Thivarelsydhar Everyday food strategies

Privacy & data protection

Privacy policy

This document explains who holds your information when you use thivarelsydhar.world, what we do with it, for how long, and what rights you can exercise. It is written to align with the General Data Protection Regulation, New Zealand’s Privacy Act 2020 where relevant, and other international expectations we voluntarily meet.

The calendar above reflects the current day in the browser. The legal text is reviewed independently of this stamp.

Controller, scope, and who this is for

Controller: Thivarelsydhar, 12 Pahau Avenue, Tikipunga, Whangārei 0112, New Zealand. Contact for privacy: contact@thivarelsydhar.world. Phone (general, not a clinical line): +64 9 434 4659.

This policy covers visitors to the public site, people who use the contact form, and, where a paid service is offered, customers who have a separate order record. It does not override what a payment provider’s privacy policy says about the card or wallet layer; we only see what they pass through for settlement when applicable.

If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR and UK GDPR concepts referenced here give you a familiar framework, even when your complaint is finally handled under New Zealand or another forum.

We do not sell personal data as a business model. If we used advertising that depended on a sale, we would describe the categories of recipients with more granularity.

Categories of personal data

Depending on what you do on the site, we may process: identity and contact details (name, email); message content; technical connection data (for example, truncated IP, user agent) when a server or edge network logs a request; consent records and preference flags; business correspondence metadata (timestamps, thread identifiers); and, when you become a service customer, billing-related references that a processor holds on our behalf.

We do not ask for health information. If you volunteer clinical detail in a free-text message, we treat it with extra care, limit who reads it, and will suggest secure channels for anything that looks like a medical record, without ourselves acting as a health service.

Sources and automated decisions

Most data comes from you. Some comes from the browser, and a small part may come from fraud-prevention or infrastructure telemetry that the host attaches to protect the edge. We do not use the public site to build profiles that autonomously decide whether you receive services; human review is involved in any meaningful decision.

Legal bases and purposes in plain language

Responding to you: We rely on the steps you request before a contract, our legitimate interest in replying, and, where a checkbox is required, your consent. Security: Legitimate interest, balanced against a narrow retention window. Optional analytics and marketing on the site: Consent through the cookie layer. Record-keeping and tax: Legal obligation and legitimate interest in orderly accounts.

Purpose (short) Typical data Core basis (EU-style)
Answer email or form Identity, content Contract steps / legitimate interests / consent
Run and secure the site Logs, security tokens Legitimate interests & legal duty where relevant
Improve layout with analytics (opt-in) Pseudonymous usage Consent
News or studio updates (if offered) Email Consent, withdrawable

Processors, categories of recipients, and instructions

We use infrastructure and service partners as processors when they only act on our instructions. Categories may include: website hosting, secure email transport, analytics (if you opt in), payment routing (if you pay), and backup or support vendors under confidentiality terms. We require written commitments where the law expects them, including sub-processor change mechanisms.

International transfers and safeguards

Data may be stored or processed in New Zealand, the European Union, the United States, or other regions where a provider’s data centre is located. Where the GDPR applies, we use Chapter V tools such as standard contractual clauses, supplementary measures when needed, and checks on government access requests in line with recent court guidance, documented at a high level in our vendor files.

How long we keep data

Contact threads: up to two years after the last substantive reply unless a longer hold is required for disputes or the law. Security logs: short rolling windows except where a longer keep is required for a live incident. Consent history: the life of the preference record, refreshed on each change. Bookkeeping: as required by the Inland Revenue and ordinary commercial prudence in New Zealand. After the period, we delete or irreversibly anonymise, unless a narrow archive is still justified.

Your rights and how to use them

You may have the right to access, rectify, delete, restrict, object, data portability, and to withdraw consent. You may have the right to complain to a supervisory authority in the EU/UK, or to the Office of the New Zealand Privacy Commissioner, depending on your situation. To exercise a right, write to the email address above with a clear label in the subject line, so your message is routed correctly. We may ask for reasonable identity evidence before disclosing or changing records, and we explain refusals where the law allows.

You can withdraw marketing consent by using the cookie tool for browser storage flags and by the unsubscribe link in any optional email we may send, if you have signed up for one.

Security measures in proportion to risk

We apply need-to-know access, transport encryption, separation of public assets, credential hygiene, and incident response rehearsal appropriate to a small team. We cannot promise that no event will ever occur; if something materially affects you, we will act to contain it and describe it where the law or good practice expects.

Children and special categories

The site is aimed at adults making household decisions. We do not market to children. If we learn that we have collected data that should be handled by a guardian, we will delete it when deletion is a fair outcome, unless a narrow legal exception applies.

Regulators and good-faith resolution

We prefer to resolve concerns directly. If you are unsatisfied, you may contact the data protection authority that applies in your place of residence, or, in New Zealand, the Office of the Privacy Commissioner, using their published channels.

How we update this text

We will change this policy when the business, the law, or the technology meaningfully changes. The hero section shows today’s date for orientation; a formal “last substantively updated” line may also appear in the body after a big edit. We do not use hidden rewrites: substantive updates are signposted in the first paragraph of the new version for a reasonable period or announced through the contact channel for active customers, where that is practicable.