Privacy Policy | Zenory Data Protection & Your Rights

Introduction and controller

Protecting your privacy is part of how we build trust. This Privacy Policy describes what we collect, why we collect it, how long we keep it, who may receive it, and what choices you have. The data controller responsible for processing is Ghorlaxxiavormiu.world, located at 68 Beach Road, Auckland CBD, Auckland 1010, New Zealand. You may contact us at talk@ghorlaxxiavormiu.world for any privacy-related request.

This policy applies to visitors of this website, individuals who submit forms, and customers who purchase or enquire about Zenory products. It is designed to align with the New Zealand Privacy Act 2020 and, where relevant, the EU General Data Protection Regulation. If you live in the European Economic Area, additional rights described below apply to you.

Categories of personal information

We aim to collect only what we need to operate the site, respond to you, and meet legal obligations. Depending on how you interact with us, we may process:

Identity and contact data: name, email address, phone number if you choose to provide it, and delivery details when you place an order.
Transaction data: order references, payment status (payment card numbers are handled by our payment processor, not stored on our servers in full), and correspondence about your purchase.
Technical data: IP address, browser type, device type, operating system, and approximate location derived from IP for fraud prevention.
Usage data: pages viewed, referring URLs, time on page, and interaction events when you consent to analytics cookies.
Communications: messages you send through contact forms or email threads.

We do not intentionally collect sensitive health information through this website. Please do not include medical diagnoses or clinical details in free-text fields unless you are comfortable with us processing that information to assist you.

Purposes and lawful bases

We process personal data for specific purposes. Under GDPR, we rely on one or more of the following legal bases: performance of a contract, legitimate interests, consent, and legal obligation.

Providing the website: loading pages securely, remembering cookie preferences, and preventing abuse.
Customer support and sales: answering questions, processing orders, issuing refunds where applicable, and sending transactional emails.
Improvement and analytics: understanding aggregate usage patterns when you opt in to analytics cookies.
Marketing: only where you have opted in to marketing cookies or explicitly subscribed to a newsletter, if offered.
Compliance: tax, accounting, and responding to lawful requests from regulators or courts.

Where we rely on legitimate interests, we balance our interests against your rights and only process data in ways you would reasonably expect.

Recipients and international transfers

We may share personal data with service providers who assist us with hosting, email delivery, payment processing, analytics, and customer support tools. These providers are contractually required to use data only for the services they perform for us and to implement appropriate security measures.

Some providers may process data in countries outside New Zealand or the EEA. When we transfer personal data internationally, we use safeguards such as standard contractual clauses approved by the European Commission or rely on adequacy decisions where available.

Retention periods

We retain personal data only as long as necessary for the purposes described. Indicative periods include: marketing consents until withdrawn; website logs for security for up to twelve months; order and accounting records for up to seven years where tax law requires; and support tickets for twenty-four months after closure unless a dispute requires longer retention.

Security measures

We use HTTPS encryption for data in transit, access controls for staff accounts, principle of least privilege, and vendor security reviews. No online system is perfectly secure; please use strong passwords and protect your devices.

Your rights

Depending on applicable law, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You may withdraw consent for optional cookies at any time through the cookie banner. EU residents may lodge a complaint with a supervisory authority. To exercise rights, email us at the address above with a description of your request.

Children

This website is not directed at individuals under sixteen, and we do not knowingly collect their personal information.

Changes to this policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. The effective date at the top will change when we publish a new version. Continued use of the site after changes constitutes acceptance unless applicable law requires explicit consent.