Privacy Policy
Last updated: 13 March 2025
This Privacy Policy ("Policy") describes in detail how Reliablechmalliu ("we", "us", "our") collects, uses, stores, discloses, and protects your personal data when you access or use our website https://reliablechmalliu.world (the "Website"), place orders, or otherwise interact with our services. We are committed to transparency and to complying with all applicable data protection and privacy laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") where it applies, and the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs") in Australia.
1. Data controller and contact details
Data controller (and, where applicable, data processor for the purposes of this Policy): Reliablechmalliu
Registered / business address: Dining Precinct, Shop 403, Australia Square, level 4/264 George St, Sydney NSW 2000, Australia
Email: help@reliablechmalliu.world
Phone: +61 2 9299 2858
For any questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data, please contact us using the details above. We will respond within the timeframes required by applicable law (generally within one month for GDPR-related requests, and within a reasonable period for requests under Australian privacy law).
2. Definitions and interpretation
In this Policy, unless the context otherwise requires:
- "Personal data" (or "personal information" under Australian law) means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
- "Processing" means any operation or set of operations performed on personal data (e.g. collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction).
- "Data subject" means the identified or identifiable natural person to whom the personal data relates (i.e. you, where applicable).
- "Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Scope and applicability
This Policy applies to all personal data that we collect or process in connection with: (a) your use of the Website; (b) orders placed for our products (including Coravitalis and any other goods we offer); (c) communications with us (e.g. contact forms, emails, phone calls); (d) marketing and promotional activities where you have opted in; and (e) any other interaction with our business. It applies regardless of the device or channel you use to interact with us. This Policy does not apply to information that has been anonymised or aggregated so that it no longer identifies you, or to information collected by third-party websites or services that we link to but do not control.
4. Personal data we collect and process
We may collect and process the following categories of personal data, as relevant to your interaction with us:
4.1 Identity and contact data
This may include: your full name; title; email address; telephone number; billing and/or delivery address (including street, city, state/postcode, country); and any other contact or identification details you provide when placing an order, completing a contact or enquiry form, subscribing to communications, or corresponding with us. We collect this data when you voluntarily provide it and, where necessary, we may verify or supplement it (e.g. address validation) to ensure we can fulfil orders and communicate with you effectively.
4.2 Transaction and order data
This includes: details of products ordered (e.g. product name, quantity, price); order date and order reference; payment method and transaction identifiers (we do not store full credit or debit card numbers on our servers); delivery status and tracking information; correspondence related to orders (e.g. support tickets, emails); and, where applicable, refund or return information. We use this data to perform our contract with you, to comply with legal obligations (e.g. tax, consumer law), and to improve our services.
4.3 Technical and usage data
This may include: your IP address; browser type, version, and language; operating system and device type; screen resolution; referring URL and pages visited on our Website; date and time of access; duration of visit; click-stream data; and similar technical or usage information. Such data may be collected automatically via cookies, log files, and similar technologies as described in our Cookie Policy. We use this data to operate and secure the Website, to analyse and improve user experience, and to detect and prevent fraud or abuse, where we have a legitimate interest or your consent as applicable.
4.4 Marketing and communications preferences
This includes: your preferences regarding receiving marketing communications (e.g. email newsletters, promotional offers); your communication history with us (e.g. opt-in/opt-out dates, consent records); and any feedback or survey responses you provide. We process this data on the basis of your consent or, where permitted, our legitimate interest in maintaining an accurate record of your preferences.
4.5 Special categories of data
We do not intentionally collect "special categories" of personal data (e.g. health data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning sex life or sexual orientation) unless you voluntarily provide such information (e.g. in a message or enquiry) and we have a lawful basis to process it. If you provide health-related information in the context of an enquiry about our products, we will use it only to respond to your enquiry and in accordance with this Policy and applicable law.
5. Legal basis for processing (GDPR)
Where the GDPR applies to our processing of your personal data, we process your data only where we have a lawful basis under Article 6(1) GDPR (and, where relevant, Article 9 for special categories). The lawful bases we rely on include:
- Performance of a contract (Article 6(1)(b)): Processing necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. This includes processing orders, delivering products, processing payments, and providing customer support in connection with your purchase.
- Legal obligation (Article 6(1)(c)): Processing necessary for compliance with a legal obligation to which we are subject. This includes retaining records for tax, consumer law, and regulatory purposes; responding to lawful requests from public authorities; and fulfilling other legal duties.
