Privacy Policy
Effective date: 20 March 2026
Operator: Spinessplantis, Dining Precinct, Shop 403, Australia Square, level 4/264 George St, Sydney NSW 2000, Australia
Contact: community@spinessplantis.world · +61 2 9299 2858
1. Introduction and scope
This Privacy Policy explains how Spinessplantis ("we", "us", "our") collects, uses, discloses, stores, and protects personal information when you visit https://spinessplantis.world/ (the "Site"), purchase or enquire about EvenVior, subscribe to updates, or otherwise interact with us. We aim to meet transparency expectations under the Australian Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and, where the EU or UK General Data Protection Regulation ("GDPR") applies, the relevant GDPR requirements. This Policy also supports consistent practice for visitors from other regions who expect comparable disclosures.
This Policy does not cover third-party websites, payment processors, or social platforms that link from the Site. Those services have their own policies. When you leave our Site, review their terms before providing personal information.
2. Data controller and representative details
For personal data covered by the GDPR, the data controller is Spinessplantis operating from the address listed above. For Australian privacy law purposes, we are the APP entity responsible for personal information we collect and hold in connection with the Site and related operations.
You may contact us for privacy questions, requests, or complaints using community@spinessplantis.world or the postal address above. Written correspondence should include enough detail for us to verify your request where required by law. We may ask for reasonable identity verification before disclosing or changing records.
3. Categories of personal information we collect
Depending on how you interact with us, we may collect:
- Identity and contact data: name, email address, phone number if provided, delivery address when you supply it for shipping, and similar contact fields entered in forms.
- Transaction data: order references, product selections such as EvenVior, payment status flags, delivery preferences, and communications about fulfilment. Card numbers are typically processed directly by our payment service provider and not stored by us beyond what they return for reconciliation, unless a different arrangement is expressly stated at checkout.
- Technical and usage data: IP address, device type, browser version, approximate location derived from IP, pages viewed, referring URLs, timestamps, and diagnostic logs needed to secure the Site.
- Cookie and similar technologies data: identifiers stored on your device where you consent to non-essential cookies, as described in our Cookie Policy.
- Support and content of communications: free-text messages you send, including health-adjacent comments you choose to include. We do not solicit special categories of data; please avoid sending sensitive medical information unless necessary and lawful.
- Marketing preferences: records of consent, opt-outs, and channel preferences where applicable.
4. How we collect personal information
We collect information:
- Directly from you when you submit forms, place orders, create an account if offered, email us, or call our listed number.
- Automatically through server logs, analytics tools where permitted, and security monitoring when you browse the Site.
- From service providers such as payment gateways, carriers, email delivery services, and hosting partners, who share data needed to perform their functions.
- From fraud prevention and address validation tools where used to protect transactions.
5. Purposes of processing and legal bases (GDPR)
We process personal information for the following purposes. Where GDPR applies, we indicate representative legal bases. Australian law uses different language; the purposes remain consistent with APP 3 (collection of solicited personal information) and APP 6 (use or disclosure).
- Providing products and services (GDPR: performance of a contract; Australian law: primary purpose of supply): processing orders, taking payments, arranging delivery of EvenVior, providing customer support, and managing returns under our Return Policy.
- Website operation and security (GDPR: legitimate interests; Australian law: related secondary purpose): maintaining uptime, debugging errors, detecting intrusion or abuse, enforcing our Terms of Service, and protecting users.
- Compliance with law (GDPR and Australian law: legal obligation): tax, consumer, record-keeping, and regulatory requirements applicable in Australia and other jurisdictions where we operate.
- Analytics to improve the Site (GDPR: consent where required; otherwise legitimate interests with opt-out where mandated): understanding aggregate navigation patterns and performance, provided you have not rejected non-essential cookies where consent is the appropriate basis.
- Marketing communications (GDPR: consent or soft opt-in where permitted; Australian law: consent or inferred consent consistent with spam rules): sending promotional emails or displaying relevant ads when you have agreed or when another lawful basis applies.
- Handling privacy rights requests (GDPR and Australian law: legal obligation and legitimate interests): responding to access, correction, erasure, restriction, objection, and portability requests.
6. Disclosure of personal information
We may disclose personal information to:
- Payment processors, banks, and fraud screening providers involved in completing transactions.
