Privacy Policy

At Vimreloxkhap.world, operating under the Penvora brand, we hold your privacy in the highest regard. This Privacy Policy outlines in detail how we collect, use, store, and protect your personal data when you visit our website, submit inquiries, or interact with our services. We are committed to transparency and compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the New Zealand Privacy Act 2020, and other relevant international frameworks.

1. Data Controller and Contact Information

Vimreloxkhap.world is the data controller responsible for your personal data. For any questions regarding this policy or your data, please contact us:

• Postal address: 109 Parnell Road, Parnell, Auckland 1052, New Zealand
• Email: admin@vimreloxkhap.world

We endeavour to respond to all data-related inquiries within 30 days.

2. Types of Personal Data We Collect

We collect and process the following categories of personal data:

Contact Data

When you complete our contact or order form, we collect your name, email address, and the content of your message. This data enables us to respond to your inquiries, process requests, and provide customer support.

Technical Data

When you browse our website, we may automatically collect technical information such as your IP address, browser type and version, operating system, device type, referring URLs, pages visited, and the date and time of your visit. This data is collected via cookies and similar technologies, subject to your consent where required by law.

Consent and Preference Data

We record your choices regarding cookies, marketing communications, and other preferences to ensure we respect your wishes and comply with legal obligations.

3. Legal Basis and Purposes of Processing

We process your personal data only when we have a lawful basis to do so. The legal bases we rely on include:

• Consent: Where you have given clear consent for us to process your data for a specific purpose, such as analytics or marketing cookies.
• Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate interests: Where processing is necessary for our legitimate interests, such as improving our website, ensuring security, and responding to inquiries, provided your interests and fundamental rights do not override those interests.
• Legal obligation: Where we are required to process data to comply with a legal obligation.

We use your data for the following purposes: responding to inquiries and providing customer support; operating and improving our website; analysing website usage (with consent); sending relevant marketing communications (with consent); ensuring security and preventing fraud; complying with legal obligations.

4. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods include:

• Contact form submissions and correspondence: 24 months from the date of last contact, unless a longer retention period is required for legal or regulatory purposes.
• Cookie consent records: 12 months, after which we will seek renewed consent.
• Analytics data: 14 months, in accordance with common analytics platform defaults.
• Marketing data: Until you withdraw consent or request erasure.
• Technical logs and security data: Up to 12 months for security and troubleshooting purposes.

After the retention period expires, we securely delete or anonymise your data so that it can no longer be attributed to you.

5. Your Rights Under GDPR and Applicable Laws

If you are located in the European Economic Area (EEA), the United Kingdom, New Zealand, or another jurisdiction with similar data protection laws, you have the following rights:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct any inaccurate or incomplete data.
• Right to erasure: You may request that we delete your personal data in certain circumstances.
• Right to restrict processing: You may request that we limit how we use your data in certain situations.
• Right to data portability: You may request a copy of your data in a structured, machine-readable format.
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

To exercise any of these rights, please contact us at admin@vimreloxkhap.world. We will respond within 30 days where required by law.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share your data with trusted service providers who assist us in operating our website and business, such as hosting providers, email delivery services, and analytics platforms. All such providers are bound by contracts that require them to process data only on our instructions and in accordance with applicable data protection laws. We may also disclose your data where required by law, such as in response to a court order or regulatory request.

7. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include HTTPS encryption for data in transit, secure server configurations, access controls, and staff training on data protection. While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection. Where we transfer data outside the EEA, UK, or New Zealand, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities, or other mechanisms recognised by applicable law.

9. Children's Privacy

Our website is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.