- Legitimate interests (Article 6(1)(f)): Processing necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Our legitimate interests include: operating and improving the Website and our business; preventing fraud and ensuring security; defending our legal rights; conducting internal analytics (where not based on consent); and communicating with you about your orders or enquiries. We carry out a balancing exercise to ensure our interests do not override your rights.
- Consent (Article 6(1)(a)): Where you have given clear consent for one or more specific purposes (e.g. non-essential cookies, marketing emails). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6. Purposes of processing
We process your personal data for the following purposes, in each case to the extent permitted by applicable law:
- To fulfil and manage orders (including payment processing, delivery, and returns) and to communicate with you about your orders.
- To respond to your enquiries, requests, and complaints and to provide customer support.
- To send you service-related communications (e.g. order confirmations, shipping notifications) where necessary for the performance of our contract or our legitimate interests.
- To send you marketing communications where you have given consent or where permitted by law (e.g. soft opt-in in certain jurisdictions). You can opt out at any time.
- To operate, maintain, and improve the Website (including troubleshooting, testing, and analysis) and to ensure its security and proper functioning.
- To analyse usage patterns and trends (e.g. via analytics cookies, where you have consented or we have a legitimate interest) in order to improve our services and user experience.
- To detect, prevent, and address fraud, abuse, security incidents, and other harmful or illegal activity.
- To comply with legal, regulatory, and tax obligations and to respond to lawful requests from courts, law enforcement, or other public authorities.
- To establish, exercise, or defend our legal rights and to protect our business and our users.
7. How we collect your data
We collect personal data through the following means:
- Directly from you: When you provide information via our Website (e.g. order form, contact form, subscription form), by email, by phone, or by post. You are not obliged to provide data that we do not require for the performance of a contract or for a legal obligation; however, if you do not provide certain data, we may not be able to process your order or respond to your request.
- Automatically when you use the Website: Through cookies, log files, and similar technologies. For details, see our Cookie Policy.
- From third parties: We may receive data from payment service providers (e.g. to confirm payment status), delivery and logistics partners (e.g. delivery status), and, where applicable, from analytics or advertising partners (in accordance with your consent or our legitimate interests and their respective privacy policies). We do not buy or rent personal data from data brokers for marketing purposes without your consent.
8. Data retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory, tax, or accounting requirements. Our retention periods are as follows, subject to any longer period required by law or to establish, exercise, or defend legal claims:
- Order and transaction data: For the duration of the contractual relationship and for a period of seven (7) years after the end of the financial year in which the transaction occurred (or such longer period as required by Australian tax or consumer law), for the purposes of accounting, tax compliance, and potential legal claims.
- Contact and enquiry data: Until the enquiry or complaint is fully resolved, and for a further period of up to three (3) years for follow-up and quality assurance, unless you request erasure earlier or we are required to retain it for legal reasons.
- Marketing and consent-based data: Until you withdraw consent or object to processing, or for the period specified at the time of collection (e.g. until you unsubscribe). We will remove or anonymise your data from our marketing lists promptly upon withdrawal.
- Technical and cookie data: As specified in our Cookie Policy (e.g. session data until you close the browser; analytics and similar data as per the relevant provider's retention, typically up to 24 months unless you withdraw consent earlier).
- Security and access logs: For a period necessary to investigate incidents and ensure security, typically up to twelve (12) months, unless a longer period is required for legal or regulatory purposes.
After the applicable retention period has expired, we will securely delete or anonymise your personal data so that it can no longer be used to identify you.
9. Your rights
Depending on your location and applicable law (including the GDPR and Australian privacy law), you may have the following rights in relation to your personal data. To exercise any of these rights, please contact us at help@reliablechmalliu.world. We will respond within the timeframes required by law (e.g. one month under the GDPR, subject to extension where necessary). We may need to verify your identity before processing your request.
9.1 Right of access
You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to access that data and to receive a copy. We will provide the information in a concise, transparent, and intelligible form. Under the GDPR, we will provide one copy free of charge; we may charge a reasonable fee for additional copies or manifestly unfounded or excessive requests.
9.2 Right to rectification
You have the right to have inaccurate personal data concerning you rectified and, taking into account the purposes of the processing, to have incomplete personal data completed (including by means of a supplementary statement).
