Controller identity and escalation path
Brizelonzimil.world operates the website located at
brizelonzimil.world and remains the primary controller for personal
data described here. Our registered contact point is 45A Paul Matthews Road, Rosedale,
Auckland 0632, New Zealand. Email correspondence for privacy topics flows to ask@brizelonzimil.world
with “Privacy Request” in the subject line so automated filters can prioritise statutory
timelines.
If you represent an EU or UK resident, you may reference the GDPR Articles cited in this
Policy when communicating with our team. We respond in plain language while mapping each
request to the appropriate statutory provision.
Scope and layered compliance
This Policy covers every digital interaction where you volunteer information or where our
servers create technical records while you browse. It complements the Cookie Policy, which drills into consent-based
technologies, and the contractual language in the Terms of
Service, which explains how commercial relationships mature after initial contact.
The Privacy Act 2020 informs how we assess “permitted reasons,” while the GDPR informs
international visitors. Where both regimes apply simultaneously, we adopt the higher
standard for transparency and individual control.
Categories of personal information
Depending on how you engage with us, we may process identity records (full name, job title
for corporate buyers), contact data (email, phone if you include it inside free text),
correspondence content, purchase preparation data (delivery instructions once a sale
exists), technical identifiers (IP address, user agent, device type), and cookie-derived
signals when you opt in through our preference centre.
We do not operate this static marketing site as a storefront for payment credentials; if we
integrate a processor later, cardholder data will be governed exclusively by that partner’s
PCI-aligned policy.
Purposes and legal bases
- Service fulfillment groundwork—processing order forms under Art.
6(1)(b) GDPR and the NZ equivalent of taking steps before a contract.
- Regulatory evidence—retaining minimal records to comply with tax,
consumer, or advertising inquiries under Art. 6(1)(c).
- Legitimate interests—securing the site, investigating misuse, improving
copy clarity, and training staff with anonymised ticket patterns, balanced against your
rights per Art. 6(1)(f).
- Consent—activating non-essential cookies or sending optional marketing
when you explicitly opt in under Art. 6(1)(a).
Whenever we rely on legitimate interests, we perform a written balancing test and store
it internally so supervisory authorities can review our rationale.
Recipients and processor due diligence
We collaborate with hosting providers, DNS registries, transport logistics partners (after a
sale closes), messaging infrastructure suppliers, and professional advisers. Each
relationship is governed by Article 28 GDPR-style clauses or NZ Schedule expectations,
mandating confidentiality, subprocessors disclosures, and breach notification windows.
We never sell personal data as a commodity. If corporate restructuring occurs, your
information transfers only under confidentiality commitments equivalent to this Policy.
International transfers and safeguards
Because global cloud regions may sit outside New Zealand or the EEA, we implement Standard
Contractual Clauses, UK Addenda, or depend on adequacy decisions from the European
Commission. Transfers to the United States reference the Data Privacy Framework principles
where partners certify compliance.
You may request a summary of the mechanisms governing your specific dataset by emailing the
address above.
Retention philosophy
Marketing inquiries remain for twenty-four months after the last substantive reply unless
litigation requires longer holds. Security logs rotate after ninety days. Cookie preferences
persist for twelve months to demonstrate consent trails. Order documents follow statutory
taxation timelines in each jurisdiction where sales finalize.
Automated deletion jobs run quarterly, and manual overrides require director approval
documented inside our compliance register.
Security controls in plain language
Transport encryption applies to every public page through HTTPS. Administrative consoles
demand multi-factor authentication and unique passphrases rotated quarterly. Access to
customer exports is logged, and least-privilege rules limit visibility to the Auckland
coordination pod unless a specialist engineer troubleshoots an incident.
We maintain offline backups with the same classification labels as production data, encrypted
before they leave trusted facilities.
Your rights and complaint venues
EU and UK individuals may access, rectify, erase, restrict, port, or object; pause automated
decisions if we ever introduce them; and withdraw consent without retroactive harm. New
Zealand consumers enjoy comparable access and correction tools under the Privacy Act.
Supervisory contacts include the Office of the Privacy Commissioner (New Zealand), your local
EU authority, or the ICO if you reside in the United Kingdom. We invite dialogue first so we
can resolve concerns without unnecessary friction.
Profiling and automated decision-making
We do not score individuals for creditworthiness or health outcomes. Any future modelling for
logistics optimisation would exclude special-category data and include human review before
rejecting an order.
Children’s data
Alira communications target adults. If you believe a minor submitted information without
guardian oversight, alert us immediately so we can delete the records and confirm to you in
writing.
How we notify you about changes
Material revisions appear in the on-page changelog we mirror inside internal wikis, and we
refresh the dynamic “as of” stamp atop this document each time you load it so you know when
the interpretation was last synced for public viewing.