Privacy policy

Privacy Policy

pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR)

1. Controller

Viraxe Labs GmbH
Herrengasse 4/3.4, 4600 Wels, Austria
Commercial Register: FN 670762 s, Regional Court of Wels
VAT ID: ATU82960949
Email: office@viraxe.com
Website: www.viraxe.com
Managing Director: Paul Maximilian Kürner

2. Overview of Data Processing

We process personal data only insofar as this is necessary for the provision of our online shop, our content and services. Data processing is carried out on the basis of the GDPR and the Austrian Data Protection Act (DSG).

3. Legal Bases for Processing

We process personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR) – where processing is necessary for the performance of a contract or pre-contractual measures.
  • Consent (Art. 6(1)(a) GDPR) – where you have given us consent (e.g. newsletter, cookies).
  • Legitimate interests (Art. 6(1)(f) GDPR) – where processing is necessary for the purposes of the legitimate interests pursued by us, provided that your fundamental rights and freedoms do not override those interests.
  • Legal obligation (Art. 6(1)(c) GDPR) – where processing is necessary for compliance with a legal obligation (e.g. tax retention requirements).

4. Types of Data Processed

  • Identity data (name, address, contact details)
  • Contract data (orders, purchase history, payment information)
  • Usage data (pages visited, access times, device used)
  • Communication data (email addresses, message content)
  • Technical data (IP addresses, browser type, operating system)

5. Hosting and Online Shop Platform

5.1 Shopify

Our online shop is operated on the Shopify platform. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Shopify processes your data on our behalf and is responsible for hosting our website, processing orders and storing customer data. Data processing is carried out on the basis of a data processing agreement (DPA) and EU Standard Contractual Clauses. Shopify may transfer data to the USA, Canada or other third countries. The transfer is based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

For more information: Shopify Privacy Policy

6. Order Processing

When you place an order, we process the following data:

  • First and last name
  • Billing and shipping address
  • Email address
  • Phone number (if applicable)
  • Payment information (processed directly by the payment service provider)
  • Order details (products, quantities, prices)

This data is processed for the performance of the contract (Art. 6(1)(b) GDPR) and for compliance with legal retention obligations (Art. 6(1)(c) GDPR). Tax-relevant data is stored for the statutory retention period of 7 years (Section 132 Austrian Federal Fiscal Code).

7. Payment Service Providers

7.1 Shopify Payments (Stripe)

For credit card payments, we use Shopify Payments, operated by Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA). Your payment data is processed directly by Stripe and is not stored on our servers. The legal basis is Art. 6(1)(b) GDPR. Data transfer to the USA is based on EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.

For more information: Stripe Privacy Policy

7.2 PayPal

When paying via PayPal, your payment data is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. The legal basis is Art. 6(1)(b) GDPR.

For more information: PayPal Privacy Policy

8. Fulfillment and Shipping

To process shipments, we share your delivery address and, if applicable, contact details with our fulfillment partner:

emoro.at – M&M Handels GmbH
Heuweg 10, 8041 Graz, Austria
Email: info@emoro.at

This data is shared solely for the purpose of delivering the goods (Art. 6(1)(b) GDPR). The fulfillment partner may in turn share the data with the respective parcel delivery service.

9. Email Marketing

9.1 Klaviyo

We use Klaviyo (Klaviyo, Inc., 125 Summer Street, Boston, MA 02110, USA) for sending marketing emails and transactional messages. When you subscribe to our newsletter, your email address is stored and processed by Klaviyo.

The legal basis for newsletter delivery is your consent (Art. 6(1)(a) GDPR). For transactional emails (order confirmations, shipping notifications), the legal basis is the performance of the contract (Art. 6(1)(b) GDPR).

Klaviyo uses tracking technologies to measure the open and click rates of our emails. Data transfer to the USA is based on EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.

You may revoke your consent at any time by unsubscribing from the newsletter (link at the bottom of each email) or by contacting us at office@viraxe.com.

10. Web Analytics and Tracking

10.1 Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 uses cookies and similar technologies to analyse your usage behaviour on our website.

Google Analytics processes, among other things: IP address (anonymised), pages visited, time spent, device and browser used, source of visit (referrer).

The legal basis is your consent (Art. 6(1)(a) GDPR), which you can provide via our cookie banner. Without your consent, no tracking takes place.

Data transfer to Google in the USA is based on EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework. We have entered into a data processing agreement with Google.

For more information: Google Privacy Policy

Opt-out: Browser add-on to deactivate Google Analytics

10.2 Meta Pixel (Facebook Pixel)

We use the Meta Pixel on our website, provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Meta Pixel collects data about your usage behaviour on our website and enables us to measure the effectiveness of our Facebook and Instagram advertisements and to deliver targeted advertising.

