Grizelonthor.world

Privacy Policy

How Omnira and Grizelonthor.world collect, use, store, and protect personal data across the United Kingdom, the European Economic Area, and international visitors who browse or purchase from us.

Last revised:

Plain summary We only use your data for purposes you would reasonably expect—running the site, fulfilling orders, improving security, and marketing where the law allows. You can ask questions or exercise rights at chat@grizelonthor.world.

1. Identity of the controller

The controller determines why and how personal data is processed. For this website, the controller is Grizelonthor.world, trading under the brand name Omnira, with its principal contact address at 41 Tottenham Court Road, London W1T 2AB, United Kingdom. Privacy correspondence should be directed to chat@grizelonthor.world. We do not require you to use a proprietary portal to exercise rights; email is sufficient to start a request.

2. Scope, language, and material scope

This Policy applies to processing carried out through grizelonthor.world, related mobile experiences that we actively operate, email threads initiated through the site, phone calls that reference an order placed online, and offline records that we maintain strictly to mirror those interactions. It does not govern third-party platforms that merely link to us unless we jointly determine purposes with that partner in a manner that creates co-controllership under Article 26 GDPR.

UK GDPR EU GDPR EEA transfers ICO guidance

3. Children's data

Our dietary supplement communications target adults. Ongoing account creation, newsletter flows, and product purchasing are designed without child-directed themes. If we learn that we have collected personal data from someone under 16 without appropriate consent or legal basis, we will delete it promptly after verifying the facts, unless a narrow statutory exception requires retention.

4. Categories of personal data

Depending on your pathway, we may process identity and contact details, financial identifiers handled by payment partners, transactional history, device and connection metadata, on-site behavioural signals when optional cookies are enabled, customer support transcripts, survey responses where you opt in, and professional identifiers if you represent a stockist or press contact.

5. Special categories and criminal data

We do not aim to collect special-category data such as health information beyond what might appear incidentally in a customer email. If you volunteer clinical details, we minimise retention and use such content solely to answer your inquiry unless a separate lawful pathway applies. Please avoid including unnecessary sensitive information when you contact us.

6. Purposes and lawful bases

Contract Taking payment, picking stock, courier booking, issuing VAT-compliant invoices where applicable, and post-sale warranty-style communications tied to product safety.

Legitimate interests Cyber defence, abuse detection, A/B testing on infrastructure-only metrics, product development analytics aggregated in a non-identifying way, and proportionate business-to-consumer messaging balanced against your opt-out rights.

Legal obligation Tax authority cooperation, compelled disclosure after independent legal review, product traceability obligations, and accounting archive duties.

Consent Non-essential cookies, certain marketing personalisation layers, and optional research invitations where we first obtain an affirmative action.

7. Automated decision-making

We do not make decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 UK GDPR.

8. Retention logic

Orders and ledgers At least six UK financial years where Companies Act and tax rules demand evidence trails.

Marketing consents Until withdrawn or stale under our refresh programme, after which we re-seek consent or suppress further outreach.

Web logs Rolling windows, typically under twelve months, unless escalated to a security case file.

Complaints Up to thirty-six months post-closure unless litigation extends the need.

9. Processors and onward transfers

We maintain Article 28 style data processing agreements with email delivery providers, hosting partners, payment facilitators, fraud scoring utilities, and helpdesk tooling. Sub-processors may exist two layers deep; we flow down equivalent obligations. A written list describing the category of recipient—not necessarily every trade name—is available within a reasonable period after your request.

10. International transfers

Transfers from the UK or the EEA to countries without adequacy decisions rely on International Data Transfer Agreements, EU Standard Contractual Clauses with UK Addendum where relevant, supplementary measures following transfer impact assessments, and, in narrow cases, derogations under Article 49.

11. Security measures

We combine transport encryption for browser sessions, least-privilege internal credentials, separation of production and staging environments, annual access reviews for elevated accounts, backup encryption at rest, and staff onboarding modules on confidentiality. These measures evolve with threat intelligence; no catalogue can promise zero risk.

12. Your rights

You may request access, rectification, erasure, restriction, portability, objection to certain processing, and human review where applicable. Withdraw consent without affecting prior lawful processing. Complain to the ICO at https://ico.org.uk/ or to another supervisory authority habitual residence linked. We may need proof of identity before fulfilling substantive requests.

13. Marketing preferences

Every commercial email includes an unsubscribe or preference link unless transactional in nature. You may also email us directly. Suppression lists are retained to honour your choice even if you purchase again later.

14. Breach notification

Where we determine a personal data breach is likely to result in a risk to rights and freedoms, we document it, notify the ICO without undue delay where legally required, and communicate affected individuals when the threshold is met.

15. Changes and archiving

Material updates will refresh the “Last revised” line at the top of this page and may be echoed in a concise site banner. Historical snapshots for regulatory inspection are stored internally, not always published.

16. Contact escalation

Post: Omnira Legal Inquiries, 41 Tottenham Court Road, London W1T 2AB, United Kingdom. Email: chat@grizelonthor.world. We aim to acknowledge substantive requests within five business days and conclude within statutory periods subject to complexity.