Legal

Privacy Policy

This policy explains how Backnnjoint collects, uses, stores, and protects personal data in accordance with applicable privacy legislation, including the New Zealand Privacy Act 2020 and the General Data Protection Regulation (GDPR).

Last updated: Backnnjoint

1. Controller Information

The data controller responsible for this website is:

Backnnjoint
250 Manukau Road, Pukekohe 2120, New Zealand
Phone: +64 274 633 916
Email: connectuse@backnnjoint.world
Website: backnnjoint.world

For the purposes of the Privacy Act 2020 (New Zealand), we are an agency and handle personal information in line with that Act and the Information Privacy Principles (IPPs).

2. Data We Collect

We collect personal data only when you actively provide it or when it is generated through your use of this website. The categories of data we may collect include:

  • Contact data: name and email address submitted via the contact form.
  • Message content: the text of enquiries you submit to us.
  • Consultation and booking records: information you provide when arranging or taking part in sessions (including format preferences, scheduling details, and notes you choose to share).
  • Consent records: a record of your cookie consent choices, stored in your browser's localStorage.
  • Technical data: browser type, device type, IP address, and page interaction data, collected via analytics cookies if you have consented.

We do not ask you to provide government identifiers or payment card details through the public contact form. If you voluntarily include information about your health, fitness, or wellbeing in a message or consultation, we treat that information with additional care and use it only for the purpose of providing the educational consultation service you requested, unless you agree otherwise or the law requires us to use or disclose it.

3. Legal Basis for Processing

New Zealand: We collect, use, store, and disclose personal information where permitted by the Privacy Act 2020 — for example where collection is for a lawful purpose connected with our functions or activities, the information is reasonably necessary for that purpose, and we comply with the IPPs (including transparency, security, and accuracy obligations).

European Economic Area (GDPR): Where the GDPR applies, we process personal data under the following legal bases:

  • Consent (Article 6(1)(a) GDPR): for analytics and marketing cookies, and for processing contact form submissions where you have ticked the consent checkbox.
  • Legitimate interests (Article 6(1)(f) GDPR): for operating the website, ensuring security, and responding to enquiries.
  • Legal obligation (Article 6(1)(c) GDPR): where required by applicable law.

4. How We Use Your Data

  • To respond to enquiries submitted via the contact form.
  • To schedule and administer consultation sessions you have requested.
  • To analyse website usage patterns (only with analytics consent).
  • To maintain records of consent for compliance purposes.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact enquiries: retained for up to 24 months from the date of last contact.
  • Consultation records: retained for up to 36 months following the last session.
  • Analytics data: retained in aggregated, anonymised form for up to 26 months.
  • Cookie consent records: stored in your browser's localStorage until you clear it or withdraw consent.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data with the following categories of recipients where necessary:

  • Email and communication service providers: to facilitate responses to your enquiries.
  • Hosting and infrastructure providers: who store website data on secure servers.
  • Analytics providers: subject to your cookie consent.

Any third-party processors are bound by data processing agreements and are required to maintain appropriate security standards.

7. International Transfers

Where personal data is transferred outside New Zealand or the European Economic Area, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. This website operates exclusively over HTTPS. Access to personal data is restricted to authorised personnel only.

9. Your Rights

New Zealand (Privacy Act 2020): You may request access to personal information we hold about you and ask us to correct it if you believe it is inaccurate. Where the Privacy Act 2020 applies, we will respond to an access request as soon as reasonably practicable and within 20 working days after the day we receive your request, unless we extend that period in accordance with the Act and notify you. If we refuse a request (in whole or in part), we will explain the reasons as required by the Act. You may also ask us to attach a statement of correction to information we hold if we do not agree a change is warranted.

GDPR (where applicable): Depending on your location, you may also have the following rights regarding your personal data:

  • Right of access: to request a copy of the data we hold about you.
  • Right to rectification: to request correction of inaccurate data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to request that we limit how we process your data.
  • Right to data portability: to receive your data in a structured, commonly used format.
  • Right to object: to processing based on legitimate interests.
  • Right to withdraw consent: at any time where processing is based on consent.

To exercise any of these rights, contact us at connectuse@backnnjoint.world. For GDPR requests, we will respond within 30 days where that regulation applies.

9a. Commercial electronic messages (New Zealand)

If we send commercial electronic messages (for example marketing emails) to electronic addresses in New Zealand, we comply with the Unsolicited Electronic Messages Act 2007 (UEMA). That includes sending such messages only with consent, accurate sender identification, and a clear unsubscribe mechanism where the Act requires it. Service and booking-related emails that relate to an existing arrangement may be excluded from parts of UEMA; where UEMA applies, you may use the unsubscribe facility or contact us to withdraw consent for marketing.

9b. Privacy breaches

If we become aware of a privacy breach that is notifiable under the Privacy Act 2020, we will assess the breach, take containment steps, and notify the Office of the Privacy Commissioner and affected individuals as required by that Act. You may report privacy concerns to us using the contact details in section 1.

10. Cookies

This website uses cookies to operate essential functions and, with your consent, to collect analytics and marketing data. For full details, please read our Cookie Policy.

11. Complaints

If you believe your personal information has been handled in a manner that does not comply with applicable law, you may complain to us in the first instance so we can try to resolve the matter. You also have the right to contact a regulator:

  • New Zealand — privacy: Office of the Privacy Commissioner — privacy.org.nz
  • New Zealand — consumer/trading conduct: for concerns about misleading or unfair conduct relating to goods or services, you may contact the Commerce Commission — comcom.govt.nz
  • EU/EEA residents: your local data protection authority.

This list does not limit any other complaint pathways available to you under New Zealand law (for example, in relation to disputes about services you have paid for).

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of this website following an update constitutes acceptance of the revised policy.