Free EU shipping over €60Clinically DosedThird-Party TestedNo Proprietary BlendsSubscribe & Save 10% Free EU shipping over €60Clinically DosedThird-Party TestedNo Proprietary BlendsSubscribe & Save 10%
Home / Privacy Policy

Privacy Policy

Last updated · May 2026

01. Who We Are

This Privacy Policy explains how OXYNSUPPS OÜ, an Estonian-registered private limited company ("OXYNSUPPS", "we", "us", "our") collects and processes your personal data when you visit our website, place an order, subscribe to our emails, or contact us.

We are the data controller for your personal data under the EU General Data Protection Regulation (GDPR, Regulation 2016/679).

Contact: privacy@oxynsupps.com

02. What Personal Data We Collect

We collect the following categories of personal data:

Information you give us

  • Identity data: first name, last name
  • Contact data: email address, shipping address, billing address, phone number (optional)
  • Account data: password (stored encrypted), order history, preferences
  • Payment data: partial payment details (last 4 digits, card type) — full card details are handled directly by our payment processors and never reach our servers
  • Communications: emails you send us, customer support messages

Information collected automatically

  • Technical data: IP address, browser type and version, time zone, operating system
  • Usage data: pages visited, time on page, referring URL, products viewed
  • Cookie data: see our Cookie Policy

We do not collect any special category data (health, religion, political opinions, etc.).

03. Why We Collect It

We use your personal data to:

  • Process and deliver your orders, including taking payment and sending shipping confirmations
  • Manage your customer account and subscriptions
  • Provide customer support and respond to your inquiries
  • Send marketing emails about new products, restocks, and discounts (only if you've opted in)
  • Improve our website, products, and customer experience
  • Comply with legal obligations (tax records, consumer protection law)
  • Prevent fraud and protect our business

04. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

  • Contract (Art. 6(1)(b)): processing your orders, managing your account, providing customer support
  • Consent (Art. 6(1)(a)): marketing emails, optional analytics cookies — you can withdraw consent at any time
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, improving our products and services
  • Legal obligation (Art. 6(1)(c)): retaining records for tax (7 years under Estonian law) and consumer protection

05. Who We Share Your Data With

We share your personal data only with trusted third parties who help us run our business. Each one has signed a Data Processing Agreement with us and is bound to use your data only for the purposes we instruct.

Service providers

  • Shopify Inc. (Canada/Ireland) — e-commerce platform, hosting
  • Stripe Payments Europe Ltd. (Ireland) — payment processing
  • PayPal (Europe) S.à r.l. (Luxembourg) — alternative payment processing
  • DHL, DPD, Omniva, Posti (EU) — shipping carriers
  • Klaviyo Inc. (USA, with EU SCCs) — email marketing platform
  • Google LLC (USA, with EU SCCs) — analytics (optional, requires your consent)

Legal authorities

We may also share data when required by law, court order, or to protect our legal rights — such as responding to tax authorities or fraud investigations.

We do not sell your personal data to anyone.

06. How Long We Keep Your Data

Data typeRetention period
Order and invoice records7 years (Estonian tax law)
Customer account dataUntil you close the account + 30 days
Email marketing listUntil you unsubscribe
Customer support emails2 years from last contact
Analytics data26 months

07. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to access: request a copy of all personal data we hold about you
  • Right to rectification: correct any inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): request deletion of your data, subject to our legal obligations to keep records
  • Right to restriction: ask us to stop processing your data in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests, including for marketing
  • Right to withdraw consent: at any time, for any processing based on consent

To exercise any of these rights, email privacy@oxynsupps.com. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (www.aki.ee) or the supervisory authority in your country of residence.

08. Cookies

We use cookies and similar technologies to make our website function, remember your preferences, and (with your consent) analyze how visitors use our site. For full details, see our separate Cookie Policy.

09. International Data Transfers

Some of our service providers (Shopify, Klaviyo, Google) are based outside the EU/EEA. When we transfer your data to them, we rely on:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable (e.g., the EU-US Data Privacy Framework for participating US companies)

These mechanisms ensure your data receives the same level of protection abroad as within the EU.

10. Children

Our products are not intended for, and not sold to, persons under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates the most recent revision. For significant changes, we'll notify registered customers by email.

12. Contact

For any privacy-related questions or to exercise your GDPR rights:

OXYNSUPPS OÜ
Estonia
Email: privacy@oxynsupps.com
General contact: hello@oxynsupps.com