Privacy Policy

Last updated:

1. Introduction

Spinaltendon ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information when you visit our website at https://spinaltendon.world and use our lifestyle consultation services.

We are governed primarily by the Privacy Act 2020 (New Zealand) and its Information Privacy Principles (IPPs). If you are located in the European Economic Area or United Kingdom, we also process personal data in line with the General Data Protection Regulation (GDPR) where it applies to you.

By using our website or services, you acknowledge that you have read this policy. Where we rely on your consent, you may withdraw it at any time as described below.

2. Data Controller

The data controller responsible for your personal data is:

• Spinaltendon
• 44 Burns Street, Ohakune 4625, New Zealand
• Email: business@spinaltendon.world
• Phone: +64 22 035 7765

3. Data We Collect

We may collect and process the following categories of personal data:

3.1 Data You Provide Directly

• Full name, email address, and message content submitted via our contact form
• Consultation booking details and preferences
• Any additional information you voluntarily share during consultations

3.2 Data Collected Automatically

• IP address and approximate geographic location
• Browser type, operating system, and device information
• Pages visited, time spent on pages, and navigation patterns
• Referring website addresses
• Cookie data (see our Cookie Policy)

4. Purposes of Processing

We process your personal data for the following purposes:

• To respond to your inquiries and provide consultation services
• To schedule and manage consultation appointments
• To improve our website functionality and user experience
• To analyze website usage patterns through anonymous analytics
• To comply with legal obligations and protect our legitimate interests
• To send service-related communications (not marketing, unless you consent)

5. How We Use and Disclose Information (Privacy Act 2020)

Under the Privacy Act 2020, we may only collect personal information where it is necessary for a lawful purpose connected with our functions or activities. We use and disclose personal information to:

• Respond to inquiries and deliver consultation services you request
• Manage bookings, payments, and service-related communications
• Operate, secure, and improve our website
• Comply with legal obligations and resolve disputes
• Send marketing communications only where you have given clear consent (you may opt out at any time)

We generally collect information directly from you (IPP 3). If we need to collect information from someone else, we will take reasonable steps to make sure you are aware of the collection, unless an exception under the Privacy Act applies.

We do not sell your personal information. We may disclose information to trusted service providers (such as hosting, email, or analytics providers) who assist us under contractual obligations to protect your information and use it only for the purposes we specify.

Overseas disclosure (IPP 12): Some providers may store or process data outside New Zealand. Before disclosing personal information overseas, we take reasonable steps to ensure the recipient protects your information in a way that, overall, provides comparable safeguards to the Privacy Act, or we rely on an authorised exception under the Act.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Contact form submissions: 24 months from the date of submission
• Consultation records: 36 months from the last consultation session
• Analytics data: 14 months (anonymized)
• Cookie consent preferences: 12 months

After the retention period expires, your data is securely deleted or anonymized.

7. Your Rights (New Zealand)

Under the Privacy Act 2020, you have rights including:

• Access (IPP 6): Request confirmation of whether we hold personal information about you and access to that information
• Correction (IPP 7): Request correction of inaccurate, incomplete, or misleading information
• Withdrawal of consent: Where processing is based on consent, withdraw consent for future processing
• Complaint: Lodge a complaint with us or with the Office of the Privacy Commissioner

To exercise your rights, contact us using the details in Section 13. We will respond within a reasonable time and, for access requests, generally within 20 working days as required by the Privacy Act unless an extension applies.

We may need to verify your identity before releasing information. If we refuse a request, we will explain the reason where the Act allows us to do so.

7a. Additional Rights for EEA/UK Residents (GDPR)

If GDPR applies to you, you may also have rights to erasure, restriction of processing, data portability, and to object to certain processing. Contact us using the details below. You may also complain to your local supervisory authority.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for all data in transit
• Secure storage with access controls and authentication
• Regular review of data processing practices
• Limited access to personal data on a need-to-know basis

9. Third-Party Sharing

We do not sell your personal data. We may share data with trusted third-party service providers who assist us in operating our website and services, under strict data processing agreements. These include:

• Website hosting providers
• Analytics platforms (anonymized data only)
• Email communication tools

10. Notifiable Privacy Breaches (IPP 12)

If a privacy breach is likely to cause anyone serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable, in accordance with the Privacy Act 2020.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

13. Contact and Complaints

If you have questions about this Privacy Policy or wish to make a complaint, contact us at:

• Email: business@spinaltendon.world
• Address: 44 Burns Street, Ohakune 4625, New Zealand
• Phone: +64 22 035 7765

You may lodge a complaint with the Office of the Privacy Commissioner (New Zealand): www.privacy.org.nz or by calling 0800 803 909. If you are in the EEA or UK, you may also contact your local data protection authority.