Privacy Policy
This document explains what personal data we process when you visit ghexoranvorlumen.world, use our contact channels, or purchase nutrition education services. It is written to support transparency under the GDPR, the UK GDPR, the Swiss FADP where applicable, and the Dutch AVG for visitors in the Netherlands.
Summary in plain language. We collect only what we need to reply to you, deliver sessions you book, keep legally required records, and run a secure website. You can ask for access, correction, deletion, restriction, portability, or objection where the law allows, and you may complain to a supervisory authority.
1. Who is responsible
The data controller is Ghexoranvorlumen, located at 129 Riccarton Rd, Riccarton, Christchurch 8041, New Zealand. For privacy requests you may email ask@ghexoranvorlumen.world or write to the postal address above. We may ask for reasonable identity verification before disclosing or changing records.
2. Scope of this policy
This policy applies to processing carried out through this website, email correspondence initiated via our published addresses, and contractual services we provide directly. It does not govern independent platforms that may link to us; their policies apply separately once you leave our site.
3. Categories of personal data
| Category | Examples | Typical context |
|---|---|---|
| Identity and contact | Name, email, phone if you provide it | Contact form, email, scheduling |
| Message content | Free-text inquiries, preferences you describe | Pre-sales questions, session preparation |
| Contract and billing | Invoice details, payment references | Paid packages only |
| Technical | IP address, user agent, timestamps | Server logs, security monitoring |
| Consent records | Cookie choices stored locally | Browser localStorage |
4. Sources of data
Most data comes directly from you. We may receive payment confirmations from payment service providers and minimal technical data from hosting infrastructure. We do not buy marketing lists or scrape personal profiles from social networks for this website.
5. Purposes and legal bases
We process data only for specific purposes and rely on legal bases recognised in the GDPR and aligned frameworks:
- Contract (Art. 6(1)(b)): preparing and delivering nutrition education sessions, sending related materials, and managing bookings you request.
- Legitimate interests (Art. 6(1)(f)): securing the website, detecting abuse, improving navigation structure, and measuring aggregate content performance where not overridden by your rights.
- Legal obligation (Art. 6(1)(c)): tax, accounting, and responding to lawful requests from regulators or courts.
- Consent (Art. 6(1)(a)): non-essential cookies and optional marketing communications when you actively opt in.
6. Retention
| Data type | Retention guideline |
|---|---|
| General inquiries | Up to twenty-four months after the last message unless a claim or dispute requires longer storage. |
| Client files and invoices | Up to seven years where tax law requires; shorter if a specific statute mandates less. |
| Server logs | Typically ninety days unless extended for a documented security investigation. |
| Cookie preferences on device | Until you clear site storage or we migrate to a new storage key with notice. |
7. Recipients and processors
We use trusted service providers for hosting, email delivery, calendar tooling, and payment collection. They process data under written instructions and, where required, data processing agreements. We do not sell personal data and we do not authorise processors to use your data for their own marketing.
8. International transfers
Our primary operations are in New Zealand. If personal data is transferred to countries without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses, supplementary technical measures, and transfer impact assessments where required by EU or UK law.
9. Security measures
We apply HTTPS encryption in transit, role-based access to business systems, vendor security review for material processors, and confidentiality expectations for anyone handling client information. No online system is perfectly secure; if we become aware of an incident that affects your rights, we will notify regulators and, where required, affected individuals without undue delay.
10. Your rights
Subject to applicable law, you may request access, rectification, erasure, restriction of processing, objection to certain processing, and data portability. You may withdraw consent for processing that relies on consent without affecting earlier lawful processing. You may also lodge a complaint with a supervisory authority. In the Netherlands, the Autoriteit Persoonsgegevens supervises AVG compliance; other EU Member States maintain equivalent bodies.
11. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects within the meaning of the GDPR.
12. Children
Our services are directed at adults. If you believe we have collected information from a minor without appropriate authority, contact us and we will delete it promptly where verification supports the request.
13. Third-party websites
Links to external resources are provided for convenience. We are not responsible for their privacy practices; please read their policies before submitting personal data.
14. Changes
We update this policy when our processing activities or legal requirements change. The hero section displays today’s date dynamically for quick orientation; substantive edits are also reflected in version notes we can provide on request.
15. Contact
Ghexoranvorlumen, 129 Riccarton Rd, Riccarton, Christchurch 8041, New Zealand. Phone +64 3 341 7400. Email ask@ghexoranvorlumen.world.