Privacy Policy
Last updated:
1. Data Controller
Tharlonnglexiron.world, operating under the brand name Menvira, is the data controller responsible for the processing of your personal data. As such, we determine the purposes and means of processing and are accountable for compliance with applicable data protection legislation.
Registered Address:
5 Henry St, North City, Dublin, D01 AP04, Ireland
Email: admin@tharlonnglexiron.world
For any questions regarding this Privacy Policy or your personal data, please contact us using the details above. We aim to respond to all enquiries within 30 days.
2. Purpose of Data Collection
We collect and process personal data for the following purposes, each aligned with our commitment to transparency and your privacy:
- Order fulfilment: To process, validate, and fulfil your orders, including shipping and delivery coordination.
- Customer support: To respond to your enquiries, resolve issues, and provide assistance when you reach out to us.
- Communications: To send order confirmations, shipping updates, and transactional emails related to your purchases.
- Service improvement: To analyse website usage patterns and improve our services, user experience, and product offerings.
- Legal compliance: To fulfil our obligations under tax law, consumer protection regulations, and other applicable legislation.
- Marketing (with consent): To communicate about our products, offers, and updates where you have given explicit consent.
3. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (Ireland), we process your personal data only when we have a lawful basis to do so:
- Contract performance (Article 6(1)(b)): Processing necessary to perform the contract between you and us, such as order processing and delivery.
- Legitimate interests (Article 6(1)(f)): Processing for our legitimate business interests, including fraud prevention, network security, and service improvement, where these do not override your rights.
- Consent (Article 6(1)(a)): Processing based on your consent for marketing communications and optional cookie categories. You may withdraw consent at any time.
- Legal obligation (Article 6(1)(c)): Processing required by law, including tax records and regulatory compliance.
4. Types of Data Collected
We may collect the following categories of personal data, depending on your interaction with our services:
- Identity and contact data: Name, email address, postal address, and telephone number.
- Transaction data: Order history, payment details (processed by secure third-party providers), and shipping information.
- Communications: Correspondence and support tickets when you contact us.
- Technical data: IP address, browser type, device information, and operating system.
- Cookie data: As described in our Cookie Policy.
We do not collect sensitive personal data (e.g., health information) unless you voluntarily provide it and we have a lawful basis to process it.
5. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Order and transaction data: 7 years from the date of the transaction, in accordance with tax and accounting requirements.
- Customer support correspondence: Up to 3 years from the date of the last communication.
- Marketing consent data: Until you withdraw your consent or request erasure.
- Technical and access logs: Up to 12 months for security and troubleshooting purposes.
- Analytics data: Up to 26 months, after which it is anonymised or deleted.
When data is no longer needed, we securely delete or anonymise it in accordance with our retention schedule.
6. Your Rights (GDPR)
Under the GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15): Request a copy of the personal data we hold about you.
- Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Article 17): Request deletion of your data, subject to legal retention requirements.
- Right to restriction (Article 18): Request limitation of processing in certain circumstances.
- Right to data portability (Article 20): Receive your data in a structured, machine-readable format.
- Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, please contact us at admin@tharlonnglexiron.world. We will respond within one month. You also have the right to lodge a complaint with the Irish Data Protection Commission if you believe your rights have been violated.
7. Data Sharing and Recipients
We may share your personal data with the following categories of recipients, under appropriate safeguards:
- Payment processors: To complete secure financial transactions.
- Shipping and logistics providers: To fulfil and deliver your orders.
- Service providers: Hosting, analytics, and support tools, under data processing agreements that ensure GDPR compliance.
- Legal authorities: When required by law or to protect our legal rights.
We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
8. International Transfers
If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission.
- Adequacy decisions where the recipient country ensures an adequate level of data protection.
9. Security Measures
We implement technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration:
- HTTPS encryption for all data transmitted between your browser and our servers.
- Secure storage with access controls and encryption at rest where applicable.
- Regular security assessments and monitoring.
- Staff training on data protection and confidentiality.
10. Children
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.
11. Changes
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The revised version will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
← Return to homepage