1. Who we are
This Privacy Policy explains how Tlaxyronppshyxin (“we”, “us”, “our”) collects, uses, stores, and discloses personal information when you visit https://tlaxyronppshyxin.world (the “Site”), enquire about or purchase Dynaviva or related services, or otherwise interact with us.
Controller details (data protection contact):
Legal trading name: Tlaxyronppshyxin
Registered postal address: 262 Queen Street, Auckland CBD, Auckland 1010, New Zealand
Email: admin@tlaxyronppshyxin.world
Telephone: +64 9 375 1537
If European Union or United Kingdom data protection law applies to our processing, we act as the controller for the processing described here unless we state otherwise (for example, where we process solely as a processor on behalf of another entity under a written agreement).
If New Zealand’s Privacy Act 2020 applies, we comply with its information privacy principles in respect of personal information as defined in that Act.
2. Scope and relationship to other notices
This Policy should be read together with our Cookie Policy, Terms of Service, and Return Policy. Where a form or checkout flow presents a just-in-time notice (for example, regarding marketing emails), that notice supplements but does not replace this Policy.
Our Site may contain links to third-party websites or payment interfaces. Those services are governed by their own privacy statements. We encourage you to read them before submitting personal data.
3. Definitions
Personal data / personal information means information about an identified or identifiable natural person. Identifiers can include names, email addresses, phone numbers, online identifiers, device data, and order details tied to a person.
Processing means any operation performed on personal data, such as collection, storage, use, disclosure, restriction, erasure, or destruction.
Special categories of data under the EU General Data Protection Regulation (GDPR) include data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used to uniquely identify a person, health data, or data concerning sex life or sexual orientation. We do not intentionally collect special categories through the Site and ask you not to submit them in free-text fields.
4. Personal data we collect
4.1 Data you provide directly
- Identity and contact data: name, email address, telephone number (if you choose to provide it), delivery address when you supply one, and similar contact details.
- Transaction data: products ordered, order references, payment status flags, billing-related correspondence, and messages you send regarding an order.
- Communication content: text you enter in contact or order forms, email messages, and call notes if you phone us (we keep factual notes where needed to handle your request).
- Marketing preferences: opt-in or opt-out choices where applicable.
- Consent records: timestamps and method of consent where we rely on consent (for example, non-essential cookies or certain marketing).
4.2 Data collected automatically
- Technical and usage data: IP address, general location derived from IP (such as city or region), browser type and version, time zone, operating system, pages viewed, referring URLs, and timestamps.
- Cookie and similar technologies data: as described in our Cookie Policy, including strictly necessary cookies and, if you consent, analytics or marketing technologies.
4.3 Data we receive from third parties
- Payment and fraud providers: limited confirmations (for example, authorisation success or failure) rather than full card numbers, which are typically handled directly by the payment service provider.
- Delivery partners: status updates (dispatched, delivered) and, where relevant, recipient contact details you have supplied for shipping.
- IT and hosting vendors: security logs that may contain technical identifiers.
5. Purposes and legal bases for processing
Where GDPR applies, we rely on the following legal bases as appropriate:
- Contract (Article 6(1)(b) GDPR): processing necessary to take steps at your request before a contract, to perform a contract (for example, fulfilling an order), or to manage related customer service.
- Legitimate interests (Article 6(1)(f) GDPR): improving the Site, securing our systems, preventing fraud, analysing aggregated usage, maintaining backups, enforcing our terms, and defending legal claims, where not overridden by your rights.
- Legal obligation (Article 6(1)(c) GDPR): compliance with tax, accounting, consumer, or regulatory requirements.
- Consent (Article 6(1)(a) GDPR): where required for non-essential cookies, certain marketing communications, or other processing we expressly present as optional.
Under the New Zealand Privacy Act, we collect personal information only for lawful purposes connected to our functions, and we believe the information is necessary for those purposes.
5.1 Specific purposes table (summary)
- Operating the Site and forms: to present content, process submissions, and display confirmations.
- Sales and fulfilment: to confirm orders, take payment where applicable, dispatch products, and provide invoices or receipts.
- Customer support: to respond to enquiries, troubleshoot issues, and manage returns or complaints.
- Security and abuse prevention: to monitor logs, block malicious activity, and investigate incidents.
- Analytics (if enabled): to understand aggregate traffic patterns and improve information architecture.
- Marketing (if enabled and permitted): to send promotional messages consistent with your choices and applicable law.
- Compliance and governance: to meet record-keeping duties, respond to lawful requests, and cooperate with regulators within legal limits.
6. Retention periods
We retain personal data only as long as necessary for the purposes described, unless a longer period is required or permitted by law.
- Marketing and consent logs: for the duration of the consent plus a short grace period, or until you withdraw consent, unless we must retain proof of compliance longer.
