Valtoranshol

Privacy Policy

Last updated: 9 March 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Valtoranshol
1/185 Macquarie St, Sydney NSW 2000, Australia

Email: touch@valtoranshol.world
Phone: +61 2 9221 1622

If you have questions about this Privacy Policy or about your personal data, you may contact us at the above address or email.

2. Scope and applicability

This Privacy Policy applies to the website valtoranshol.world (the “Website”) and to the processing of personal data carried out by Valtoranshol in connection with the Website and the sale of Wellvanta and related services. It describes what personal data we collect, for what purposes we use it, on what legal basis we process it, how long we keep it, with whom we may share it, and what rights you have under applicable data protection law, including the General Data Protection Regulation (GDPR) where it applies, and the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) in Australia.

3. Personal data we collect

We may collect the following categories of personal data:

3.1 Data you provide to us

  • Name and contact details (e.g. email address, postal address, phone number) when you place an order, complete a contact form, or subscribe to communications.
  • Order and transaction information (e.g. products ordered, payment-related information as necessary for processing).
  • Communications you send to us (e.g. messages in contact or order forms, correspondence by email).
  • Consent records (e.g. that you have agreed to our Terms of Service, Privacy Policy, or marketing communications where applicable).

3.2 Data collected automatically

  • Technical data: IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access.
  • Cookie and similar technologies data: as described in our Cookie Policy.

4. Purposes and legal basis for processing

We process your personal data for the following purposes and on the following legal bases (where the GDPR applies, we rely on the bases set out in Article 6 GDPR; in Australia we rely on the APPs and permitted purposes):

  • Performance of a contract: To process and fulfil your orders, manage your account (if any), and communicate with you about your order (e.g. confirmation, shipping). Legal basis: contract performance.
  • Legitimate interests: To operate, secure and improve our Website, prevent fraud, handle complaints, and defend our legal rights. Legal basis: legitimate interests, provided they are not overridden by your interests or fundamental rights.
  • Legal obligation: To comply with applicable laws (e.g. tax, consumer, and regulatory requirements). Legal basis: legal obligation.
  • Consent: Where we ask for your consent (e.g. for non-essential cookies, marketing communications), we process the relevant data on the basis of that consent. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, accounting, or reporting requirements.

  • Order and customer data: Generally for the duration of the contractual relationship plus a period necessary for warranty, returns, and legal claims (typically up to 7 years after the last transaction, or as required by law).
  • Contact form and correspondence: For the time needed to handle your request and any follow-up, plus a reasonable period for establishing or defending legal claims (e.g. up to 3 years unless a longer period is required by law).
  • Marketing and consent records: Until you withdraw consent or object, and for a short period thereafter to document your choice (e.g. up to 3 years).
  • Technical and access logs: As set out in our Cookie Policy or for security purposes (e.g. up to 12 months unless a longer period is required for security or legal reasons).

After the retention period, we delete or anonymise your data so that it no longer identifies you.

6. Recipients and international transfers

We may share your personal data with:

  • Service providers who assist us (e.g. hosting, payment processing, shipping, email delivery, analytics) and who are bound by confidentiality and data processing agreements where required by law.
  • Professional advisers (e.g. lawyers, accountants) when necessary for our legitimate interests or legal obligations.
  • Public authorities when required by law or to protect our rights.

Some of these recipients may be located outside Australia or the European Economic Area (EEA). Where we transfer data to countries that are not recognised as providing an adequate level of data protection, we implement appropriate safeguards (e.g. standard contractual clauses approved by the European Commission or equivalent mechanisms) as required by applicable law.

7. Security measures

We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • Use of HTTPS and encryption for data in transit where appropriate.
  • Access controls and authentication so that only authorised personnel can access personal data.
  • Regular review of our security practices and, where applicable, reliance on certified or audited service providers.
  • Training of staff on data protection and confidentiality.

No method of transmission over the Internet or electronic storage is completely secure; we cannot guarantee absolute security but we strive to protect your data in line with industry practice and legal requirements.

8. Your rights

Depending on your location, you may have the following rights in relation to your personal data:

  • Access: To obtain confirmation as to whether we process your personal data and, where that is the case, to access that data and receive a copy.
  • Rectification: To have inaccurate or incomplete personal data corrected.
  • Erasure: To request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary, or where you withdraw consent and there is no other legal ground).
  • Restriction: To request that we restrict processing in certain situations (e.g. while you contest accuracy or the lawfulness of processing).
  • Data portability: Where processing is based on contract or consent and carried out by automated means, to receive your data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller.
  • Objection: To object to processing based on legitimate interests, including profiling, and to object to processing for direct marketing at any time.
  • Withdraw consent: Where processing is based on consent, to withdraw that consent at any time.
  • Lodge a complaint: To lodge a complaint with a supervisory authority. In the EEA, you may contact the data protection authority in your country. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, please contact us using the details in section 1. We will respond within the time limits set by applicable law (e.g. one month under the GDPR, subject to extension where necessary). We may need to verify your identity before processing your request.

9. Children

Our Website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Website, or legal requirements. We will post the updated version on this page and indicate the date of the last update. Where required by law, we will seek your consent or notify you of material changes before they take effect.

11. Additional information for specific regions

11.1 European Economic Area (EEA)

If you are in the EEA, the processing described in this policy may be subject to the GDPR. Our legal bases for processing are set out in section 4. You have the rights listed in section 8, including the right to lodge a complaint with your local data protection authority.

11.2 Australia

If you are in Australia, we also comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Our collection, use, and disclosure of personal information are described in this policy. You may contact us or the OAIC if you have concerns about how we handle your personal information.

Return to home