Privacy policy

Controller: Thodmareshul, 320D Princes Street, Central Dunedin, Dunedin 9016, New Zealand.

Last updated:

This policy explains how we process personal data when you visit https://thodmareshul.world/ (the “Site”), submit forms, or communicate with us. We apply the New Zealand Privacy Act 2020 principles and provide GDPR-aligned disclosures for individuals in the European Economic Area (“EEA”) and the United Kingdom where those rules apply.

Data we collect

• Identity and contact details you type into forms (name, email, optional phone, message text).
• Technical data such as IP address, browser type, device identifiers, and timestamps from server logs.
• Cookie and similar technology data described in the Cookie Policy.
• Order-related records when a purchase flow exists (delivery address, payment references retained by processors).

Purposes and legal bases

We process data to respond to enquiries, fulfil contracts, improve Site security, meet accounting obligations, and—only when you consent—run analytics or marketing pixels. Contractual necessity covers order fulfilment; legitimate interests cover fraud prevention and service improvement; consent covers optional cookies and marketing emails where required.

Retention

Form messages are kept for up to twenty-four months unless a longer period is required for disputes, tax, or regulatory reasons. Server logs rotate within ninety days unless security investigations require extension. Accounting records follow New Zealand statutory timelines (commonly seven years).

Sharing and processors

We share data with hosting providers, email delivery services, analytics vendors (only after consent), and payment processors you select at checkout. Each processor is bound by written terms that require appropriate safeguards.

International transfers

Where data leaves New Zealand or the EEA, we rely on adequacy decisions or standard contractual clauses approved by relevant regulators, plus supplementary measures when needed.

Security measures

We enforce HTTPS transport, access controls, least-privilege accounts, backups, and periodic review of subprocessors. No online service is risk-free; we monitor incidents and notify authorities or data subjects when the law requires it.

Your rights

You may request access, correction, deletion, restriction, portability, or objection depending on your jurisdiction. You may withdraw consent for optional processing without affecting lawful processing that relies on other grounds. Contact us using the identifiers shown in the Site footer. You may lodge a complaint with the Office of the Privacy Commissioner (New Zealand) or your local EU/UK supervisory authority.

Children

The Site is aimed at adults. We do not knowingly collect data from children without parental authority.

Marketing, advertising, and platform rules

When we run paid advertising (including through Google Ads or similar networks), we aim to align creatives and landing pages with applicable platform policies and New Zealand fair trading expectations. We describe Zenvita as a food supplement only. We do not use ad text to promise medical results, name specific diseases in a promotional way, or collect special-category health data for targeting.

Geographic scope

The Site is operated from New Zealand. If you browse or order from another country, local import, tax, and privacy rules may apply in addition to the disclosures here.

Updates

We revise this policy when practices change. Material updates will be highlighted on the Site with a refreshed “Last updated” date.