Privacy Policy
Last updated: 18 May 2026
This Privacy Policy explains how Boneiokneeix.world (“we”, “us”, “our”) collects, uses, stores, and discloses personal information about you when you use our website or contact us.
We are governed primarily by the Privacy Act 2020 (New Zealand) and the Information Privacy Principles (IPPs) in that Act. Where the EU General Data Protection Regulation (GDPR) applies to you, we also respect those rights. This policy is written in plain English. It is not legal advice.
1. Who we are (agency)
Under the Privacy Act 2020, we are the agency responsible for personal information we hold:
Boneiokneeix.world
197 Tihi Road, Springfield, Rotorua 3015, New Zealand
Email: question@boneiokneeix.world
Phone: +64 27 363 3877
For privacy enquiries, use the email above with the subject line “Privacy request”. We aim to respond within 20 working days (see section 8).
2. Personal information we collect
“Personal information” means information about an identifiable individual (Privacy Act 2020, section 7).
- Contact form: your name, email address, message, and record that you ticked the consent box.
- Email and phone: if you contact us directly, we keep what you send (and our replies).
- Workshops or paid sessions: if you book, we may collect name, email, phone, and payment-related details processed by our payment provider (we do not store full card numbers on this website).
- Technical data: IP address, browser type, device type, pages viewed, and referral source. Some of this may be collected via cookies only if you consent to non-essential cookies (see our Cookie Policy).
- Cookie preferences: your choices stored in your browser or local storage.
Health information: We provide general lifestyle education only. Please do not send medical diagnoses, test results, or other sensitive health information through the contact form. If you do, we will delete it where practicable unless we are required by law to retain it. If we ever need to collect health information for a specific service, we will do so only in line with the Health Information Privacy Code 2020 and will tell you first.
3. How we collect information (IPP 1–4)
We collect personal information:
- Directly from you (forms, email, phone, event registration).
- Automatically when you use our site (logs, cookies—with consent where required).
- From service providers that host or support our website (see section 6).
We collect only what is reasonably necessary for the purposes below. Where practicable, we collect information directly from you (IPP 4). When you submit the contact form, we ask for your consent to process your data as described in this policy.
4. Why we collect and use information (IPP 10)
We use personal information only for purposes that are connected to why it was collected, including:
- Answering your questions and providing lifestyle education about drinking habits.
- Organising workshops or consultations you request.
- Running, securing, and improving our website.
- Complying with New Zealand law (for example, tax or record-keeping if you pay for a service).
- Analytics about site use, only if you consent to analytics cookies.
- Marketing emails or ads measurement, only if you opt in and in line with the Unsolicited Electronic Messages Act 2007 (UEMA).
We do not use your information for a new unrelated purpose without telling you and, where required, getting your consent.
4a. Online advertising (including Google Ads)
If we use Google Ads or similar platforms in New Zealand, we may receive aggregated reports (for example clicks, conversions) from those platforms. Where a tool sets cookies or collects personal information for measurement or remarketing, we do so only in line with this policy and our Cookie Policy—including your consent for non-essential cookies where required. We do not sell your personal information to advertisers. A short summary for reviewers and consumers is on our NZ & Google Ads compliance page.
5. Disclosure to others (IPP 11)
We do not sell your personal information. We may disclose it to:
- Service providers (for example: website hosting, email delivery, analytics, payment processing) who process data on our instructions and only for our purposes.
- Professional advisers (lawyers, accountants) when needed, under confidentiality.
- Government agencies or courts when required by New Zealand law.
We require processors to protect personal information by contract or comparable safeguards where appropriate.
6. Storage, security, and retention (IPP 5, 9)
We store information on secure servers. We use HTTPS, access controls, and staff practices aimed at preventing loss, misuse, or unauthorised access (IPP 5).
No online system is completely secure. Please use a strong password for your email account when writing to us.
How long we keep data:
- Contact enquiries: up to 24 months after our last reply, unless law requires longer.
- Workshop or payment records: up to 7 years where needed for tax or dispute purposes.
- Analytics data: up to 14 months (aggregated where possible), if you consented.
- Cookie consent records: up to 12 months.
When information is no longer needed, we delete or anonymise it where practicable (IPP 9).
7. Sending information overseas (IPP 13)
Some service providers (for example hosting, email, analytics, or Google Maps on our contact page) may store or process data outside New Zealand (such as Australia, the United States, or the European Union).
Before we disclose personal information to an overseas person, we take steps required by IPP 13, which may include:
- Checking that the country has comparable privacy safeguards, or
- Using contractual clauses or other approved mechanisms, or
- Relying on an exception in the Privacy Act where it applies (for example, your authorisation after we inform you).
If you use our site from overseas, your information may be processed in New Zealand and in other countries where our providers operate.
8. Your rights under New Zealand law
Under the Privacy Act 2020 you may:
- Ask whether we hold information about you and request access to it (IPP 6).
- Request correction if you believe information is wrong (IPP 7).
- Withdraw consent for optional processing (such as marketing or analytics cookies), without affecting processing that was lawful before withdrawal.
To make a request, email question@boneiokneeix.world with enough detail for us to identify you. We will respond within 20 working days (or explain if an extension applies under the Act). We may need proof of identity before releasing information.
If we refuse access or correction, we will tell you why (where the Act allows) and how you can complain.
9. Complaints to the Privacy Commissioner
If you are unhappy with how we handled your personal information, contact us first so we can try to resolve it.
You may also complain to the Office of the Privacy Commissioner (Te Mana Mātāpono Matatapu):
- Website: www.privacy.org.nz
- Phone: 0800 803 909 (New Zealand)
10. Privacy breaches (notifiable breaches)
If a privacy breach causes—or is likely to cause—serious harm, we will notify the Privacy Commissioner and affected individuals as required by Part 3 of the Privacy Act 2020. We maintain internal procedures to assess and respond to breaches promptly.
11. Unique identifiers (IPP 12)
We do not assign government-issued identifiers (such as IRD numbers) for our own systems. If analytics tools assign internal user IDs, those are used only for site operation or statistics and not merged with unrelated databases without a lawful purpose.
12. Marketing and electronic messages (UEMA 2007)
We will only send commercial electronic messages (email or SMS marketing) with your express consent, with a clear way to unsubscribe, and with accurate sender details, as required by the Unsolicited Electronic Messages Act 2007. Transactional messages (for example, replying to your enquiry) are not marketing.
13. Children and young people
Our services are aimed at adults. We do not knowingly collect personal information from children under 16 without parental or guardian consent. If you believe a child has provided information to us, contact us and we will delete it where appropriate.
14. Overseas visitors and GDPR
If you are in the European Economic Area, you may have additional rights (access, rectification, erasure, restriction, portability, objection). Contact us using the details above. You may also lodge a complaint with your local supervisory authority. New Zealand law remains our primary framework for information held in NZ.
15. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top will change. Material changes will be posted on this page. Continued use of the site after changes means you accept the updated policy, to the extent permitted by law.