Privacy Policy

Last Updated: 15 February 2026 | GDPR-COMPLIANT-VER-4.2

1. WHY SHOULD YOU READ THIS PRIVACY POLICY?

In summary: this Policy explains how we handle your Personal Data. It helps you understand what we do with your information and what your privacy rights are.

Welcome! This Privacy Policy (“Policy”) explains how ArthroLume™ (operated by [INSERT LEGAL ENTITY NAME]), (“Company”, “we”, “us”, or “our”) handles your Personal Data (“Personal data” or “Data”) when you:

  • Visit our sales websites (“Website”);
  • Purchase our products or services (“Products” or “Services”);
  • Interact with us in other ways (support, social media, contests, affiliate programs, etc.).

This Policy describes what Data we collect, the purposes for which it is collected, how we use and share it, how long we retain it, your rights, and how we protect your Data. We are committed to processing your Data lawfully, fairly, and transparently, in accordance with:

  • the General Data Protection Regulation (GDPR);
  • ePrivacy Directive 2002/58/EC;
  • The UK General Data Protection Regulation (UK GDPR);
  • The Australian Privacy Act 1988 and the Australian Privacy Principles (APPs);
  • and any other applicable data protection laws.

This Policy applies globally and is based on the principles of the GDPR. It reflects high-standard data protection values such as legality, fairness, and transparency. Specific national or regional requirements are addressed in the Regional Annexes (for the United Kingdom, Australia, the United States, Canada, and other jurisdictions) located at the end of this Policy.

If you do not agree with our practices, please refrain from using the Site, purchasing our Products or Services, or submitting your Data in any other way. This Policy is effective as of November 20, 2025. We may update this Policy from time to time, and all updates are effective upon posting, so we recommend that you check it regularly to stay informed.

2. Who is responsible for protecting your personal data?

We are ArthroLume™ (Trading name of [INSERT LEGAL ENTITY NAME]), responsible for processing your personal data.

Our company number is: +421940356413

Our registered address: Male Uherce, Uherecka 93, 95803, Slovakia

Our support email address is: support@arthrolume.com

We have appointed a Data Protection Officer (DPO) to oversee our data protection obligations. You can contact the DPO directly at: support@arthrolume.com

3. What data do we collect and for what purposes?

In summary: we primarily collect only the Data necessary to provide our Products or Services and operate our Site. This section explains why we collect it and how we use it. We only collect the Data we truly need — and only use it for clear and lawful reasons (e.g., to process your purchase, provide services, answer your questions, ensure the Site's functionality, etc.).

3.1 TO PROCESS AND COMPLETE YOUR ORDER

When do we process your personal data? When you purchase a Product through our Site, we process your Personal Data to manage and fulfill your order. This includes arranging delivery, processing payments, and issuing invoices.

Data categories: Identification (Name, Phone, Email), Delivery Address, Payment Details (processed via Stripe), Technical Info (IP, Device).

Legal basis: Art. 6(1)(b) GDPR - Performance of Contract.

Retention: 6 to 10 years (Tax/Revenue Requirements).

3.2 TO PROCESS PAYMENTS AND FULFILL LEGAL OBLIGATIONS

When do we process your personal data? When processing payments for orders, refunds, or chargebacks. This includes anti-fraud checks via Stripe Radar.

Data categories: Transaction ID, Payment Method, Card Brand, Last 4 Digits, Billing Address.

Legal basis: Art. 6(1)(b) Contract & Art. 6(1)(c) Legal Obligation.

3.3 TO MONITOR WEBSITE PERFORMANCE AND MARKETING EFFECTIVENESS (PIXELS & CAPI)

When do we process your personal data? When you visit our site, we fire tracking pixels (Meta Pixel, CAPI) to analyze ad performance and attribute sales.

Data categories: IP Address, Hashed Email/Phone (sent to Meta via Server-Side API), Browser User Agent, Click Data.

Legal basis: Art. 6(1)(a) Consent or Art. 6(1)(f) Legitimate Interest (Soft Opt-in).

3.4 TO DEFEND AND PROTECT LEGAL RIGHTS

When do we process your personal data? In cases of suspected fraud, chargeback disputes, or legal claims.

Legal basis: Art. 6(1)(f) Legitimate Interest (Defense of Legal Claims).

4. From what sources do we obtain your data?

In summary: We obtain data directly from you or automatically via technology.

  • Directly from you: Checkout forms, support emails, surveys.
  • Automatically via technology: Cookies, Server Logs, User-Agent analysis, IP Geolocation.
  • From third parties: Payment processors (Stripe) confirming transaction status; Marketing platforms (Meta) providing attribution data.

5. Do we share your data with other people?

In short: Yes, but only when necessary and with strict legal safeguards.

We engage "Data Processors" who act under our specific instructions:

  • Stripe (USA/EU): For secure payment processing.
  • Meta Platforms (USA/EU): For advertising attribution (Hashed data only).
  • Resend (USA): For email delivery.
  • Vercel (USA): For cloud hosting.
  • Logistics Partners: For physical delivery of goods.

We do not sell your data to third parties for monetary value.

6. International Data Transfers

We store and process data primarily in the EEA. However, some providers (Stripe, Vercel) are US-based. We ensure protection via the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs). By using the Service, you acknowledge these transfers are necessary for the performance of the contract.

7. Data Security

We use AES-256 encryption for data at rest and TLS 1.3 for data in transit. We utilize Server-Side Events (CAPI) to minimize client-side data exposure. We implement atomic database locks to ensure data integrity during transaction processing. However, no transmission over the internet is 100% secure.

8. Your Rights (GDPR)

You have the following rights:

  • Right to be informed (Art. 13/14 GDPR).
  • Right of access (Art. 15 GDPR).
  • Right to rectification (Art. 16 GDPR).
  • Right to erasure (Art. 17 GDPR).
  • Right to restrict processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR).

To exercise these rights, contact: support@arthrolume.com.

9. Automated Decision Making

We use automated fraud detection (Stripe Radar) which may decline transactions based on risk factors (e.g., IP velocity). You have the right to request human review of such decisions.

10. Regional Annexes & Contact

Supervisory Authority: If you are not satisfied with our response, you may lodge a complaint with the Data Protection Commission (DPC) in Ireland (www.dataprotection.ie).

Contact Us: For all privacy inquiries, email support@arthrolume.com.

End of Policy Document

© 2026 ArthroLume™. All Rights Reserved.