This policy is designed to be read alongside the Cookies Policy. Technical identifiers linked to cookies are described there; this page focuses on personal data more broadly.
Scope and material scope
This policy applies to information processed through the public website, email correspondence with addresses ending in shexlyonuivar.world, and telephone enquiries handled at +61 3 9848 1699. It does not describe processing inside third-party platforms unless those platforms act on our instructions as processors, in which case we summarise the relationship at a high level.
We do not sell personal data as a line of business. Any future change to that position would require an updated policy and, where consent or legitimate interest assessments change, additional notices.
Controller and regional contacts
The data controller is Shexlyonuivar, 619 Doncaster Rd, Doncaster VIC 3108, Australia. For privacy requests, email assist@shexlyonuivar.world with “Privacy request” in the subject line so routing stays consistent.
If you reside in the European Economic Area or United Kingdom and wish to raise a matter before a supervisory authority, you may contact the authority in your country of habitual residence or place of work. Dutch residents often engage the Autoriteit Persoonsgegevens when local law applies.
Categories of personal data
We may process identifiers you supply (name, email address), free-text messages you include in forms, and limited technical data such as browser family, device category, rough region derived from IP when server logs are enabled, and timestamps that help us understand traffic shape.
You provide
Contact fields, optional notes, and attachments if we explicitly enable them.
Systems collect
HTTP metadata, error codes, and anti-abuse signals required to keep the site stable.
Purposes and legal bases
We respond to enquiries under Article 6(1)(b) GDPR as preparatory steps for a potential contract or as part of pre-contractual dialogue where you initiate contact. We maintain site security and integrity under Article 6(1)(f) GDPR, balancing your rights against our interest in preventing misuse.
Where analytics or marketing technologies require consent, we rely on Article 6(1)(a) GDPR. You may withdraw consent through the cookie banner or by contacting us; withdrawal does not affect the lawfulness of processing that occurred beforehand.
Advertising and online measurement
Where we use online advertising platforms (including search and display networks), we may process limited data to measure ad delivery, approximate conversions, and to reach audiences interested in general food-choice content. Details appear in our Cookies Policy; marketing-related storage is optional and controlled through consent tools where required.
We do not sell personal data as an unrelated commercial product. Our Transparency page summarises business identity and honest landing page practices for visitors arriving from advertisements.
International transfers
Infrastructure providers may store or process data outside your country. When data leaves the EEA or UK, we implement appropriate safeguards such as Standard Contractual Clauses with supplementary technical and organisational measures where risk analysis indicates they are needed.
We review subprocessors periodically and expect them to notify us of incidents without undue delay so we can coordinate with you when personal data is affected.
Retention schedule
Contact form archives are kept for up to twenty-four months unless a dispute, audit, or statutory obligation requires a longer window. Raw server logs that contain IP addresses rotate within ninety days unless security investigations justify a short extension.
Records that prove consent for marketing or analytics are kept separately from behavioural profiles so that evidence remains available without prolonging unnecessary identifiers.
Security measures
We apply role-based access, separation between environments where feasible, transport encryption for browser sessions, and vendor due diligence proportionate to risk. No system is perfectly secure; we document suspected breaches and notify authorities or individuals when the GDPR or Australian law requires it.
If you believe an account or address was used without authorisation, tell us promptly so we can review access logs and lock affected workflows.
Your rights
Subject to applicable law, you may request access, rectification, erasure, restriction of processing, data portability, and object to processing grounded in legitimate interests. You may withdraw consent for consent-based activities at any time.
We respond within one month for most GDPR requests unless complexity requires an extension, in which case we explain why. Identification checks may be required to prevent disclosure to the wrong person.
Complaints
We prefer to resolve issues directly. If you remain unsatisfied, supervisory authorities in the EU or UK, or the Office of the Australian Information Commissioner for Australian matters, can accept complaints.
Australian privacy principles
We aim to meet APPs 1–13 for individuals dealing with us in Australia, including transparent collection, secure storage, and access correction pathways that mirror the practical descriptions above.
Children
This site addresses adults. We do not knowingly collect data from children without parental authority. If you believe we received such data, contact us and we will delete it promptly where deletion is consistent with law.
Automated decisions
We do not make solely automated decisions with legal or similarly significant effects through this website.
Changes to this policy
We may revise this policy to reflect new features or regulatory guidance. The hero section shows today’s date dynamically when you load the page so you can align your reading with internal change logs.