Legal

Privacy Policy

Last updated:

This policy explains how Squazrondloxshyx collects, processes, and protects personal data in compliance with the New Zealand Privacy Act 2020 and the EU General Data Protection Regulation (GDPR).

1. Who We Are

The data controller for this website is:

Squazrondloxshyx
55 Waipuka Road, Havelock North 4294, New Zealand
Phone: +64 21 222 9363
Email: chat@squazrondloxshyx.world
Website: https://squazrondloxshyx.world

2. Data We Collect

2.1 Data You Provide Directly

When you submit the contact form, we collect:

  • Full name
  • Email address
  • Message content
  • Record of your consent to processing (via the contact form privacy checkbox), including the fact of agreement and the time of submission where technically logged

2.2 Data Collected Automatically

When you visit the website, the following technical data may be recorded:

  • IP address (anonymised where possible)
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on each page
  • Referring URL
  • Cookie consent preferences (stored locally in your browser)

2.3 Data We Do Not Collect

We do not collect sensitive personal data such as information relating to physical or mental condition, financial details, or government-issued identification numbers.

3. Purposes and Legal Basis for Processing

We process personal information only for the purposes listed below. Where the EU GDPR applies, we rely on the GDPR Article 6 bases noted. Where only New Zealand law applies, we collect and use information in accordance with the Privacy Act 2020 and the Information Privacy Principles (IPPs), including having a lawful purpose connected to a function or activity of ours and, where required, obtaining authorisation (for example, your informed consent via the contact form).

  • Responding to enquiries — GDPR: Consent (Article 6(1)(a)) via the privacy consent checkbox on the contact form. NZ: authorised by you for that purpose (IPP 1, 3).
  • Site improvement and basic technical logs — GDPR: Legitimate interests (Article 6(1)(f)) where we use limited technical data in an anonymised or aggregated way. NZ: collected for a lawful purpose directly connected to our business and not kept longer than needed (IPP 1, 5, 9).
  • Legal compliance — GDPR: Legal obligation (Article 6(1)(c)). NZ: required by law (IPP 1).

We do not use personal information for automated decision-making or profiling.

4. Retention Periods

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected:

  • Contact form submissions: Up to 12 months from the date of submission, unless a longer period is required for follow-up or legal reasons.
  • Technical and analytics-style data: If server or third-party analytics logs are used in the future, we will apply minimisation and retention limits consistent with this policy and our Cookie Policy. Currently, cookie category choices are stored only in your browser (localStorage), not on our servers.
  • Cookie consent preferences: Stored in your browser's localStorage until you clear it. We do not maintain a separate server-side copy of your banner choices unless our hosting generates standard technical logs.

At the end of each retention period, data is securely deleted or anonymised.

5. Data Sharing

We do not sell, rent, or trade personal information to third parties. Information may be shared only in the following limited circumstances:

  • Service providers: Technical service providers (for example, web hosting, email delivery, or IT support) who process information solely on our behalf and only to the extent needed to provide their services.
  • Legal requirements: Where we are required to disclose information by New Zealand law, court order, or a competent regulatory authority.

Before disclosing personal information to an overseas agency or service provider, we take steps that are reasonable in the circumstances to ensure the recipient is subject to, or agrees to be bound by, privacy protections comparable to those under the Privacy Act 2020, or we rely on another permitted ground under the Act.

Any service provider engaged by us must handle information in accordance with applicable privacy law and must not use it for their own purposes.

6. Security Measures

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include:

  • Serving all pages exclusively over HTTPS (TLS encryption in transit)
  • Restricting access to personal data to authorised personnel only
  • Regular review of data processing practices and access controls
  • Prompt response to data breaches in accordance with applicable law

No method of electronic transmission or storage is completely secure. In the event of a data breach affecting your rights, we will notify you as required by law.

7. Your Rights

Depending on whether New Zealand law, the GDPR, or both apply to you, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you (NZ IPP 6; GDPR Article 15).
  • Correction: Request correction of inaccurate or incomplete information (NZ IPP 7; GDPR Article 16).
  • Erasure: Request deletion where information is no longer needed for the purpose for which it was collected, subject to legal exceptions (GDPR Article 17; NZ principles on accuracy and retention).
  • Restriction: Request that we restrict processing in certain circumstances (GDPR Article 18).
  • Data portability: Request your information in a structured, commonly used, machine-readable format where technically feasible (GDPR Article 20).
  • Object: Object to processing based on legitimate interests (GDPR Article 21).
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal (GDPR Article 7; NZ authorised purpose).

To exercise any of these rights, contact us at: chat@squazrondloxshyx.world

We will acknowledge your request as soon as reasonably practicable and respond within 20 working days where the New Zealand Privacy Act 2020 applies, or within 30 days where the GDPR applies, unless we notify you of a lawful extension.

If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner (New Zealand) at privacy.org.nz, or, where the GDPR applies, to your local supervisory authority.

8. New Zealand Privacy Act 2020

If you are in New Zealand or our activities have a New Zealand connection, we comply with the Privacy Act 2020. That includes observing the thirteen Information Privacy Principles, which govern matters such as the purpose of collection, the source of information, what we tell you at collection, how information is stored, your access and correction rights, accuracy, retention, and limits on use and disclosure.

We collect personal information only for lawful purposes connected with operating this website and responding to enquiries. When we collect information from you, we aim to ensure you are aware of the matters set out in IPP 3, including who we are, why we collect the information, who will receive it, and your rights.

This policy is not a substitute for legal advice. If you need guidance on how the Act applies to your situation, consider contacting the Office of the Privacy Commissioner or a qualified adviser.

9. Overseas Disclosure and Third-Party Infrastructure

Our website may be hosted or backed up on infrastructure located outside New Zealand. In addition, standard web requests (for example, loading fonts or scripts from a content delivery network) may route technical data to servers located overseas. Where such processing involves personal information, we take steps that are reasonable in the circumstances to comply with the Privacy Act 2020 regarding overseas disclosures.

When you use the contact form, your message is processed for the purpose of communication with us; we do not intend to disclose the content of your messages to unrelated third parties except as described in this policy or as required by law.

10. Privacy Breaches

If we become aware of a notifiable privacy breach under the Privacy Act 2020 (a breach that has caused or is likely to cause serious harm to an affected individual), we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable in accordance with our obligations under the Act.

Where other jurisdictions' breach-notification rules apply, we will follow those requirements where relevant.

11. Cookies

This website uses cookies and similar technologies as described in our Cookie Policy.

Your cookie preferences are stored in your browser's localStorage. You can update your preferences at any time via the cookie banner.

12. Third-Party Links

This website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any external site you visit.

13. Policy Changes

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the website following any update constitutes acceptance of the revised policy.

14. Contact

For any questions, requests, or concerns relating to this Privacy Policy or our data practices, please contact us:

Squazrondloxshyx
55 Waipuka Road, Havelock North 4294, New Zealand
Phone: +64 21 222 9363
Email: chat@squazrondloxshyx.world