Wraxylonzor

Data protection

Privacy Policy

This document explains what personal data we collect when you visit wraxylonzor.world, why we process it, how long we keep it, and the choices available to you under UK GDPR, EU GDPR where applicable, and related frameworks.

Current as of

Summary. We collect only what we need to run the site, respond to messages, and meet legal duties. We do not sell personal data. Optional analytics or marketing tools load only after you consent through the cookie interface.

1. Data controller and contact points

The controller is Wraxylonzor, with its registered studio address at 48 Market St, Manchester M1 1PW, United Kingdom. The public enquiry telephone number is +44 161 839 4555. For privacy correspondence, email touch@wraxylonzor.world using a subject line such as “Privacy request” so your message routes correctly. If you exercise GDPR rights, we may ask for reasonable evidence of identity before disclosing or deleting records, in order to protect you and others from fraudulent requests.

Postal requests

You may also write to the Manchester address above. Include your name, return contact details, and a clear description of the assistance you require.

Supervisory authority

You may contact the Information Commissioner’s Office (UK) or another competent authority if you believe processing infringes applicable law.

2. Scope, informational services, and exclusions

This Privacy Policy applies to personal data processed through the public website, contact channels advertised on that website, and related administrative workflows operated by the controller. The website publishes general educational material about mindful food choices. It does not provide remote clinical diagnosis, treatment, or personalised medical nutrition therapy. If you disclose special-category health data in a free-text message, we will treat it with additional care, limit internal access, and delete it when no longer needed unless a narrow legal exception applies.

Where you later enter a separate written agreement for paid consulting, educational products, or programmes, additional terms may describe processing in more detail. In case of conflict, the more specific agreement governs that engagement, while this Policy remains the baseline for general site use.

If you reach us through an online advertisement, we process your data on the same lawful bases described in this Policy. Landing pages clearly state that our content is educational, not a substitute for regulated healthcare, consistent with our Terms of Use.

3. Categories of personal data

We may process the following categories, depending on your interaction:

  • Identity and contact data: name, email address, phone number if you supply it, and similar identifiers submitted through forms or signature blocks in email.
  • Correspondence content: the body of messages, meeting notes you authorise us to retain, and attachments you choose to send.
  • Transaction and booking data: if you purchase a product or service, records of what you bought, amounts, currency, and payment references. Card data is handled by payment processors; we typically receive confirmation tokens rather than full card numbers.
  • Technical and usage data: IP address, approximate location derived at regional level, device type, operating system, browser version, referring URL, pages viewed, and timestamps. Server and security logs fall into this category.
  • Cookie and local storage identifiers: as described in the Cookie Policy, including consent strings and optional analytics or marketing identifiers if you opt in.
  • Compliance records: evidence of consent, unsubscribe requests, and documentation we retain to demonstrate accountability.

4. Purposes and lawful bases (Article 6 and Article 9)

Processing rests on one or more of the following lawful bases:

  • Contract and pre-contract (Article 6(1)(b)): to respond to enquiries you initiate, prepare proposals, deliver paid services, and administer bookings.
  • Legitimate interests (Article 6(1)(f)): to secure the website, detect abuse, improve content structure, train staff on typical client questions, and measure aggregate engagement where compatible with your rights. We balance those interests against your expectations and offer opt-outs where appropriate.
  • Legal obligation (Article 6(1)(c)): to comply with tax, accounting, court orders, or regulatory demands.
  • Consent (Article 6(1)(a)): for optional cookies, certain marketing communications, or other processing we expressly describe as consent-based. You may withdraw consent without affecting the lawfulness of earlier processing.

Special-category data appears rarely and only when you volunteer it. When that occurs, we rely on Article 9(2)(a) explicit consent where appropriate, or Article 9(2)(h) for preventative or occupational medicine contexts if a distinct service agreement covers that narrow situation. Otherwise we minimise collection and delete surplus detail.

5. Retention periods

We keep personal data only as long as necessary for the purposes above, plus any limitation period for legal claims. Indicative schedules:

  • Marketing and general enquiries: up to twenty-four months after the last substantive reply unless you ask us to delete earlier and no overriding duty prevents deletion.
  • Contracts and invoices: up to seven years from the end of the financial year in which the transaction occurred, aligned with UK tax practice, unless a longer period is mandated.
  • Server and security logs: typically ninety days, extendable where we investigate incidents.
  • Cookie consent records: stored in the browser according to the Cookie Policy; server-side duplicates, if any, align with analytics vendor defaults or shorter internal caps.

At the end of the retention window we delete or irreversibly anonymise data where feasible. Backup systems may retain encrypted copies for a limited technical cycle before automatic overwrite.

6. Recipients, processors, and confidentiality

Access within Wraxylonzor is limited to personnel who need personal data for their role. External processors may include hosting providers, email delivery services, customer relationship tools, calendar scheduling platforms, payment gateways, and professional advisers bound by confidentiality. We use written agreements that require processors to follow Article 28 GDPR obligations, including assistance with your rights. We do not authorise processors to use your data for their own unrelated marketing unless you separately consent to that brand.

7. International transfers

Some processors store or analyse data in countries outside the United Kingdom or European Economic Area. When transfer is required, we rely on mechanisms recognised under UK GDPR and EU GDPR, such as adequacy regulations, the UK International Data Transfer Agreement, or EU Standard Contractual Clauses with supplementary measures where risk warrants them. Copies of relevant transfer safeguards may be requested subject to commercial confidentiality.

8. Security measures

We implement layered controls: encrypted transport (HTTPS) for the public site, strong authentication on business accounts, role-based access, malware scanning on endpoints where applicable, and periodic review of vendor security practices. No system is perfectly secure. If we become aware of a breach that risks your rights, we will notify regulators and affected individuals as required by law without undue delay.

9. Your rights

Subject to conditions in UK GDPR and EU GDPR, you may have rights to access, rectification, erasure, restriction, objection, and data portability. You may also object to direct marketing at any time. To exercise a right, email us with enough detail to locate your records. We will respond within one month, extendable where complexity requires, and explain any refusal with reference to legal grounds.

10. Automated decision-making and profiling

We do not use automated decision-making that produces legal or similarly significant effects solely by automated means. Lightweight analytics may aggregate behaviour patterns, but they do not determine whether you receive core services.

11. Children

The site targets adults. If you believe a child has submitted personal data without appropriate authority, contact us and we will take prompt steps to delete it, subject to law.

12. Changes, language, and further reading

We may update this Privacy Policy to reflect operational, technical, or legal developments. The hero section at the top of this page shows the current calendar date for reader convenience; substantive revisions may also be noted briefly on the home page or by email to active clients where appropriate. Related documents include the Cookie Policy, Terms of Use, and Refund Policy. This English version is the authoritative business copy; any translation is provided for convenience only.

Document version reference for internal records: TDDE-PRIV-2026-EN. Last reviewed on the date shown in the hero section.