Privacy Policy

Last updated:

1. Introduction

Thimyxolux ("we", "us", or "our") operates the website thimyxolux.world. We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or submit information through our order form.

We process personal data in compliance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679), the New Zealand Privacy Act 2020, and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

  • Company: Thimyxolux
  • Address: 1 Queen Street, Auckland 1010, New Zealand
  • Email: office@thimyxolux.world
  • Website: https://thimyxolux.world

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Data You Provide Directly

  • Name: Your full name as entered in the order form.
  • Email address: Your email address for order confirmation and communication.
  • Phone number: Your telephone number (optional), if voluntarily provided.
  • Message: Any additional information you include in the message field.
  • Consent record: Record of your GDPR consent provided via the order form checkbox.

3.2 Data Collected Automatically

  • IP address: Your Internet Protocol address.
  • Browser type and version: Information about the browser you use.
  • Operating system: Information about your device's operating system.
  • Referring URL: The website that directed you to our site.
  • Pages visited: Which pages you view and how long you spend on them.
  • Date and time of access: When you visited our website.
  • Cookie data: As described in our Cookie Policy.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

Purpose Legal Basis
Processing your order submission Performance of a contract (Art. 6(1)(b))
Sending order confirmation emails Performance of a contract (Art. 6(1)(b))
Responding to your inquiries Legitimate interest (Art. 6(1)(f))
Website analytics (if consented) Consent (Art. 6(1)(a))
Marketing communications (if consented) Consent (Art. 6(1)(a))
Legal compliance Legal obligation (Art. 6(1)(c))

5. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To process and fulfil your orders and requests.
  • To communicate with you regarding your submissions, including order confirmations.
  • To respond to questions or messages submitted through the contact form.
  • To improve our website, products, and services based on anonymised usage data.
  • To comply with legal and regulatory obligations.
  • To detect, prevent, and address fraud or security issues.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your data in the following limited circumstances:

  • Service providers: Trusted third-party companies that assist us in operating our website, processing orders, or providing services on our behalf (e.g., hosting providers, email services). These providers are contractually obligated to protect your data and process it only on our instructions.
  • Legal requirements: When required by law, court order, or governmental regulation, or to protect our rights and safety.
  • Business transfers: In connection with any merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity as part of the transaction.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA) or New Zealand. When such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions by the European Commission recognising certain countries as providing adequate data protection.
  • Other legally recognised transfer mechanisms.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Order data: Retained for up to 3 years from the date of submission for order processing and customer service purposes.
  • Communication records: Retained for up to 2 years for service quality and dispute resolution.
  • Analytics data: Retained in anonymised form for up to 26 months.
  • Legal compliance data: Retained as required by applicable laws (e.g., tax, accounting, or financial regulations).

After the retention period expires, your data will be securely deleted or anonymised.

9. Your Rights Under GDPR

Under the GDPR and applicable law, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal exceptions.
  • Right to restriction of processing (Art. 18): Request that we limit the processing of your personal data under certain conditions.
  • Right to data portability (Art. 20): Request to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): Object to the processing of your personal data based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3)): Withdraw any consent you have given at any time, without affecting the lawfulness of processing prior to withdrawal.
  • Right to lodge a complaint: File a complaint with a supervisory authority. For New Zealand residents, you may contact the Office of the Privacy Commissioner. For EU/EEA residents, you may contact your local Data Protection Authority.

To exercise any of these rights, please contact us at: office@thimyxolux.world

We will respond to your request within 30 days, as required by the GDPR.

10. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS (TLS/SSL) encryption for all data transmitted between your browser and our website.
  • Secure storage of personal data with access restricted to authorised personnel only.
  • Regular review and update of our security practices.
  • Employee training on data protection and privacy best practices.

While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining robust protections.

11. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately and we will take steps to delete such information.

12. Third-Party Links

Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

  • Company: Thimyxolux
  • Address: 1 Queen Street, Auckland 1010, New Zealand
  • Email: office@thimyxolux.world