Identity of the data controller
Sharvexxovimex is the organisation responsible for deciding how personal data is processed when you interact with our websites, email inbox, or studio services. We operate from 45A Paul Matthews Road, Rosedale, Auckland 0632, New Zealand. The Privacy Act 2020 uses the term "agency"; under the GDPR we are typically a "controller" for information you provide directly to us.
Contact: mailuse@sharvexxovimex.world · Telephone +64 800 742 762 (Auckland business hours)
Definitions we rely on
For clarity across jurisdictions, "personal information" and "personal data" describe information about an identifiable living individual. "Processing" includes collecting, storing, altering, disclosing, erasing, or otherwise using data. "Consent" means a freely given, specific choice made after fair notice. "Legitimate interests" refer to balanced operational needs that do not override your fundamental rights.
Scope of this Policy
The Policy covers visitors to sharvexxovimex.world, recipients of our mailings where you opt in, purchasers of workbooks or cohort seats, and participants in consulting calls about weekly meal organisation. It does not cover third-party websites that we link to for reference—please review their own statements before submitting data there.
Educational menu-planning content here is not a substitute for clinical nutrition therapy. We do not ask you to upload medical records.
Categories of personal data
Depending on your pathway, we may process identifiers such as your name, postal address, billing address, email address, and telephone number. Message bodies you send through forms can include scheduling preferences or dietary boundaries you choose to describe in your own words. Technical records can include truncated IP addresses, device type, rough geographic area derived at region level, referrer URLs, and timestamps. If you pay electronically, our payment service provider processes card tokens; we usually receive confirmation of payment status rather than full card numbers.
| Category | Typical examples | Mandatory? |
|---|---|---|
| Identity & contact | Name, email, phone | Only where you request a reply or invoice |
| Transaction | Purchase references, programme seat IDs | If you buy a product |
| Communications | Emails, form text, call notes you authorise | Voluntary |
| Technical | Server logs, security fingerprints | Automatic during site use |
| Preference | Cookie opt-in state | Stored after you interact with the banner |
Where the data comes from
Most records originate directly from you. We may receive professional contact corrections from directory services if you are already a corporate client. Fraud-prevention vendors might flag risk scores tied to transactions; those scores are ephemeral and governed by processor contracts.
Purposes and lawful bases
- Delivering requested guidance or digital downloads—contract performance.
- Sending administrative notices such as receipts—contract and legal obligation.
- Maintaining network security, rate limits, and backups—legitimate interests and legal duty.
- Optional analytics or marketing measurement after consent—consent (withdraw anytime).
- Internal reporting on aggregate programme uptake—legitimate interests with minimisation.
- Responding to regulators or court orders—legal obligation.
- Archiving anonymised lesson-learned notes—legitimate interests where individuals are not identifiable.
Retention schedule
Marketing and general enquiry threads are reviewed annually; inactive threads are usually deleted after twenty-four months unless a dispute is pending. Tax-related invoices follow Inland Revenue retention expectations. Cookie consent logs may be stored longer to demonstrate compliance with advertising platform rules.
| Record type | Default period | Remark |
|---|---|---|
| Contact form archive | 24 months | Unless legally required to hold longer |
| Consulting contract file | Length of engagement + 6 years | Accounting evidence |
| Server access logs | 90 rolling days | Security monitoring |
| Newsletter unsub list | Indefinite hashed record | Honours marketing opt-out |
Recipients and processors
We share data only with suppliers who help us operate: hosting providers, email delivery, calendar scheduling, customer support ticketing, and accounting software. Each relationship is governed by confidentiality commitments and, where applicable, data processing clauses. We do not sell lists of names, nor do we grant unrestricted access to volunteers.
Successor entities
If ownership of the studio changes, personal data may transfer as a business asset. You would receive notice where law requires before a new controller begins processing for materially different purposes.
International transfers
Some subprocessors store data in the European Union, the United Kingdom, or the United States. When information leaves New Zealand or the European Economic Area, we rely on recognised mechanisms such as adequacy decisions, standard contractual clauses, or supplementary technical measures including encryption in transit.
Automated decision-making
We do not rely on solely automated decisions that produce legal or similarly significant effects about your household. Spam filters may sort inbound mail, but a human reviews anything flagged before action is taken.
Security measures
Transport security uses HTTPS across public pages and administrative interfaces where we control them. Access to internal folders is limited by role-based permissions and multifactor authentication for administrators. Backups are encrypted and tested on a documented cadence. Despite diligence, absolute security cannot be promised; we maintain incident response steps including regulator notification timelines contemplated by the Privacy Act 2020 and the GDPR.
Your choices and statutory rights
You may request access to the personal data we hold, ask for corrections, request restriction or deletion where applicable, object to processing grounded in legitimate interests, and seek portability for machine-readable datasets you supplied. EU and UK residents may contact their supervisory authority; New Zealand residents may contact the Office of the Privacy Commissioner Te Mana Mātāpono Matatapu. Consent-based activities—such as optional cookies or marketing—can be stopped without affecting essential correspondence about services you purchased.
Raising a concern
Please email mailuse@sharvexxovimex.world with a concise description, relevant dates, and any reference numbers. We acknowledge most messages within ten New Zealand business days. Escalation paths above remain available if we disagree on the outcome.
Younger users
Our programmes target adults coordinating household food. If you believe a child submitted personal data without permission, notify us promptly so we can delete non-essential records.
Dedicated privacy channel
For subject-access requests or sensitive matters, use the same email with "Privacy request" in the subject line. Postal correspondence is accepted but slower; include return instructions if you need a paper response.
Changes to this Policy
Material updates appear on this page with revision context in the site changelog where we maintain one. Continued use of interactive features after a reasonable notice period may signify acceptance of operational updates that do not reduce your statutory protections.