Controller and contact
The data controller is Fyntheroyph.world, operating the Uverio brand.
Postal address: Viikintori 3, 00790 Helsinki, Finland.
Privacy enquiries: question@fyntheroyph.world
We process personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”), Finland’s national data protection legislation, and applicable sector guidance for e-commerce and food supplements.
Scope and audience
This Policy applies to visitors of our website, individuals who submit inquiries, account holders, and customers who purchase Uverio products. If you interact with us only on behalf of a company, both personal and business contact information may be processed where necessary to deliver the contract.
Categories of personal data
| Category | Examples | Typical source |
|---|---|---|
| Identity | Name, title, preferred language | You |
| Contact | Email, phone, delivery address, billing address | You |
| Transaction | Order references, product selections, payment status | Checkout and payment partners |
| Communications | Email threads, support tickets, notes you voluntarily provide | You |
| Technical | IP address, device identifiers, browser language, approximate location | Automatic collection |
| Cookie data | Consent records, identifiers, session continuity | Browser, subject to consent |
Purposes and legal bases
We process personal data only when a lawful basis applies. The table below summarises the principal purposes:
- Contract (Art. 6(1)(b) GDPR): fulfilling orders, providing customer support, managing payments and delivery, and communicating about your purchase.
- Legitimate interests (Art. 6(1)(f) GDPR): securing the website, preventing fraud, improving user experience, and performing analytics where we balance your rights and freedoms.
- Consent (Art. 6(1)(a) GDPR): optional marketing communications, non-essential cookies, and certain surveys or newsletters.
- Legal obligation (Art. 6(1)(c) GDPR): accounting, tax, and regulatory record-keeping.
Where we rely on legitimate interests, we consider the nature of the data, the reasonable expectations of the individual, and whether less intrusive means exist. You may object to processing based on legitimate interests; we will evaluate objections in line with GDPR Article 21.
Automated decision-making
We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you. If this changes, we will provide meaningful information about the logic involved and your rights.
Recipients and processors
We share personal data only with service providers who assist our operations (e.g., hosting, email delivery, payment processing, fraud screening, and customer support tooling). Where we appoint processors, we enter into written agreements requiring GDPR-compliant safeguards, confidentiality, and assistance with data subject rights.
We do not sell personal data. We may disclose information when required by law, court order, or competent authority, or to protect rights, safety, and integrity of our customers and operations.
International transfers
The primary storage and processing of EU customer data occurs within the European Economic Area. If data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplemented by technical and organisational measures.
Retention
We retain personal data only as long as necessary for the purposes above:
- Orders and accounting: up to ten years where Finnish bookkeeping law requires.
- Marketing consents: until withdrawal, then minimal records to prove consent history.
- Support correspondence: typically twenty-four months unless a dispute requires longer retention.
- Security logs: up to twelve months unless investigation requires extension.
Security measures
We implement layered controls including HTTPS encryption for this website, access restrictions on a need-to-know basis, secure password policies for administrative accounts, regular software updates, and monitoring for unauthorised activity. No online system is entirely risk-free; we continually review our practices and update them as threats evolve.
Your rights
Depending on circumstances, you may have the right to access, rectify, erase, restrict processing, object, data portability, and withdraw consent where processing is based on consent. You may lodge a complaint with the Finnish Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) or another EU supervisory authority.
To exercise rights, contact question@fyntheroyph.world. We may request reasonable identity verification.
Children
Our services are directed to adults. We do not knowingly collect personal data from children under sixteen without parental authority.
Updates
We may revise this Privacy Policy to reflect legal or operational changes. The document date at the top will change when material updates occur.