Xlozarinwhraxell.world

Legal

Privacy Policy

Applies to visitors and customers of xlozarinwhraxell.world

Introduction and scope

This Privacy Policy explains how the operator of xlozarinwhraxell.world (brand: Balora) collects, uses, stores, and shares personal data when you browse the website, submit forms, create an account if offered, communicate by email, or interact with optional analytics or marketing technologies where you have provided consent.

The policy is designed to meet transparency expectations under the New Zealand Privacy Act 2020 and, where relevant, the EU General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA) or United Kingdom, without limiting other rights you may have under local law.

Controller: Balora / xlozarinwhraxell.world, 29 Park Road, Grafton, Auckland 1023, New Zealand. Email: talk@xlozarinwhraxell.world.

Categories of personal data

Depending on how you interact with us, we may process the following categories of data:

  • Identity and contact data: name, email address, phone number if you provide it, and similar identifiers.
  • Transaction and inquiry data: messages you send through forms, order or quote requests, delivery preferences, and correspondence records.
  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, approximate location derived from IP, timestamps, and pages viewed.
  • Cookie and similar technology data: as described in our Cookie Policy, including consent records and preference storage.
  • Marketing and communications data: your preferences for receiving information, unsubscribe events, and engagement metrics where permitted.

We do not intentionally collect special categories of personal data (such as health information) through this website. If you voluntarily include sensitive information in a message, we will only use it to respond to your inquiry unless a separate lawful basis applies.

Purposes and legal bases

We process personal data for specific purposes and, under the GDPR where applicable, rely on one or more of the following legal bases:

  • Website operation and security: ensuring the site functions, preventing abuse, enforcing rate limits, and protecting infrastructure (legitimate interests and, where strictly necessary, legal obligations).
  • Responding to inquiries and fulfilling requests: processing orders or pre-contractual steps, answering questions, and managing the customer relationship (contract, pre-contract, or legitimate interests).
  • Analytics and product improvement: understanding aggregate usage patterns when you enable analytics cookies (consent).
  • Marketing: measuring campaigns and delivering relevant messages when you enable marketing cookies or separately opt in where required (consent).
  • Compliance and defence: meeting accounting, tax, or regulatory requirements, and establishing or defending legal claims (legal obligation or legitimate interests).

Retention

We retain personal data only as long as necessary for the purposes described, including a reasonable buffer for disputes and statutory requirements. Indicative periods include:

General inquiries Up to twenty-four months after the last message unless a longer period is needed for legal claims.
Transaction records As required for tax, accounting, and consumer law, often seven years depending on jurisdiction.
Server and security logs Short rolling windows aligned with security monitoring, typically days to a few months.
Cookie consent records Stored to demonstrate consent choices for a period consistent with regulatory guidance.

When data is no longer needed, we delete or anonymise it where feasible.

Sharing and international transfers

We may share data with service providers that host the website, send email, process payments if applicable, or provide analytics and marketing tools that you approve through cookie settings. These providers act under contractual terms that require appropriate security and processing instructions.

Some providers may process data in countries outside New Zealand or the EEA. Where the GDPR applies, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms when transferring personal data to countries not subject to an adequacy decision.

Security measures

We implement administrative, technical, and organisational measures proportionate to the risk, including access controls, encryption in transit where supported, patching, logging, and vendor review. No online transmission or storage is completely secure; we encourage you to use strong passwords where accounts exist and to avoid sending unnecessary sensitive information by email.

Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict processing, object to certain processing, data portability, and withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority in the EU or with the Office of the Privacy Commissioner in New Zealand.

To exercise rights, contact talk@xlozarinwhraxell.world. We may need to verify your identity before fulfilling requests. We respond within applicable statutory timeframes.

Children

The website is not directed at children under sixteen. We do not knowingly collect personal data from children without appropriate parental authority. If you believe we have received such data, contact us so we can delete it.

Updates to this policy

We may revise this Privacy Policy to reflect legal, technical, or business changes. The reference date at the top reflects the latest substantive review. Material changes may be highlighted on the website or communicated where appropriate.