Privacy Policy

Last updated:

1. Introduction

Welcome to Ghimnaxxphik ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ghimnaxxphik.world and purchase our products.

This policy is designed to comply with the New Zealand Privacy Act 2020 (including the Information Privacy Principles), the EU General Data Protection Regulation (GDPR) where it applies to individuals in the European Economic Area, and other applicable data protection laws.

If you are in New Zealand, the Privacy Act 2020 is your primary framework for how we handle your personal information. Nothing in this policy limits your rights under that Act.

2. Data Controller Information

The data controller responsible for your personal data is:

  • Company Name: Ghimnaxxphik
  • Address: 26 Pitfure Road, Wakefield 7025, New Zealand
  • Email: customer@ghimnaxxphik.world
  • Country: New Zealand

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide

  • Identity Data: Full name
  • Contact Data: Email address, phone number (optional), delivery address
  • Transaction Data: Details about payments and purchases
  • Communication Data: Messages, inquiries, and correspondence

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system
  • Usage Data: Information about how you use our website, products, and services
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract Performance: Processing necessary to fulfill our contractual obligations when you make a purchase
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and fraud prevention
  • Consent: Where you have given clear consent for us to process your data for specific purposes, such as marketing communications
  • Legal Obligation: Processing necessary to comply with legal requirements

Under the Privacy Act 2020, we collect and use personal information only for lawful purposes connected with our business, and we must generally collect information directly from you unless an exception applies. We aim to meet the Information Privacy Principles (for example: limiting collection to what is necessary, keeping information accurate, using it fairly, storing it securely, and allowing you to access and correct it).

4a. New Zealand Privacy Act 2020 — Key Points

The Privacy Act 2020 sets out rules for agencies that hold personal information. In summary, we:

  • Collect personal information only for lawful purposes related to our functions or activities
  • Take reasonable steps to ensure personal information is accurate, up to date, complete, relevant, and not misleading
  • Retain personal information only as long as reasonably required for the purposes for which it may lawfully be used
  • Protect personal information with reasonable safeguards against loss, unauthorised access, and other misuse
  • Give you access to your personal information and allow you to request correction, subject to the Act

If we become aware of a notifiable privacy breach that is likely to cause serious harm to an affected individual, we will notify the Office of the Privacy Commissioner and affected individuals as required by the Privacy Act 2020.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and fulfill your orders
  • To communicate with you about your orders and inquiries
  • To send you order confirmations and shipping updates
  • To improve our website and services
  • To prevent fraud and maintain security
  • To comply with legal obligations
  • To send marketing communications (with your consent, and in line with the Unsolicited Electronic Messages Act 2007 where electronic messages are involved)

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Transaction records: 7 years (for tax and legal compliance)
  • Customer account data: Until account deletion request or 3 years of inactivity
  • Marketing preferences: Until you withdraw consent
  • Technical logs: 12 months

7. Data Sharing and Transfers

We may share your personal data with:

  • Payment processors to complete transactions
  • Shipping and logistics providers to deliver your orders
  • IT service providers who support our website infrastructure
  • Professional advisors including lawyers and accountants
  • Regulatory authorities when required by law

When transferring data outside the European Economic Area or New Zealand, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption for data in transit
  • Secure servers and databases
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and updates
  • Employee training on data protection

9. Your Rights

Under applicable data protection laws, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at customer@ghimnaxxphik.world. We will respond as soon as reasonably practicable and within any timeframe required by applicable law. For GDPR-related requests from the EEA, we typically respond within one month (extendable where permitted).

New Zealand: You may request access to, or correction of, personal information we hold about you by contacting us. We will respond within a reasonable period; if we refuse, we will explain why as required by the Privacy Act 2020.

10. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with:

  • Office of the Privacy Commissioner (New Zealand): www.privacy.org.nz
  • Your local data protection authority if you are located in the EU/EEA

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: customer@ghimnaxxphik.world
  • Address: 26 Pitfure Road, Wakefield 7025, New Zealand