General Data Protection Regulation (GDPR) Compliance

Last Updated: December 12, 2025

Kynoravexi ("we", "us", or "our") is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This policy explains how we collect, use, store, and protect your personal data when you use our services at kynoravexi.com.

1. Data Controller Information

Kynoravexi is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us at info@kynoravexi.com.

2. Legal Basis for Processing Personal Data

We process your personal data under the following legal bases:

Consent: You have given clear consent for us to process your personal data for specific purposes.

Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your rights and freedoms.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Identity Data

This includes your name, username, title, and other identifiers you provide when creating an account or using our services.

3.2 Contact Data

This includes your email address, telephone number, billing address, and delivery address where applicable.

3.3 Technical Data

This includes your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our services.

3.4 Usage Data

This includes information about how you use our website, products, and services, including page views, navigation paths, and engagement metrics.

3.5 Marketing and Communications Data

This includes your preferences for receiving marketing communications from us and your communication preferences.

4. How We Collect Personal Data

We collect personal data through the following methods:

Direct Interactions: You provide data when you register for an account, subscribe to our services, request information, fill in forms, or correspond with us by email or other means.

Automated Technologies: As you interact with our website, we automatically collect technical data about your equipment, browsing actions, and patterns using cookies and similar tracking technologies.

Third Parties: We may receive personal data from analytics providers, advertising networks, and search information providers.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

Service Delivery: To provide, maintain, and improve our services, create and manage your account, and process transactions.

Communication: To communicate with you about service updates, respond to your inquiries, provide customer support, and send administrative information.

Marketing: To send you promotional communications about our products and services where you have consented or where we have a legitimate interest to do so.

Analytics and Improvement: To analyze usage patterns, improve our website functionality, and develop new features and services.

Security: To protect our services, detect and prevent fraud, ensure network and information security, and comply with legal obligations.

Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

6.1 Service Providers

We engage third-party companies and individuals to perform functions on our behalf, such as hosting services, data analysis, payment processing, email delivery, and customer service. These service providers have access to personal data only to perform specific tasks and are obligated to protect your information.

6.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your personal data.

6.3 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

6.4 Protection of Rights

We may disclose personal data to protect and defend our rights, property, or safety, or that of our users or the public, as required or permitted by law.

7. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country.

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses to protect data transferred outside the EEA.

Adequacy Decisions: We transfer data to countries that have been deemed by the European Commission to provide an adequate level of data protection.

Binding Corporate Rules: Where applicable, we rely on approved Binding Corporate Rules for intra-group transfers.

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

8.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

8.3 Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent.

8.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

8.6 Right to Object

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes at any time.

8.7 Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement of data protection law occurred.

9. Exercising Your Rights

To exercise any of your rights under the GDPR, please contact us at info@kynoravexi.com. We will respond to your request within one month, although this period may be extended by two additional months where necessary, taking into account the complexity and number of requests.

We may need to verify your identity before processing your request to ensure the security of your personal data. We will not charge a fee for processing your request unless it is manifestly unfounded, excessive, or repetitive.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

The retention period varies depending on the type of data and the purpose for which it is processed:

Account Data: We retain account information for as long as your account remains active or as needed to provide you with services.

Transaction Records: We retain transaction and billing records for the period required by applicable tax and accounting laws.

Marketing Data: We retain marketing preferences and communication records until you opt out or withdraw consent.

Technical Data: We retain logs and technical data for security and operational purposes for a limited period.

When determining retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

Encryption: We use encryption to protect data in transit and at rest where appropriate.

Access Controls: We restrict access to personal data to employees, contractors, and agents who need to know that information to process it for us and who are subject to strict contractual confidentiality obligations.

Security Testing: We regularly test, assess, and evaluate the effectiveness of our technical and organizational measures.

Incident Response: We maintain procedures to detect, report, and respond to data breaches in accordance with GDPR requirements.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but will notify you and the relevant supervisory authority of any data breach where required by law.

12. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making that produces legal effects or similarly significantly affects you, except where:

The decision is necessary for entering into or performing a contract with you.

The decision is authorized by applicable law and appropriate safeguards are in place.

You have given your explicit consent.

If we engage in profiling or automated decision-making that significantly affects you, we will inform you and provide information about the logic involved, the significance, and the envisaged consequences. You have the right to request human intervention, express your point of view, and contest the decision.

13. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@kynoravexi.com.

14. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our services. Cookies are small data files stored on your device that help us improve our services and your experience.

You can control cookies through your browser settings and other tools. However, disabling cookies may affect the functionality of our services. For detailed information about the cookies we use and your choices, please refer to our Cookie Policy.

15. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our website.

16. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy.

If we make material changes that significantly affect your rights, we will provide prominent notice through our website or by email before the changes take effect. Your continued use of our services after the changes become effective constitutes your acceptance of the revised policy.

17. Contact Information

If you have any questions, concerns, or requests regarding this GDPR Compliance Policy or our data processing practices, please contact us:

Email: info@kynoravexi.com

Website: kynoravexi.com

We are committed to working with you to resolve any complaints or concerns you may have about our processing of your personal data. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

18. Data Protection Officer

If required by applicable law, we have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and implementation. You may contact our DPO regarding any questions or concerns about our data processing activities at info@kynoravexi.com.