Scope and audience
This policy applies to every digital touchpoint operated under the domain styxreonvulil.world, including marketing microsites, landing funnels, downloadable brochures, and embedded Rivano inquiry forms used from organic or paid traffic (such as Google Ads in the Netherlands). Offline collections that happen at trade fairs follow supplemental signage and card-based notices.
Where national implementations differ—such as sector-specific health communication rules—we still honour the stricter transparency requirement so you are never surprised about unexpected data use.
Plain summary. We only collect what we need to answer questions, deliver supplements, satisfy bookkeeping duties, and improve navigation clarity. Marketing extras require opt-in consent and can be revoked without penalty to your service experience.
Controller and representation
The controller responsible for Rivano-related processing is Styxreonvulil.world, with its primary studio at Plantage Kerklaan 36, 1018 CX Amsterdam, Netherlands. You may direct GDPR requests, complaints, and statutory communications to chat@styxreonvulil.world.
We currently do not appoint a Data Protection Officer under Article 37 GDPR because our core processing activities do not meet the high-risk thresholds requiring mandatory designation. Nonetheless, privacy specialists are embedded within operations and consult external counsel for material changes.
Categories of personal data
| Category | Examples | Typical source |
|---|---|---|
| Identity | Full name, company role | Web forms |
| Contact | Email, phone, invoice address | Checkout or CRM |
| Transaction | Order line items, payment references | Payment service providers |
| Technical | IP address, device type, browser language | Server logs, tags |
| Usage | Scroll depth, click events | Analytics SDKs with consent |
| Support content | Free-text tickets | Email or chat transcripts |
We do not seek special category data. If you voluntarily share health context, we minimise retention and discourage including diagnosis-grade detail unless a separate contract mandates it.
Purposes and lawful bases
- Contract performance (Art. 6(1)(b)): processing inquiries that may convert to purchases, registering warranties, and linking you to shipment tracking identifiers.
- Legitimate interests (Art. 6(1)(f)): fraud screening, securing Rivano ecommerce endpoints, measuring aggregate UX friction, and training staff on transcript redaction. Each interest is balanced against your expectations and you may object where applicable.
- Consent (Art. 6(1)(a)): marketing email series, non-essential cookies, participation in co-branded studies, and sharing limited pseudonymised statistics with research partners.
- Legal obligation (Art. 6(1)(c)): VAT invoicing, product traceability for food law, and responding to lawful authority requests after careful validity checks.
Recipients and processors
Our infrastructure spans EU-based hosting, encrypted email relay, customer support desks, and courier APIs. Each partner signs Article 28 agreements, receives instructions via a data processing register, and may only subcontract with our written approval.
In limited circumstances—such as payment disputes—we may share necessary bundles with legal advisors bound by professional secrecy.
International transfers
Whenever a processor stores data outside the EEA, we document the transfer tool (adequacy decision, SCCs with transfer impact assessment, or derogation). Supplementary technical measures include tokenised identifiers for analytics exports and encrypted archives for long-term backups.
Retention matrix
| Dataset | Default retention | Rationale |
|---|---|---|
| Inquiry emails | 24 months in live mailbox, then archival vault | Follow-up threads |
| Order records | 7 years | Tax and customs audits |
| Newsletter consent logs | Life of consent + 12 months | Prove lawful basis |
| Security logs | 90 rolling days | Incident forensics |
| Cookie identifiers | Max 13 months configurable | Regulator guidance |
Security measures
Controls include TLS 1.2+ for public endpoints, hardware-backed secrets, quarterly penetration tests on storefronts, segmented Rivano admin VPNs, and least-privilege access reviews every 90 days. Incident response includes customer notification timelines aligned with Articles 33–34 GDPR when legally required.
Your rights
You may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent without affecting prior lawful processing. Automated decision-making affecting legal outcomes does not occur; profiling is limited to marketing segmentation with easy opt-out.
To escalate, contact the Dutch Autoriteit Persoonsgegevens or your local authority.
Automated decisions
We do not employ solely automated decisions with legal or similarly significant effects. Credit checks, if introduced for wholesale accounts, would trigger explicit contractual language before activation.
Children
Rivano channels target adults. If we learn we collected data from a child without verifiable parental consent, we delete it promptly unless a narrow exception applies under national law.
Policy updates
Major edits appear at the top of this page with a refreshed effective date driven by your browser’s current calendar day via our transparency chip. Immaterial wording tweaks may omit banner notices but remain archived in our internal change log.
FDA disclaimer for United States communications. These statements have not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease.
Companion documents: Cookie Policy, Terms of Service, Refund Policy.