top of page

Privacy Policy

Effective Date: March 26, 2025

Phyto Axia (“Phyto Axia,” “we,” “us,” or “our”), operating the e-commerce website https://www.phytoaxia.com (the “Website”), is dedicated to safeguarding your privacy and ensuring the responsible handling of your personal information. This Privacy Policy outlines in detail how we collect, use, store, disclose, and protect your personal data when you visit our Website, register an account, purchase natural skincare ingredients (the “Products”), or otherwise engage with our services (collectively, the “Services”). 

 

As a business headquartered in Ottawa, Ontario, Canada, with a global customer base, we are committed to complying with applicable privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and, for individuals in the European Union (EU) and European Economic Area (EEA), the General Data Protection Regulation (GDPR). This Privacy Policy is designed to provide transparency about our data practices, inform you of your rights, and explain how you can exercise them.

 

Your use of the Website or Services signifies your acceptance of the practices described herein. If you do not agree with this Privacy Policy, we kindly ask that you refrain from accessing the Website or providing us with any personal information. We encourage you to read this document carefully and contact us with any questions or concerns.

 

1. Data Controller and Contact Information

1.1 Data Controller

For the purposes of the GDPR, the entity responsible for determining how and why your personal data is processed (the “Data Controller”) is:

Phyto Axia

Email: support@phytoaxia.com

Business Hours: Monday to Friday, 9:00 AM – 5:00 PM EST (excluding Canadian statutory holidays)  

 

1.2 Contacting Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your personal information is handled, please reach out to us using the contact details above. We aim to respond to all inquiries promptly and in accordance with applicable legal timelines.

 

1.3 EU Representative (GDPR)

As a Canadian company serving EU/EEA customers, we are in the process of appointing an EU representative to facilitate GDPR compliance. Once appointed, their contact details will be updated here. In the meantime, EU/EEA residents may direct GDPR-related inquiries to support@phytoaxia.com.

 

2. Personal Data We Collect

We collect various types of personal data to operate our e-commerce platform, fulfill your orders, enhance your experience, and comply with legal obligations. The specific data we collect depends on how you interact with the Website. Below is a detailed breakdown:

 

2.1 Data You Provide Directly  

  • Account Registration:  

    • When you create an account using an email address, we collect your email address and a password (which is encrypted and stored securely).  

    • If you opt to sign up or log in via third-party services like Google or Facebook, we collect your name and email address as provided by those platforms, subject to your account settings and their terms of service.  

    • Purpose: To authenticate your identity, manage your account, and enable order tracking.

  • Order Placement:  

    • When you purchase Products, we collect your full name, email address, shipping address (including street, city, postal code, and country), phone number, and payment information (e.g., credit card details, processed securely by third-party payment gateways).  

    • The phone number is mandatory for shipping, as most couriers require it to contact you regarding delivery updates or issues.  

    • Purpose: To process and deliver your order, communicate order status, and facilitate returns or refunds if applicable.

  • Customer Communications:  

    • If you contact us at support@phytoaxia.com or submit inquiries through the Website, we collect your email address, name (if provided), and any additional details you include in your message (e.g., order numbers, questions, or feedback).  

    • Purpose: To respond to your requests, provide support, and resolve issues.

2.2 Data Collected Automatically  

  • Website Usage Data:  

    • We use Google Analytics, a web analytics tool, to collect information about your interactions with the Website. This includes your IP address, browser type and version, operating system, device type (e.g., mobile or desktop), pages visited, time and date of visits, duration of visits, click paths, and referring URLs (e.g., the site you came from).  

    • Purpose: To analyze user behavior, optimize Website performance, and improve content and functionality.

  • Cookies and Tracking Technologies:  

    • We employ cookies, web beacons, and similar technologies to enhance your browsing experience, remember your preferences, and track usage patterns. Examples include session cookies (temporary) and persistent cookies (stored longer-term).  

    • Purpose: To ensure Website functionality, personalize your experience, and support analytics. See our Cookie Policy for a detailed explanation.

 

 

2.3 Data from Third Parties  

  • Social Media Platforms:  

    • If you use Google or Facebook to register or log in, we receive limited data from those platforms (e.g., your name and email address) based on your privacy settings and their data-sharing policies.  

    • Purpose: To streamline account creation and login processes.

  • Shipping Partners:  

    • We receive delivery-related information from couriers, such as confirmation of shipment, tracking updates, or instances where your phone number was used to coordinate delivery.  

    • Purpose: To monitor and ensure successful order fulfillment.

