Privacy Policy

1. Introduction and Scope

Thefrynnxol ("we", "us", "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you visit our website at thefrynnxol.world ("the Website"), purchase our products, or otherwise interact with us.

This Policy applies to all personal data we process and is intended to comply with:

• The New Zealand Privacy Act 2020 and the thirteen Information Privacy Principles (IPPs);
• The EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), where applicable to EU/EEA residents;
• The UK General Data Protection Regulation (UK GDPR), where applicable to UK residents;
• Any other applicable data protection legislation.

Please read this Policy carefully. By using our Website or purchasing our products, you acknowledge that you have read and understood this Policy. If you do not agree with its terms, please discontinue use of our Website.

2. Who We Are

The data controller responsible for your personal data is:

• Business Name: Thefrynnxol
• Trading Name: Vascunex
• Registered Address: 45A Paul Matthews Road, Rosedale, Auckland 0632, New Zealand
• Email: hello@thefrynnxol.world
• Phone: +64 800 742 762
• Website: thefrynnxol.world

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us using the details above.

3. Personal Data We Collect

We collect personal data in the following categories:

3.1 Data You Provide Directly

• Identity Data: Full name;
• Contact Data: Email address, telephone number (optional), postal/delivery address;
• Order Data: Products ordered, order notes, delivery instructions;
• Communication Data: Messages, enquiries, and correspondence you send to us via contact forms or email;
• Consent Records: Records of your consent to our Terms of Service, Privacy Policy, and cookie preferences.

3.2 Data Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device type, time zone;
• Usage Data: Pages visited, time spent on pages, links clicked, referring URLs, exit pages;
• Cookie Data: Data collected via cookies and similar tracking technologies (see our Cookie Policy for full details).

3.3 Data We Do Not Collect

We do not collect or process special categories of personal data (such as health data, racial or ethnic origin, religious beliefs, biometric data, or genetic data) unless you voluntarily provide such information in a message to us. We do not collect payment card data directly – all payment processing is handled by third-party payment processors.

4. Legal Bases for Processing (GDPR)

Where the GDPR applies, we process your personal data on the following legal bases:

• Performance of a Contract (Art. 6(1)(b) GDPR): Processing necessary to fulfil your order, process payment, arrange delivery, and manage returns;
• Legitimate Interests (Art. 6(1)(f) GDPR): Improving our website and services, fraud prevention, IT security, and direct marketing to existing customers (where you have a reasonable expectation of such communications);
• Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent, including for analytics and marketing cookies, and for receiving promotional communications;
• Compliance with Legal Obligations (Art. 6(1)(c) GDPR): Where processing is required to comply with applicable laws, such as tax and accounting obligations.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• To process and fulfil your orders, including arranging delivery and handling returns or refunds;
• To communicate with you about your order, including order confirmations, dispatch notifications, and delivery updates;
• To respond to your enquiries, complaints, or requests submitted via our contact form or by email;
• To send you service-related communications, such as changes to our policies or terms;
• To improve and optimise our Website, products, and services based on usage data and feedback;
• To detect, investigate, and prevent fraudulent transactions and other illegal activities;
• To comply with our legal and regulatory obligations, including tax, accounting, and consumer protection laws;
• To send you marketing communications about our products and promotions, where you have consented or where we have a legitimate interest to do so (you may opt out at any time);
• To analyse website traffic and user behaviour using analytics tools (subject to your cookie preferences).

6. How We Share Your Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients:

• Logistics and Delivery Partners: To arrange the delivery of your order within New Zealand. These partners receive only the information necessary to complete delivery (name, address, contact number);
• Payment Processors: Third-party payment service providers who process payments on our behalf. These providers are independently responsible for the security of payment data;
• IT and Hosting Providers: Service providers who host and maintain our website and IT infrastructure;
• Analytics Providers: Where you have consented to analytics cookies, data may be shared with analytics platforms (e.g. Google Analytics);
• Legal and Regulatory Authorities: Where required by law, court order, or regulatory authority, we may disclose your personal data to relevant authorities;
• Professional Advisers: Lawyers, accountants, and auditors who provide professional services to us, subject to confidentiality obligations.

All third parties with whom we share your data are required to maintain appropriate security measures and to process your data only for the specified purposes and in accordance with applicable data protection law.

7. International Data Transfers

Your personal data is primarily stored and processed in New Zealand. Where we transfer personal data to countries outside New Zealand or the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission or the New Zealand Privacy Commissioner;
• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Other legally recognised transfer mechanisms.

You may request details of the safeguards applicable to any specific international transfer by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

• Order and Transaction Data: 7 years from the date of the transaction, to comply with New Zealand tax and accounting obligations;
• Customer Communication Data: 3 years from the date of last communication;
• Website Usage and Analytics Data: Up to 26 months, depending on the analytics tool used;
• Cookie Consent Records: 1 year from the date of consent;
• Marketing Consent Records: Until you withdraw consent or unsubscribe, plus 1 year thereafter for compliance records.

When personal data is no longer required, we securely delete or anonymise it.

9. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

9.1 Rights Under the New Zealand Privacy Act 2020

• Right of Access: You have the right to request access to personal information we hold about you;
• Right of Correction: You have the right to request correction of inaccurate personal information;
• Right to Complain: You have the right to make a complaint to the Office of the Privacy Commissioner (OPC) at www.privacy.org.nz.

9.2 Rights Under the GDPR (EU/EEA and UK Residents)

• Right to Access (Art. 15): Obtain a copy of your personal data and information about how it is processed;
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data;
• Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data in certain circumstances;
• Right to Restriction of Processing (Art. 18): Request that we limit processing of your data in certain circumstances;
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format;
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes;
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing;
• Right to Lodge a Complaint: Lodge a complaint with your local supervisory authority (e.g. the Information Commissioner's Office in the UK, or the relevant EU Data Protection Authority).

To exercise any of your rights, please contact us at hello@thefrynnxol.world. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Website. Cookies are small text files stored on your device that help us provide and improve our services. For full details on the types of cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

You can manage your cookie preferences at any time via the Cookie Settings option in our cookie consent banner.

11. Security Measures

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:

• SSL/TLS encryption for all data transmitted between your browser and our Website (HTTPS);
• Access controls limiting data access to authorised personnel only;
• Regular security assessments and updates to our systems;
• Secure data storage with appropriate backup procedures;
• Staff training on data protection and information security.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our Website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe that we have inadvertently collected personal data from a minor, please contact us immediately and we will take steps to delete such data.

13. Third-Party Links

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this Policy. We encourage you to review this Policy periodically. Your continued use of our Website after any changes constitutes your acceptance of the updated Policy.

15. Contact Us and Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

• Email: hello@thefrynnxol.world
• Phone: +64 800 742 762
• Post: Thefrynnxol, 45A Paul Matthews Road, Rosedale, Auckland 0632, New Zealand

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

• New Zealand: Office of the Privacy Commissioner – www.privacy.org.nz
• EU/EEA: Your local Data Protection Authority
• UK: Information Commissioner's Office (ICO) – ico.org.uk