Flushlifeiu
Legal

Privacy Policy

This policy explains how Flushlifeiu collects, uses, stores, and protects your personal data. It applies to all visitors and users of our website and services.

Last updated:

Privacy Policy Content

1. Data Controller

The data controller responsible for your personal data is Flushlifeiu, located at 57 Willis Street, Wellington Central, Wellington 6011, New Zealand. For any privacy-related enquiries, you may contact us by email at hello@flushlifeiu.world or by telephone at +64 4 499 4245.

As the data controller, we determine the purposes and means of processing your personal data. We are committed to handling your information in accordance with the General Data Protection Regulation (GDPR), the New Zealand Privacy Act 2020, and other applicable international privacy legislation.

2. Data We Collect

We collect personal data only when it is necessary for the purposes outlined in this policy. The categories of data we may collect include the following:

2.1 Information You Provide Directly

When you complete our contact form, we collect your name, email address, and the content of your message. If you provide additional details about your organisation within your message, we will also process that information to respond to your enquiry appropriately.

When you consent to data processing via our GDPR consent checkbox, we record the fact and timestamp of your consent as part of our compliance obligations.

2.2 Information Collected Automatically

When you visit our website, certain technical data may be collected automatically through cookies and similar technologies. This may include your IP address, browser type and version, operating system, referring URL, pages visited, time and date of access, and device identifiers. For full details on cookies, please refer to our Cookie Policy.

2.3 Information We Do Not Collect

We do not intentionally collect sensitive personal data such as health information, biometric data, political opinions, religious beliefs, or trade union membership. Our services relate to workplace culture development and do not require such information.

Under the GDPR, we process your personal data on the following legal bases:

  • Consent: When you submit our contact form and tick the GDPR consent checkbox, you provide explicit consent for us to process your name, email, and message for the purpose of responding to your enquiry.
  • Legitimate Interests: We process certain technical data to ensure the security and proper functioning of our website, to analyse usage patterns, and to improve our services. We balance these interests against your rights and freedoms.
  • Legal Obligation: We may process and retain certain data where required by applicable law, regulation, or legal proceedings.
  • Contractual Necessity: If you engage our consulting or educational services, we process data necessary to fulfil our contractual obligations to you.

4. Purpose of Data Usage

We use your personal data exclusively for the following purposes:

  • Responding to enquiries submitted through our contact form
  • Providing information about our workplace culture consulting programmes and educational products
  • Delivering services you have requested or contracted
  • Maintaining and improving the functionality and security of our website
  • Analysing website usage to enhance user experience, where you have consented to analytics cookies
  • Complying with legal and regulatory requirements
  • Communicating service updates or policy changes that affect you

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. We do not sell your personal data to third parties.

5. Data Retention Period

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Contact form submissions: Retained for 24 months from the date of submission, unless an ongoing business relationship extends this period.
  • Client and service records: Retained for 7 years following the conclusion of services, in accordance with New Zealand business record-keeping requirements.
  • Cookie consent records: Retained for 12 months from the date consent was given or updated.
  • Analytics data: Aggregated analytics data is retained for 26 months. Individual session data is anonymised after 14 months.
  • Server logs: Retained for 90 days for security monitoring purposes, then permanently deleted.

When retention periods expire, we securely delete or anonymise your data so that it can no longer be associated with you.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your information with the following categories of recipients, solely for the purposes described in this policy:

  • Service providers: Third-party providers who assist with website hosting, email delivery, analytics, and payment processing. These providers are bound by data processing agreements and may only use your data as instructed by us.
  • Professional advisers: Legal, accounting, or auditing professionals where necessary for compliance or business operations.
  • Regulatory authorities: Government bodies or law enforcement agencies when required by law or to protect our legal rights.

All third-party processors are required to implement appropriate technical and organisational measures to protect your data and process it only in accordance with our instructions and applicable law.

7. Security Measures

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption across all pages of our website to protect data in transit
  • Secure server infrastructure with regular security updates and patches
  • Access controls limiting personal data access to authorised personnel only
  • Regular review of data collection, storage, and processing practices
  • Employee training on data protection responsibilities
  • Incident response procedures for potential data breaches

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use strong passwords and exercise caution when sharing personal information online.

8. Your Rights

Under the GDPR and applicable privacy laws, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You may request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You may file a complaint with a supervisory authority. In New Zealand, this is the Office of the Privacy Commissioner.

To exercise any of these rights, contact us at hello@flushlifeiu.world. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.

9. International Data Transfers

Your data is primarily processed and stored in New Zealand. If we transfer personal data outside the European Economic Area or New Zealand, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with adequacy decisions.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the date at the top of this page. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

  • Organisation: Flushlifeiu
  • Address: 57 Willis Street, Wellington Central, Wellington 6011, New Zealand
  • Email: hello@flushlifeiu.world
  • Phone: +64 4 499 4245