Xolvarynkhim

Meal planning and routine education for New Zealand. Not a medical, dietetic, or emergency service. Service scope · Advertising · Ad data

Trust and transparency

Privacy policy

We only collect the personal data we need to respond to you, to deliver the services you ask for, and to meet legal duties. This document explains the categories in scope, how long we keep them, the rights you can exercise, and the safeguards in place for transfers and sub-processors.

As viewed

Data controller and contact

The data controller is Xolvarynkhim, trading from Shop 3, Coastlands Shopping Town, 150 Rimu Road, Paraparaumu 5032, New Zealand. The primary address for service of privacy-related questions is: contact@xolvarynkhim.world. The telephone number for business enquiries is +64 4 297 2022. We do not use the title of Data Protection Officer in a formal way for this small team, but the same contact channel is responsible for handling access requests, corrections, and complaints in the first instance.

Advertising and measurement

When we use online advertising (for example, search or display in New Zealand or other regions), the advertising platform may process technical data in line with your choices and the partner’s own policy. We use such channels only to describe our educational meal-planning and routine services, not to collect sensitive health data from you through the ad itself. If conversion or analytics tags are used on our site, they are governed by the cookie policy and your consent where required. Ad landing pages are hosted on this domain and present the same business identity, contact information, and legal pages as the rest of the site.

Categories of personal data

Depending on how you use the site, the following types may be processed. Not every visitor triggers every type.

Enquiry data. If you use the contact form, we process your name, email address, the text of your message, and the technical submission metadata our host records for abuse prevention, such as time of submission and rough network information.

Project and service data. If you work with the studio, we add notes you agree to, scheduling preferences, and billing identifiers required for invoices, subject to a separate project agreement where appropriate.

Cookie and device data. As described in the cookie policy, you may have optional categories enabled in local storage, and, if in future we deploy analytics, coarse device or usage rows.

Purposes and legal bases

We answer your messages and, where relevant, take steps to enter a contract (Article 6(1)(b) GDPR style). We have a legitimate interest in running a professional website, protecting against abuse, and improving the clarity of our materials, balanced against your rights, which is why you can object to certain contact uses where applicable.

We rely on consent for optional marketing communication where we send a broadcast that is not strictly needed to supply an agreed project, and for non-essential cookies as explained separately. We rely on legal obligation for records we must keep for tax or other statutory duties.

How long we keep it

General business correspondence and contact form content are typically retained for twenty-four months after the last message in a thread, unless a longer period is required for a live engagement, a warranty claim, or a regulatory requirement. Financial records are kept for at least the period set by the Inland Revenue and other rules that apply in New Zealand. You may request earlier erasure if no other ground prevents it.

Recipients and cross-border transfer

We work with a small set of service providers, such as a hosting business and an email delivery route. They act as processors under our instructions, not for their own marketing. If a processor stores data in a country without an adequacy decision, we use appropriate safeguards, such as the standard contractual clauses approved in the European Union or the UK, plus supplementary technical measures where a transfer impact assessment points to a residual risk that must be offset.

Your rights in outline

Subject to any domestic exceptions, you may be entitled to: access, rectification, erasure, restriction, objection, data portability, and, where we rely on consent, withdrawal. You can complain to a supervisory authority in the EU/EEA or the UK, or the Office of the Privacy Commissioner in New Zealand, depending on the facts. We will respond to requests within a reasonable period and within statutory deadlines where they apply, and may need to verify your identity before releasing sensitive rows.

Technical and organisational security

We apply role-based access, least-privilege credentials, two-step verification for critical accounts, encrypted transport, separation between test and live environments, and periodic review of our vendors. A defined incident runbook includes timely notification to you and, where required, a regulator, when a breach is likely to affect your rights. These measures evolve as the risk landscape changes, and the description here is a summary of intent rather than a public penetration report.

For children: this site is not designed to attract audience members under the age of sixteen, and we do not knowingly process their data for direct outreach. If you believe a minor’s information reached us, email the address above and we will delete it where the law allows.

Next read Terms of use and returns for project rules.
Storage detail Cookie policy for browser storage choices.