Privacy Policy

Last updated:

1. Introduction

Whrexxondlox ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website whrexxondlox.world and use our services.

This policy complies with the New Zealand Privacy Act 2020 and, where applicable, other data protection laws (including the GDPR if you are in the European Economic Area). By using our website, you consent to the practices described in this policy.

2. New Zealand Privacy Act 2020

We handle personal information in line with the Information Privacy Principles (IPPs) in the Privacy Act 2020. In summary, we collect personal information only for lawful purposes connected to our business; we store and use it securely and fairly; we take reasonable steps to ensure information is accurate and not retained longer than needed; and we allow you to access and correct your personal information subject to the Act.

If we become aware of a notifiable privacy breach that is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as required by the Privacy Act 2020.

3. Data Controller / Agency Information

The data controller responsible for your personal data is:

Whrexxondlox

102 Commercial Street, Tākaka 7110, New Zealand

Email: online@whrexxondlox.world

4. Personal Data We Collect

We collect the following categories of personal data:

4.1 Information You Provide

  • Contact Information: Name, email address, phone number (optional)
  • Order Information: Delivery address, payment details, order history
  • Communication Data: Messages, inquiries, and feedback you send us
  • Consent Records: Records of your consent to our policies

4.2 Automatically Collected Information

  • Technical Data: IP address, browser type, operating system, device information
  • Usage Data: Pages visited, time spent on pages, click patterns
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

5. Purposes of Data Processing

We process your personal data for the following purposes:

  • Order Fulfillment: To process and deliver your orders
  • Customer Service: To respond to your inquiries and provide support
  • Legal Compliance: To comply with applicable laws and regulations
  • Website Improvement: To analyze usage patterns and improve our services
  • Marketing: To send promotional communications (with your consent)
  • Security: To protect against fraud and unauthorized access

6. Legal Basis for Processing

For customers and visitors in New Zealand, we collect and use personal information where permitted by the Privacy Act 2020—for example, where you have authorised us, where it is necessary for a lawful purpose connected to our business (such as fulfilling an order or responding to a request), or where required or permitted by law.

Where the GDPR applies, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill your orders
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legal Obligation: Processing required by law
  • Legitimate Interests: Processing necessary for our legitimate business interests, balanced against your rights

7. Marketing and Electronic Messages

We only send commercial electronic messages (such as promotional emails) where we have your consent or another lawful basis under the Unsolicited Electronic Messages Act 2007 (New Zealand). Every marketing message will include a clear way to unsubscribe or opt out.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order Data: 7 years (for tax and legal compliance)
  • Customer Communications: 3 years from last contact
  • Marketing Consent Records: Duration of consent plus 2 years
  • Website Analytics: 26 months

After these periods, data is securely deleted or anonymized.

9. Your Rights (New Zealand and GDPR)

New Zealand: Under the Privacy Act 2020, you may request access to personal information we hold about you and ask us to correct it if it is wrong. You may also complain to the Privacy Commissioner if you believe we have breached the Act. We will respond to access and correction requests as soon as reasonably practicable, and within 20 working days unless we extend that time in line with the Act.

GDPR (where applicable): You may have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at online@whrexxondlox.world. For GDPR requests, we will generally respond within 30 days where that law applies.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for data transmission
  • Secure servers with access controls
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

11. Data Sharing and Third Parties

We may share your personal data with:

  • Service Providers: Payment processors, shipping companies, hosting providers
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In connection with mergers or acquisitions

We require all third parties to respect your data security and process data lawfully.

12. International Data Transfers

Your data may be transferred to countries outside New Zealand or the European Economic Area. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules for group transfers

13. Children's Privacy

Our website is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. We encourage you to review this policy regularly.

15. Complaints

If you believe your privacy rights have been interfered with, you may complain to the Office of the Privacy Commissioner (New Zealand) at privacy.org.nz. If the GDPR applies to you, you may also contact your local data protection authority.

We encourage you to contact us first so we can address your concerns.

16. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

Whrexxondlox

102 Commercial Street, Tākaka 7110, New Zealand

Email: online@whrexxondlox.world