Privacy Policy

1. Introduction

Quixeralvik.world ("we", "our", "us") operates the website quixeralvik.world and the Fiventa brand. We are committed to protecting your personal data and complying with the Australian Privacy Principles (APPs), the Privacy Act 1988 (Cth), and the General Data Protection Regulation (GDPR) where applicable to users within the European Economic Area.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a purchase, or interact with our services. Please read this policy carefully to understand our practices regarding your personal data.

2. Data Controller

Fiventa / Quixeralvik.world
360 Lonsdale St, Melbourne VIC 3000, Australia
Email: admin@quixeralvik.world

For questions about this policy or to exercise your rights, please contact us using the details above. We aim to respond to all legitimate requests within one month.

3. Data We Collect

We may collect the following categories of personal data through various channels including our website, order forms, customer service communications, and cookies:

• Identity data: Name, title, date of birth (where relevant for age verification)
• Contact data: Email address, telephone number, mailing address, billing address, delivery address
• Financial data: Payment card details (processed securely by our payment provider; we do not store full card numbers)
• Transaction data: Details of purchases, order history, payment confirmations
• Communications data: Messages you send via our contact and order forms, correspondence with customer support
• Technical data: IP address, browser type and version, time zone, device type, operating system, referring URLs, pages visited, duration of visit (collected via cookies where you have consented)
• Usage data: How you use our website, products, and services

We do not collect special categories of personal data (such as health data) unless you voluntarily provide it and we have a lawful basis for doing so.

4. Purposes of Processing

We process your personal data for the following purposes:

• To process and fulfil your orders, including payment processing and shipping
• To communicate with you about your orders, including confirmations, updates, and delivery notifications
• To respond to your enquiries, complaints, and provide customer support
• To send administrative information such as changes to our terms, policies, or services
• To improve our website, products, and services (where analytics cookies are accepted)
• To personalise your experience and deliver relevant content
• To detect, prevent, and address fraud, security issues, and technical problems
• To comply with legal obligations, including tax, regulatory, and law enforcement requests
• To send marketing communications (only where you have given explicit consent and have not opted out)

5. Legal Basis for Processing (GDPR)

Where GDPR applies to the processing of your data, we rely on the following legal bases:

• Contract: Processing necessary to perform our agreement with you, including order fulfilment and customer service
• Consent: Where you have given explicit consent (e.g. marketing emails, non-essential cookies)
• Legitimate interests: For site security, fraud prevention, improving our services, and communicating essential business updates, where such interests are not overridden by your rights
• Legal obligation: Where we are required to process data to comply with applicable law

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our retention periods include:

• Order and transaction data: 7 years from the end of the financial year (for tax and legal compliance in Australia)
• Contact form submissions and correspondence: 2 years from last contact or until you request deletion
• Marketing preferences and consent records: Until you withdraw consent or unsubscribe, plus a short period to record your preference
• Technical and cookie data: As specified in our Cookie Policy
• Website logs and security data: Up to 12 months

After the retention period, we will securely delete or anonymise your data so it can no longer identify you.

7. Your Rights

Depending on your location, you may have the following rights in relation to your personal data:

• Access: Request a copy of your personal data and information about how we process it
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten") in certain circumstances
• Restriction: Request restriction of processing in certain circumstances
• Portability: Request transfer of your data to another controller in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests or for direct marketing purposes
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at admin@quixeralvik.world. We may need to verify your identity before responding. You also have the right to lodge a complaint with a supervisory authority: in Australia, the Office of the Australian Information Commissioner (OAIC); in the EU, your local data protection authority.

8. Data Sharing and Recipients

We do not sell your personal data. We may share your data with the following categories of recipients:

• Payment processors: To complete transactions securely (e.g. Stripe, PayPal)
• Shipping and fulfilment providers: To deliver your orders
• IT and hosting providers: For website hosting, security, and infrastructure
• Analytics providers: Where you have consented to analytics cookies

All such providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.

9. International Transfers

Your data may be transferred to and processed in countries outside Australia or the European Economic Area. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or equivalent mechanisms recognised under applicable law.

10. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include:

• HTTPS encryption (TLS) for all data transmitted between your browser and our servers
• Access controls, authentication, and principle of least privilege for staff
• Secure payment processing through PCI-DSS compliant providers
• Regular security assessments and updates

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this policy indicates when changes were last made. We encourage you to review this policy periodically. Material changes will be communicated via email or a prominent notice on our website where appropriate.