EU / EEA Data Protection Notice

GDPR Notice

This page summarizes key GDPR information for XyroMax. For full details, see our Privacy Policy.

Effective date: 2026-02-11 • Last updated: 2026-02-11

1) Controller

The controller determines the purposes and means of processing.

  • Brand: XyroMax
  • Website: https://xyromax.top/
  • Legal entity: XyroMax
  • Address: 8-1-4 Meguro, Meguro-ku, Tokyo 153-0063, Japan
  • Email: [email protected]
  • Business ID / Tax ID: 8234567890123

2) Data we process

  • Contact data (name, email, optional phone) you submit via forms or email.
  • Message content (subject, message body, attachments if you send them).
  • Technical data (IP address, device/browser info, timestamps, basic logs).
  • Cookie preferences and limited performance data (if enabled in cookie settings).

3) Purposes

  • Responding to requests and providing information about our educational services.
  • Scheduling sessions and delivering Services you requested.
  • Security, fraud prevention, and website reliability.
  • Improving website performance and usability (where permitted).
  • Legal compliance and dispute handling.

4) Lawful bases (GDPR Art. 6)

  • Consent (Art. 6(1)(a)) — optional cookies and certain communications.
  • Contract (Art. 6(1)(b)) — steps prior to contract and service delivery.
  • Legitimate interests (Art. 6(1)(f)) — security, basic operations, limited analytics where allowed.
  • Legal obligation (Art. 6(1)(c)) — recordkeeping and compliance.

5) Recipients & processors

We may use service providers (processors) for hosting, email delivery, and security. We share only what is necessary.

Service providers include hosting, email delivery, and security vendors necessary for website operation. We share only the minimum data required for those services.

6) International transfers

If data is transferred outside the EEA/UK, we use appropriate safeguards where required (e.g., standard contractual clauses), and limit transfers to what is necessary to provide the website and Services.

7) Retention

  • Inquiries: retained as long as needed to respond and follow up, then archived for recordkeeping.
  • Service communications: retained for the engagement period and a reasonable period thereafter.
  • Security logs: retained for a limited period to investigate incidents.
Retention is limited to what is necessary: inquiries and messages are retained for a reasonable period to respond and for recordkeeping (typically up to 3 years), security logs for a shorter period unless needed for investigations.

8) Your rights (GDPR)

  • Access, rectification, erasure
  • Restriction, objection (including to processing based on legitimate interests)
  • Data portability (where applicable)
  • Withdraw consent at any time (for consent-based processing)

9) Complaints

You may lodge a complaint with your local supervisory authority in the EU/EEA (or the UK ICO, if applicable).

10) Cookies

Cookie preferences are managed via our cookie controls. We avoid Google scripts (fonts/maps/analytics).

For opt-out instructions, see Opt-out.

11) Contact for GDPR requests

Shortcuts
Privacy Policy Terms Opt-out Contact

This GDPR notice is a summary. Keep it consistent with your Privacy Policy and your actual data flows.