Privacy policy
Return policy
Terms of service

Privacy Policy (EU)

 

Effective date: 13 August, 2025

Last updated:13 August, 2025

 

1. Who we are (Controller)

This Privacy Policy explains how AVALEX PTE. LTD. (trading as Anex) collects and processes personal data when you visit anexbaby.com or purchase from our EU-facing online store and services (the Site).

Controller:

AVALEX PTE. LTD.

114 Lavender Street, #08-58/59, CT Hub 2, Singapore 338729

Email: [email protected]

 

EU Representative (Art. 27 GDPR):

IDEO GROUP SPOLKA Z O. O.

Al. Solidarnosci 117 lok. 207, 00-140 Warszawa, POLSKA

KRS: 0000479269 REGON: 146900058,

NIP: 5252566488

Email: [email protected]

 

This Policy applies to data subjects in the European Economic Area (EEA), the United Kingdom (for reference only), and Switzerland. If local laws require different information, we will provide it in country specific notices.

2. Scope

This Policy covers personal data we collect when you:

  • browse the Site;
  • create an account or place an order;
  • subscribe to marketing;
  • contact us (email, forms, chat, social media) or participate in promotions/affiliation;
  • interact with cookies/SDKs and similar technologies on the Site.

3. Personal data we collect

3.1 Data you provide to us

  • Account and profile data (name, email, password, phone, preferred language/country).
  • Order and delivery data (billing/shipping addresses, products, pricing, order notes).
  • Payments (tokenised payment identifiers, payment method type, last 4 digits where applicable; we do not store full card numbers—these are processed by our payment processor).
  • Customer service (your communications, attachments such as photos/videos for warranties/returns).
  • Marketing preferences (subscriptions, consent choices).
  • Affiliation (affiliate ID, referral code, payout details for affiliates, where applicable).

3.2 Data we collect automatically (Device/Usage)

  • Device/technical: IP address, device identifiers, browser and OS, time zone, language, referrer URL.
  • Usage: pages viewed, clicks, scrolls, session duration, purchase events, error logs.
  • Cookies/SDKs: first/third party cookies, pixels, tags and similar technologies (see Section 7).

3.3 Data from third parties

  • Payment and anti-fraud providers (payment status, risk flags).
  • Logistics partners (delivery status).
  • Analytics/advertising partners (aggregated audience insights where you have given consent).
  • Social networks (if you interact with our accounts or use social login, where available).
  • Affiliation platforms (click throughs and conversions, subject to your consent).

4. Purposes and legal bases

We process personal data only where a legal basis under GDPR applies:

  • To perform a contract (Art. 6(1)(b)): processing orders, payments, shipping, returns, warranties, customer support, account management.
  • To comply with legal obligations (Art. 6(1)(c)): tax and accounting, consumer protection, product safety/recall, responding to lawful requests.
  • Legitimate interests (Art. 6(1)(f)): securing our Site and business (fraud prevention, diagnostics), improving services, limited direct marketing to existing customers; we balance these interests against your rights and freedoms.
  • Consent (Art. 6(1)(a)): email/SMS marketing to new subscribers, non-essential cookies/analytics/ads, affiliate tracking cookies, geolocation for currency display, and any processing where consent is required. You may withdraw consent at any time (see Section 10).

5. Payments and anti-fraud

Payments are processed by certified payment processors. Card data is handled in accordance with PCI DSS by the processor. We receive only limited payment information (e.g., status, token, last 4 digits) to confirm and fulfil your order. We may use automated tools to help detect fraud; decisions with legal or similarly significant effects are not made solely by automated means (see Section 11).

6. Disclosures (recipients and categories)

We share personal data, where necessary and subject to appropriate safeguards, with:

  • Payment processors;
  • Fulfilment and logistics providers (warehousing, carriers);
  • IT/hosting and e-commerce platform providers;
  • Customer support and communications tools (email, helpdesk, chat);
  • Analytics/measurement and ad tech providers (only with consent);
  • Professional advisers (legal, accounting, auditors);
  •  Affiliation platforms (only with consent);
  • Public authorities (where required by law or to protect rights).

We sign data processing agreements with processors, require confidentiality, and audit/monitor compliance where appropriate. We do not sell your personal data.

7. Cookies, pixels and similar technologies

We use strictly necessary cookies for Site functionality (e.g., cart, checkout, security). All non-essential cookies (analytics, performance, personalization, advertising/retargeting, and affiliate tracking) are used only with your prior consent. On your first visit we display a consent banner where you can accept or manage categories. You can change your choices at any time via Cookie Settings on the Site.

Examples of how we use cookies:

  • remember your cart and sign in;
  • save language/currency;
  • measure Site usage and conversions;
  • prevent fraud;
  • attribute sales to affiliates (e.g., 30 day referral window, if consented).

Retention: cookie/storage lifetimes vary by purpose and provider (from session to 24 months). Details are provided in our Cookie Settings panel.

8. International data transfers

We are headquartered in Singapore and use service providers in and outside the EEA. Where data is transferred to countries without an adequacy decision, we rely on EU Standard Contractual Clauses (SCCs) and implement supplementary measures. Where providers in the United States participate in the EU–US Data Privacy Framework (DPF), we may rely on that adequacy decision. Copies of the SCCs (minus confidential details) can be requested.

9. Retention

We keep personal data only as long as necessary for the purposes collected, including to meet legal, accounting and reporting requirements. Typical periods:

  • Account data: while your account remains active and for up to 36 months of inactivity (or earlier on request, unless legal retention applies).
  • Order and transaction records: up to 10 years to comply with tax/commercial laws.
  • Customer support records: up to 36 months after resolution.
  • Marketing consents and preferences: until you withdraw consent or object, plus limited logs demonstrating compliance.
  • Cookie/analytics data: per the lifetimes shown in Cookie Settings, or earlier if you withdraw consent.

10. Your rights (EEA/CH/UK)

Subject to conditions and exemptions under applicable law, you have the right to: access, rectify, erase, restrict, object (including to direct marketing), and port your data. Where processing is based on consent, you may withdraw it at any time with effect for the future (e.g., via Cookie Settings or by using unsubscribe links). You also have the right to lodge a complaint with your local supervisory authority.

To exercise your rights, contact us at [email protected] or the EU Representative above. We may need to verify your identity. We respond within one month (extendable by two months for complex requests).

11. Automated decision making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. If we ever introduce such processing, we will provide specific notice and your rights under GDPR Articles 21–22.

12. Children’s privacy

Our Site and products are intended for adults. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, please contact us to delete it. Where the age of digital consent is set lower by a Member State (not below 13), we will follow local law and obtain verifiable parental consent where applicable.

13. Security

We apply administrative, technical and physical safeguards appropriate to the risk, including encryption in transit, access controls, and regular monitoring. However, no internet transmission is 100% secure.

14. Changes

We may update this Policy from time to time. If changes materially affect your rights, we will provide a prominent notice (e.g., banner or email). The “Effective date” above shows when this Policy last changed.

15. Contact

Controller: AVALEX PTE. LTD., 114 Lavender Street, #08-58/59, CT Hub 2, Singapore 338729.

EU Representative: IDEO GROUP SPOLKA Z O. O., Al. Solidarnosci 117 lok. 207, 00-140 Warszawa, POLSKA

Email: [email protected]