Drexalongrdriz

Legal · privacy

Privacy policy

This document explains how Drexalongrdriz collects, uses, stores, and shares personal data when you browse drexalongrdriz.world, purchase goods, book services, or communicate with our Auckland studio. We drafted it to align with the EU GDPR as a baseline and with the New Zealand Privacy Act 2020.

Plain summary We only ask for data we need to run the studio, ship orders, and reply to you. You can ask what we hold, fix mistakes, export machine-readable copies where applicable, and object to certain processing. Contact details sit at the end of this page.

Scope and audience

This policy applies to visitors, account holders where we offer them, wholesale partners, and anyone who emails or telephones us. It covers processing on our website, in our Mount Eden studio by appointment, and through partners who deliver parcels or process payments on our instructions.

If you follow links to third-party sites, their policies govern those experiences. We do not control external platforms.

Data controller

Drexalongrdriz is the controller for personal data described here. Registered address: 397 Mount Eden Road, Mount Eden, Auckland 1024, New Zealand. Email assist@drexalongrdriz.world. Phone +64 29 126 5482.

Categories of personal data

Depending on how you interact with us, we may process:

  • Identity and contact: name, delivery address, billing address, phone number, email address, company name for trade orders.
  • Communications: free-text messages, call notes you consent to, attachments, and metadata such as timestamps.
  • Transaction: order identifiers, product selections, shipping labels, refund references, and payment status. Card numbers are tokenised by payment processors; we do not store full primary account numbers in our own databases.
  • Technical: IP address, browser user-agent, device type, approximate region derived from network data, referring URL, and crash diagnostics if you opt in to share them.
  • Cookie and storage signals: consent records, preference keys, and pseudonymous identifiers as described in our Cookies policy.
  • Studio visits: appointment times, accessibility notes you provide, and sign-in records where required for building access.

Purposes of processing

We use personal data to:

  • Provide products, services, and guidance you request.
  • Process payments, prevent fraud, and reconcile accounts.
  • Communicate about orders, shipping, and service changes.
  • Maintain the security and integrity of our website and internal tools.
  • Measure aggregated traffic and campaign performance when you allow optional cookies.
  • Comply with law, respond to lawful requests, and enforce our Terms of use.
  • Improve accessibility, content clarity, and product information—using aggregated or pseudonymised data where possible.

Legal bases

Where GDPR applies, we rely on:

  • Contract: processing necessary to perform or enter a contract with you.
  • Legitimate interests: securing our systems, understanding aggregated usage, and studio operations—balanced against your rights.
  • Legal obligation: tax, customs, and regulatory record-keeping.
  • Consent: marketing messages, certain cookies, and optional surveys—withdrawable at any time without affecting lawful processing that does not depend on consent.

Under New Zealand law, we collect information only for lawful purposes connected to our functions and store it securely.

Retention periods

We keep data only as long as necessary for the purposes above:

Enquiries

Up to twenty-four months after the last message unless a dispute or warranty case requires longer retention.

Orders and tax

Up to seven years for invoices and related correspondence, aligned with Inland Revenue expectations for business records.

Analytics logs

Up to fourteen months for pseudonymous server logs where optional analytics are enabled.

Marketing

Until you unsubscribe or withdraw consent, then minimal suppression records to avoid accidental re-contact.

Sharing with processors

We share data with vetted processors who host infrastructure, transmit email, process card payments, print labels, or deliver parcels. Contracts require them to follow instructions, implement appropriate safeguards, and delete or return data when services end.

We do not sell personal data and do not share it for unrelated third-party marketing without explicit consent.

International transfers

Some processors store data in the European Economic Area, the United Kingdom, or the United States. Where data leaves New Zealand or the EEA without an adequacy decision, we use mechanisms such as standard contractual clauses and supplementary measures that fit the risk profile.

Security measures

We apply role-based access, least-privilege accounts, transport encryption for web traffic, patching cadence, and confidentiality commitments from staff. Physical records in the studio sit in locked storage. No control eliminates all risk; we review practices after incidents or material vendor changes.

Your rights

Subject to applicable law, you may request access, correction, deletion, restriction, objection, or portability. You may withdraw consent for processing that depends on it. You may lodge a complaint with a supervisory authority—in New Zealand, the Office of the Privacy Commissioner—or, where GDPR applies, with your local authority.

To exercise rights, email us with enough detail to identify your request. We respond within statutory timeframes and may ask for proportionate verification.

Children

Our marketing and commerce experiences target adults. We do not knowingly collect personal data from children without verifiable parental authority.

Complaints

If you disagree with how we handle data, contact us first. You may escalate to the Office of the Privacy Commissioner or another competent regulator depending on your residence and the processing involved.

Policy changes

We update this page when practices evolve. The date at the top of the hero section reflects the latest substantive review. Continued use after notice may constitute acceptance where law permits.

For cookie-specific detail, see the Cookies policy. For returns, see the Return policy.