Wristsorganic
Legal

Privacy Policy

This document explains how Wristsorganic collects, uses, stores, and protects personal information when you visit our website or engage with our stress reduction programs and educational services.

Effective date:

1. Data Controller Information

The data controller responsible for your personal information is:

Wristsorganic
147 Tory Street, Te Aro
Wellington 6011, New Zealand
Email: hello@wristsorganic.world
Phone: +64 4 384 3314

For any questions regarding this Privacy Policy or the exercise of your data protection rights, please contact us using the details above. We will respond to legitimate requests within the timeframes required by applicable law.

2. Scope and Applicability

This Privacy Policy applies to all personal data processed by Wristsorganic in connection with:

  • Visits to our website at wristsorganic.world
  • Enquiries submitted through our contact form, email, or telephone
  • Enrolment in and participation in our educational stress reduction programs
  • Consulting sessions, whether conducted in person or remotely
  • Newsletter subscriptions and marketing communications where consent has been given
  • Cookie usage as described in our Cookie Policy

This policy is designed to comply with the General Data Protection Regulation (GDPR) for visitors and clients in the European Economic Area, the UK GDPR for visitors in the United Kingdom, and the Privacy Act 2020 of New Zealand for domestic users. Where local law provides additional protections, we apply the higher standard.

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

When you interact with us, you may voluntarily provide the following categories of personal data:

  • Identity data: Full name, title, and preferred form of address
  • Contact data: Email address, telephone number, and postal address
  • Communication data: Content of messages, enquiries, and feedback submitted through forms or correspondence
  • Program data: Information shared during consultations about your goals, routines, and preferences relevant to program planning
  • Payment data: Billing name and address, transaction references. Full payment card details are processed by third-party payment providers and are not stored on our servers
  • Consent records: Documentation of your agreement to data processing, marketing communications, and cookie preferences

3.2 Data Collected Automatically

When you visit our website, certain technical data may be collected automatically through cookies and similar technologies, including:

  • IP address (which may be anonymised depending on your cookie preferences)
  • Browser type and version
  • Operating system
  • Referring URL and pages visited on our site
  • Date and time of access
  • Device identifiers where applicable

Details of automatic data collection are further described in our Cookie Policy.

3.3 Data We Do Not Collect

We do not intentionally collect special categories of personal data as defined under GDPR Article 9, including data concerning health conditions, racial or ethnic origin, political opinions, religious beliefs, or biometric data. Our programs are educational and non-medical in nature. If you voluntarily share health-related information during a consultation, we treat it with heightened confidentiality and process it only with your explicit consent and solely for the purpose of tailoring your program plan.

4. Legal Bases for Processing

We process personal data only where a lawful basis exists. The bases we rely upon include:

  • Consent (GDPR Article 6(1)(a)): For marketing communications, non-essential cookies, and processing of any voluntarily shared sensitive information
  • Contract performance (GDPR Article 6(1)(b)): To deliver programs you have enrolled in, process payments, and communicate about your participation
  • Legitimate interests (GDPR Article 6(1)(f)): To improve our website, prevent fraud, maintain security, and respond to enquiries, balanced against your rights and freedoms
  • Legal obligation (GDPR Article 6(1)(c)): To comply with tax, accounting, and regulatory requirements in New Zealand and other applicable jurisdictions

You may withdraw consent at any time where processing is consent-based. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Purposes of Data Processing

We use personal data for the following specific purposes:

  1. Responding to enquiries and providing information about our programs
  2. Enrolling participants and delivering educational content and consulting services
  3. Personalising program plans based on participant goals and preferences
  4. Processing payments and managing billing records
  5. Sending service-related communications such as session reminders and program updates
  6. Sending marketing communications where you have opted in
  7. Analysing website usage to improve content and user experience
  8. Maintaining the security and integrity of our systems
  9. Complying with legal and regulatory obligations
  10. Resolving disputes and enforcing our Terms of Use

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Our standard retention periods are:

  • Contact form enquiries: 24 months from the date of last communication, unless an ongoing relationship develops
  • Program participant records: Duration of enrolment plus 36 months for follow-up and quality assurance purposes
  • Payment and invoicing records: 7 years in accordance with New Zealand tax legislation
  • Marketing consent records: Until consent is withdrawn, plus 12 months for audit purposes
  • Cookie consent preferences: 12 months, after which we will request renewed consent
  • Website analytics data: 26 months where analytics cookies are accepted, otherwise not collected
  • Server log files: 90 days for security monitoring purposes

When retention periods expire, data is securely deleted or anonymised so it can no longer be associated with you.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share data with the following categories of recipients where necessary:

  • Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that process data on our behalf under written data processing agreements
  • Professional advisers: Accountants, legal counsel, and auditors bound by confidentiality obligations
  • Authorities: Government bodies or law enforcement when required by applicable law or valid legal process

Where data is transferred outside the European Economic Area or the United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with adequacy decisions.

8. Security Measures

We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Access controls limiting data access to authorised personnel on a need-to-know basis
  • Regular review of security practices and software updates
  • Secure storage of physical records at our Wellington office
  • Staff training on data protection principles and confidentiality
  • Incident response procedures for suspected data breaches

While we take reasonable precautions, no method of transmission over the internet is completely secure. We encourage you to use strong passwords and protect your own devices.

9. Your Rights Under GDPR and Applicable Law

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data where no compelling reason exists for continued processing
  • Right to restriction: Request that we limit processing in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format where processing is automated and consent or contract-based
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Withdraw consent at any time for consent-based processing
  • Right to lodge a complaint: File a complaint with a supervisory authority. In New Zealand, contact the Office of the Privacy Commissioner. In the EU, contact your local data protection authority

To exercise any of these rights, contact us at hello@wristsorganic.world. We will verify your identity before processing requests and respond within 30 days, or inform you if an extension is needed.

10. Children's Privacy

Our website and programs are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals. Program recommendations are made by human facilitators based on information you provide during consultations.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through a notice on our website. The effective date at the top of this page indicates when the current version took effect. We encourage you to review this policy regularly.

13. Contact and Data Protection Enquiries

For all privacy-related enquiries, please contact:

Wristsorganic — Privacy Enquiries
147 Tory Street, Te Aro, Wellington 6011, New Zealand
Email: hello@wristsorganic.world
Phone: +64 4 384 3314