1. Data controller and contact details
The data controller responsible for processing personal data collected through this website and related sales channels is:
Quiztornzol
45A Paul Matthews Road, Rosedale, Auckland 0632, New Zealand
Email: hello@quiztornzol.world
Phone: +64 800 742 762
For data protection enquiries, including requests to exercise your rights, contact us using the email address above. We may ask reasonable questions to verify your identity before disclosing or changing information.
2. Scope and relationship to other documents
This Policy applies to personal data we process in connection with the Herbalyra product line, customer service, marketing where permitted, analytics where you consent, and website operation. It should be read together with our Cookie Policy, Terms of Service, and Return Policy. If you do not agree with this Policy, please discontinue use of the site and do not submit forms.
3. Categories of personal data we process
Depending on how you interact with us, we may process the following categories of data:
- Identity and contact data: full name, delivery address, billing address if different, email address, telephone number, and similar identifiers you provide.
- Transaction data: order references, items purchased, payment status, shipping selections, correspondence about orders, and refund records.
- Technical and usage data: IP address, browser type and version, time zone, device type, operating system, pages viewed, referring URLs, and approximate location derived from IP.
- Communication content: text you enter in contact or order forms, email threads, and call notes if you phone us.
- Preference and consent records: cookie choices, marketing opt-ins or opt-outs, and subscription preferences.
- Fraud and security data: device fingerprints or risk signals provided by payment partners where applicable.
We do not intentionally collect special categories of personal data (such as health data) through standard order forms. If you voluntarily disclose health-related information, we will treat it as sensitive and limit use to the purpose of responding to your message unless a separate lawful basis applies.
4. Sources of personal data
We obtain personal data directly from you when you place an order, complete a form, email us, or call our listed number. We also receive technical data automatically when you load pages or interact with features. In limited cases, we may receive updates from payment service providers, delivery partners, or fraud screening tools.
5. Purposes of processing and legal bases (GDPR and comparable standards)
Where the EU General Data Protection Regulation (GDPR) applies—for example if you are in the European Economic Area or if our processing is otherwise within scope—we rely on the following legal bases:
| Purpose | Legal basis | Notes |
|---|---|---|
| Providing the website, security, and troubleshooting | Legitimate interests (Article 6(1)(f) GDPR) | Balanced against your rights; you may object where applicable. |
| Performing a contract: processing orders, delivery, payments | Performance of a contract (Article 6(1)(b) GDPR) | Includes steps taken at your request before contract formation. |
| Responding to enquiries submitted via forms or email | Legitimate interests or contract preparation | Depends on whether a purchase is contemplated. |
| Legal compliance: tax, accounting, consumer law, court orders | Legal obligation (Article 6(1)(c) GDPR) | Retention may be mandated by law. |
| Analytics cookies and similar technologies | Consent (Article 6(1)(a) GDPR) | Managed through our cookie banner and settings. |
| Marketing communications where not covered by soft opt-in | Consent (Article 6(1)(a) GDPR) | You may withdraw consent at any time. |
| Fraud prevention and network security monitoring | Legitimate interests | We minimise data and use proportionate measures. |
For individuals in New Zealand, we comply with the Privacy Act 2020. We collect personal information only for lawful purposes connected to our functions, and we take reasonable steps to keep information accurate and protected.
6. New Zealand Privacy Act 2020: notification matters
We collect personal information primarily to supply Herbalyra, communicate with customers, improve our services, and meet legal duties. You are not required by law to provide information, but we may be unable to fulfil an order or reply without contact details. We may hold information in New Zealand and, where service providers are located overseas, in other countries that may not provide the same level of statutory protection; in those cases we use contractual safeguards where appropriate and assess risks carefully.
7. Disclosure of personal data to third parties
We share personal data only where necessary, with categories of recipients such as:
- Hosting, email, and infrastructure providers that operate servers and transmit messages.
- Payment processors and banks that handle card or wallet transactions.
- Courier and postal services for delivery and returns.
- Professional advisers including lawyers and accountants when required.
- Authorities when we are legally compelled or when disclosure is necessary to protect vital interests.
We do not sell your personal data in the conventional sense of exchanging lists for money. If we engage analytics or advertising partners after obtaining consent, their processing is described in the Cookie Policy and relevant vendor documentation.
8. International transfers
If personal data is transferred outside New Zealand or the EEA, we implement appropriate safeguards such as standard contractual clauses approved by the European Commission, adequacy decisions where available, or equivalent measures recognised under applicable law. You may request further information about transfers by emailing hello@quiztornzol.world.
9. Retention periods
We retain personal data only as long as needed for the purposes described, unless a longer period is required or permitted by law. Indicative periods are:
| Data category | Typical retention |
|---|---|
| Order and invoice records | Seven years from the end of the financial year in which the transaction occurred, unless local tax rules require otherwise. |
| Customer service emails and form submissions | Up to three years after the last substantive contact unless a dispute is ongoing. |
| Marketing consent logs | Duration of consent plus three years for evidence of compliance. |
| Server and security logs | Thirty to ninety days unless extended for incident investigation. |
| Cookie preference storage in your browser | Until you clear site data or we update our storage key. |
After retention expires, we delete or irreversibly anonymise data where feasible.
10. Security measures
We implement administrative, technical, and organisational measures appropriate to the risk, including:
- TLS encryption for data in transit on the production website.
- Access controls limiting staff and contractor access to personal data on a need-to-know basis.
- Policies for passwords, device security, and remote work where applicable.
- Backups stored separately from primary systems with restricted access.
- Review of subprocessors and contractual data processing terms.
No online transmission is completely risk-free. You should protect your devices and report suspected unauthorised account use promptly.
11. Automated decision-making and profiling
We do not use automated decision-making that produces legal or similarly significant effects solely based on profiling in relation to Herbalyra sales. Payment providers may apply automated fraud checks; those decisions are governed by their policies and applicable law.
12. Your rights under the GDPR (where applicable)
If the GDPR applies to our processing of your personal data, you may have the following rights, subject to conditions and exceptions:
- Access: obtain confirmation whether we process your data and receive a copy.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion where grounds under Article 17 apply.
- Restriction: limit processing in defined circumstances.
- Data portability: receive structured, machine-readable data you provided where processing is based on consent or contract and is automated.
- Objection: object to processing based on legitimate interests or for direct marketing.
- Withdraw consent: where processing is consent-based, without affecting prior lawful processing.
- Lodge a complaint with a supervisory authority in your country of residence.
To exercise rights, email hello@quiztornzol.world. We respond within one month where required, with a possible extension for complex requests.
13. Your rights under the New Zealand Privacy Act 2020
You may request access to personal information we hold about you and ask for correction. If we refuse a request, we will explain reasons as required by law. You may complain to the Office of the Privacy Commissioner if you believe we have interfered with your privacy.
14. Children
Our website and Herbalyra product marketing target adults. We do not knowingly collect personal data from children under 16 without parental authority. If you believe a minor has provided data, contact us and we will take steps to delete it where appropriate.
15. Links to third-party sites
Our site may link to carriers, payment pages, or informational resources. Those sites have their own privacy practices. We are not responsible for their content or processing once you leave our domain.
16. Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes. The effective date at the top will be revised, and for material changes we may provide a notice on the homepage or by email where we have your address.
17. Contact
Questions about privacy: hello@quiztornzol.world · Quiztornzol, 45A Paul Matthews Road, Rosedale, Auckland 0632, New Zealand.