Privacy Policy
This Privacy Policy explains how Thimyxolkhap (“we”, “us”) processes personal data when you use https://thimyxolkhap.world and related services. We act as the data controller for personal data described below.
1. Data controller and contact
Legal trading name: Thimyxolkhap
Address: 219 State Route 72, Perth WA 6000, Australia
Email identifiers on file: info@thimyxolkhap.world, contact@thimyxolkhap.world, support@thimyxolkhap.world, help@thimyxolkhap.world (use the channel we publish for your region).
EU/UK representative (if required): Until a representative is appointed, you may contact us at the address above. We will respond within one month where GDPR applies, subject to extensions permitted by law.
2. Categories of personal data
- Identity and contact data: name, email address, optional phone number, message content you submit.
- Technical data: IP address, browser type, device identifiers, approximate location derived from IP, pages viewed, and timestamps.
- Cookie and similar technologies data as described in our Cookie Policy.
- Order-related data if a transaction is concluded: delivery details, payment reference metadata (payment card data is handled by payment providers where used).
3. Purposes and lawful bases (GDPR Article 6)
- Responding to enquiries and forms — lawful bases: consent (Article 6(1)(a)) for marketing opt-ins where requested; legitimate interests (Article 6(1)(f)) in handling customer requests and pre-contract steps.
- Operating the website and security — legitimate interests in fraud prevention, abuse detection, and service integrity; legal obligation where applicable.
- Analytics and marketing cookies — consent (Article 6(1)(a)) when you enable these via the cookie banner.
- Compliance and disputes — legal obligation and legitimate interests in establishing or defending legal claims.
4. Retention
Enquiry records are kept for up to twenty-four months unless a longer period is needed for active cases, tax, or regulatory requirements. Technical logs are rotated on a shorter cycle where feasible. Cookie retention depends on each cookie’s purpose and is listed in the Cookie Policy.
5. Recipients and processors
We use infrastructure and email providers that process data on our instructions. Where processors are outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions where available.
6. Your rights
Depending on your location, you may have the right to access, rectify, erase, restrict processing, object, and data portability, and to withdraw consent at any time without affecting prior lawful processing. You may lodge a complaint with your supervisory authority. Australian residents may also refer to the Office of the Australian Information Commissioner for privacy matters.
7. Security
We apply HTTPS transport, access controls, and vendor due diligence. No online transmission is completely secure; please use strong passwords and avoid sharing sensitive health data unless necessary.
8. Children
The site is not directed at children under sixteen. We do not knowingly collect their personal data.
9. Health-related information, advertising, and sensitive categories
This website presents Cardystrix as a food supplement only. We do not invite you to share special category health data (for example detailed diagnoses) through forms. If you voluntarily include health information in a message, we use it solely to respond to that enquiry and then retain it under the periods in Section 4.
Our operator is based in Western Australia. Product copy is intended to align with the Therapeutic Goods Act 1989, applicable Food Standards Australia New Zealand (FSANZ) rules for foods, and Australian Consumer Law. We do not use the site to make therapeutic claims or to substitute professional care.
Where we purchase or use third-party advertising (including Google Ads), we aim to meet platform policies for healthcare and consumer products: ads and keywords are limited to factual attributes (for example format, availability, price where shown), and we do not target audiences based on sensitive health conditions. Creative assets and landing pages are kept consistent so that a user who arrives from an ad sees the same non-medical positioning as organic visitors.
10. Geographic scope
Day-to-day processing for orders and hosting is managed from Australia. Visitors from the European Economic Area or United Kingdom may exercise GDPR rights as described in Section 6. Visitors from other regions may have additional rights under local privacy statutes; contact us using the identifiers on file and we will review your request.
11. Updates
We may revise this policy to reflect legal or operational changes. Material updates will be indicated by revising the “Last updated” date above.