PhrexxonthodB2B workplace facilities (U.S.) Request details

Data stewardship

Privacy policy

This is the full statement for visitors to phrexxonthod.world, including people who contact us from the United States, the European Economic Area, the United Kingdom, and Switzerland. It explains what we receive, what we do with it, for how long, and the choices and rights you can exercise. We do not use this space for marketing language or promises about product outcomes. It is a technical and legal description written to be read at a normal pace, whether you are a facilities lead, a counsel colleague, or a person checking our practices before a pilot.

Viewed on
Controller: NYC HTTPS in transit GDPR-ready rights

Scope and who we are

This document applies to personal data that Phrexxonthod, with its principal place of business at 250 Broadway, New York, NY 10007, USA (“we,” “us,” “our”), processes when you visit this website, when you use an email or telephone channel we publish for business inquiries, and when you exchange messages with us in the course of a commercial discussion about workplace hydration and related services. The website address we operate for this product line is phrexxonthod.ddd. The term “personal data” (or “personal information,” depending on the law) means information that can identify a person directly or, when combined with other data we hold, can reasonably identify a person. Information that is aggregated, anonymized, or reduced to statistics about groups is no longer personal data in the sense used here, provided the re-identification risk is not meaningful.

This policy is written in English for a United States audience, but the rights and obligations of certain visitors may also be governed by the General Data Protection Regulation, the United Kingdom’s post-Brexit framework, the Swiss Federal Act on Data Protection, and the laws of the State of New York, among others. We describe cross-border issues in a dedicated section so you can see how a transfer to the United States is protected when the law in your home country requires a safeguard. Nothing in this policy is intended to remove rights you may have that cannot be waived. If any sentence is unclear, email us. We are happy to restate a paragraph in a different format for accessibility or for legal review, without that email creating a new contract by itself.

Data controller — Phrexxonthod. You can reach the controller for privacy questions at contact@phrexxonthod.world or +1 212-732-0560. We record the channel you used, the subject of your message, and the steps we take in reply so you have a file trail if the matter is reopened.

Categories of data

We do not run a data marketplace. The categories we process are limited to what is common for a B2B site with a contact form, optional analytics, and a small set of business communications. In practical terms, you will typically see: identity and business contact data (name, work email, organization name, job title in free text if you include it, phone number if you type it, mailing address of your office or ours when relevant); the content of your message, including any attachments you send by email; technical log data (IP address, time stamp, user-agent, approximate region derived from the IP, HTTP referrer when available); and records of your cookie consent stored in the browser, including a timestamp, so the banner can remember a choice. If you work with us under a written agreement, we also keep contract references, project notes that may mention people by name, and billing identifiers where a payment occurs. We do not ask for health information on this public site, and you should not send medical details through the public form, because the form is not set up to receive protected health data under the appropriate regulations.

Purposes and legal bases

We use personal data to respond to inquiries, to plan and perform services for clients, to keep internal records, to secure our services, to meet court orders or lawful government requests, and, when you have consented, to measure which pages and announcements are useful in the aggregate. Under the GDPR, the relevant bases are usually: contract or pre-contract steps when you request a commercial proposal; legitimate interests in securing the site, preventing fraud, and improving how information is presented, balanced against your interests and rights; legal obligation when we are required to retain a record; and consent for non-essential cookies. Where consent is the basis, you can withdraw it without affecting the lawfulness of processing that happened before withdrawal, and you can change browser or banner settings in line with our Cookie policy.

Sharing and recipients

We do not sell personal data in the colloquial “bulk list” sense. We may share with hosting providers, email delivery tools, and security vendors that process data on our instructions under a written data processing addendum, where the industry supports one. We may also share with professional advisers, regulators, and courts when the law or a bona fide request requires. If a corporate reorganization, merger, or sale of business assets were to take place, personal data that is part of the transferred business may be disclosed to a successor, under confidentiality terms and with notice where required. Any recipient not already listed will be required to use data only for the same purposes we describe, except where a different use is required by law and permitted under that law.

International transfers

We operate in the United States. If you are in a region with transfer restrictions, we rely, as appropriate, on adequacy decisions, standard contractual clauses approved by the European Commission, the United Kingdom’s international data transfer addendum, or the Swiss addendum, and we will complete transfer impact steps when those frameworks require. You may request a copy of the relevant terms when they apply. Some transfers, such as an email to our server, are occasional and user-initiated; others are structured through cloud infrastructure with documented subprocessors. The technical path can change; the commitment to a lawful ground for transfer will not, unless a law changes, in which case we will update this section.

