Privacy policy
Last updated:
Data controller and statutory details
The data controller responsible for personal data processed through xlozarinxlyex.world is Xlozarinxlyex, operating from 959 A7, Cheltenham SA 5014, Australia. Public correspondence identifiers are published as info@xlozarinxlyex.world, contact@xlozarinxlyex.world, support@xlozarinxlyex.world, and help@xlozarinxlyex.world.
Where European Union or United Kingdom GDPR applies, you may contact the same addresses for data protection enquiries. We do not require a separate paid gateway to exercise your rights.
Audience geography and advertising context
Day-to-day fulfilment correspondence is organised from South Australia. The website may nonetheless be reachable in other countries because of the open routing of internet traffic or because online advertising surfaces our listings outside Australia.
We sell general food-supplement inventory aimed at adults. You remain responsible for confirming that importing or using such products complies with the customs, labelling, and health-communication rules that apply where you live. We do not run copy that names diseases, symptoms, or treatment outcomes; if you arrived from a paid placement, the creative itself is limited to catalogue-style language in line with platform policies.
Scope and children
This notice covers personal information collected when you browse the site, submit forms, correspond with support, or interact with optional analytics and marketing technologies described in the cookie policy. The store is intended for adults. We do not knowingly collect data from individuals below sixteen without guardian consent.
Categories of personal data
- Identity and contact data such as name, email address, optional phone number, and postal references you include in messages.
- Technical data including IP address, browser type, device hints, timestamps, and referral URLs collected through server logs or similar infrastructure providers.
- Usage data derived from optional analytics cookies if you grant consent.
- Preference data from marketing cookies when consent is present.
- Order-related identifiers such as lot numbers or request references that you voluntarily provide.
Sources of data
We obtain information directly from you via forms and email, automatically through strictly necessary cookies and essential logging, and—only with permission—through analytics or marketing tools configured on xlozarinxlyex.ddd.
Purposes and lawful bases
| Purpose | Lawful basis (GDPR) | Non-EU reference |
|---|---|---|
| Fulfilling product inquiries and transactional follow-up | Performance of requested pre-contract steps | Australian Privacy Act APP 3 fair collection |
| Compliance with tax, consumer, or regulatory requests | Legal obligation | APP 6 use or disclosure |
| Network security monitoring and bot mitigation | Legitimate interests balanced against your rights | APP 11 security |
| Optional analytics to improve navigation clarity | Consent | APP 6 voluntary opt-in |
| Optional marketing reminders tied to stock signals | Consent | APP 6 voluntary opt-in |
Advertising and conversion measurement
If you consent to marketing or analytics cookies, identifiers may be shared with advertising partners such as Google so we can measure visits that originate from paid campaigns or to cap how often a creative is shown. Those partners process technical signals (for example device type, approximate region derived from IP address, and coarse interaction data) under their own published controller notices.
You may adjust personalised ad settings directly with those vendors or withdraw optional cookies here without affecting strictly necessary processing.
Processors and recipients
We share data only with service providers that deliver hosting, encrypted email transport, payment facilitation where applicable, advertising measurement, or auditing. Each processor is contractually bound to confidentiality, acts on documented instructions, and implements appropriate technical measures such as transport-layer encryption and role-based access.
International transfers
If personal data leaves Australia or the European Economic Area, we rely on standard contractual clauses, adequacy decisions, or supplementary measures required by supervisory authorities. You may request a summary of the safeguards that apply to your specific processing activity.
Retention schedule
- Form submissions tied to open requests: up to twenty-four months after the last documented interaction, unless a shorter statutory period applies.
- Accounting and tax records: seven years from the end of the financial year in which the transaction occurred, where applicable law requires retention.
- Server security logs: rolling ninety days unless an incident investigation requires longer preservation.
- Marketing consents: until you withdraw consent or thirty-six months without engagement, whichever occurs first.
Your GDPR rights
Depending on your location, you may request access, rectification, erasure, restriction, portability, objection, or human review regarding solely automated decisions. You may withdraw consent for optional cookies at any time using the cookie preferences control linked in the site footer without affecting the lawfulness of earlier processing.
You may lodge a complaint with your local supervisory authority. Australian customers may also contact the Office of the Australian Information Commissioner regarding acts or practices that may interfere with privacy.
Security measures
We implement HTTPS across public pages, segregated admin credentials, least-privilege staff accounts, hashed backups, and periodic reviews of subprocessors. No transmission over the internet can be guaranteed as entirely secure; please protect your own devices with current software updates.
Changes
Material revisions will be posted with an updated publication date at the top of this document. Continued use after notification constitutes acknowledgment unless applicable law requires a fresh consent.