GDPR Compliance Statement for Ozelvia LLC

At Ozelvia LLC, located at 10910 W Flagler St, STE 114, Miami, FL 33174, US, we are committed to protecting the privacy and security of your personal data. While our operations are based in the United States, we recognize and respect the rights of individuals residing in the European Economic Area (EEA) and the UK concerning their personal data under the General Data Protection Regulation (GDPR). This statement outlines our commitment to GDPR principles, even though our primary legal jurisdiction is the US.

1. Who We Are (Data Controller) Ozelvia LLC (“we,” “us,” or “our”) is the data controller responsible for your personal data collected via our website, https://ozelvia.com. This means we determine the purposes and means of processing your personal data.

2. Information We Collect and Its Purpose We collect personal data primarily to process your orders, manage your account, and improve your shopping experience. This data may include:

  • Identity and Contact Data: Name, billing address, shipping address, email address (support@ozelvia.com), and telephone number (+1 (716) 625-4316). We use this to fulfill your orders, communicate with you about your purchases, and provide customer support.
  • Financial Data: Payment details when you make a purchase. This data is processed securely by our payment partners, Afterpay / Klarna, and we do not store sensitive payment card information on our servers.
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our website. This helps us ensure website security, functionality, and improve user experience.
  • Usage Data: Information about how you use our website, products, and services, including browsing patterns and product interests. This helps us understand customer preferences and enhance our website.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

Lawful Basis for Processing: We rely on the following lawful bases under GDPR to process your personal data:

  • Performance of a Contract: To process and fulfill your orders and provide related services.
  • Legitimate Interests: For purposes such as improving our website, preventing fraud, and ensuring security, provided your interests do not override ours.
  • Consent: Where you have given us clear consent to process your personal data for a specific purpose (e.g., for certain cookies or marketing communications). You can withdraw consent at any time.
  • Legal Obligation: To comply with legal requirements applicable to our business.

3. How We Share Your Information We do not sell your personal data to third parties. We may share your data with trusted third-party service providers who help us operate our business, such as:

  • Payment Processors: Afterpay / Klarna, to securely process your transactions.
  • Shipping Partners: To deliver your orders.
  • IT and System Administration Providers: For website hosting and support.
  • Analytics Providers: To understand website usage and improve our services. All third parties are required to respect the security of your personal data and treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

4. Data Security We implement appropriate technical and organizational measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. This includes the use of SSL encryption for data transmission, secure servers, and strict access controls.

5. Data Retention We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Typically, customer data related to purchases will be kept for tax and warranty purposes.

6. Your Data Protection Rights (For Individuals in the EEA and UK) If you are an individual located in the EEA or UK, you have the following rights under GDPR regarding your personal data:

  • Right to Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (‘Right to be Forgotten’) (Art. 17): Ask us to delete your personal data under certain conditions.
  • Right to Restriction of Processing (Art. 18): Request that we limit the way we use your personal data.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format, and have us transmit it to another controller where technically feasible.
  • Right to Object (Art. 21): Object to the processing of your personal data for direct marketing or based on our legitimate interests.
  • Right to Withdraw Consent (Art. 7(3)): If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.
  • Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority in your EEA member state or the UK if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at support@ozelvia.com or call +1 (716) 625-4316. We may need to verify your identity before processing your request.

7. International Data Transfers As Ozelvia LLC is based in the United States, your personal data will be transferred to and processed in the US. The US does not currently have an “adequacy decision” from the European Commission, meaning that it is not deemed to provide an equivalent level of data protection as the EEA. However, we ensure that any such transfers comply with GDPR by implementing appropriate safeguards, such as reliance on Standard Contractual Clauses (SCCs) where applicable with our service providers, or ensuring that our service providers have robust data protection mechanisms in place.

8. Updates to This Statement We may update this GDPR Compliance Statement from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this statement periodically to stay informed about how we are protecting your information.