  • Payment Processors:  

    • Third-party payment providers (e.g., Stripe, PayPal) share transaction confirmation details with us, though we do not store your full payment card details.  

    • Purpose: To verify payment and complete your purchase.

 

2.4 Non-Personal Data  

  • We may collect aggregated or anonymized data (e.g., total Website visits or average order value) that cannot be linked to an individual. This data is not considered personal data under GDPR or PIPEDA and is used for statistical and business analysis purposes.

 

3. Legal Basis for Processing Personal Data (GDPR Compliance)

Under the GDPR, we must have a lawful basis for processing your personal data. The following outlines the legal grounds we rely on:  

  • Performance of a Contract (Article 6(1)(b)):  

    • Processing your name, email address, shipping address, phone number, and payment details is necessary to fulfill your order, deliver Products, and manage returns or refunds. This applies when you purchase from us or create an account to track orders.

  • Legitimate Interests (Article 6(1)(f)):  

    • We process your email address to send shop updates, promotional offers, and our newsletter, and we use Google Analytics to collect usage data, based on our legitimate interest in marketing our business and improving our Services. We balance this interest against your rights and provide easy opt-out options (e.g., unsubscribe links).  

    • We may also use your data to detect and prevent fraud or unauthorized access, protecting both you and our business.

  • Consent (Article 6(1)(a)):  

    • Where required, such as for non-essential cookies (e.g., marketing or analytics cookies), we process your data based on your explicit, freely given consent. You may withdraw consent at any time via our cookie settings or by contacting us.

  • Compliance with Legal Obligations (Article 6(1)(c)):  

    • We process and retain certain data (e.g., order records) to comply with Canadian tax laws, consumer protection regulations, or requests from regulatory authorities.

  • Vital Interests (Article 6(1)(d)):  

    • In rare cases, we may process data to protect your vital interests or those of another person (e.g., providing shipping details to emergency services if a delivery issue poses a safety risk), though this is unlikely in our operations.

We ensure that our processing activities are proportionate, necessary, and respectful of your privacy rights.

 

4. How We Use Your Personal Data

We use your personal data for the following specific purposes:  

  • Order Processing and Fulfillment:  

    • To confirm your purchase, process payments, package Products, and coordinate shipping with couriers.  

    • To send you order confirmations, shipping updates, and tracking information via email.

  • Customer Account Management:  

    • To authenticate your login, maintain your account profile, and allow you to view order history or manage preferences.

  • Customer Support:  

    • To respond to inquiries, troubleshoot issues, or process returns/refunds when you contact us at support@phytoaxia.com.  

    • To document interactions for quality assurance and future reference.

  • Marketing and Communications:  

    • To send you shop updates, promotional offers, and our newsletter via email, informing you about new Products, discounts, or skincare tips. You can unsubscribe at any time using the link in our emails or by emailing us.

  • Website Optimization and Analytics:  

    • To analyze Website performance, user behavior, and traffic patterns using Google Analytics, enabling us to enhance navigation, content, and user experience.

  • Fraud Prevention and Security:  

    • To monitor transactions and account activity for signs of fraud, unauthorized access, or abuse of our Services.

  • Legal and Regulatory Compliance:  

    • To maintain records for tax and accounting purposes, respond to lawful requests from authorities, or defend against legal claims.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

 

5. Data Sharing and Disclosure

We prioritize your privacy and do not sell, rent, or trade your personal data for commercial gain. However, we may share your data with third parties under the following circumstances:  

  • Service Providers:  

    • Payment Processors: We share payment-related data (e.g., transaction amount, but not full card details) with providers like Stripe or PayPal to process your purchases securely. These providers operate under their own privacy policies and security standards.  

    • Shipping Couriers: We share your name, shipping address, and phone number with couriers (e.g., Canada Post, UPS) to deliver your order and provide tracking updates.  

    • Analytics Providers: Google Analytics processes usage data on our behalf to generate reports, governed by Google’s Data Processing Agreement and GDPR compliance measures.  

    • IT and Hosting Providers: We use cloud services and IT vendors to store and manage Website data, ensuring they adhere to strict confidentiality and security obligations.

  • Legal and Regulatory Disclosures:  

    • We may disclose your data if required by law, such as in response to a subpoena, court order, or request from a government agency (e.g., Canada Revenue Agency or EU data protection authorities).  

    • We may also share data to enforce our Terms and Conditions, protect our rights, or ensure the safety of our customers and staff.

  • Business Transfers:  

    • If Phyto Axia undergoes a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred to a successor entity. We will ensure that any such transfer complies with applicable privacy laws and that your data remains protected.

