Cardio-Phoenix Privacy Policy

Cardio-Phoenix Limited

Privacy Policy.
Last updated: 26.06.2025.

1. Introduction
This Privacy Policy describes how Cardio-Phoenix Limited (“Cardio Phoenix”, “we”, “us”, or “our”) collects, uses, discloses, and protects your personal data when you visit or use our website cardiophoenix.com, interact with us, or use any of our subdomains or services (e.g., our store or Cardio-HART software platform).
We are committed to protecting your personal data and ensuring transparency about how it is handled. This policy applies to our customers, business partners, website visitors, and any data subjects whose information we process.

2. Who We Are
Controller:
Cardio-Phoenix Limited
7 Bell Yard, London WC2A 2JR, United Kingdom
📧 Email: info@cardiophoenix.com

3. What We Collect
a. Personal Data You Provide Directly:
Name, email, phone number
Company or organization name
Billing and shipping address
Communication preferences
Messages sent via forms, email, or live chat
Registration and account credentials (for subdomains or partner platforms)
b. Usage and Device Data (Automatically Collected):
IP address
Browser type and version
Pages visited, duration, actions taken
Referring site or link
Cookie identifiers
c. Cookies and Tracking Technologies:
We use WooCommerce to power our online store, and certain cookies on this site are required for essential e-commerce functionality, such as shopping cart persistence and checkout processing.
In addition, we use cookies to support website functionality, remember user preferences, analyze traffic (via Google Analytics), enable live chat (via Tawk.to), and deliver personalized marketing campaigns (via platforms like Facebook and LinkedIn Ads).
You can manage or disable cookies in your browser settings. For more information on the cookies used by WooCommerce, please visit the WooCommerce Cookie Policy: https://woocommerce.com/document/woocommerce-cookies/
For more details about the cookies we use and how you can manage them, please see our Cookie Policy.

4. Legal Bases for Processing
We process personal data under the following legal bases:
Your consent (Article 6(1)(a) GDPR)
Performance of a contract (Article 6(1)(b))
Legal obligations (Article 6(1)(c))
Legitimate interests (Article 6(1)(f)), including service improvement, business analytics, security, and marketing to business contacts

5. How We Use Your Data
We use your data to:
Process transactions and provide services
Communicate with you, including email campaigns (via Brevo)
Respond to inquiries and provide support (via Tawk.to)
Operate and improve our website and systems
Send marketing and promotional communications (subject to your preferences)
Analyze site usage and measure campaign performance (via Google Analytics)
Manage business relationships (using Notion as CRM)
Fulfill legal and contractual obligations

6. Sharing Your Information
We may share your personal data with:
Service providers: payment processors (e.g., Stripe, Mollie), cloud hosting, email tools (e.g., Brevo), CRM (Notion), live chat (Tawk.to), analytics (Google)
Marketing and advertising partners: Google Ads, LinkedIn Ads, Facebook Ads
Legal and regulatory authorities, if required by law or for legal defense
Business partners or affiliates, for service delivery or due diligence
In case of a business transaction, such as merger or acquisition
We do not sell your personal data. We do not use sensitive data to infer characteristics.

7. International Data Transfers
Your personal data may be processed outside the European Economic Area. When doing so, we rely on approved legal mechanisms such as Standard Contractual Clauses to ensure your data remains protected.

8. Data Retention
We retain personal data only as long as necessary for the purposes it was collected. Usage data may be kept longer for security, analytics, or legal obligations.

9. Your Rights (GDPR)
You have the right to:
Access, correct, or delete your data
Restrict or object to processing
Request data portability
Withdraw consent (where applicable)
Lodge a complaint with your local data protection authority
Please contact us at info@cardiophoenix.com to exercise your rights.

10. Security
We implement appropriate technical and organizational measures to protect your personal data. However, no method of transmission over the internet is 100% secure.

11. Do Not Track (CalOPPA)
Our site does not respond to Do Not Track signals. You can set your browser to block cookies.

12. Children’s Privacy
Our services are not directed to children under 18. We do not knowingly collect data from minors.

13. Third-Party Links
Our site may link to external websites. We are not responsible for their privacy practices. Please review their privacy policies.

14. Changes to This Policy
We may update this Privacy Policy at any time. Updates will be posted on this page with a new effective date. Continued use of our services after changes implies acceptance.

15. Cookie Policy Summary
We use cookies for essential functions, user preferences, social sharing, analytics, and advertising.
Our online store is powered by WooCommerce, which uses certain cookies to manage shopping cart functionality and checkout processes.
For full details on the types of cookies we use and how to manage them, please refer to our WooCommerce Cookie Policy.

16. Contact
For any questions or concerns about this Privacy Policy, please contact:
📧 info@cardiophoenix.com
📍 Cardio-Phoenix Limited
7 Bell Yard, London WC2A 2JR, United Kingdom

17. International Privacy Laws & Additional Rights

Global Compliance Disclaimer
While our main data protection framework is based on the GDPR (EEA), we are committed to respecting similar standards worldwide. To the extent Cardio Phoenix processes personal data of users in other jurisdictions, we will comply with their local privacy laws, such as Brazil’s LGPD and California’s CCPA/CPRA.

LGPD (Brazil) Compliance
We adhere to LGPD principles (privacy, transparency, security, purpose limitation). We provide a clear description of our data practices, legal bases, retention periods, user rights, and contact info.

CCPA (California, USA) Rights
If you are a California resident, you have the right to:
Know what personal data is collected and disclosed.
Access your personal data or request a report.
Delete your personal data (subject to exceptions).
Opt out of “sales” of personal data — we do not sell user data.
Non discrimination: exercise rights without penalty.
To submit requests, contact us at privacy@cardiophoenix.com with proof of identity.

Other U.S. State & International Laws
As privacy laws evolve—including Maryland, Minnesota, Vermont—and global frameworks grow, we commit to continuously updating this Privacy Policy and our practices to remain compliant.

Data Transfers Outside Europe & Brazil
We rely on Standard Contractual Clauses or other lawful mechanisms to safeguard your data.

Annual Review & Updates
We review and, if needed, update this Privacy Policy at least annually—or sooner when significant changes occur—to ensure continuous alignment with legal and industry standards.