Jointflexfresh Lifestyle Nutrition Guidance
Last updated:

Privacy Policy

This Privacy Policy describes how Jointflexfresh collects, uses, stores, and protects personal data when you visit jointflexfresh.world or engage with our lifestyle nutrition consultation services.

1. Data Controller Information

The data controller responsible for your personal information is:

Jointflexfresh
30-38 Link Dr, Wairau Valley, Auckland 0627, New Zealand
Telephone: +64 9 442 1350
Email: admin@jointflexfresh.world
Website: jointflexfresh.world

For any privacy-related inquiries, data subject requests, or concerns regarding the processing of your personal data, you may contact us using the details above. We will respond to verified requests within the timeframes required by applicable law.

2. Scope and Applicable Law

This Privacy Policy applies to all personal data processed by Jointflexfresh in connection with our website, consultation services, educational programmes, and related communications. We comply with the New Zealand Privacy Act 2020, the General Data Protection Regulation (GDPR) where it applies to individuals in the European Economic Area, and other relevant international privacy frameworks.

By using our website or submitting personal data through our contact form, you acknowledge that you have read and understood this Privacy Policy. Where consent is required as the legal basis for processing, we will obtain your explicit consent before collecting or using your data for the stated purpose.

3. Categories of Personal Data We Collect

3.1 Information You Provide Directly

When you contact us, book a consultation, or participate in our programmes, we may collect:

  • Full name and preferred form of address
  • Email address and telephone number
  • Postal address when required for in-person services or material delivery
  • Messages and inquiries submitted through our contact form
  • Responses to pre-consultation questionnaires about lifestyle and eating preferences
  • Payment and billing information when you purchase services, processed through secure third-party payment providers
  • Communication preferences and consent records

3.2 Information Collected Automatically

When you visit our website, certain technical data may be collected automatically, including:

  • IP address (anonymised where analytics cookies are accepted)
  • Browser type, version, and operating system
  • Pages visited, time spent on pages, and referral source
  • Device type and screen resolution
  • Cookie identifiers and preference settings

We do not intentionally collect sensitive personal data such as medical diagnoses, health records, or government identification numbers. Our consultations are educational in nature and do not require clinical health information.

4. Purposes of Data Processing

We process your personal data for the following specific purposes:

  1. Service delivery: To respond to inquiries, schedule consultations, deliver educational materials, and administer booked programmes.
  2. Communication: To send appointment confirmations, session summaries, programme updates, and responses to your questions.
  3. Website functionality: To ensure the proper operation of jointflexfresh.world, including cookie preference storage and form validation.
  4. Analytics: With your consent, to analyse website traffic patterns and improve user experience and content relevance.
  5. Marketing: With your consent, to send informational newsletters about upcoming workshops, seasonal nutrition topics, and service updates. You may unsubscribe at any time.
  6. Legal compliance: To fulfil obligations under tax, consumer protection, and privacy legislation.
  7. Security: To detect, prevent, and address technical issues, fraud, or unauthorised access to our systems.

5. Legal Bases for Processing

Under the GDPR, we rely on the following legal bases depending on the processing activity:

  • Consent: For analytics cookies, marketing communications, and optional programme features. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Contractual necessity: For processing required to deliver services you have booked or requested.
  • Legitimate interests: For website security, service improvement, and responding to general inquiries, balanced against your rights and freedoms.
  • Legal obligation: For retaining financial records and responding to lawful requests from authorities.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Contact form inquiries: Retained for 24 months from the date of submission, unless an ongoing client relationship is established.
  • Client consultation records: Retained for 5 years from the date of the last session to support continuity of service and legal requirements.
  • Payment and billing records: Retained for 7 years in accordance with New Zealand tax legislation.
  • Marketing consent records: Retained for the duration of your subscription plus 12 months after unsubscribe.
  • Analytics data: Aggregated and anonymised data may be retained indefinitely; identifiable analytics data is retained for 26 months.
  • Cookie consent preferences: Stored locally on your device until cleared or updated.

When retention periods expire, data is securely deleted or irreversibly anonymised.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data with trusted third parties only when necessary:

  • Payment processors: To handle secure transaction processing. These providers operate under their own privacy policies and PCI-DSS compliance standards.
  • Email service providers: To deliver transactional and, with consent, marketing emails.
  • Video conferencing platforms: For delivering remote consultations when you select the video format.
  • Analytics providers: With your cookie consent, anonymised usage data may be processed by analytics services.
  • Legal and regulatory authorities: When required by law, court order, or to protect our legal rights.

All third-party processors are bound by data processing agreements requiring them to handle your data securely and only for specified purposes.

8. International Data Transfers

Some of our service providers may process data outside New Zealand or the European Economic Area. Where international transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or equivalent protections under New Zealand law.

9. Security Measures

We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption across all pages of jointflexfresh.world
  • Access controls limiting data access to authorised personnel on a need-to-know basis
  • Regular security assessments of our website and internal systems
  • Secure password policies and multi-factor authentication for administrative accounts
  • Encrypted storage for sensitive client records
  • Staff training on data protection and confidentiality obligations
  • Incident response procedures for detecting and reporting data breaches within statutory timeframes

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and protect your own devices.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data where no compelling reason for continued processing exists.
  • Right to restriction: Request that we limit processing in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw previously given consent at any time.
  • Right to lodge a complaint: File a complaint with the Office of the Privacy Commissioner (New Zealand) or your local supervisory authority.

To exercise any of these rights, contact us at admin@jointflexfresh.world. We will verify your identity before processing requests and respond within 30 days, or inform you if an extension is required.

11. Children's Privacy

Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that data from a minor has been collected without appropriate parental consent, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website. We encourage you to review this page regularly.

13. Contact and Data Protection Inquiries

For questions about this Privacy Policy or to exercise your data protection rights, please contact:

Jointflexfresh
30-38 Link Dr, Wairau Valley, Auckland 0627, New Zealand
Email: admin@jointflexfresh.world
Phone: +64 9 442 1350