Brightgrowbones.site logo mark
This website provides general information about desk-work habits only. We are not a medical service and we do not sell medicines or supplements. Content does not diagnose, treat, cure, or prevent any disease or condition. For medical advice, see a registered New Zealand health professional.

Privacy policy

Last updated: 18 May 2026

This Privacy Policy explains how Brightgrowbones.site (“we”, “us”, “our”) collects, uses, stores, and discloses personal information when you use our website. We are a New Zealand-based operator and handle personal information in line with the Privacy Act 2020 (New Zealand), its Information Privacy Principles (IPPs), and—where the law of your country requires it—the EU General Data Protection Regulation (GDPR) and UK GDPR.

1. Who we are (data controller)

Organisation: Brightgrowbones.site
Postal address: 1230 Fenton Street, Rotorua 3010, New Zealand
Email: welcome@brightgrowbones.site
Phone: +64211399487
Privacy contact: Use the email above with the subject line “Privacy request”. We aim to acknowledge requests within 5 business days.

2. Scope

This policy applies to personal information collected through brightgrowbones.site and related contact channels. It does not cover third-party websites linked from our pages (for example, embedded maps or external services), which have their own privacy practices.

3. What is personal information?

Under the Privacy Act 2020, personal information means information about an identifiable individual. This can include your name, email address, message content, IP address, device identifiers, and online identifiers stored in cookies or similar technologies when they relate to you.

4. What we collect and how

We collect personal information only where it is reasonably necessary for our functions. Sources include:

  • Information you provide: name, email address, message text, and privacy consent checkbox when you submit the contact form. Providing this information is voluntary, but we cannot reply without contact details.
  • Technical information: IP address, browser type, operating system, referring URL, pages viewed, and approximate date/time of access—collected automatically through server logs and, if you enable them, analytics cookies.
  • Cookie and consent data: your cookie category choices and a timestamp, stored in your browser’s local storage as described in our Cookie policy.
  • Event registrations: if you book a session listed on our site, we may collect name, email, accessibility requirements, and dietary or mobility notes you choose to share.

We do not intentionally collect sensitive information (such as health records) through the contact form. Please do not send medical documents unless we have agreed a secure channel in advance.

5. Purposes of collection and use

We collect and use personal information for the following purposes:

  • responding to enquiries, workshop bookings, and corrections;
  • operating, maintaining, and securing the website;
  • measuring site use and fixing navigation issues (only if analytics cookies are enabled);
  • complying with legal obligations and defending legal claims;
  • managing cookie consent and demonstrating compliance.

We will not use your information for a purpose that is incompatible with the purpose for which it was collected, unless we are permitted or required by law or we obtain your consent.

6. Legal bases (New Zealand and GDPR)

New Zealand: We must comply with the IPPs, including collecting information lawfully, fairly, and transparently (IPP 3), using it only for lawful purposes connected with our functions (IPP 10), and disclosing it only where allowed (IPP 11).

GDPR (where applicable): If you are in the European Economic Area or the UK, we rely on:

  • Consent — non-essential cookies, marketing cookies if enabled, and the contact-form privacy consent checkbox;
  • Contract / pre-contract steps — responding to requests you initiate;
  • Legitimate interests — site security, fraud prevention, and basic analytics where balanced against your rights;
  • Legal obligation — record-keeping and regulatory compliance.

You may withdraw consent at any time via the cookie banner or by emailing us; withdrawal does not affect processing already lawfully carried out.

7. Disclosure to third parties

We do not sell or rent personal information. We may disclose information to:

  • Service providers (processors) who assist with website hosting, email delivery, analytics (if enabled), or IT security, under written terms requiring confidentiality and appropriate safeguards;
  • Professional advisers (lawyers, accountants) where necessary;
  • Regulators or courts when required by New Zealand law or a lawful request.

A current list of processor categories is available on request. If we engage a new processor that materially changes risk, we will update this policy where required.

8. Overseas disclosure (IPP 12)

Some service providers may store or process data outside New Zealand (for example, in Australia, the United States, or the European Union). Before disclosing personal information overseas, we take reasonable steps to ensure the recipient is subject to comparable safeguards, such as contractual clauses, recognised adequacy decisions, or binding corporate rules, as required by IPP 12 and, where applicable, GDPR Chapter V.

You may request more detail about overseas locations relevant to your data by contacting us.

9. Storage, security, and retention (IPPs 5 and 9)

Security measures include HTTPS/TLS encryption in transit, access controls for administrative systems, password policies, and limiting staff access to personal information on a need-to-know basis. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

Retention periods (indicative):

  • Contact form messages: up to 24 months after the enquiry is closed, unless a longer period is needed for disputes or legal obligations;
  • Server and security logs: up to 90 days, unless investigation requires longer retention;
  • Cookie consent records: until you clear browser storage or withdraw consent;
  • Analytics data (if enabled): according to the analytics provider’s settings, typically up to 13 months.

When information is no longer needed, we delete or de-identify it where practicable.

10. Accuracy (IPP 8)

We take reasonable steps to ensure personal information is accurate, up to date, and complete before use. Please tell us if your details change or if you believe information we hold is incorrect.

11. Your rights under the Privacy Act 2020

You have the right to:

  • Access personal information we hold about you (IPP 6);
  • Request correction of information you believe is wrong (IPP 7);
  • Complain to us if you believe we have interfered with your privacy.

To make an access or correction request, email us with enough detail to identify you. We may need proof of identity. We will respond within 20 working days as required by the Privacy Act, or explain if an extension applies.

If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner (New Zealand):

12. Additional rights for EEA and UK residents (GDPR)

Where GDPR applies, you may also have the right to erasure, restriction of processing, data portability, and to object to processing based on legitimate interests. You may lodge a complaint with your local supervisory authority. Our lead contact for GDPR enquiries is the email address in section 1.

13. Notifiable privacy breaches

If a privacy breach causes—or is likely to cause—serious harm, we will comply with the Privacy Act 2020 notification duties, including notifying the Office of the Privacy Commissioner and affected individuals where required. We maintain internal procedures to assess and respond to suspected breaches promptly.

14. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

15. Children

This website is intended for adults in a workplace context. We do not knowingly collect personal information from children under 16. If you believe a child has provided information to us, contact us and we will delete it where appropriate.

16. Cookies and similar technologies

See our Cookie policy for details on cookies, local storage, and how to manage consent.

17. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change, and material changes may be highlighted on the homepage. Continued use of the site after changes constitutes acceptance of the updated policy where permitted by law.

18. Direct marketing and electronic messages

We do not send promotional email or SMS unless you have given clear consent (for example, by subscribing to a newsletter if we offer one). If we send marketing messages, they will identify us as the sender, include accurate contact details, and provide a functional unsubscribe mechanism in line with the Unsolicited Electronic Messages Act 2007 (New Zealand). You may opt out at any time using that mechanism or by emailing us.

Replies to contact-form messages are limited to answering your enquiry and related administration—not bulk marketing—unless you separately agree to receive updates.

19. Contact

For privacy questions, access or correction requests, or complaints:
Email: welcome@brightgrowbones.site
Post: 1230 Fenton Street, Rotorua 3010, New Zealand
Phone: +64211399487

We use strictly necessary cookies to run this site and optional cookies to understand usage. Under the Privacy Act 2020 (New Zealand) and, where applicable, the EU/UK GDPR, you can control non-essential categories.

Accept all Reject non-essential Cookie settings