; we delete or anonymise data earlier when no longer needed.
| Purpose | Legal basis (GDPR) | Typical retention |
|---|---|---|
| Delivering products, communicating about shipments, managing returns | Performance of a contract (Art. 6(1)(b)); legal obligation for invoicing (Art. 6(1)(c)) | Order records 7 years after the tax year in line with Dutch bookkeeping rules; operational messages up to 24 months unless a dispute extends this |
| Responding to enquiries submitted through the Website | Legitimate interests in operating customer service (Art. 6(1)(f)); consent where you tick a GDPR box (Art. 6(1)(a)) | 18 months after the last message unless linked to an order file |
| Website security, abuse prevention, debugging | Legitimate interests (Art. 6(1)(f)) | Server logs rotated between 30 and 90 days; security incident archives up to 24 months |
| Analytics on aggregated traffic after opt-in consent | Consent (Art. 6(1)(a)) | According to vendor settings, typically 14–26 months; you may withdraw consent anytime |
| Marketing communications after explicit opt-in | Consent (Art. 6(1)(a)) | Until you unsubscribe, then suppression lists kept 5 years to prove compliance |
| Compliance with court orders, regulators, or law enforcement | Legal obligation (Art. 6(1)(c)) | As required by the specific procedure |
| Cookie and preference storage | Consent for non-essential cookies; legitimate interest or consent for strictly necessary storage (Art. 6(1)(f)/(a)) | 12 months for consent strings; session cookies expire at browser close |
When we rely on legitimate interests, we balance our interests against your rights. You may object to processing based on legitimate interests as described in Section 9.
5. Recipients and processors
We share personal data with service providers under written agreements requiring GDPR-compliant safeguards:
- Hosting providers and content delivery networks storing Website files and databases within the EEA or the United States with Standard Contractual Clauses.
- Email delivery services transmitting transactional and support messages.
- Payment institutions processing card or bank payments; they act as independent controllers for their part of the flow.
- Logistics partners delivering parcels and providing tracking portals.
- Customer support tooling that stores ticket threads.
- Professional advisers such as accountants, auditors, and lawyers bound by confidentiality.
We do not sell personal data. Any future transfer of business assets will be governed by confidentiality and continuity commitments toward data subjects.
6. International transfers
Where data leave the EEA, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses, supplemented measures where required by case law, or adequacy decisions. Copies of relevant transfer mechanisms are available upon request.
7. Security measures
We apply administrative, technical, and organisational measures including TLS encryption for data in transit, role-based access controls, pseudonymisation of analytics identifiers, backups stored in encrypted volumes, periodic access reviews, and staff confidentiality training. No online transmission is completely risk-free; please use strong passwords and protect your devices.
8. Automated decision-making and profiling
We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Marketing personalisation, if used, involves limited profiling with consent and you may opt out without detriment to core shopping features.
9. Your rights
Under the GDPR you may request:
- Access to the personal data we hold about you.
- Rectification of inaccurate data.
- Erasure (“right to be forgotten”) where applicable law allows.
- Restriction of processing in specific circumstances.
- Data portability for data you provided and that we process by automated means under contract or consent.
- Objection to processing based on legitimate interests or direct marketing.
- Withdrawal of consent at any time for processing that requires consent, without affecting the lawfulness of processing before withdrawal.
To exercise rights, email community@chraxellaz.world with a description of your request. We may need to verify your identity. You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at https://www.autoriteitpersoonsgegevens.nl/ or your local supervisory authority if you reside elsewhere in the EEA.
10. Children
Our services target adults purchasing food supplements. We do not knowingly collect data from children under 16. If you believe a minor provided data, contact us and we will delete it promptly.
11. Third-party websites
The Website may reference external resources. Their privacy practices are governed solely by their own policies. Review them before submitting personal data.
12. Changes
We update this Policy when our processing or legal obligations change. Material changes will be highlighted on the Website or communicated where appropriate. Continued use after the effective date constitutes acknowledgement unless we require fresh consent.
13. Contact and supervisory authority
Postal address: Chraxellaz, Marnixstraat 168, 1016 TG Amsterdam, Netherlands.
Email: community@chraxellaz.world
Phone: +31 20 623 1051
For regulatory correspondence you may also contact the Autoriteit Persoonsgegevens using the contact channels published on their official website.