Privacy Policy
Effective date: 19 March 2026
Version: 1.0
Controller: Zlozariniushonox (“we”, “us”, “our”)
This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit https://zlozariniushonox.world (the “Site”), purchase or enquire about Balanciax, or otherwise interact with us. We aim to meet the information privacy principles in the Privacy Act 2020 (New Zealand) and, where applicable, the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR as defined in UK law. This document is written in plain language but should be read together with our Cookie Policy, Terms of Service, and Return Policy.
1. Who we are and how to contact us
Legal trading name: Zlozariniushonox
Registered postal address: 6/45 Luckens Road, West Harbour, Auckland 0618, New Zealand
Email (privacy and general enquiries): message@zlozariniushonox.world
Telephone: +64 9 416 1703
We are the data controller for personal data processed in connection with the Site and our retail operations, except where we act strictly as a processor on documented instructions of another entity (for example a payment service provider acting as independent controller for fraud analytics). If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”) and applicable law requires an EU or UK representative, you may initially contact us using the email address above; we will provide any mandated representative details upon request where required by law.
2. Scope and material scope
This Policy applies to personal information we process about consumers, business visitors, and other individuals who interact with us online or offline in relation to Balanciax and related services. It does not apply to anonymous or de-identified data that cannot reasonably be linked back to an identifiable person, except where the law treats pseudonymous data as personal data when combined with additional information.
Our products are food supplements intended for adults. We do not knowingly market to children under 16. If you believe a minor has provided personal data, contact us and we will take steps to delete it where appropriate.
3. Categories of personal information we process
Depending on how you interact with us, we may process the following categories of information:
- Identity and contact data: full name, delivery address, billing address (if different), email address, telephone number, and similar contact identifiers.
- Transaction data: products ordered, order value in NZD, payment status, delivery notes, returns and refund records, correspondence about your order.
- Financial data: limited payment metadata (such as card type or last four digits) when processed by our payment partners; we do not store full payment card numbers on our servers when card payments are handled by a certified provider.
- Communications content: messages you send through forms, email, or telephone, including optional details you choose to share about health or lifestyle where you volunteer that information. We discourage sharing special categories of data unless strictly necessary; if received inadvertently we will delete or minimise retention where feasible.
- Technical and usage data: IP address, approximate location derived from IP, browser type and version, device identifiers, operating system, referring URL, pages viewed, time on page, scroll depth where measured, and similar diagnostics when analytics cookies are enabled with consent.
- Cookie and consent records: timestamped records of cookie preferences stored locally in your browser and, where we log consent server-side, associated identifiers required to demonstrate compliance.
- Marketing preferences: opt-in or opt-out flags, campaign identifiers, and suppression lists.
- Security and fraud signals: device fingerprints or risk scores from payment or hosting providers acting under their own policies.
4. Sources of personal information
We obtain personal information directly from you when you complete forms, place orders, create an account (if offered), subscribe to updates, or contact us. We may also receive information from payment processors, delivery couriers (proof of delivery), analytics partners (when consented), advertising platforms (when consented), and public registers where permitted. If you engage with us through social networks, those platforms may share aggregated or technical data according to their own terms.
5. Purposes and lawful bases of processing
We process personal information only for specified, explicit, and legitimate purposes. The table below summarises primary purposes, types of data involved, and lawful bases. For GDPR purposes we identify Articles 6 and, where relevant, Article 9. For New Zealand, processing aligns with Information Privacy Principles (IPPs) concerning purpose, source, collection limits, and use.
| Purpose | Typical data | GDPR lawful basis | NZ reference (summary) |
|---|---|---|---|
| Contract performance: fulfilling orders, delivery, returns, customer support | Identity, contact, transaction, communications | Art. 6(1)(b) performance of a contract | IPP 1–4: collected for lawful purpose connected to transaction |
| Legal obligations: tax, accounting, consumer law, regulatory requests | Identity, transaction, financial metadata | Art. 6(1)(c) legal obligation | Compliance with NZ statute and lawful information requests |
| Legitimate interests: website security, abuse prevention, product improvement, basic analytics using aggregated data | Technical data, security logs, limited identity where needed | Art. 6(1)(f) legitimate interests balanced against your rights | Reasonable steps to protect information and business continuity |
| Consent: non-essential cookies, marketing emails, certain surveys | Technical, marketing, contact | Art. 6(1)(a) consent; withdraw anytime | Express or implied consent where required by Code or practice |
| Pre-contractual steps: responding to enquiries before purchase | Identity, contact, communications | Art. 6(1)(b) | Collected for prospective supply relationship |
Where we rely on legitimate interests, we consider whether processing is necessary, whether less intrusive means exist, and whether your interests override ours. You may object to certain processing on grounds relating to your situation as described in Section 10.
6. Disclosure of personal information
We share personal information with categories of recipients only as needed for the purposes above:
- Delivery and logistics providers in New Zealand and, if you request offshore delivery, in the destination country.
- Payment service providers that process card or wallet transactions under PCI-DSS aligned practices.
