Privacy Policy

1. Data Controller

Thalfyrottghepae.world (operating under the brand name Wavero), with its principal place of business located at 26-28 Market St, Sydney NSW 2000, Australia, acts as the data controller for all personal data collected and processed through this website and related services. As the data controller, we are responsible for determining the purposes and means of processing your personal information in accordance with applicable data protection laws.

2. Data We Collect

We collect and process the following categories of personal data:

• Identity data: Your name when you submit an order form, contact form, or create an account on our platform.
• Contact data: Your email address, which we use to process orders, respond to inquiries, and send order confirmations.
• Communication data: The content of messages you voluntarily provide when contacting us through our website forms or email.
• Technical data: Your IP address, browser type and version, device information, time zone setting, operating system, and other technology on the devices you use to access our website. This data may be collected through cookies and similar technologies where you have given your consent.
• Usage data: Information about how you use our website, including pages visited and time spent on the site, when analytics cookies are enabled with your consent.

3. Purposes of Processing

We process your personal data for the following purposes:

• To process and fulfil orders you place through our website, including order confirmation and delivery communications.
• To respond to your inquiries, support requests, and feedback submitted through our contact forms.
• To comply with our legal and regulatory obligations, including tax, accounting, and consumer protection requirements.
• To improve our website, products, and services through analytics and usage data, where you have consented to such processing.
• To send you marketing communications, promotional offers, and newsletters only when you have explicitly opted in to receive them.
• To detect, prevent, and address technical issues, fraud, and security threats.

4. Legal Basis Under GDPR

Where the General Data Protection Regulation (GDPR) applies, we process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a)): Where you have given clear consent for specific processing activities, such as marketing communications or non-essential cookies.
• Contract performance (Art. 6(1)(b)): Where processing is necessary to perform our contract with you, including order processing and customer service.
• Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate business interests, such as improving our website, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c)): Where we are required to process your data to comply with applicable laws.

5. Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Order and contact data: Retained for up to 3 years after your last interaction with us, to support customer service, handle disputes, and comply with legal retention requirements.
• Analytics data: Retained for up to 26 months, after which it is aggregated or deleted.
• Cookie data: Retention periods are specified in our Cookie Policy, which you can access from our website footer.
• Legal requirements: Where we are required to retain data for longer periods under applicable law (e.g., tax records), we will do so only to the extent necessary.

6. Your Rights

Under the GDPR and other applicable data protection laws, you have the following rights:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct any inaccurate or incomplete personal data.
• Right to erasure: You may request that we delete your personal data in certain circumstances.
• Right to restriction of processing: You may request that we limit how we use your data in certain situations.
• Right to data portability: You may request a copy of your data in a structured, machine-readable format.
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time.
• Right to lodge a complaint: You may lodge a complaint with a supervisory authority in your country of residence.

To exercise any of these rights, please contact us at admin@thalfyrottghepae.world. We will respond to your request within 30 days where applicable.

7. Data Sharing

We share your personal data only with trusted third parties who assist us in operating our business:

• Payment processors: To securely process payments for your orders.
• Shipping and logistics providers: To fulfil and deliver your orders.
• Analytics providers: Where you have consented, to help us understand website usage and improve our services.
• Legal and regulatory authorities: When required by law or to protect our rights and safety.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

8. International Transfers

Where we transfer your personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure that appropriate safeguards are in place. These may include Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other mechanisms recognised by applicable law. You may request further information about the safeguards we use by contacting us.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption for all data transmitted between your browser and our servers.
• Secure, access-controlled servers with regular security updates.
• Restricted access to personal data on a need-to-know basis.
• Regular review of our security practices and procedures.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make significant changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this policy periodically.