Privacy Policy

Last updated: 13 March 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Quarrionchivreal
120 Queen St, Brisbane City QLD 4000, Australia
Email: team@quarrionchivreal.world
Phone: +61732100668

2. Scope and legal basis

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website https://quarrionchivreal.world (the "Website") and our services. It applies to visitors, customers, and anyone who contacts us or submits data through the Website.

We process personal data in accordance with:

• the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth);
• where applicable, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) for individuals in the European Economic Area;
• other applicable Australian and international data protection laws.

3. Personal data we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email address, phone number (if provided), and postal address when you place an order or contact us.
• Transaction data: order details, payment-related information (processed by secure third-party payment providers), and delivery information.
• Technical and usage data: IP address, browser type and version, device type, time zone, pages visited, and how you use the Website. This may include data collected via cookies and similar technologies as described in our Cookie Policy.
• Communication data: content of messages you send us (e.g. via contact or order forms) and records of correspondence.

4. Purposes and legal bases for processing

We use your personal data for the following purposes and, where GDPR applies, on the following legal bases:

• Fulfilment of orders and contracts: to process orders, deliver products, and provide customer support. Legal basis: contract performance (GDPR Art. 6(1)(b)); legitimate interest (APPs).
• Communication: to respond to enquiries and send order or shipping confirmations. Legal basis: contract performance; legitimate interest.
• Website operation and security: to run the Website, prevent fraud, and ensure security. Legal basis: legitimate interest (GDPR Art. 6(1)(f)); legal obligation where applicable.
• Analytics and improvement: to understand how the Website is used and improve our services, where we have your consent or a legitimate interest and where cookies are used as set out in our Cookie Policy. Legal basis: consent (GDPR Art. 6(1)(a)) or legitimate interest.
• Marketing: only where you have given consent, to send promotional communications. You may withdraw consent at any time. Legal basis: consent (GDPR Art. 6(1)(a)).
• Legal and regulatory compliance: to comply with applicable laws, regulations, and authorities. Legal basis: legal obligation (GDPR Art. 6(1)(c)).

5. Retention periods

We retain your personal data only for as long as necessary for the purposes set out in this policy:

• Order and customer data: for the duration of the contractual relationship and thereafter for a period required by tax and commercial law (typically 7 years in Australia where applicable).
• Contact and enquiry data: until your enquiry is resolved and for a reasonable period thereafter for follow-up (e.g. 2–3 years), unless a longer period is required by law.
• Technical and access logs: generally up to 12 months, unless a longer period is needed for security or legal purposes.
• Cookie and analytics data: as specified in our Cookie Policy.
• Marketing data: until you withdraw consent or object, and then only as needed for record-keeping where required by law.

After the retention period, we delete or anonymise your data so that it no longer identifies you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

• use of HTTPS and encryption for data in transit;
• secure hosting and access controls;
• restriction of access to personal data to authorised personnel on a need-to-know basis;
• regular review of our security practices and, where applicable, compliance with industry standards.

Despite these measures, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and to contact us promptly if you suspect any unauthorised use of your data.

7. Sharing and international transfers

We may share your personal data with:

• Service providers: payment processors, shipping and logistics partners, email and hosting providers, and analytics providers, who act on our instructions and are bound by confidentiality and data protection obligations.
• Legal and public authorities: when required by law, court order, or to protect our rights, safety, or property.

Some recipients may be located outside Australia or the European Economic Area. Where we transfer data to countries not recognised as providing an adequate level of data protection, we implement appropriate safeguards (e.g. standard contractual clauses approved by relevant authorities) as required by applicable law.

8. Your rights

Depending on your location, you may have the following rights:

• Access: to obtain confirmation as to whether we process your personal data and to receive a copy of that data.
• Rectification: to have inaccurate or incomplete personal data corrected.
• Erasure: to request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary or you withdraw consent).
• Restriction: to request that we limit the processing of your data in certain situations.
• Data portability: to receive your data in a structured, commonly used, machine-readable format where the processing is based on consent or contract and is carried out by automated means.
• Objection: to object to processing based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing.
• Withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
• Lodging a complaint: to lodge a complaint with a supervisory authority. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC). In the EEA, you may contact the data protection authority in your country of residence.

To exercise any of these rights, please contact us using the details in section 1. We will respond within the timeframes required by applicable law (e.g. one month under GDPR, subject to extensions where permitted). We may need to verify your identity before processing your request.

9. Children

Our Website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete such information.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, law, or the Website. The "Last updated" date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent to any material change in how we use your personal data.

11. Contact

For any questions about this Privacy Policy or our handling of your personal data, please contact:

Quarrionchivreal
120 Queen St, Brisbane City QLD 4000, Australia
Email: team@quarrionchivreal.world
Phone: +61732100668