- Order and accounting records: typically seven years from the end of the financial year in which the transaction occurred, to meet tax and commercial record obligations in New Zealand and other applicable jurisdictions, unless a different period applies to your case.
- Customer service correspondence: generally up to three years after the ticket is closed, unless linked to an active dispute, warranty, or legal hold requiring longer retention.
- Security logs: typically between thirty and one hundred eighty days, depending on system configuration and incident investigation needs.
- Analytics identifiers (if used): according to the retention settings of the relevant tool, which we configure where possible to minimise storage time.
When retention expires, we delete or irreversibly anonymise data where feasible. Backups may persist for a limited technical window before overwriting.
7. Sharing and international transfers
We share personal data with:
- Service providers who assist with hosting, email delivery, payment processing, logistics, analytics (if consented), and IT security, bound by contractual confidentiality and data protection terms.
- Professional advisers such as lawyers or accountants where required for legitimate advisory functions.
- Authorities when disclosure is mandated by applicable law or necessary to protect rights, safety, or property.
Some recipients may be located outside New Zealand or the European Economic Area (EEA). Where GDPR applies and we transfer personal data to countries not subject to an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission (or UK Addendum where relevant), supplemented by technical and organisational measures and transfer impact assessments where required.
8. Security measures
We implement administrative, technical, and physical safeguards appropriate to the risk, including:
- TLS encryption for data in transit when you access the Site over HTTPS;
- access controls and authentication for internal systems;
- logging and monitoring to detect unauthorised activity;
- vendor due diligence for processors that handle personal data;
- staff awareness of confidentiality obligations.
No method of transmission or storage is completely secure. If we become aware of a breach affecting your personal data and the law requires notification, we will provide notices in line with applicable requirements.
9. Your rights
9.1 GDPR rights (where applicable)
Depending on circumstances, you may have the right to:
- Access your personal data and obtain certain information about processing;
- Rectify inaccurate data or complete incomplete data;
- Erase data in specific situations (“right to be forgotten”);
- Restrict processing in specific situations;
- Data portability for data you provided where processing is based on consent or contract and carried out by automated means;
- Object to processing based on legitimate interests or to direct marketing;
- Withdraw consent at any time where processing is consent-based, without affecting the lawfulness of processing before withdrawal;
- Lodge a complaint with a supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.
To exercise these rights, contact us using the details in Section 1. We may need to verify your identity before responding. We will answer without undue delay and within one month, which may be extended by two further months where complex, with an explanation.
9.2 New Zealand Privacy Act rights
Where the Privacy Act 2020 applies, you may request access to personal information we hold about you and ask us to correct it if it is inaccurate. You may also complain to the Office of the Privacy Commissioner (New Zealand) if you believe we have interfered with your privacy.
10. Automated decision-making and profiling
We do not use automated decision-making that produces legal or similarly significant effects solely by automated means with respect to customers in the sense of GDPR Article 22. If we introduce such processing in the future, we will provide a specific notice and, where required, obtain consent or implement alternative lawful measures.
11. Children
Dynaviva is intended for adults. The Site is not directed at children, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take steps to delete it, subject to legal exceptions.
12. Your choices and marketing
Where marketing is optional, we will obtain explicit consent or rely on another valid basis permitted in your jurisdiction. You can opt out of marketing emails using the unsubscribe link or by emailing us. Transactional messages about orders may continue where necessary for performance of a contract.
13. Changes to this Policy
We may update this Policy to reflect operational, legal, or regulatory changes. The “Last updated” date will change accordingly. Material changes may be highlighted on the Site or communicated where appropriate. Continued use after the effective date constitutes notice of updates where permitted by law.
14. Representatives and establishment questions
Our primary establishment is in New Zealand. If Article 27 GDPR requires us to designate a representative in the European Union or United Kingdom because we offer goods to individuals in those regions without a local establishment, we will publish the representative’s name and contact details on this page and file required registrations where applicable. Until such designation is published, you may contact the New Zealand address and email in Section 1 for all data protection enquiries.
15. Personal data breaches
We maintain internal procedures to detect, report, and investigate suspected personal data breaches. Where GDPR applies and a breach is likely to result in risk to individuals, we will notify the competent supervisory authority without undue delay and, when required, notify affected data subjects with clear information about the nature of the breach, likely consequences, and measures taken. Where New Zealand law applies, we will comply with notifiable privacy breach requirements under the Privacy Act 2020.
16. Contact and supervisory authorities
Questions or requests regarding this Policy: admin@tlaxyronppshyxin.world or 262 Queen Street, Auckland CBD, Auckland 1010, New Zealand.
New Zealand: Office of the Privacy Commissioner — https://www.privacy.org.nz/
EU/EEA: You may contact your local data protection authority. A list is available via the European Data Protection Board.
United Kingdom: Information Commissioner’s Office — https://ico.org.uk/