Introduction
This Privacy Policy explains how Shexlyonyz.world (“we”, “us”) processes personal data when you visit https://shexlyonyz.world (the “Site”), browse FreshPath product information, submit an order or inquiry, or communicate with our team. We describe the categories of data involved, the purposes and legal bases under the EU General Data Protection Regulation (GDPR) where applicable, comparable rights under UK and Swiss law, and additional disclosures required by U.S. state privacy statutes where they apply.
We operate primarily from the United States. If you access the Site from the European Economic Area, the United Kingdom, or Switzerland, you benefit from the safeguards described in the sections on international transfers and your rights. If any provision of this Policy conflicts with a mandatory local law that offers you greater protection, that local law will apply to the extent of the conflict.
Data controller and representative
Controller: Shexlyonyz.world
Address: 117 Lincoln Dr, Hodgenville, KY 42748, United States
Email: talk@shexlyonyz.world
For GDPR-related requests, please use the email above and include “GDPR Request” in the subject line. We may ask you to verify your identity before responding to access, deletion, or portability requests. If we ever appoint an EU representative under Article 27 GDPR, their contact details will be posted here.
Categories of personal data
Depending on how you interact with us, we may process the following categories. Not every visitor provides every category.
- Identity and contact: full name, postal address, billing address when different, email address, telephone number if you give it.
- Account and transaction: order identifiers, purchase history, shipment status, refund requests, customer service ticket references.
- Payment: payment method type and last four digits as reported by our payment processor; we do not store full payment card numbers on our own servers.
- Technical and device: IP address, approximate region derived from IP, browser type and version, operating system, device type, and referral URL.
- Usage and analytics: pages viewed, scroll depth or aggregate click patterns, and performance metrics only where you consent to analytics cookies or similar technologies.
- Marketing preferences: newsletter opt-in status, campaign identifiers, and suppression lists.
- Communications content: text of messages you send through forms or email, including attachments if you include them.
- Compliance and fraud: risk signals, dispute records, and logs required to investigate abuse or unauthorized access.
Purposes and legal bases (GDPR)
Where GDPR applies, we rely on the following bases:
- Performance of a contract (Article 6(1)(b)): processing orders, delivering products, handling payments through our processors, and providing customer support tied to your purchase.
- Legitimate interests (Article 6(1)(f)): securing the Site, preventing fraud, improving content and navigation in aggregate, and enforcing our terms, balanced against your rights.
- Legal obligation (Article 6(1)(c)): tax, accounting, and regulatory record-keeping where applicable.
- Consent (Article 6(1)(a)): non-essential cookies, marketing emails where consent is required, and certain optional surveys.
You may withdraw consent at any time where processing is consent-based; withdrawal does not affect the lawfulness of processing before withdrawal.
How we use personal data in practice
We combine the categories above to operate the Site, fulfill FreshPath orders, communicate about shipments, respond to questions, measure aggregate traffic when permitted, and comply with law. We do not sell personal data for money as that term is defined under the California Consumer Privacy Act as amended. We may share aggregated or de-identified statistics that cannot reasonably identify you.
Cookies and similar technologies
We use strictly necessary cookies to operate the Site and remember your cookie choices. Optional analytics and marketing cookies are described in our Cookie Policy and managed through the on-site banner. You may change preferences at any time by clearing stored consent and revisiting the Site, or by contacting us for guidance on browser controls.
Recipients and categories of processors
We share personal data with service providers that host infrastructure, send transactional email, process payments, provide analytics when you consent, and assist with customer support. Processors are contractually required to implement appropriate safeguards and to process data only on our instructions.
| Function | Typical categories shared |
|---|---|
| Hosting and CDN | Technical logs, IP address |
| Email delivery | Contact details, message metadata |
| Payments | Transaction identifiers, limited payment metadata |
| Analytics (if enabled) | Pseudonymous identifiers, usage events |
International transfers
If we transfer personal data outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, supplemented by technical and organizational measures where required by case law. Copies of relevant safeguards may be requested by contacting us.
Retention periods
- Marketing and consent logs: stored for the life of the consent plus a short reconciliation period, typically up to twenty-four months unless a longer period is required to prove compliance.
- Orders and accounting: retained as required by applicable tax and commercial law, often several years.
- Support tickets: generally up to thirty-six months after the last reply unless a dispute or legal hold requires longer retention.
- Server logs: rotated on a rolling basis, typically ninety days unless a security investigation requires extension.
Security measures
We use TLS encryption for data in transit, role-based access controls, least-privilege credentials for staff and vendors, monitoring of critical systems, and periodic review of subprocessors. No method of transmission over the Internet is fully secure; we work to reduce risk in line with industry practice and will notify you and regulators where required if we become aware of a breach affecting your personal data.
Your rights (EEA, UK, Switzerland)
Subject to conditions and exceptions in applicable law, you may have the right to access, rectify, erase, restrict processing, object to processing, and receive a copy of your data in a portable format. You may lodge a complaint with a supervisory authority in your country of residence. To exercise rights, email talk@shexlyonyz.world with a clear description of your request. We typically respond within one month for GDPR requests, with possible extensions for complex cases.
U.S. state privacy rights
Residents of certain states, including California under the California Consumer Privacy Act as amended (“CCPA/CPRA”), may have rights to know what personal information we collect; to request deletion or correction; to opt out of “sale” or “sharing” of personal information (as those terms are defined in state law), including targeted advertising in some cases; and to limit use of sensitive personal information where applicable. You may also have the right to appeal our response to a request.
We do not sell personal information for money. If we ever engage in activities that qualify as a “sale” or “sharing” under applicable law, we will provide a clear opt-out mechanism and update this Policy. To submit a rights request, email talk@shexlyonyz.world with “Privacy request” in the subject line and enough detail for us to verify your identity. We do not discriminate against consumers for exercising privacy rights. We will verify your request in line with state law.
California’s “Shine the Light” law (Civil Code Section 1798.83) allows California residents to ask once per year about certain categories of personal information disclosed to third parties for their direct marketing purposes. To make such a request, use the contact email above.
Children
The Site is not directed at children under sixteen, and we do not knowingly collect their personal data. If you believe a child provided information, contact us and we will delete it promptly where verification allows.
Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes. The effective date at the top is updated when we publish a new version. We may highlight material changes on the Site or by email where appropriate.
Contact
Questions about privacy: talk@shexlyonyz.world
Postal: 117 Lincoln Dr, Hodgenville, KY 42748, USA