Privacy Policy
Last updated: 2 July 2026
Page title: Privacy Policy · Shopify slug: privacy-policy
KORVIX ("we", "us", "our") is committed to handling your personal data with care, transparency and respect. This Privacy Policy sets out which personal data we collect, the purposes for which we do so, and how it is managed. The applicable legal frameworks are the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller within the meaning of the UK GDPR is the operator of korvix.com. For any questions about this policy or the handling of your personal data, please contact us at contact@korvix.com. Full provider particulars are available on our Legal Notice page.
2. Types of Data We Process
When you place an order or get in touch with us, we handle the following categories of data:
- First and last name, together with email address
- Delivery and billing address
- Telephone number (optional — used solely for delivery status alerts)
- Payment details (managed securely by our payment partners — card data is never stored by us)
- Order and purchase history
- Technical data about your device and browsing behaviour (IP address, browser type, pages visited)
3. Purposes of Processing and Legal Bases
- Order fulfilment — name, address, email and payment details are required to execute the purchase contract concluded with you (Art. 6(1)(b) UK GDPR).
- Client communications — order confirmations, despatch notifications and responses to service enquiries (Art. 6(1)(b) UK GDPR).
- Website development — usage data enables us to continuously improve and refine our site (Art. 6(1)(f) UK GDPR — legitimate interest).
- Compliance with statutory obligations — business records are retained in accordance with applicable tax and company legislation (Art. 6(1)(c) UK GDPR).
4. Payment Processing
All transactions are processed by our payment partners (including Stripe, PayPal, Klarna and Viva Wallet), each holding PCI DSS Level 1 certification. Card details are submitted directly within their secure environments — the full card number, CVV and expiry date are at no point visible to or held by KORVIX.
5. Data Retention Period
Order-related data is retained for between 6 and 10 years in line with UK tax and accounting legislation (notably HMRC requirements and the Companies Act 2006). Marketing preferences are stored until you opt out. Data no longer needed for its original purpose is deleted or anonymised without delay.
6. Recipients of the Data
Personal data is disclosed to third parties only to the extent necessary to fulfil your order:
- Logistics providers (e.g. Royal Mail, DHL, DPD, Evri, UPS) for the delivery of goods
- Payment partners for the secure processing of transactions
- Email service providers for transactional correspondence
- Hosting companies for the technical operation of the website
- Accountants and legal advisers, where required to meet applicable obligations
Data processing agreements in accordance with Art. 28 UK GDPR are in place with all our processors.
7. Data Transfers to Third Countries
Transfers of personal data to countries outside the United Kingdom or the European Economic Area (EEA) take place only where an adequacy decision is in force, or where appropriate safeguards — such as Standard Contractual Clauses approved by the UK or EU Commission — are in place under Art. 45 ff. UK GDPR.
8. Cookies and Tracking
Our website uses cookies and similar technologies. Further details are set out in our Cookie Policy. Non-essential cookies may be declined or adjusted at any time via the cookie banner or your browser settings.
9. Your Rights as a Data Subject
You hold the following rights in relation to your personal data:
- Right of access (Art. 15 UK GDPR) — you may ask what data we hold about you
- Right to rectification (Art. 16 UK GDPR) — inaccurate data may be corrected
- Right to erasure (Art. 17 UK GDPR) — subject to applicable legal retention obligations
- Right to restriction of processing (Art. 18 UK GDPR)
- Right to data portability (Art. 20 UK GDPR)
- Right to object (Art. 21 UK GDPR) — to processing grounded in legitimate interest
- Right to withdraw consent at any time (Art. 7(3) UK GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 UK GDPR)
To exercise any of these rights, please send a message to contact@korvix.com.
10. Security of Your Data
We have put in place appropriate technical and organisational measures to protect your data against unauthorised access, loss and misuse. These include SSL/TLS encryption, secured server environments, restricted access controls and regular security assessments.
11. Automated Decision-Making
We do not carry out automated decision-making or profiling within the meaning of Art. 22 UK GDPR.
12. Right to Complain
If you consider that our processing of your personal data infringes the UK GDPR, you have the right to lodge a complaint with a data protection supervisory authority — in particular the Information Commissioner's Office (ICO) in the United Kingdom (www.ico.org.uk), or any competent authority in the EU member state of your habitual residence, place of work or the location of the alleged infringement.
13. Updates to This Policy
We may revise this Privacy Policy from time to time to reflect changes in legislation or our business operations. The version currently in force is always accessible on this page.