Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for your personal data is:

Flushingyoungbio
29 Albert Street, Hamilton East, Hamilton 3216, New Zealand
Email: help@flushingyoungbio.world
Phone: +64 7 929 4047

2. Scope and Purpose

This Privacy Policy describes how Flushingyoungbio ("we", "us", "our"), an agency under the New Zealand Privacy Act 2020, collects, uses, stores, and protects personal information when you visit our website at flushingyoungbio.world or contact us regarding our corporate wellbeing challenge programs.

We are based in New Zealand and primarily comply with the Privacy Act 2020 and its Information Privacy Principles (IPPs). Where the General Data Protection Regulation (GDPR) applies to you, we also comply with relevant GDPR requirements. This policy explains what we collect, why we collect it, how long we keep it, who we share it with, and your rights.

3. Categories of Personal Data Collected

We may collect the following categories of personal data:

  • Identity data: full name
  • Contact data: email address, phone number, postal address
  • Communication data: messages submitted through our contact form
  • Technical data: IP address, browser type, device information, operating system
  • Usage data: pages visited, time spent on pages, referral sources
  • Cookie data: preferences stored via cookies and localStorage

4. Purposes and Legal Bases for Processing

We collect personal information only for lawful purposes connected with our functions and only when collection is necessary for those purposes (IPP 1 and IPP 4). We process your personal information for the following purposes:

  • Responding to inquiries submitted via our contact form (NZ: consent and legitimate purpose; GDPR: consent and legitimate interest)
  • Providing information about our wellbeing programs and services (NZ: purpose related to our business; GDPR: legitimate interest)
  • Operating, securing, and improving our website (NZ: IPP 10 permitted use; GDPR: legitimate interest)
  • Analytics to understand website usage patterns, only where you have consented to non-essential cookies (NZ: consent; GDPR: consent)
  • Marketing communications, only where permitted by law and with your consent where required under the Unsolicited Electronic Messages Act 2007 (NZ: consent; GDPR: consent)
  • Compliance with legal obligations, including responding to lawful requests from regulators or courts (NZ and GDPR: legal obligation)

We will tell you the purpose of collection at or before the time we collect your information, or as soon as practicable afterwards (IPP 3).

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: up to 24 months from the date of submission
  • Analytics data: up to 26 months
  • Cookie consent records: up to 12 months
  • Technical logs: up to 90 days

After the retention period expires, data is securely deleted or anonymized.

6. Data Sharing, Disclosure, and Overseas Transfers

We do not sell your personal information. We may disclose information to trusted service providers who assist with website hosting, analytics, and email delivery, only to the extent needed for them to perform those services and subject to contractual protections (IPP 11).

Some service providers may be located outside New Zealand, including in Australia, the United States, or the European Union. Before disclosing personal information overseas, we take reasonable steps to ensure the recipient protects it in a manner consistent with the Privacy Act 2020 (IPP 12). Where GDPR applies, we also use appropriate safeguards such as Standard Contractual Clauses for transfers outside the European Economic Area.

We may also disclose information where required or authorised by New Zealand law, including to respond to a lawful request from a government agency, regulator, or court.

7. Security Measures and Data Quality

We protect personal information with reasonable security safeguards against loss, unauthorised access, use, modification, or disclosure (IPP 5). Measures include HTTPS encryption, access controls, and staff awareness of privacy obligations. While we strive to protect your information, no method of transmission over the internet is entirely secure.

We take reasonable steps to ensure personal information is accurate, up to date, complete, relevant, and not misleading before use or disclosure (IPP 8). If you believe information we hold about you is incorrect, please contact us so we can correct it (IPP 7).

8. Your Rights Under the Privacy Act 2020 (New Zealand)

If you are in New Zealand, you have the following rights under the Privacy Act 2020:

  • Right of access: you may request access to personal information we hold about you (IPP 6)
  • Right to correction: you may request correction of inaccurate, incomplete, or misleading information (IPP 7)
  • Right to complain: if you believe we have interfered with your privacy, you may complain to us or to the Office of the Privacy Commissioner

To make an access or correction request, contact us using the details in Section 1. We will respond within a reasonable timeframe and in accordance with the Privacy Act 2020. We may need to verify your identity before releasing information.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner:

Office of the Privacy Commissioner
PO Box 10 094, Wellington 6143, New Zealand
Phone: 0800 803 909 (within New Zealand)
Website: www.privacy.org.nz

9. Notifiable Privacy Breaches

Under the Privacy Act 2020, if a privacy breach has caused or is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable. If you believe your personal information may have been compromised, please contact us immediately using the details above.

10. Marketing and Electronic Communications

We do not send commercial electronic messages without a clear and verifiable consent where required by the Unsolicited Electronic Messages Act 2007. Every marketing email we send will identify Flushingyoungbio as the sender and include a functional unsubscribe facility. You may withdraw marketing consent at any time by contacting us.

11. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

  • Right of access: request a copy of your personal data
  • Right to rectification: request correction of inaccurate data
  • Right to erasure: request deletion of your personal data
  • Right to restrict processing: request limitation of data processing
  • Right to data portability: receive your data in a structured format
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at help@flushingyoungbio.world. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

12. Children's Privacy

Our website and services are intended for business professionals and are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Contact and Privacy Enquiries

For any questions regarding this Privacy Policy or our data practices, please contact:

Flushingyoungbio
29 Albert Street, Hamilton East, Hamilton 3216, New Zealand
Email: help@flushingyoungbio.world
Phone: +64 7 929 4047