Note on privacy regimes: This Privacy Policy is designed for Personal Data Protection Law.

1. Personal Data We Collect

Identity & contact (name, email, phone, address). Order & payment details (order history, transaction references; card data processed securely by our payment provider). Technical data (IP, device/browser, cookies). Health preference information you choose to share (e.g., dietary restrictions) for product suitability/advice.

2. Why We Process Your Data (Purposes) & Legal Bases under PDPL

We process data for:
Purchases and service delivery (fulfilling and supporting your orders, defects/warranty handling, customer support). Legal basis: contract necessity or legal obligation. Account management (registration, authentication, security). Legal basis: contract necessity. Communications (service messages; with your optin, marketing). Legal basis: consent (you may withdraw anytime). Compliance & safety (recordkeeping, fraud prevention, responding to lawful requests). Legal basis: legal obligation / public interest. Website analytics & improvement (cookies/analytics where required by law we seek consent). Legal basis: consent. Healthrelated information you volunteer for suitability guidance. Legal basis: specific PDPL exceptions for health/occupational medicine where relevant or consent; we minimise and avoid collecting health data unless strictly needed.
Under the PDPL, processing without consent is restricted to defined cases (e.g., contract, legal obligation, public interest, protecting the data subject’s interests, publiclyavailable data, legal claims, health/publichealth, research/statistics). Exceptions may apply GDPR Regions.

3. Cookies

We use essential cookies (site operation) and, with consent, analytics/marketing cookies. You can manage preferences via our cookie banner or browser settings.

4. Sharing Your Data

We share data with:
Payment processors, couriers (e.g., UPS, Aramex, or other licensed courier), IT/hosting and support vendors—only as needed to provide services and under contractual safeguards. Authorities/regulators when required by law (e.g., consumer protection, product safety).

5. CrossBorder Transfers

We may transfer personal data outside to third party countries. When we do, we rely on PDPL transfer mechanisms: to countries approved/“adequate” by the relevant Data Office, agreements ensuring PDPLequivalent protections, or other PDPLrecognised conditions/consents.

6. Retention

We keep data only as long as needed for the purpose collected, our legal obligations, and limitation periods, then delete or anonymise it.

7. Security

We implement technical and organisational measures to protect confidentiality, integrity, and availability, and we maintain breach procedures consistent with PDPL.

8. Your Rights

Under PDPL you may: access, request transfer (portability), correct, erase, restrict/stop processing (including for direct marketing), and object to automated decisions that have legal or similarly significant effects. You may also withdraw consent at any time. Contact [office@elysiumlab.com] to exercise rights. You also have the right to complain.

9. Children

Our site is for adults. We do not knowingly collect data from children under 18 without appropriate consent/authorisation.

10. Contact

For any privacy queries: office@elysiumlab.com.