Privacy Policy

Last updated: 9 March 2025

1. Controller and contact

The data controller responsible for the processing of your personal data in connection with this website is:

Valtoraneyxei
1/249-251 Pitt St
Sydney NSW 2000
Australia

Email: notifyuse@valtoraneyxei.world
Phone: +61 2 9261 2305

If you have questions about this Privacy Policy or your personal data, please contact us using the details above.

2. Scope and applicability

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website at valtoraneyxei.world (the “Site”), place orders, contact us or interact with our services. It applies to visitors and customers in Australia and, where relevant, to individuals in the European Economic Area (EEA), the United Kingdom and other jurisdictions where data protection laws (including the General Data Protection Regulation (GDPR) and the UK GDPR) apply.

In Australia, we also comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where applicable.

3. Personal data we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email address, telephone number, delivery address and billing address when you place an order or contact us.
• Transaction data: order details, payment-related information (e.g. payment method; we do not store full card numbers), and purchase history.
• Technical and usage data: IP address, browser type and version, time zone, device type, operating system, referral source, pages visited, time spent on the Site and other diagnostic data. This may be collected via cookies and similar technologies as described in our Cookie Policy.
• Communication data: content of messages you send to us (e.g. via contact form or email) and records of our correspondence.
• Consent and preference data: your choices regarding marketing, cookies and other preferences where you have given consent.

We do not collect special categories of data (e.g. health data) unless you voluntarily provide it in a message and we need it to respond to your request. In that case we will use it only for the purpose you provided it and in line with this policy.

4. Purposes and legal basis for processing

We process your personal data only for specified, explicit and legitimate purposes. Where GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract: to perform our contract with you (e.g. processing orders, delivery, customer support and related administration).
• Legal obligation: to comply with legal duties (e.g. tax, accounting, consumer and regulatory requirements).
• Legitimate interests: where necessary for our legitimate interests (e.g. improving the Site, security, fraud prevention, analytics) provided your interests do not override ours.
• Consent: where we have asked for and you have given consent (e.g. non-essential cookies, marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Purposes include: order fulfilment and shipping; payment processing; customer service and enquiries; website operation, security and improvement; analytics (where you have consented or where permitted by law); compliance with law; and, where you have agreed, marketing.

In Australia, we collect and use personal information in line with the APPs for the same types of purposes (e.g. providing services, improving the Site, legal compliance and, with your consent, marketing).

5. Retention periods

We keep your personal data only for as long as necessary for the purposes set out in this policy and to meet legal, tax and regulatory requirements.

• Order and customer data: typically for the duration of the contractual relationship plus a period required for warranty, returns, tax and legal obligations (e.g. 6 to 7 years after the end of the financial year in which the transaction occurred, or as required by Australian or other applicable law).
• Contact and enquiry data: for the time needed to handle your enquiry and any follow-up, and then for a limited period for evidence and legal purposes (e.g. up to 3 years unless a longer period is required by law).
• Marketing and consent records: until you withdraw consent or object, and for a short period thereafter to record your choice (e.g. up to 3 years).
• Technical and log data: as set out in our Cookie Policy (e.g. from session-only up to 24 months for analytics, depending on the type of cookie and your choices).

After the retention period, we securely delete or anonymise your data so it can no longer identify you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. These include:

• Use of HTTPS and encryption (e.g. TLS/SSL) for data transmitted between your device and our systems.
• Access controls so that only authorised personnel can access personal data on a need-to-know basis.
• Secure storage and handling of data, including where we use third-party service providers (e.g. hosting, payment or email services) that are bound by confidentiality and data protection obligations.
• Regular review of our security practices and, where appropriate, updates to systems and procedures.

Despite these measures, no method of transmission or storage over the internet is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

7. Sharing and international transfers

We may share your personal data with:

• Service providers: such as hosting, payment processors, shipping and logistics, email and support tools, and analytics providers, who process data on our instructions and are contractually required to protect it.
• Professional advisers: lawyers, accountants or auditors where necessary for compliance or legal advice.
• Authorities: when required by law or to protect our or others’ rights, safety or property.

Some of these recipients may be located outside Australia or outside the EEA/UK. Where we transfer data from the EEA or UK to a country not recognised as providing an adequate level of data protection, we implement appropriate safeguards (e.g. standard contractual clauses or other mechanisms approved by the relevant authorities). You may request details of these safeguards by contacting us.

8. Your rights

Depending on your location, you may have the following rights in relation to your personal data:

• Access: to obtain confirmation as to whether we process your data and a copy of your data.
• Rectification: to have inaccurate data corrected.
• Erasure: to have your data deleted in certain circumstances (e.g. where it is no longer necessary or you withdraw consent where consent was the basis).
• Restriction: to restrict processing in certain situations (e.g. while accuracy is verified).
• Data portability: to receive your data in a structured, commonly used format where the processing is based on contract or consent and is carried out by automated means.
• Objection: to object to processing based on legitimate interests or to direct marketing.
• Withdraw consent: where processing is based on consent.
• Lodge a complaint: with a supervisory authority (e.g. in the EEA or UK) or, in Australia, with the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, contact us using the details in section 1. We will respond within the timeframes required by applicable law (e.g. one month under GDPR, subject to extensions where permitted). In Australia, we will handle complaints in line with the Privacy Act and the APPs.

9. Children

Our Site and services are not directed at individuals under 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Site or legal requirements. The “Last updated” date at the top indicates when the policy was last revised. We encourage you to review this page periodically. Where required by law, we will notify you of material changes (e.g. by email or a notice on the Site) or ask for your consent where necessary.

11. Additional information for specific regions

Australia: If you wish to make a complaint about our handling of your personal information, you may contact the OAIC (www.oaic.gov.au). We will cooperate with any investigation and endeavour to resolve complaints in line with the Privacy Act.

EEA/UK: If you are in the EEA or the UK, the legal basis for processing and your rights are as set out in sections 4 and 8. You have the right to lodge a complaint with your local data protection supervisory authority.