Your rights and requests

Depending on where you live, you may have the right to access, port, correct, or delete your personal data, to restrict or object to certain processing, to withdraw consent, and in some US states, to know categories received, to opt out of certain sharing, and to appeal a decision we make about a request. We verify requests in a way that is proportionate, which may include asking you to confirm a piece of data we already have or, for sensitive actions, a signed statement. We respond within the statutory window when one applies, and otherwise within a reasonable time that we communicate to you, usually within thirty to forty-five days for complex research. We do not charge a fee unless the request is manifestly unfounded or excessive, in which case we will explain why. If you are unsatisfied, you can contact your local supervisory authority or, where a state law gives you the right, use an appeal process we describe in our reply. If you are represented by a lawyer or agent, we will require evidence of authorization, because we are careful about impersonation.

Automated decisions and profiling

We do not use the personal data you send through the public form to make automated legal or similarly significant decisions about you in the sense of the GDPR, and we do not build employment profiles of individuals in your organization from the site. If we ever introduce a tool with such effects, we will add a specific notice, describe logic and consequences, and provide human review where the law requires.

Children and sensitive data

The site and services are intended for business audiences. We do not knowingly collect personal data from children under sixteen through this site, and if we learn that we have, we will delete it promptly, subject to legal retention. Please do not submit sensitive information categories through the general contact form. If a situation arises where a sensitive category is indispensable, we will use a private channel, appropriate consent, and extra safeguards, as required by the applicable law in your case.

Security measures

We use HTTPS for the public site, access controls for internal systems, unique credentials for those who can see personal data, and an expectation that our vendors maintain baseline security. No method of transmission is perfectly secure, so we also maintain procedures for logging incidents, for notifying you when the law and the facts of an incident make notification appropriate, and for working with you to limit harm. If you discover a possible vulnerability, email us. We will not retaliate in good-faith research that stays within a reasonable, non-destructive scope; please give us a short window to fix a confirmed issue before public disclosure, when possible, so that other visitors are not put at additional risk in the window between discovery and fix.

Retention and deletion

Routine business correspondence, including the contact form, is held for up to twenty-four months after the last message in a thread, unless a longer period is required for a contract, a tax or accounting duty, a dispute, or a regulatory investigation. After that period, we delete or de-identify the content where feasible. Security and infrastructure logs that might contain transient identifiers are rotated or truncated more frequently, on a schedule that balances troubleshooting with data minimization. If you have a right to erasure, we will consider technical limits such as backup cycles and the need to keep a record that erasure was performed. Legal holds, when a regulator or a court imposes or requests preservation, can extend any timeline until the hold is released, and we will document the reason internally.

Changes and version history

We update this policy when our services, the law, or our vendors change, or when a clarification is in order. A material change will be signposted for a short period on a prominent page, such as the home page, in addition to updating the “last revised” information we maintain in our internal log. The dynamic “Viewed on” line in the hero of this page shows the day you opened it in your own browser, which is useful for a reading record, but the substantive revision history is the published text, not the clock on your device. If a regional law makes a stricter text mandatory, the stricter text controls for visitors in that region, even if a general line elsewhere appears broader.

Advertising, measurement, and ad platforms

When we use online advertising, third-party ad platforms and their partners may process limited technical data in connection with ad delivery, measurement, and fraud prevention, as described in their public policies and subject to the choices you make in our cookie banner when a tag loads on the site. We describe our own processing in the sections above. For how Google treats ad-related technologies, you may also read Google’s information on advertising. A concise U.S. business statement, including that we do not use this site to provide medical care or guaranteed health outcomes, is on our Transparency and advertising page.

How to contact us

Write to contact@phrexxonthod.world with “Privacy” in the subject, or call +1 212-732-0560 during our published business hours. You may also send a letter to 250 Broadway, New York, NY 10007, USA. In each case, we will log your request, respond through the same channel you prefer unless a rule requires a different one, and keep a copy of the exchange for a reasonable time for accountability and for training staff on what was decided in similar cases, subject to retention above.

This text is a general privacy statement and does not create rights beyond those granted by law. If you have a specific compliance question, ask your own counsel, and we can supply factual answers to help them advise you.