Wristzoicartilag

Privacy programme

Privacy Policy

This statement explains how Wristzoicartilag collects, uses, stores, and shares personal information when you visit https://wristzoicartilag.world/ or communicate with our studio in Queenstown. It is designed to align with the EU General Data Protection Regulation (GDPR), the retained UK GDPR where relevant, the Privacy Act 2020 (New Zealand), and parallel frameworks you may rely on.

Document reviewed:

Approach

Data minimisation and purpose limitation

Cookies

See the dedicated Cookie Policy

Introduction

We respect your privacy. Wristzoicartilag publishes general information about nature activity systems and outdoor education workflows. Personal data is processed only where necessary to operate the website securely, reply to enquiries, meet legal duties, and—when you consent—to analyse aggregate traffic or measure marketing effectiveness.

This policy should be read together with our Terms of Use, Cookie Policy, and Refund Policy. Capitalised terms that are defined in the Terms carry the same meaning here unless stated otherwise.

Data controller and representative arrangements

The data controller is Wristzoicartilag, trading from the New Zealand address above. Where the GDPR applies and we are required to designate a representative in the European Union, we will publish that representative’s identity and contact coordinates on this page. At present, enquiries may be directed to the email address listed in the summary column.

We do not sell your personal information for money. If our practices change in a way that materially increases commercialisation of data, we will update this policy and, where consent or another lawful basis is required, seek your permission before proceeding.

Scope of processing

This policy covers processing connected to the public website at https://wristzoicartilag.world/ and ordinary business correspondence initiated through the contact channels we display. It does not describe standalone data practices for third-party platforms such as social networks or payment processors beyond what those organisations disclose in their own policies.

Where we deliver consulting, workshops, or digital products under a written contract, additional schedules may describe categories of data, sub-processors, and retention in greater detail. Those provisions supplement—rather than replace—this public notice.

Categories of personal data

Depending on your interaction, we may process:

  • Identity and contact details you supply in forms (name, email address, organisation, telephone number where provided).
  • Correspondence content including free-text messages and file attachments if you choose to send them.
  • Transactional metadata such as product identifiers, purchase timestamps, and payment references supplied by payment service providers.
  • Technical and usage data including IP address, approximate geographic region derived at city or regional level, device category, browser version, referring URL, and pages viewed.
  • Consent records demonstrating how and when optional cookies or marketing permissions were granted or withdrawn.

We avoid collecting information we do not need. Optional fields on forms are labelled as such and are not required to submit a minimal enquiry.

How information is collected

We obtain personal data through direct interactions (forms, email, telephone), automated technologies (server logs, cookies or local storage where permitted), and trusted partners such as payment processors who relay transaction notices. We may augment sparse records with publicly available business contact information when doing so is proportionate and lawful—for example, confirming the correct spelling of an organisation name before issuing an invoice.

Purposes and lawful bases

European and UK law require us to identify a lawful basis for each processing purpose. Our typical mapping is:

  • Responding to enquiries (Article 6(1)(b) contract steps; alternatively Article 6(1)(f) legitimate interests). We use your details to answer questions, schedule calls, and maintain a proportionate internal record of the communication.
  • Delivering purchases and administering refunds (Article 6(1)(b)). We process identifiers and payment metadata to fulfil orders described in our Refund Policy.
  • Security, debugging, and abuse prevention (Article 6(1)(f)). We analyse technical logs to detect intrusion attempts, spam, and configuration errors. Where feasible we rely on aggregate or pseudonymous formats.
  • Legal and regulatory compliance (Article 6(1)(c)). We retain invoices, tax evidence, and dispute correspondence where statute or professional rules require.
  • Optional analytics (Article 6(1)(a) consent). Non-essential measurement tags load only if you opt in through the cookie interface.
  • Optional marketing measurement (Article 6(1)(a) consent). Campaign pixels remain disabled unless you enable the marketing toggle.

Under New Zealand’s Privacy Act 2020 we ensure collection is lawful, fair, and not unreasonably intrusive, and that you know the purposes for which information is used.

Sensitive or special categories

We do not ask you to submit health data, biometric templates, government identifier numbers, or similarly sensitive categories through the public website. If you voluntarily disclose such information in an email, we will delete it when retention is not legally required and advise you to use a more appropriate secure channel in future.

Children and young people

The site targets adults organising outdoor learning. We do not knowingly collect personal information from children under sixteen without verifiable parental authority. If you believe a minor has provided data without consent, contact us so we can delete it promptly, subject to applicable exceptions.

Recipients and processors

We share information only with service providers who help us host infrastructure, transmit email, process payments, or perform analytics when permitted. Each processor signs confidentiality commitments and implements technical measures appropriate to the risk. A current list of sub-processors can be emailed on request where we act as a controller for you.

Law enforcement or regulators may compel disclosure. We review demands for jurisdictional validity and narrowly comply with what the law requires.

International transfers

Your information may be stored or processed outside New Zealand—for example on servers in the European Union, the United Kingdom, or the United States. When transferring from the EEA, UK, or Switzerland we rely on adequacy decisions where available, otherwise standard contractual clauses or equivalent safeguards. You may request a copy of the relevant transfer mechanism by emailing us.

Retention periods

We keep personal data only as long as necessary for the purposes above:

  • General enquiries: up to twenty-four months after the last substantive reply unless a longer period is justified by an ongoing project.
  • Contracts and invoices: up to seven years where tax and commercial law require.
  • Technical security logs: typically thirty to ninety days in active systems, with encrypted archives retained slightly longer for incident investigation if needed.
  • Cookie evidence: as set out in the Cookie Policy.

When retention expires we delete or irreversibly anonymise records, except where a narrow legal hold applies.

Security measures

We implement HTTPS encryption for website delivery, access controls segregating production systems, logical separation of environments, multi-factor authentication for administrative accounts where supported, routine patching, and vendor due diligence. No system is perfectly secure; if we discover an incident that risks your rights, we notify you and supervisory authorities as required by law without undue delay.

Your privacy rights

Subject to applicable law, you may request:

  • Confirmation of processing and a copy of your personal data.
  • Rectification of inaccurate entries.
  • Erasure where the law permits.
  • Restriction of processing in defined circumstances.
  • Data portability for information you provided under contract or consent, where technically feasible.
  • Objection to processing based on legitimate interests, unless we demonstrate compelling grounds.
  • Withdrawal of consent for optional cookies or marketing at any time via the cookie controls or by emailing us.

EU and UK residents may lodge complaints with their local supervisory authority. New Zealand residents may contact the Office of the Privacy Commissioner. We encourage you to reach out to us first so we can attempt to resolve concerns efficiently.

Automated decision-making and profiling

We do not use automated processing that produces legal or similarly significant effects about you. Analytics, when enabled, reports aggregate trends and does not generate individual scores affecting your access to essential services on this site.

Optional marketing communications

If we introduce a newsletter or product announcements, we will collect opt-in consent separately from service emails and include an unsubscribe link in every message. Transactional notices about purchases, security, or policy updates may be sent without additional marketing consent where permitted.

Changes to this policy

We update this document when the way we handle personal information changes materially. The review date at the top helps you recognise the latest version. Continued use of the website after we publish updates constitutes notice of the revised terms unless applicable law requires a different approach.

Complaints and supervisory authorities

We take complaints seriously. Email us with sufficient detail to identify the issue. If you remain dissatisfied, you may escalate to the Office of the New Zealand Privacy Commissioner or, if the GDPR applies, to your EU or UK supervisory authority. Our cooperation does not waive any lawful limitation periods.