  • With Your Consent:  

    • We may share your data with other parties if you explicitly authorize us to do so (e.g., sharing your email with a promotional partner, though this is not currently part of our practice).

 

All third parties we engage are contractually obligated to process your data only for the purposes we specify, maintain confidentiality, and implement appropriate security measures in line with GDPR and PIPEDA requirements.

 

6. International Data Transfers

As a Canadian-based business with global operations, your personal data may be transferred to and processed in countries outside your jurisdiction, including:  

  • Canada: Where our headquarters and primary data storage are located. Canada is recognized by the European Commission as providing an adequate level of data protection under GDPR.  

  • United States: Where some service providers (e.g., Google Analytics) are based.  

  • Other Countries: Where couriers or IT vendors may operate, depending on shipping routes or infrastructure.

 

For transfers from the EU/EEA to countries without an adequacy decision (e.g., the U.S.), we rely on:  

  • Standard Contractual Clauses (SCCs): Legally binding agreements approved by the European Commission to ensure data recipients outside the EEA provide GDPR-equivalent protection.  

  • Additional Safeguards: Such as encryption, pseudonymization, or contractual audits of third-party processors.

 

We regularly review our data transfer practices to ensure compliance with evolving international privacy standards.

 

7. Data Retention Periods

We retain your personal data only for as long as necessary to achieve the purposes outlined in this Privacy Policy, or as required by law. Specific retention periods include:  

  • Account Data: Retained while your account remains active. If you close your account, we retain your data for up to 1 year to address potential follow-up issues (e.g., returns), unless you request earlier deletion.  

  • Order Data: Retained for 7 years to comply with Canadian tax and accounting laws (e.g., Income Tax Act) and to support warranty or refund claims.  

  • Marketing Data: Retained until you unsubscribe from our newsletter or request removal, after which your email is promptly deleted from our marketing lists.  

  • Customer Support Records: Retained for 3 years to document interactions and resolve future disputes, unless deletion is requested sooner.  

  • Analytics Data: Retained in anonymized form by Google Analytics for up to 26 months, after which it is automatically deleted per Google’s retention settings.

 

When data is no longer needed, we securely delete it using industry-standard methods (e.g., overwriting) or anonymize it so it cannot be linked to you. Physical records, if any, are shredded or otherwise destroyed.

 

8. Your Privacy Rights

You have specific rights regarding your personal data under GDPR and PIPEDA, depending on your location:  

  • Right to Access: Request confirmation of whether we process your data and obtain a copy of it, along with details about how it is used.  

  • Right to Rectification: Ask us to correct inaccurate, incomplete, or outdated data (e.g., an incorrect shipping address).  

  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data when it is no longer necessary, you withdraw consent, or it was processed unlawfully, subject to exceptions (e.g., retaining order records for tax compliance).  

  • Right to Restriction: Request that we limit processing (e.g., to storage only) if you contest its accuracy, object to its use, or need it preserved for legal claims.  

  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (e.g., CSV) or have it transferred to another controller, where technically feasible. This applies to data provided by you and processed by automated means.  

  • Right to Object: Object to processing based on legitimate interests (e.g., marketing emails) or for direct marketing purposes, after which we will cease such use.  

  • Right to Withdraw Consent: Revoke consent for processing (e.g., non-essential cookies) at any time, without affecting the lawfulness of prior processing.  

  • Right Against Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing (e.g., profiling) that produce legal or significant effects. We do not currently engage in such practices.  

  • Right to Complain: Lodge a complaint with a supervisory authority if you believe your rights have been violated. In Canada, contact the Office of the Privacy Commissioner of Canada; in the EU/EEA, contact your local data protection authority (e.g., the Information Commissioner’s Office in the UK).

 

8.1 How to Exercise Your Rights  

  • Submit your request to support@phytoaxia.com, specifying the right(s) you wish to exercise and providing your name, email, and order number (if applicable).  

  • For security, we may require proof of identity (e.g., a copy of a government-issued ID with sensitive details redacted).  

  • We will respond within 30 days (or 1 month under GDPR), extendable by up to 2 months for complex requests, with notice provided. There is no fee unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative cost or refuse to act.

 

9. Data Security Measures

We take data security seriously and implement a range of technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure, including:  

  • Encryption: Data transmitted via the Website (e.g., during checkout) is encrypted using SSL/TLS protocols. Passwords are hashed using strong cryptographic algorithms.  

  • Access Controls: Only authorized personnel with a need-to-know basis can access your data, and they are bound by confidentiality agreements and trained in privacy compliance.  