Among other things, the following data is processed: IP address, pages visited, purchase actions, device used. This data is transmitted to Meta and may be linked to your Meta account.

The legal basis is your consent (Art. 6(1)(a) GDPR). Data transfer to the USA is based on EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.

For more information: Meta Privacy Policy

10.3 Triple Whale

We use Triple Whale (Triple Whale Inc., USA) as an attribution and analytics tool for our e-commerce shop. Triple Whale collects and analyses data on visitor behaviour and purchase processes to measure the effectiveness of our marketing campaigns.

The legal basis is your consent (Art. 6(1)(a) GDPR) or our legitimate interest in optimising our marketing (Art. 6(1)(f) GDPR). Data transfer to the USA is based on EU Standard Contractual Clauses.

11. Cookies

Our website uses cookies. Cookies are small text files stored on your device.

We distinguish between:

  • Strictly necessary cookies – these are required for the operation of the website (e.g. shopping cart, session) and are set on the basis of our legitimate interest (Art. 6(1)(f) GDPR).
  • Analytics and marketing cookies – these are only set with your express consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time via the cookie banner.

You can configure your browser to inform you about the setting of cookies and only allow cookies on a case-by-case basis. If you disable cookies, the functionality of our website may be limited.

12. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) – You can request information about your personal data stored by us.
  • Right to rectification (Art. 16 GDPR) – You can request the correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) – You can request the deletion of your data, provided no legal retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR) – You can request to receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR) – You can object to the processing of your data at any time where processing is based on legitimate interest.
  • Right to withdraw consent (Art. 7(3) GDPR) – You can withdraw any consent given at any time with effect for the future.

To exercise your rights, please contact: office@viraxe.com

13. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection authority if you believe that the processing of your personal data violates the GDPR.

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at

14. Data Retention

Personal data is deleted as soon as the purpose of processing ceases to apply and no legal retention obligations exist. For tax-relevant documents, a retention period of 7 years applies (Section 132 Austrian Federal Fiscal Code). For contractual data, the statutory limitation period of 3 years applies (Section 1489 ABGB).

15. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to adapt it to changed legal situations or changes in our data processing. The current version published on our website shall apply at all times.

Building the daily standard for cognitive support. Since 2026.

¹ Health claims pursuant to EU Regulation 432/2012: Vitamin B6 contributes to normal functioning of the nervous system. Vitamins B6, B9 and B12 contribute to normal psychological function. Vitamins B6, B9 and B12 contribute to the reduction of tiredness and fatigue. Vitamin B12 contributes to normal energy-yielding metabolism.

² Ingredient descriptions serve general informational purposes about the respective substances and do not constitute health claims within the meaning of EU Regulation 1924/2006.

³ Sources:
– Attention span: Dr. Gloria Mark, UC Irvine, "Attention Span" (2023). https://gloriamark.com/attention-span/
– Burnout: Gallup, "Employee Burnout: Causes and Cures (2020)". https://www.gallup.com/workplace/288539/employee-burnout-biggest-myth.aspx
– Choline: NIH Office of Dietary Supplements, Choline Fact Sheet (NHANES 2009–2012). https://ods.od.nih.gov/factsheets/Choline-HealthProfessional/
– EU mental health: Eurostat, Mental Health and Related Issues Statistics (2024). https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Mental_health_and_related_issues_statistics
Statistics are provided for general information purposes and do not relate to the effects of this product.

Food supplements are not a substitute for a varied and balanced diet and a healthy lifestyle. Do not exceed the recommended daily intake. Keep out of reach of children.

Legal

Policies

¹ Health claims pursuant to EU Regulation 432/2012: Vitamin B6 contributes to normal functioning of the nervous system. Vitamins B6, B9 and B12 contribute to normal psychological function. Vitamins B6, B9 and B12 contribute to the reduction of tiredness and fatigue. Vitamin B12 contributes to normal energy-yielding metabolism.

² Ingredient descriptions serve general informational purposes about the respective substances and do not constitute health claims within the meaning of EU Regulation 1924/2006.

³ Sources:
– Attention span: Dr. Gloria Mark, UC Irvine, "Attention Span" (2023). https://gloriamark.com/attention-span/
– Burnout: Gallup, "Employee Burnout: Causes and Cures (2020)". https://www.gallup.com/workplace/288539/employee-burnout-biggest-myth.aspx
– Choline: NIH Office of Dietary Supplements, Choline Fact Sheet (NHANES 2009–2012). https://ods.od.nih.gov/factsheets/Choline-HealthProfessional/
– EU mental health: Eurostat, Mental Health and Related Issues Statistics (2024). https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Mental_health_and_related_issues_statistics
Statistics are provided for general information purposes and do not relate to the effects of this product.

Food supplements are not a substitute for a varied and balanced diet and a healthy lifestyle. Do not exceed the recommended daily intake. Keep out of reach of children.