1. Data Controller & Owner Details
The data controller responsible for personal information collected through this website is:
Purifybeauty
Level 3, 57 Symonds Street
Auckland 1010, New Zealand
Phone: 09 623 4810
Email: callback@purifybeauty.world
Website: https://purifybeauty.world
This Privacy Policy applies to personal data collected and processed through the website purifybeauty.world ("the Site"). It is written to comply with the New Zealand Privacy Act 2020, the EU General Data Protection Regulation (GDPR) 2016/679, and applicable international data protection standards.
2. What Personal Data We Collect
We collect personal data only when you actively provide it or when it is generated automatically during your use of the Site.
2.1 Data You Provide Directly
- Contact form submissions: Full name, email address, message content and GDPR consent record (timestamp, consent text version).
2.2 Data Collected Automatically
- Usage data: IP address (anonymised where possible), browser type and version, operating system, referring URL, pages visited, time and date of visit, time spent on pages.
- Cookie data: Cookie identifiers and preference settings. See our Cookie Policy for full details.
2.3 Data We Do Not Collect
We do not collect special category data (health information, biometric data, genetic data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation), financial data, or data from children under 16 years of age.
3. Legal Basis for Processing
We process your personal data on the following legal bases as defined under GDPR Article 6:
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Responding to contact form enquiries | Name, email, message | Consent (Art. 6(1)(a)) / Legitimate interests (Art. 6(1)(f)) |
| Website analytics and performance monitoring | Anonymised usage data | Consent (Art. 6(1)(a)) where analytics cookies are accepted |
| Legal compliance and record-keeping | Consent records, IP logs | Legal obligation (Art. 6(1)(c)) |
| Site security and fraud prevention | IP address, access logs | Legitimate interests (Art. 6(1)(f)) |
4. Purposes of Processing
- To respond to enquiries submitted through our contact form.
- To operate, maintain and secure the website.
- To analyse how visitors use the Site in order to improve its content and usability (only where analytics consent is given).
- To maintain records of consent as required by applicable law.
- To comply with legal obligations applicable to us in New Zealand and, where applicable, in the European Union.
5. Data Retention Periods
| Data Category | Retention Period | Reason |
|---|---|---|
| Contact form data (name, email, message) | 24 months from date of receipt | To handle follow-up enquiries and maintain communication records |
| Consent records | 36 months from date of consent | Legal obligation to demonstrate lawful processing basis |
| Server access logs (IP, timestamps) | 12 months | Security, fraud prevention and technical diagnostics |
| Analytics data (anonymised) | 26 months (industry standard) | Trend analysis and site improvement |
At the end of the applicable retention period, personal data is securely deleted or anonymised.
6. Data Sharing and Third-Party Processors
We do not sell, rent or trade personal data to third parties for marketing purposes. We may share data with trusted third-party service providers solely to operate the Site, including:
- Web hosting providers — to store and serve the Site. These providers are contractually bound to protect data in accordance with applicable law.
- Analytics providers — only where you have consented to analytics cookies. Analytics data is anonymised before processing where technically feasible.
- Legal authorities — where we are required to disclose data by law, court order or regulatory requirement.
Any third-party processors engaged by us are required to process personal data only on our instructions and in compliance with applicable data protection law. Where processing occurs outside New Zealand or the European Economic Area, we ensure adequate safeguards are in place.
7. International Data Transfers
Our primary operations are based in New Zealand. Where personal data is transferred to service providers located outside New Zealand or the EEA, we take steps to ensure that transfers are subject to appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on countries with an adequacy decision. New Zealand has received an EU adequacy decision, which facilitates lawful data flows between New Zealand and the EEA.
8. Your Rights
Depending on your location and applicable law, you may have the following rights in relation to your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request correction of inaccurate or incomplete data.
- Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
- Right to restriction: You may request that we restrict processing of your data in certain circumstances.
- Right to data portability: Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
- Right to object: You may object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at the details in Section 1. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing a request.
New Zealand residents also have rights under the Privacy Act 2020, including the right to access and request correction of information held about them by contacting the Office of the Privacy Commissioner at privacy.org.nz.
EEA residents may lodge a complaint with their local supervisory authority.
9. Security Measures
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:
- HTTPS encryption for all data transmitted between your browser and our servers.
- Access controls limiting who can access personal data internally.
- Regular security assessments of our hosting environment.
- Data minimisation practices — we collect only what is necessary for stated purposes.
No method of transmission over the internet or electronic storage is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.
10. Cookies
We use cookies and similar technologies on the Site. For full information about the types of cookies used, their purposes and how to manage your preferences, please read our Cookie Policy.
11. Children's Privacy
This Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.
12. Links to Third-Party Sites
This Site does not contain outbound links to third-party websites. If this changes, we will update this policy. We are not responsible for the privacy practices of any third-party sites.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology or our practices. Material changes will be notified by updating the "Last updated" date at the top of this page. We encourage you to review this page periodically.
14. Contact and Complaints
For any questions, concerns or requests related to this Privacy Policy or your personal data, please contact us at:
callback@purifybeauty.world | 09 623 4810 | Level 3, 57 Symonds Street, Auckland 1010, New Zealand
New Zealand residents may also contact the Office of the Privacy Commissioner: privacy.org.nz | 0800 803 909.
EEA residents may contact their national data protection supervisory authority.