Privacy Policy

This Privacy Policy explains how Grozelonvrozelon processes personal data in relation to the Wellvita Herb website and associated customer support activities. It applies to all visitors and customers who interact with our website, forms, and communications channels. We operate from Australia and align our processing with applicable Australian privacy standards and internationally relevant principles, including GDPR-aligned transparency, lawful basis identification, user rights handling, and data minimisation practices.

Website owner and controller: Grozelonvrozelon

Address: 97 George St, The Rocks NSW 2000, Australia

Email: support@grozelonvrozelon.world

Phone: +61292472625

For privacy requests, use the email above and include enough detail to allow secure identification.

We collect data that you provide directly, data generated by your interactions with the site, and technical information required for security and reliability.

• Identity and contact data: name, email address, optional phone number.
• Communication data: message content entered in forms and support requests.
• Order request data: selected product, timestamp, consent confirmations, and communication history.
• Technical data: IP-derived region indicators, browser type, device type, session identifiers, and cookie preferences.
• Compliance data: logs needed to demonstrate consent records and policy acceptance where legally required.

We process personal data only for defined purposes and on lawful bases.

• To respond to contact and support requests: legitimate interests and pre-contractual steps.
• To process order enquiries and coordinate customer communication: performance of a contract or pre-contractual steps.
• To maintain website security, prevent abuse, and investigate incidents: legitimate interests and legal obligations where applicable.
• To retain records required by financial, consumer, and dispute resolution laws: legal obligation.
• To use optional analytics or marketing cookies: consent.

We disclose data only where necessary and under appropriate controls.

• Hosting and infrastructure providers that process data on our instructions.
• Customer support and communication service providers for email and follow-up handling.
• Professional advisers and legal representatives if needed for rights protection.
• Authorities or regulators where disclosure is legally required.

When processors are used, contractual safeguards are applied to require confidentiality, limited processing scope, and security standards.

Where data is processed outside your location, we use legal transfer mechanisms suitable for the receiving region, such as contractual safeguards, adequacy decisions where available, and additional technical and organisational protections. Transfer assessments are reviewed periodically to confirm continued adequacy.

We keep personal data only for as long as needed for the stated purposes and legal requirements.

• Contact and enquiry records: up to 24 months after last interaction.
• Order-related communication records: up to 7 years where required for legal and accounting obligations.
• Consent logs for optional cookies: up to 24 months unless withdrawn earlier.
• Security logs: generally 6 to 12 months, extended when incident investigation is required.

Subject to applicable law, you may request access, rectification, erasure, restriction, objection, portability, and withdrawal of consent for consent-based processing. You may also request information about automated decision-making where relevant.

To exercise rights, contact support@grozelonvrozelon.world with the subject line Privacy Request and details of your request. We may request identity verification before acting. We respond within legally required periods.

We maintain administrative, technical, and physical safeguards proportional to data sensitivity, including transport encryption, access controls, role-based permissions, backup practices, security monitoring, and incident response procedures. While no system can guarantee absolute security, we continuously review and improve controls to reduce risk.

This website is intended for adults and does not knowingly collect personal data from children. If we become aware of such data, we will remove it in accordance with legal obligations.

We may update this policy to reflect legal, operational, or technical changes. Material updates will be published on this page with a revised effective date.

Effective date: 2026-03-26