Privacy Policy

1. Data controller and contact details

The data controller responsible for your personal data in connection with this website is:

Xarlenoxvit
97 George St, The Rocks NSW 2000, Australia

Email: support@xarlenoxvit.world
Phone: +61 2 9247 2625

If you have questions about this Privacy Policy or your personal data, please contact us using the details above.

2. Scope and applicability

This Privacy Policy applies to the website https://xarlenoxvit.world and to all personal data that we collect, use, store or otherwise process when you use our website, place orders, contact us or interact with our services. It describes the types of data we collect, the purposes and legal bases for processing, how long we keep data, your rights under applicable law (including the General Data Protection Regulation (GDPR) where applicable, and the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)), and how we protect your information.

We are based in Australia and serve customers in Australia and may serve customers in the European Economic Area (EEA) and other regions. Where we process personal data of individuals in the EEA, we do so in accordance with the GDPR. Where we process personal data of individuals in Australia, we comply with the Privacy Act 1988 (Cth) and the APPs.

3. Personal data we collect

We may collect the following categories of personal data:

3.1 Data you provide to us

• Identity and contact data: name, email address, postal address, telephone number when you place an order, complete a contact form, subscribe to communications or otherwise get in touch with us.
• Transaction and order data: order details, delivery address, payment-related information (we do not store full card numbers; payment processing may be handled by third-party payment providers).
• Communications: content of messages, enquiries and correspondence you send to us.
• Preferences and consent: your choices regarding marketing, cookies and other preferences, and records of your consent where required by law.

3.2 Data collected automatically

• Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, date and time of access, and similar technical data collected via cookies and similar technologies (see our Cookie Policy).

3.3 Data from third parties

We may receive limited data from payment providers, delivery partners or analytics providers to fulfil orders and improve our services, in accordance with their privacy policies and our agreements with them.

4. Purposes and legal bases for processing

We process your personal data for the following purposes and on the following legal bases (where the GDPR applies, we rely on the bases below; under Australian law we process in accordance with the APPs and for the stated purposes):

• Performance of a contract: to process and deliver your orders, manage your account, handle returns and refunds, and communicate with you about your orders. Legal basis: contract performance.
• Legitimate interests: to operate and improve our website, prevent fraud, ensure security, analyse usage and effectiveness of our services, and defend our legal rights. Legal basis: legitimate interests (and we have balanced these against your rights).
• Legal obligation: to comply with tax, accounting, consumer and other laws (e.g. retaining transaction records). Legal basis: legal obligation.
• Consent: where we use non-essential cookies, send marketing communications or process sensitive data and no other basis applies, we rely on your consent. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, unless a longer retention period is required or permitted by law.

• Order and transaction data: typically 7 years from the end of the financial year in which the transaction occurred, for tax and legal compliance.
• Contact and enquiry data: for the duration of the enquiry and a reasonable period thereafter (e.g. 3 years) unless you ask us to delete it sooner.
• Marketing and consent records: until you withdraw consent or object, plus a short period to record your choice (e.g. 3 years).
• Technical and cookie data: as set out in our Cookie Policy (e.g. from session length up to 24 months depending on cookie type).
• Backups and logs: for a limited period necessary for security and recovery (e.g. up to 12 months where applicable).

After the retention period, we securely delete or anonymise your data so it can no longer identify you.

6. Sharing and disclosure of personal data

We may share your personal data with:

• Service providers: hosting, payment processing, delivery and logistics, email delivery, analytics and support services, under contracts that require them to protect your data and use it only for the purposes we specify.
• Professional advisers: lawyers, accountants or auditors where necessary for legal, regulatory or compliance purposes.
• Authorities: courts, regulators or law enforcement when required by law or to protect our rights and safety.

We do not sell your personal data. If we transfer data to countries outside Australia or outside the EEA, we ensure appropriate safeguards (e.g. standard contractual clauses, adequacy decisions) are in place where required by law.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction, including:

• Use of HTTPS and encryption for data in transit.
• Access controls and authentication so that only authorised personnel can access personal data.
• Secure storage and handling of data, with regular review of our security practices.
• Training for staff who handle personal data.
• Incident response procedures to detect, report and address data breaches in accordance with applicable law.

While we strive to protect your data, no method of transmission or storage over the internet is completely secure; we cannot guarantee absolute security.

8. Your rights

Depending on your location, you may have the following rights:

• Access: to obtain confirmation as to whether we process your personal data and, where that is the case, access to that data and certain information about the processing.
• Rectification: to have inaccurate or incomplete personal data corrected.
• Erasure: to request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary, where you withdraw consent, or where you object and there are no overriding legitimate grounds).
• Restriction: to request that we restrict processing in certain situations (e.g. while we verify accuracy or while a dispute is resolved).
• Data portability: where processing is based on contract or consent and carried out by automated means, to receive your data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller.
• Objection: to object to processing based on legitimate interests, including profiling, and to object to processing for direct marketing at any time.
• Withdraw consent: where we rely on consent, to withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Complaint: to lodge a complaint with a supervisory authority (e.g. in the EEA, your country’s data protection authority; in Australia, the Office of the Australian Information Commissioner (OAIC)).

To exercise any of these rights, please contact us at support@xarlenoxvit.world. We will respond within the time limits required by applicable law (e.g. one month under the GDPR, or as required under the Privacy Act). We may need to verify your identity before processing your request.

9. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. You can manage your preferences via the cookie banner and cookie settings on our website.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the website. The “Last updated” date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent or notify you of significant changes before they take effect.

11. Contact

For any questions about this Privacy Policy or our handling of your personal data, please contact us:

Xarlenoxvit
97 George St, The Rocks NSW 2000, Australia
Email: support@xarlenoxvit.world
Phone: +61 2 9247 2625