Privacy Policy

Last updated: 25 March 2026

Data Controller: Grozelongryxonar | 6/45 Luckens Road, West Harbour, Auckland 0618, New Zealand | Email: feedback@grozelongryxonar.world | Phone: +64 9 416 1703

1. Introduction and Scope

Grozelongryxonar ("we", "us", "our") operates the website at grozelongryxonar.world and sells the food supplement product Zenavora. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you visit our website, place an order, or otherwise interact with us.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This policy applies to all personal data we process about you as a visitor, customer, or prospective customer.

We comply with the New Zealand Privacy Act 2020 (the "Privacy Act"), the General Data Protection Regulation (EU) 2016/679 ("GDPR") where applicable to European Economic Area residents, and the UK GDPR where applicable to United Kingdom residents. Where there is a conflict between these frameworks, we apply the higher standard of protection.

2. Who We Are

The data controller responsible for your personal information is:

  • Business Name: Grozelongryxonar
  • Trading Name / Product: Zenavora
  • Registered Address: 6/45 Luckens Road, West Harbour, Auckland 0618, New Zealand
  • Email: feedback@grozelongryxonar.world
  • Phone: +64 9 416 1703
  • Website: grozelongryxonar.world

3. Personal Data We Collect

We collect personal data in the following categories:

3.1 Data You Provide Directly

  • Identity Data: First name, last name, full name
  • Contact Data: Email address, telephone number (optional), postal/delivery address
  • Transaction Data: Details about orders you place, products purchased, prices paid, and payment method (we do not store full payment card details)
  • Communications Data: Messages, enquiries, and correspondence you send us via forms or email
  • Consent Records: Records of your consent to our terms, privacy policy, and marketing communications

3.2 Data Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device type, time zone setting, browser plug-in types and versions
  • Usage Data: Pages visited, time spent on pages, links clicked, referring URLs, search terms used to find our website
  • Cookie Data: Data collected through cookies and similar technologies as described in our Cookie Policy

3.3 Data from Third Parties

We may receive data from third parties such as analytics providers, advertising networks, and payment processors. We only receive data that is necessary for the purposes described in this policy.

4. Purposes and Legal Bases for Processing

We process your personal data only where we have a lawful basis to do so. The following table sets out the purposes for which we process your data and the corresponding legal basis:

Purpose Data Used Legal Basis
Processing and fulfilling your order Identity, Contact, Transaction Performance of a contract (Art. 6(1)(b) GDPR; Privacy Act IPP 1, 10)
Communicating about your order Identity, Contact Performance of a contract; Legitimate interests
Processing payments Transaction, Contact Performance of a contract; Legal obligation
Responding to enquiries and customer service Identity, Contact, Communications Legitimate interests; Performance of a contract
Sending marketing communications (with consent) Identity, Contact Consent (Art. 6(1)(a) GDPR; Unsolicited Electronic Messages Act 2007)
Improving our website and services Technical, Usage, Cookie Legitimate interests; Consent (for non-essential cookies)
Fraud prevention and security Technical, Transaction Legitimate interests; Legal obligation
Compliance with legal obligations All relevant categories Legal obligation (Art. 6(1)(c) GDPR)
Maintaining records for tax and accounting Identity, Contact, Transaction Legal obligation

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data Category Retention Period Reason
Order and transaction records 7 years from the date of transaction Tax and accounting obligations (NZ Inland Revenue requirements)
Customer account and contact data 3 years from last interaction Customer service and legitimate business purposes
Marketing consent records Until consent is withdrawn + 3 years Proof of consent; legal compliance
Website analytics data 26 months Website improvement; anonymised after 26 months
Customer service communications 3 years from resolution Dispute resolution; quality assurance
Cookie consent records 12 months Proof of consent

After the applicable retention period, we will securely delete or anonymise your personal data.

6. Sharing Your Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients where necessary:

6.1 Service Providers

  • Payment processors: To securely process your payment transactions (e.g., Stripe, PayPal). These providers process data on our behalf under data processing agreements.
  • Logistics and shipping partners: To deliver your order. We share your name and delivery address with our courier partners.
  • Email service providers: To send order confirmations and customer communications.
  • Website hosting and IT providers: To maintain and operate our website infrastructure.
  • Analytics providers: To understand how our website is used (subject to your cookie consent).

6.2 Legal and Regulatory Disclosure

We may disclose your personal data to law enforcement agencies, courts, regulators, or other authorities where required by law or where we believe disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of any person.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the new owner. We will notify you of any such change and ensure appropriate protections are in place.

7. International Data Transfers

Some of our service providers are located outside New Zealand and the European Economic Area. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with an adequacy decision from the European Commission or New Zealand Privacy Commissioner
  • Binding Corporate Rules where applicable

You may request information about the specific safeguards in place for any international transfer by contacting us at the details provided in Section 2.

8. Your Rights

Depending on your location and the applicable law, you have the following rights in relation to your personal data:

8.1 Rights Under GDPR (EU/UK Residents)

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): You have the right to request that we delete your personal data in certain circumstances.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

8.2 Rights Under the New Zealand Privacy Act 2020

  • Right to access: You have the right to request access to personal information we hold about you (Information Privacy Principle 6).
  • Right to correction: You have the right to request correction of your personal information (Information Privacy Principle 7).
  • Right to complain: You have the right to make a complaint to the Office of the Privacy Commissioner if you believe we have breached the Privacy Act.

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days. We may need to verify your identity before processing your request. There is no charge for making a request, although we may charge a reasonable fee for requests that are manifestly unfounded or excessive.

9. Security Measures

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted between your browser and our website (HTTPS)
  • Encrypted storage of sensitive personal data
  • Access controls limiting data access to authorised personnel only
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and security practices
  • Secure disposal of data when no longer required
  • Incident response procedures for data breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify you directly without undue delay.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. For detailed information about the cookies we use, the purposes for which we use them, and how you can manage your cookie preferences, please see our Cookie Policy.

11. Children's Privacy

Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete that information.

12. Marketing Communications

We will only send you marketing communications if you have given us your explicit consent to do so. You can withdraw your consent to receive marketing communications at any time by:

Withdrawing consent to marketing will not affect our ability to send you transactional communications related to your orders.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies. This Privacy Policy applies only to our website.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

15. How to Make a Complaint

If you have concerns about how we handle your personal data, please contact us first at feedback@grozelongryxonar.world. We will do our best to resolve your concern promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

  • New Zealand: Office of the Privacy Commissioner – www.privacy.org.nz
  • EU residents: Your local Data Protection Authority (DPA)
  • UK residents: Information Commissioner's Office (ICO) – ico.org.uk

16. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us: