Privacy Policy | GDPR Data Handling

Who we are

The data controller responsible for processing described here is Squixelloukhod.world, with a business address at Kärntner Straße 37, 1010 Wien, Austria. The primary contact channel for privacy matters is ask@squixelloukhod.world. We recommend including your full name, country of residence, and a concise description of your request so that we can verify identity proportionately. If you arrive via online advertising (for example Google Ads in Austria), the same controller and this policy apply; marketing measurement tags load only when you allow the relevant optional cookie category.

We do not appoint a statutory Data Protection Officer for every jurisdiction by default; however, if your inquiry references Austrian supervisory procedures we will route it accordingly and provide timelines in line with Art. 12 GDPR.

Categories of personal data

Depending on how you interact with us, we may process one or more of the following categories:

Identity and contact data such as your name, email address, phone number if you volunteer it, and postal details supplied for shipping or invoicing.
Communications content inside free-text fields, customer support tickets, and ordinary business correspondence.
Transactional records referencing product interest, order identifiers, and fulfillment metadata where purchases occur.
Technical and usage data including IP addresses, approximate location inferred at country or city level, browser capabilities, device identifiers, referring URLs, timestamps, and diagnostic logs that keep the service reliable.
Cookie identifiers and similar technologies where consent applies, as further described in the Cookie Policy.

We avoid collecting special categories of data (for example, detailed health diagnostics) through marketing forms. If you voluntarily disclose sensitive information in an email, we will limit access and delete it when no longer needed for the request.

Purposes and legal bases

Customer response Handling questions about Virel, documentation, and purchase logistics. Legal bases: Art. 6(1)(b) steps prior to contract and Art. 6(1)(f) legitimate interests in professional communication.

Website operation Delivering pages securely, preventing abuse, troubleshooting errors, and enforcing acceptable use. Legal basis: Art. 6(1)(f) legitimate interests balanced against user rights.

Legal compliance Meeting tax, consumer, court, or regulatory requests where applicable. Legal basis: Art. 6(1)(c) legal obligation.

Optional analytics or marketing Only when you enable those categories through our cookie layer. Legal basis: Art. 6(1)(a) consent, which you may withdraw without affecting processing that already occurred lawfully.

Recipients and processors

We share personal data only where necessary, with written contracts that satisfy GDPR Article 28 when processors are involved. Typical categories include hosting providers, transactional email infrastructure, payment service providers, logistics partners, customer support tooling, and professional advisers bound by confidentiality.

Processors may only act on documented instructions and must assist us with security, breach notification, and deletion obligations. If we undergo corporate restructuring we will inform you when required and continue to honor this policy’s substance unless a successor provides equivalent notice.

International transfers

Where data leaves the European Economic Area, we rely on adequacy decisions where available or implement Standard Contractual Clauses, supplementary measures when risk warrants them, and transfer impact assessments consistent with EU guidance. Copies of safeguards may be requested for legitimate due diligence, subject to confidentiality constraints.

Retention schedules

Marketing inquiries and routine email threads are typically retained up to twenty-four months unless a longer period is necessary to assert or defend legal claims.
Financial and tax-related records may be retained for up to seven years where Austrian commercial law requires.
Security logs rotate on a rolling thirty- to ninety-day basis unless isolated for incident review.
Cookie-based identifiers follow the retention windows disclosed in the Cookie Policy and vendor documentation.

At the end of the retention period we erase or irreversibly anonymize data where no overriding duty compels longer storage.

Security measures

We implement a proportionate security program that includes TLS for data in transit, hardened configuration baselines for servers, administrative access controls with logging, vulnerability monitoring, backups with encryption where appropriate, and documented incident playbooks. No method of electronic storage is perfectly secure; we nevertheless assess risk regularly and adjust controls as the threat landscape evolves.

Your rights

Subject to applicable law, you may request access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. Where we rely on consent, withdrawal is available at any time through the cookie interface or by written notice. You may lodge a complaint with Österreichische Datenschutzbehörde or another EU supervisory authority.

To protect individuals from fraudulent erasure or disclosure requests, we may ask for reasonable evidence of identity and may refuse manifestly unfounded or excessive requests, as permitted by Art. 12(5) GDPR.

Children

The Virel site is directed at adults capable of entering binding agreements. We do not knowingly collect personal data from children without appropriate parental authority. If you believe a minor has submitted information, contact us so we can delete it promptly where feasible.

Automation and profiling

We do not use fully automated decisions that produce legal or similarly significant effects solely from website browsing under Article 22 GDPR. Marketing segmentation, if introduced with consent, would be described in advance with clear opt-out paths.

Updates to this policy

Material revisions will be announced on this page with an updated “Last updated” indicator. Where consent changes are implicated, we will seek fresh consent before expanding optional processing. Continued use after non-material edits constitutes acceptance of clarified wording only to the extent permitted by law.

Contact for privacy requests

Email ask@squixelloukhod.world with the subject line “GDPR request” and sufficient context. Postal correspondence may be sent to Kärntner Straße 37, 1010 Wien, Austria. We aim to respond within one month, extendable where complexity warrants under Art. 12(3) GDPR.