9.3 Right to erasure ("right to be forgotten")
You have the right to obtain the erasure of your personal data where: the data is no longer necessary for the purposes for which it was collected or otherwise processed; you withdraw consent (where processing was based on consent); you object to processing and there are no overriding legitimate grounds; the data has been unlawfully processed; or the data must be erased to comply with a legal obligation. This right is subject to exceptions where we are required or permitted to retain the data (e.g. for legal claims, legal compliance).
9.4 Right to restriction of processing
You have the right to obtain the restriction of processing where: you contest the accuracy of the data (for a period enabling us to verify accuracy); the processing is unlawful but you prefer restriction to erasure; we no longer need the data but you need it for the establishment, exercise, or defence of legal claims; or you have objected to processing pending verification of whether our legitimate grounds override yours.
9.5 Right to data portability
Where the processing is based on consent or on a contract and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
9.6 Right to object
You have the right to object at any time to processing of your personal data based on legitimate interests (Article 6(1)(f)) or on the performance of a task carried out in the public interest (Article 6(1)(e)), including profiling. You also have the right to object at any time to processing for direct marketing purposes. Where you object, we will no longer process your data unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
9.7 Right to withdraw consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
9.8 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. In the European Union or the European Economic Area, you may contact the data protection authority in the member state of your residence, place of work, or place of the alleged infringement. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. We encourage you to contact us first so we can try to resolve your concern.
10. Data sharing and disclosure
We may share or disclose your personal data in the following circumstances:
- Service providers: We may engage third-party service providers to perform functions on our behalf (e.g. hosting, payment processing, order fulfilment, delivery, email delivery, analytics, customer support). These providers have access to personal data only to the extent necessary to perform their functions and are contractually bound to protect your data and to use it only in accordance with our instructions and applicable law.
- Professional advisers: We may share data with lawyers, accountants, auditors, and insurers where necessary for the provision of professional advice, compliance, or the management of our business.
- Public authorities: We may disclose data when required by law, regulation, court order, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect or prevent fraud or security issues.
- Business transfers: In the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your personal data may be transferred to the relevant successor or assignee, subject to the same privacy commitments.
We do not sell your personal data to third parties for their marketing purposes. We do not share your data with third parties for their own marketing unless you have given explicit consent.
11. International transfers
We are based in Australia. Your personal data may be stored and processed in Australia or in other countries where our service providers or we operate. If we transfer personal data to a country outside the European Economic Area ("EEA") or outside Australia, we will ensure that appropriate safeguards are in place as required by applicable law. Such safeguards may include: (a) an adequacy decision by the European Commission or the relevant authority recognising that the destination country ensures an adequate level of protection; (b) standard contractual clauses approved by the European Commission or the relevant authority; (c) binding corporate rules; or (d) other mechanisms permitted under the GDPR or under Australian privacy law. You may request details of the safeguards we use for a specific transfer by contacting us.
12. Security measures
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- Use of HTTPS (TLS/SSL encryption) for data transmitted between your browser and our servers.
- Restriction of access to personal data to authorised personnel on a need-to-know basis, and training of staff on data protection and security.
- Secure storage of data on servers with appropriate access controls, firewall protection, and regular security assessments.
- Where applicable, encryption of sensitive data at rest and in transit.
- Procedures for the secure disposal or anonymisation of data when it is no longer needed.
- Incident response procedures to detect, report, and respond to data breaches in accordance with applicable law (including, where required, notification to supervisory authorities and data subjects).
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any account credentials and for any activity that occurs under your account. If you become aware of any unauthorised use or security concern, please contact us immediately.
13. Children
Our Website and services are not directed at individuals under the age of 16 (or such higher age as may apply in your jurisdiction for the valid consent to processing). We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us and we will take steps to delete such information promptly.
14. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top of this page will be revised when we make changes. We encourage you to review this Policy periodically. Where required by law (e.g. where processing is based on consent or where the change is material), we will notify you of significant changes by email or by a prominent notice on the Website, and we may seek your consent where necessary.
15. Additional information for Australian users
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), we will collect, use, and disclose your personal information only in accordance with this Policy and the APPs. We will not use or disclose your personal information for a purpose other than the primary purpose of collection (or a related purpose that you would reasonably expect) unless we have your consent or are required or permitted by law. We will take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, complete, up to date, and relevant. You may request access to the personal information we hold about you and request correction of that information. For more information about your privacy rights in Australia, visit the OAIC website.