Xogvalenvivtorex

Privacy Policy

Last updated:

1. Data Controller Information

This privacy policy applies to the website xogvalenvivtorex.world operated by:

Xogvalenvivtorex
25 Chirnside St, Winton QLD 4735, Australia
Email: relations@xogvalenvivtorex.world

For the purposes of the Privacy Act 1988 (Cth), we act as the APP entity (organisation) responsible for personal information collected through this website, unless we disclose otherwise in connection with a specific product or service.

We are committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act 1988 (Cth), the Notifiable Data Breaches scheme under Part IIIC of that Act (where applicable), and, where relevant, the Spam Act 2003 (Cth) for commercial electronic messages. We also comply with the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, as implemented in Sweden (including the Swedish Data Protection Act, dataskyddslagen) and other applicable laws for individuals to whom those laws apply.

If you are in Sweden or the European Economic Area (EEA), the GDPR grants you the rights described in this policy. Processing of personal data in Sweden is supervised by the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

2. Australian Privacy Principles (Summary)

This section summarises how we align with the APPs. It does not replace the full text of the Privacy Act 1988 (Cth).

  • Open and transparent management (APP 1): We describe our practices in this policy and related documents (including our Cookie Policy).
  • Anonymity and pseudonymity (APP 2): Where lawful and practicable, you may interact with us without identifying yourself; ordering and support may require identification.
  • Collection of solicited personal information (APP 3): We collect personal information only by lawful and fair means and where reasonably necessary for our functions.
  • Dealing with unsolicited information (APP 4): If we receive personal information we did not solicit, we will destroy or de-identify it where we are not entitled to retain it.
  • Notification of collection (APP 5): We inform you of the matters required by APP 5 through this policy, at collection points, and in our Cookie Policy where cookies collect personal information.
  • Use or disclosure (APP 6): We use or disclose personal information only for the primary purpose of collection, a related secondary purpose you would reasonably expect, with your consent, or as required or authorised by law.
  • Direct marketing (APP 7): We use personal information for direct marketing only where permitted by law, including the Spam Act 2003 (Cth) and APP 7. You may opt out of marketing communications at any time using the unsubscribe mechanism or by contacting us.
  • Cross-border disclosure (APP 8): If we disclose personal information to overseas recipients (for example, hosting or payment providers), we take reasonable steps to ensure overseas recipients comply with the APPs or comparable protections, except where an exception under APP 8 applies.
  • Adoption, use, or disclosure of government identifiers (APP 9): We do not adopt government-related identifiers (such as Medicare numbers) as our own reference numbers.
  • Quality of personal information (APP 10): We take reasonable steps to ensure personal information we hold is accurate, up to date, and complete.
  • Security of personal information (APP 11): We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
  • Access to personal information (APP 12): You may request access to the personal information we hold about you, subject to exceptions permitted by law.
  • Correction of personal information (APP 13): You may request correction of personal information we hold about you if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

If we qualify as a small business under the Privacy Act and an exemption applied, we would still aim to meet these standards voluntarily; if an exemption ceases to apply, we will comply with the APPs as required.

3. Information We Collect

We collect and process the following categories of personal data:

Information you provide directly:

  • Full name
  • Email address
  • Phone number (optional)
  • Messages or inquiries you submit
  • Consent records

Information collected automatically:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • Cookie data (see our Cookie Policy)

4. Purposes of Data Processing

We process your personal data for the following purposes:

  • Order processing: To process and fulfill your orders, communicate about order status, and provide customer support.
  • Communication: To respond to your inquiries and provide information you request.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.
  • Website improvement: To analyze usage patterns and improve our website functionality (with your consent for non-essential analytics).
  • Marketing: To send promotional communications (only with your explicit consent).

5. Legal Basis for Processing

Australia (Privacy Act 1988): We collect, hold, use, and disclose personal information only in accordance with the APPs, including where you have consented, where the purpose is reasonably necessary for our functions and activities and related secondary purposes you would reasonably expect, and where the Act otherwise permits use or disclosure.

European Economic Area / GDPR: Where the GDPR applies, we process your personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent for specific processing activities.
  • Contract: Where processing is necessary to fulfill a contract with you or take pre-contractual steps at your request.
  • Legal obligation: Where processing is necessary to comply with legal requirements.
  • Legitimate interests: Where processing is necessary for our legitimate business interests, provided these do not override your fundamental rights.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order information: Retained for 7 years to comply with tax and accounting requirements.
  • Communication records: Retained for 3 years from the last interaction.
  • Consent records: Retained for 5 years from the date consent was given or withdrawn.
  • Analytics data: Aggregated and anonymized within 26 months.

After these periods, data is securely deleted or anonymized.

7. Your Rights

Australia: Under the APPs you may request access to the personal information we hold about you and request correction of that information. We will respond within a reasonable period (typically within 30 days). If we refuse access or correction, we will provide reasons as required by the Privacy Act and inform you of available complaint pathways.

European Economic Area / GDPR: Where the GDPR applies, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data we hold.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data under certain circumstances.
  • Right to restrict processing: Request limitation of how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Withdraw previously given consent at any time.

To exercise any of these rights, please contact us at relations@xogvalenvivtorex.world. For GDPR requests, we will respond within the timeframes required by applicable law (generally within one month, subject to extension where permitted).

8. Data Security and Data Breaches

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for all data transmission
  • Secure server infrastructure with regular security updates
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and monitoring
  • Employee training on data protection practices

Notifiable Data Breaches (Australia): Where we are required to comply with the Notifiable Data Breaches scheme and an eligible data breach occurs in relation to personal information we hold, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with Part IIIC of the Privacy Act 1988 (Cth).

9. Data Sharing and Transfers

We may share your personal data with:

  • Service providers: Third parties who assist in website operation, payment processing, and order fulfillment, bound by data processing agreements.
  • Legal authorities: When required by law or to protect our legal rights.

We do not sell your personal data to third parties. When transferring data outside the EEA/Australia, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

10. Cookies

We use cookies and similar technologies on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

11. Children's Privacy

Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy regularly.

13. Complaints

If you have concerns about how we handle your personal information, please contact us first so we can try to resolve the matter.

Australia: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Information about how to lodge a privacy complaint is available at oaic.gov.au/privacy/privacy-complaints. The OAIC’s general website is oaic.gov.au.

Sweden / EU: You may also lodge a complaint with a supervisory authority:

  • Sweden: Integritetsskyddsmyndigheten (IMY) — imy.se
  • Other EU/EEA countries: Your local data protection authority (list: EDPB members)

You are not required to pay a fee to exercise your rights under the APPs or GDPR. If GDPR requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request where permitted by law.

14. Contact Us

For any questions about this privacy policy or your personal data, please contact us:

Xogvalenvivtorex
25 Chirnside St, Winton QLD 4735, Australia
Email: relations@xogvalenvivtorex.world