Khivaronquebl

Privacy Policy

Effective date: March 20, 2026  |  Controller: Khivaronquebl (“we,” “us,” “our”)

Registered / correspondence address: 122 W 146th St, New York, NY 10039, United States
Website: https://khivaronquebl.world/
Email (privacy requests): contact@khivaronquebl.world
Telephone: +1 (212) 675-3900

This Privacy Policy explains how we collect, use, disclose, retain, and secure personal information when you visit our English-language website promoting the VitaCardex dietary supplement, submit forms, communicate with us, or interact with optional analytics or marketing technologies when deployed on the production host. It is designed to align with the EU General Data Protection Regulation (“GDPR”), the UK GDPR as applicable, and common U.S. state privacy frameworks (including notice, access, deletion, opt-out of sale/sharing where defined, and appeal pathways) without replacing jurisdiction-specific advice.

1. Scope and roles

This Policy applies to personal data processed in connection with the consumer-facing site and related sales assistance operated under the trade identity Khivaronquebl. Where we determine why and how data is processed, we act as a controller under the GDPR. Where we process personal data strictly on behalf of another party under documented instructions, we act as a processor and contractual clauses govern that relationship.

The VitaCardex product information is informational and commercial in nature. Nothing in this Policy constitutes medical advice. If you believe a health emergency exists, contact local emergency services.

2. Categories of individuals covered

3. Sources of personal data

4. Categories of personal data we may process

Depending on how you interact with us, we may process:

5. Purposes and GDPR legal bases

We process personal data only for documented purposes:

When we rely on legitimate interests, we weigh your rights against our operational needs and offer opt-out pathways where appropriate. You may obtain the balancing test summary by emailing contact@khivaronquebl.world.

6. U.S. state privacy disclosures

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Montana, Oregon, and other states with comprehensive privacy statutes may have rights to confirm processing, access, delete, correct, obtain portability of certain categories, opt out of sale or sharing for cross-context behavioral advertising, limit use of sensitive data, and appeal denials. We do not sell personal information for money. We may “share” data with ad partners only if you activate marketing cookies. Submit requests via the email above with subject line “Privacy Request” and verify identity as instructed. Authorized agents must supply signed authorization plus proof of agency. We will not discriminate for exercising rights.

7. International transfers

Our business address is in the United States. If you access the site from the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to the U.S. and other countries with adequacy decisions or on the basis of Standard Contractual Clauses (EU Commission 2021 versions), supplementary technical measures (encryption in transit; access logging), and transfer impact assessments where required.

8. Retention

At the end of retention, we delete or irreversibly anonymize records using secure wiping procedures on operational systems and instruct subprocessors to do the same.

9. Security measures

We implement administrative, technical, and physical safeguards appropriate to the risk, including TLS 1.2+ for data in transit on production endpoints, role-based access controls, multifactor authentication for administrative consoles, least-privilege database credentials, change management logging, vendor security reviews, employee confidentiality agreements, and periodic restoration drills. No method is perfectly secure; notify us promptly at contact@khivaronquebl.world if you suspect unauthorized account use.

10. Disclosure categories

We disclose personal data to:

11. Automated decision-making

We do not perform GDPR Art. 22 profiling that produces legal or similarly significant effects solely by automated means. Payment risk scoring may recommend manual review but does not deny service without human involvement for regulated reasons.

12. Your GDPR rights

If GDPR applies, you may request access, rectification, erasure, restriction, objection, portability, and human review of automated outcomes. You may lodge a complaint with your supervisory authority; however, we encourage preliminary dialogue with us. Response timelines are generally within one month, extendable where complexity warrants with notice.

13. Children

VitaCardex marketing and sales are directed to adults. We do not knowingly collect personal information from children under sixteen (or thirteen where U.S. COPPA standards apply). Parents who believe a minor submitted data should email us for prompt deletion.

14. Third-party links

Our site may reference regulatory or scientific resources. Those destinations maintain independent policies; review them before providing personal data.

15. Changes to this Policy

We post updates on this page with a revised effective date. Material changes affecting previously collected data will be communicated through prominent notices or email when feasible.

16. Records of processing activities

Internally we maintain GDPR Article 30 aligned inventories describing processing purposes, categories of data subjects, categories of personal data, categories of recipients, cross-border transfer tools, envisaged retention periods, and a summary of security measures for VitaCardex order handling, website analytics where enabled, and corporate administration. Supervisory authorities may request excerpts during audits, subject to nondisclosure agreements where third-party commercial secrets are intermingled.

17. Data protection impact assessments

When we contemplate technologies that involve systematic monitoring of publicly accessible areas, large-scale processing of special categories, or matching unrelated datasets for profiling, we document a data protection impact assessment before launch. Mitigations may include pseudonymisation gateways, shortened retention, role segregation, and heightened consent wording. We consult the relevant supervisory authority when residual high risk cannot be reduced.

18. Personal data breach response

We maintain a cross-functional incident response roster covering IT operations, legal counsel, communications, and vendor management. Events are classified by severity with timers for forensic containment, evidence preservation, regulator notification within seventy-two hours when an incident is reportable under GDPR Article 33, and individual notice under Article 34 when likely to produce elevated risk to rights and freedoms. Logs of decisions, remedial patches, and consumer outreach templates are archived for six years to demonstrate accountability.

19. Exercising portability, restriction, and objection

To fulfill portability requests, we export structured order histories, profile contact fields, and marketing preference history in machine-readable JSON or CSV attachments where volume is proportionate. Restriction requests require us to quarantine contested records from automated campaigns while disputes resolve. Objections to legitimate-interest processing prompt a human review balancing test; when we cannot honor an objection without undermining fraud prevention, we explain that rationale in writing.

20. Contact and supervisory cooperation

Privacy inquiries, data subject requests, and regulatory correspondence may be directed to contact@khivaronquebl.world or by postal mail to the address listed above. Include sufficient detail to locate records and describe the right you wish to exercise. We verify identity before releasing sensitive extracts.

For EU/UK residents, you may contact your local data protection authority; we will cooperate in good faith with lawful investigations concerning VitaCardex-related processing.