Kheflaxxauvakau.world

Privacy Policy

Last updated:

1. Data Controller

Kheflaxxauvakau.world ("we", "us", "our") operates the website kheflaxxauvakau.ddd. For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection laws, we are the data controller responsible for your personal data.

We take your privacy seriously and are committed to protecting your personal information in accordance with the highest standards of data protection. Our practices align with the GDPR, the New Zealand Privacy Act 2020, and other applicable international frameworks.

Contact details:

Kheflaxxauvakau.world
Tenancy T10a, Albany Mega Centre
140 Don McKinnon Drive
0632, New Zealand
New Zealand
Email: admin@kheflaxxauvakau.world

2. What Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, title
  • Contact data: email address, telephone number, postal address
  • Technical data: IP address, browser type and version, time zone, operating system, device information
  • Usage data: information about how you use our website, including pages visited, time spent, and navigation paths (when analytics cookies are accepted)
  • Communications: messages you send via our contact or order forms, correspondence records
  • Transaction data: details of products you have ordered, payment information (processed securely by our payment providers)

We do not collect special categories of personal data (such as health, race, or political opinions) unless you have explicitly provided such information and we have a lawful basis to process it.

3. Legal Basis and Purposes

We process your personal data on the following legal bases under GDPR Article 6:

  • Contract performance: to process and fulfil your orders, respond to enquiries, provide customer support, and manage our business relationship with you
  • Consent: where you have given explicit consent for specific processing activities, such as marketing communications, analytics cookies, or non-essential cookies
  • Legitimate interests: to improve our services, ensure website security, prevent fraud, conduct internal analytics, and protect our legal rights, provided such interests are not overridden by your rights
  • Legal obligation: to comply with applicable laws, regulations, court orders, or governmental requests, including tax and accounting requirements

We will only use your data for the purposes for which it was collected unless we reasonably consider that we need to use it for another compatible purpose and have informed you accordingly.

4. Data Retention

We retain your data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements:

  • Order and contact data: up to 6 years after the last transaction (for legal, accounting, and warranty purposes)
  • Marketing preferences and consent records: until you withdraw consent or object, plus a short period for processing
  • Analytics data: up to 26 months when analytics cookies are accepted
  • Technical and server log data: up to 12 months for security and troubleshooting
  • Cookie consent preferences: until you change them or clear your browser data
  • Correspondence: up to 6 years from the date of last communication

After the retention period expires, we will securely delete or anonymise your personal data so that it can no longer be associated with you.

5. Your Rights Under GDPR

If you are in the European Economic Area, the United Kingdom, or another jurisdiction that recognises similar rights, you may have the following rights:

  • Right of access: request a copy of your personal data (Article 15)
  • Right to rectification: request correction of inaccurate or incomplete data (Article 16)
  • Right to erasure: request deletion of your data in certain circumstances, known as the "right to be forgotten" (Article 17)
  • Right to restriction: request limitation of processing in specific situations (Article 18)
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (Article 20)
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes (Article 21)
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal
  • Right to lodge a complaint: lodge a complaint with your local supervisory authority (e.g. the Information Commissioner's Office in the UK, or your national data protection authority)

To exercise any of these rights, contact us at admin@kheflaxxauvakau.world. We will respond within one month of receiving your request. We may need to verify your identity before processing certain requests. There is no fee for exercising your rights unless the request is manifestly unfounded or excessive.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS) and at rest where appropriate
  • Access controls and authentication mechanisms limiting who can access personal data
  • Secure storage systems with regular backups
  • Staff training on data protection and confidentiality
  • Procedures for assessing and responding to data breaches

We do not sell your personal data to third parties. While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

7. Data Sharing

We may share your data with the following categories of recipients:

  • Service providers: hosting providers, payment processors, shipping and logistics partners, email service providers, and analytics providers who process data on our behalf under strict contractual obligations (data processing agreements)
  • Professional advisers: lawyers, auditors, and insurers where necessary for the provision of their services
  • Regulatory and law enforcement bodies: when required by law, court order, or to protect our legal rights

We require all processors to comply with applicable data protection laws and to use your data only for the purposes we specify. We do not permit them to use your data for their own purposes.

8. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area or your country of residence. Where we make such transfers, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognising that the destination country provides adequate data protection
  • Other mechanisms permitted under applicable law

You may request further information about the safeguards we use for international transfers by contacting us.

9. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the services we offer. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and, where appropriate, sending you an email or displaying a notice on our website. We encourage you to review this policy periodically.

11. Contact

For privacy-related enquiries, to exercise your rights, or to report a concern:

Email: admin@kheflaxxauvakau.world
Address: Tenancy T10a, Albany Mega Centre, 140 Don McKinnon Drive, 0632, New Zealand

We aim to respond to all requests within one month.