- Logistics and courier companies for delivery and returns.
- Cloud hosting, email, ticketing, and backup providers that process data under written terms requiring confidentiality and security.
- Professional advisers, including lawyers and accountants, where bound by confidentiality.
- Authorities when required by law, court order, or lawful request, or to protect rights, safety, and property.
- Potential purchasers in a merger or asset sale, subject to appropriate confidentiality and continued protection of personal information.
We do not sell personal information for money. Where analytics or advertising partners could be considered "sharing" under some state laws, we rely on consent toggles described in our Cookie Policy and provide opt-out mechanisms as required.
7. International transfers
Our primary operations are in Australia. Some service providers may process data in the European Economic Area, the United Kingdom, the United States, or other countries. When we transfer personal data from the EEA, UK, or Switzerland, we implement appropriate safeguards such as Standard Contractual Clauses, adequacy decisions where available, or supplementary measures as required by regulators. You may request further information about transfers by emailing community@spinessplantis.world.
8. Retention
We retain personal information only as long as necessary for the purposes above, including legal, accounting, and dispute resolution needs:
- Order and billing records: typically seven years from the end of the financial year in which the transaction occurred, unless a shorter or longer period is required by applicable tax or consumer law.
- Marketing consents and suppression lists: for the duration of the relationship plus a reasonable period after withdrawal of consent to honour opt-outs.
- Support tickets and email correspondence: up to thirty-six months after closure unless a dispute or legal hold requires longer retention.
- Server and security logs: rolling retention, commonly between thirty and one hundred eighty days, unless extended for incident investigation.
- Cookie-linked identifiers: as described in the Cookie Policy, often thirteen months or less for analytics where used.
When retention ends, we delete or de-identify information where feasible.
9. Security measures
We implement administrative, technical, and organisational measures appropriate to the risk, including:
- TLS encryption for data in transit between your browser and the Site where HTTPS is correctly configured on the server.
- Access controls limiting staff and contractor access to personal data on a need-to-know basis.
- Authentication protections for administrative interfaces.
- Backups and redundancy arrangements with reputable providers.
- Procedures to assess vendors and require data processing terms.
No online transmission is completely secure. You should protect your credentials and devices. If you believe your interaction with us has been compromised, contact us promptly.
10. Your rights under the GDPR
Where GDPR applies, you may have the right to:
- Access your personal data and obtain certain information about processing.
- Rectify inaccurate data.
- Erase data in specific circumstances ("right to be forgotten").
- Restrict processing in certain cases.
- Data portability for data you provided where processing is based on consent or contract and is carried out by automated means.
- Object to processing based on legitimate interests, including profiling in some contexts.
- Withdraw consent at any time where processing is consent-based, without affecting the lawfulness of processing before withdrawal.
- Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of an alleged infringement.
To exercise these rights, email community@spinessplantis.world. We respond within one month where required, with possible extensions for complex requests. You may need to verify your identity.
11. Your rights under Australian privacy law
Under the APPs you may:
- Request access to personal information we hold about you (APP 12).
- Request correction of information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading (APP 13).
- Complain if you believe we have mishandled your information.
We will respond within a reasonable period. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
12. Children
EvenVior is intended for adults. The Site is not directed to children under sixteen, and we do not knowingly collect personal information from children. If you believe a child has provided data, contact us and we will take appropriate steps to delete it, subject to law.
13. Automated decision-making
We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects on individuals. If this changes, we will update this Policy and provide information about logic, significance, and your rights.
14. Changes to this Policy
We may update this Policy to reflect operational, legal, or regulatory changes. The effective date at the top will change, and for material updates we may provide a notice on the Site or by email where appropriate. Continued use after the effective date constitutes acceptance of the updated Policy where permitted by law.
15. Regulatory disclosures and definitions
References to "personal information" align with Australian law and, where applicable, "personal data" as defined in the GDPR. "Processing" includes collection, storage, use, disclosure, and deletion. If any provision conflicts with mandatory local law, the mandatory provision prevails.
For California or other US state residents, additional rights may apply when our processing meets jurisdictional thresholds. Contact us with your state of residence and request details; we will respond consistent with applicable law.