Bonesfloramoveme

Privacy Policy

This document explains how Bonesfloramoveme collects, uses, stores, and protects your personal information when you visit our website or use our consultation services.

1. Data Controller Information

The data controller responsible for your personal information is:

Bonesfloramoveme
128 Willis Street, Te Aro, Wellington 6011, New Zealand
Email: admin@bonesfloramoveme.world
Phone: +64 4 385 2626
Website: https://bonesfloramoveme.world

As the data controller, we determine the purposes and means of processing your personal data in accordance with the General Data Protection Regulation (GDPR), the New Zealand Privacy Act 2020, and other applicable international privacy legislation.

2. Information We Collect

2.1 Information You Provide Directly

When you interact with our website or services, you may voluntarily provide the following categories of personal data:

  • Contact information: Your full name, email address, and telephone number when you submit our contact form or communicate with us directly.
  • Inquiry details: The content of messages you send us, including information about your household, eating habits, and consultation preferences that you choose to share.
  • Booking information: Appointment preferences, session format choices (in-person or video), and payment-related details necessary to process consultation fees.
  • Consent records: Records of consent you provide for data processing, marketing communications, and cookie usage.

2.2 Information Collected Automatically

When you visit our website, certain technical information may be collected automatically through cookies and similar technologies, subject to your consent preferences:

  • IP address (anonymised where possible)
  • Browser type and version
  • Operating system
  • Referring URL and pages visited on our site
  • Date and time of access
  • Device type and screen resolution

2.3 Information We Do Not Collect

We do not collect sensitive personal data such as health records, medical diagnoses, government identification numbers, or financial account details beyond what is necessary for payment processing through secure third-party providers. We do not knowingly collect data relating to criminal convictions or offences.

Under the GDPR, we process your personal data on the following legal bases:

  • Consent (Article 6(1)(a)): When you submit our contact form, accept cookies, or opt in to marketing communications, you provide explicit consent for us to process your data for the stated purposes.
  • Contract performance (Article 6(1)(b)): Processing necessary to respond to your inquiries, arrange consultations, and deliver the services you have requested.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving our website, preventing fraud, and ensuring network security, provided these interests do not override your fundamental rights.
  • Legal obligation (Article 6(1)(c)): Processing required to comply with applicable laws, regulations, tax requirements, or legal proceedings.

4. Purpose of Data Usage

We use your personal data exclusively for the following purposes:

  • Responding to contact form submissions and email inquiries within our stated response timeframe
  • Scheduling, confirming, and conducting nutrition variety consultations
  • Preparing and delivering written session summaries and educational materials
  • Processing payments and issuing receipts for consultation services
  • Maintaining records of consent and communication history for accountability
  • Analysing website usage patterns to improve content and user experience (with consent)
  • Complying with legal, regulatory, and tax obligations in New Zealand and applicable jurisdictions
  • Protecting the security and integrity of our website and systems

We will never use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. We do not sell your personal data to third parties.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

  • Contact form submissions: Retained for twenty-four months from the date of submission, unless a consultation is booked, in which case data is transferred to client records.
  • Client consultation records: Retained for five years from the date of the last session, after which records are securely deleted or anonymised.
  • Payment records: Retained for seven years in accordance with New Zealand tax and accounting requirements.
  • Cookie consent preferences: Stored locally on your device until you clear browser data or withdraw consent.
  • Analytics data: Aggregated and anonymised data may be retained indefinitely; identifiable data is retained for no more than twenty-six months.
  • Marketing consent records: Retained for the duration of your subscription plus twelve months after withdrawal of consent.

When retention periods expire, personal data is securely deleted or irreversibly anonymised so that it can no longer be associated with you.

6. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients, strictly for the purposes described in this policy:

  • Hosting providers: Our website is hosted on secure servers that may process technical log data.
  • Email service providers: Used to send and receive communications related to your inquiries and consultations.
  • Payment processors: Secure third-party services that handle transaction processing. We do not store complete payment card details on our servers.
  • Analytics providers: Only when you have consented to analytics cookies, and only in anonymised or pseudonymised form where possible.
  • Legal and regulatory authorities: When required by law, court order, or governmental request.

All third-party processors are bound by data processing agreements that require them to implement appropriate security measures and process data only according to our instructions.

7. International Data Transfers

Your data is primarily processed and stored in New Zealand. If we transfer personal data to countries outside the European Economic Area (EEA) or New Zealand, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognising equivalent data protection standards
  • Binding corporate rules where applicable

You may request a copy of the safeguards applied to international transfers by contacting us using the details in Section 13.

8. Security Measures

We implement technical and organisational measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Access controls limiting personal data access to authorised personnel only
  • Regular review and updating of security practices
  • Secure storage of client records with password protection and encryption at rest where applicable
  • Staff training on data protection principles and confidentiality obligations
  • Incident response procedures for detecting, reporting, and investigating data breaches

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and protect your own devices when communicating with us.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with the Office of the Privacy Commissioner in New Zealand or your local supervisory authority in the EEA.

To exercise any of these rights, contact us at admin@bonesfloramoveme.world. We will respond within thirty days of receiving a verifiable request. We may need to verify your identity before processing your request.

10. Cookies and Tracking

Our website uses cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences through the consent banner displayed on your first visit or by adjusting your browser settings. Withdrawing consent for non-essential cookies does not affect your ability to use our website.

11. Children's Privacy

Our website and services are not directed at individuals under the age of sixteen. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website. We encourage you to review this page regularly.

13. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

Bonesfloramoveme
128 Willis Street, Te Aro, Wellington 6011, New Zealand
Email: admin@bonesfloramoveme.world
Phone: +64 4 385 2626