- Hosting and email infrastructure providers that store or transmit data under data processing terms.
- Professional advisers such as lawyers and accountants bound by confidentiality.
- Government authorities when required by lawful demand, court order, or regulatory rule.
- Analytics or advertising partners only when you enable the relevant cookie categories.
We do not sell personal information for money as defined under broad “sale” concepts in some jurisdictions. We may allow partners to process data on our behalf under contracts that require confidentiality and appropriate security measures.
7. International transfers
Our primary operations and storage are in New Zealand. Some service providers may process data in Australia, the European Union, the United Kingdom, or the United States. When we transfer personal data from the EEA, UK, or Switzerland to countries not subject to an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses (EU Commission Implementing Decision 2021/914 or successor instruments), UK Addendum, or equivalent mechanisms, supplemented by technical and organisational measures including encryption in transit (HTTPS/TLS), access controls, and vendor assessments.
8. Retention periods
We retain personal information only as long as necessary for the purposes collected, unless a longer period is required or permitted by law. Indicative periods:
| Record type | Indicative retention | Rationale |
|---|---|---|
| Completed sales and invoices | 7 years after the end of the tax year | New Zealand tax and accounting obligations |
| Marketing consents and suppression files | Until consent withdrawn plus a short reconciliation window (up to 12 weeks) | Demonstrate consent and honour opt-outs |
| Website server logs (security) | 30–90 rolling days unless extended for incident investigation | Security monitoring and forensic needs |
| Cookie consent logs (if stored server-side) | Up to 24 months from last interaction | Regulatory evidence of consent choices |
| Customer support tickets | 3 years after case closure unless linked to an active dispute | Quality assurance and dispute resolution |
| Uncompleted enquiry forms (if temporarily stored) | Deleted within 90 days if no order results | Data minimisation |
After retention expires we securely delete or irreversibly anonymise data. Backup copies may persist for a limited technical window until overwritten according to backup rotation schedules.
9. Security measures
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data and the nature of our business, including:
- Transport security: The Site is intended to be served exclusively over HTTPS to reduce interception risk; you should ensure your browser shows a valid TLS connection.
- Access control: Role-based access to internal systems, unique credentials, and periodic review of permissions.
- Device and endpoint hygiene: Updated software, malware protection on workstations handling customer data where applicable.
- Vendor management: Due diligence questionnaires and contractual data protection clauses with processors.
- Incident response: Procedures to detect, contain, and notify affected individuals or regulators where legally required.
- Training: Staff handling personal data receive orientation on confidentiality and phishing awareness.
No method of transmission or storage is completely secure. We encourage strong passwords where accounts exist and prompt reporting of suspicious messages purporting to be from us.
10. Your rights
10.1 New Zealand rights
Under the Privacy Act 2020 you may request access to personal information we hold about you and ask for correction if it is inaccurate. You may complain to us first; if unresolved you may contact the Office of the Privacy Commissioner (New Zealand).
10.2 GDPR rights (EEA, UK, and where applicable)
If the GDPR applies to our processing of your data, you may have the following rights subject to conditions and exceptions:
- Right of access (Art. 15): obtain confirmation whether we process your data and receive a copy.
- Right to rectification (Art. 16): correct inaccurate data.
- Right to erasure (Art. 17): request deletion where grounds apply, such as withdrawal of consent or unlawful processing.
- Right to restriction (Art. 18): limit processing in defined circumstances.
- Right to data portability (Art. 20): receive structured, machine-readable data you provided where processing is based on consent or contract and is automated.
- Right to object (Art. 21): object to processing based on legitimate interests or to direct marketing.
- Rights related to automated decision-making (Art. 22): we do not use solely automated decisions with legal or similarly significant effects on individuals for Balanciax sales; if that changes we will update this Policy.
- Right to withdraw consent: where processing is consent-based, withdrawal does not affect prior lawful processing.
- Right to lodge a complaint with a supervisory authority in your country of residence.
To exercise rights, email message@zlozariniushonox.world with enough detail for us to verify your identity (we may request additional information proportionate to risk). We respond within one month for GDPR requests where applicable, or as required by NZ law, and may extend complex requests with notice.
11. Automated decision-making and profiling
We do not conduct behavioural profiling that produces legal or similarly significant effects solely by automated means for product eligibility or pricing. Basic analytics may aggregate browsing patterns after consent but do not determine individual legal outcomes.
12. Third-party links
The Site may link to external resources. Their privacy practices are independent; review their policies before submitting personal data.
13. Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes. Material changes will be highlighted on the Site or communicated where appropriate. Continued use after the effective date constitutes acceptance of the revised Policy where permitted by law; where consent is required, we will seek it separately.
14. Regulatory contacts
New Zealand Privacy Commissioner: Office of the Privacy Commissioner, PO Box 10-094, Wellington 6143, New Zealand. Website: www.privacy.org.nz
EEA data protection authorities: list available via the European Data Protection Board website.
UK Information Commissioner’s Office (ICO): www.ico.org.uk