Privacy Policy

Last updated:

1. Introduction

Xakrionddhul ("we", "us", or "our") operates the website xakrionddhul.world and sells the Cardavion dietary supplement in Australia. We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the General Data Protection Regulation (GDPR).

This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how long we retain it, and what rights you have.

2. Data Controller

Xakrionddhul

16 Frederick St, Djugun WA 6725, Australia

Phone: +61891945500

Email: touch-@xakrionddhul.world

Website: xakrionddhul.world

3. Personal Data We Collect

We collect the following categories of personal data:

  • Identification data: Full name, email address, phone number.
  • Order and transaction data: Delivery address, payment method details (processed by our payment provider), order history.
  • Communication data: Messages you send us via the contact or order form.
  • Technical data: IP address, browser type, operating system, pages visited, time and date of visit, referring URLs.
  • Cookie data: Data collected through cookies and similar technologies as described in our Cookie Policy.

4. Purposes and Legal Bases for Processing

  • Order fulfilment: Processing and delivering your orders. Legal basis: performance of a contract.
  • Customer support: Responding to your questions and requests. Legal basis: legitimate interest and contract.
  • Legal compliance: Complying with Australian consumer law and tax obligations. Legal basis: legal obligation.
  • Marketing communications: Sending promotional information (only with your explicit consent). Legal basis: consent (withdrawable at any time).
  • Site analytics: Improving website functionality and user experience. Legal basis: legitimate interest.

5. Data Retention

We retain your personal data only as long as necessary for the purposes described above:

  • Order and transaction records: 7 years (as required under Australian tax law).
  • Customer support messages: 3 years from the date of the last interaction.
  • Marketing consent records: until consent is withdrawn plus 1 year.
  • Technical and analytics data: up to 26 months in aggregate, anonymised form.

6. Disclosure of Personal Data

We do not sell your personal data. We may share it with:

  • Logistics and delivery providers for order fulfilment.
  • Payment processors who handle transactions under their own privacy policy and PCI-DSS compliance.
  • Analytics providers (e.g. Google Analytics) under data processing agreements.
  • Legal and regulatory authorities when required by applicable law.

Any third party receiving your data is required to protect it in accordance with applicable privacy law.

7. International Data Transfers

Some of our service providers may be located outside Australia. When transferring data internationally, we ensure that adequate protections are in place — including Standard Contractual Clauses for transfers to countries without an adequacy decision under the GDPR, and compliance with APP 8 for cross-border disclosures under Australian law.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These include secure HTTPS connections, access controls, encrypted storage of sensitive data, and regular security reviews.

Despite these measures, no transmission over the internet can be guaranteed to be fully secure. We cannot warrant the security of information transmitted to our website.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request erasure of your data where we no longer have a legal basis to retain it.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format (GDPR users).
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at the details in Section 2. We will respond within 30 days (or as required by applicable law).

10. Complaints

If you believe we have not handled your personal data correctly, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or, for EU residents, with your local data protection authority.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We encourage you to review this policy periodically.