  • Secure Storage: Data is stored on servers with firewalls, intrusion detection systems, and regular security updates.  

  • Vendor Oversight: We audit third-party processors to ensure they meet GDPR and PIPEDA standards.  

  • Incident Response: We maintain a plan to address data breaches, including notifying you and relevant authorities within 72 hours if a breach poses a risk to your rights and freedoms (per GDPR Article 33).

 

Despite these measures, no online system is entirely immune to risks. We cannot guarantee absolute security, and you play a role by keeping your account credentials confidential and reporting suspicious activity to us immediately.

 

10. Third-Party Links and Services

The Website may include links to external sites, such as Google, Facebook, or courier tracking pages. These third parties operate under their own privacy policies, over which we have no control. We are not responsible for their practices or content and recommend reviewing their policies before sharing personal data with them.

 

11. Children’s Privacy

Our Website and Services are intended for individuals aged 19 or older (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children under this age. If we discover that we have inadvertently collected such data (e.g., from a minor creating an account), we will delete it as soon as practicable. If you believe a child has provided us with data, please contact us at support@phytoaxia.com.

 

12. Changes to This Privacy Policy

We may revise this Privacy Policy to reflect changes in our data practices, legal requirements, or Services. Updates will be posted on the Website with a new “Effective Date” at the top. For significant changes (e.g., new data uses or sharing practices), we will notify you via email (if we have your address) or a prominent notice on the Website at least 30 days before the changes take effect. Your continued use of the Website after such updates constitutes acceptance of the revised policy. We encourage you to review this document periodically.

 

13. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please reach out to:

 

Email: support@phytoaxia.com

Business Hours: Monday to Friday, 9:00 AM – 5:00 PM EST (excluding Canadian statutory holidays)  

 

For EU/EEA residents with unresolved concerns, you may contact your local data protection authority. A list of authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

PRIVACY POLICY

  • Phyto Axia (“Phyto Axia,” “we,” “us,” or “our”), operating the e-commerce website https://www.phytoaxia.com (the “Website”), is dedicated to safeguarding your privacy and ensuring the responsible handling of your personal information. This Privacy Policy outlines in detail how we collect, use, store, disclose, and protect your personal data when you visit our Website, register an account, purchase natural skincare ingredients (the “Products”), or otherwise engage with our services (collectively, the “Services”

  • Details of our privacy policy can be found here:

  • Cookie policy.

TERMS & CONDITIONS

Shipping Policies and Timelines  

  • Standard Processing: Orders are processed and shipped within three (3) business days of purchase, excluding weekends and Canadian statutory holidays, unless otherwise stated.  

  • Expedited Processing: We offer one (1) day processing for an additional fee, subject to availability and confirmation at checkout.

 Order Cancellations

  • You may request to cancel your order within twelve (12) hours of purchase by emailing support@phytoaxia.com .

Returns and Refunds Policy

  • Phyto Axia is committed to providing a satisfaction-guaranteed experience. If you are not satisfied with your purchase, we offer returns and refunds on eligible Products under the conditions outlined below.

General Return Policy  

  • Eligibility: We accept returns of unopened and unused Products within fourteen (14) days of delivery.  

  • Process: To initiate a return, contact us at support@phytoaxia.com with your order number and reason for return. We will provide instructions for returning the Product.  

  • Condition: Products must be returned in their original, unopened packaging, with all labels, seals, and accompanying documentation intact. We cannot accept returns of opened or used Products due to health, safety, and hygiene concerns.  

  • Shipping Costs: The buyer bears the full cost of return shipping unless the return is due to a defect, damage, or an error on our part (e.g., incorrect item shipped).

Disclaimers and Limitations

General Product Disclaimer

  • The Products sold on the Website are natural skincare ingredients intended exclusively for topical formulations. We make no representations or warranties regarding their suitability for specific purposes beyond what is supported by established scientific literature.

No Dermatological or Professional Advice  

  • Phyto Axia and its representatives are not dermatologists, we do not provide medical advice, diagnoses, or treatment recommendations.  

Product Effectiveness and Stability  

  • Claims regarding the benefits of plant extracts and other ingredients sold on the Website are derived from established scientific literature and supplier-provided data. However, the effectiveness, stability, and safety of these ingredients in finished formulations depend on multiple factors, including but not limited to their combination with other ingredients, formulation techniques, storage conditions (e.g., temperature), pH levels, and the use of penetration enhancers or preservatives. 

CONTACT US


support@phytoaxia.com

  • Facebook
  • Instagram
  • Pinterest

© 2025 Frais. All rights reserved.

bottom of page